Last Updated August 26, 2020
|Notice for Residents of the European Union, the UK and Switzerland
OpinionSite complies with the General Data Protection Regulation (GDPR), the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of Personal Data transferred from the European Union and the United Kingdom and Switzerland to the United States, respectively.
To learn more about the Privacy Shield program, please visit https://www.privacyshield.gov/.
Capitalized terms are defined in Section XV of this Policy.
This Policy applies to the processing of Member Personal Data that OpinionSite transfers to and stores in the United States. We operate OpinionSite through which we provide surveys that can be taken via electronic notification methods such as, but not limited to, email. We provide support to organizations that conduct research primarily for marketing or for social science purposes.
We're committed to helping you understand how we manage and protect the information we collect. We take privacy seriously and have taken many steps to help safeguard the information we collect from you.
II. RESPONSIBILITIES AND MANAGEMENT
OpinionSite has designated the Privacy Department to oversee its information security program, including its compliance with the Privacy Shield program. The Privacy Department shall review and approve any material changes to this program as necessary. Any questions, concerns, or comments regarding this Policy also may be directed to privacy@OpinionSite.com.
OpinionSite will maintain, monitor, test, and upgrade information security policies, practices, and systems to assist in protecting the Personal Data that it collects. OpinionSite personnel will receive training, as applicable, to effectively implement this Policy. Please refer to Section VIII for a discussion of the steps that OpinionSite has undertaken to protect Personal Data.
III. RENEWAL / VERIFICATION
OpinionSite will renew its Privacy Shield certification annually, unless it subsequently determines that it no longer needs such certification or if it employs a different adequacy mechanism.
Prior to the re-certification, OpinionSite will conduct an in-house verification to ensure that its attestations and assertions with regard to its treatment of Member Personal Data are accurate and that the company has appropriately implemented these practices. Specifically, as part of the verification process, OpinionSite will undertake the following:
- Review this Policy to ensure that it accurately describe the practices regarding the collection of Member Personal Data.
- Ensure that this Policy informs its Members of OpinionSite’s participation in the Privacy Shield program and where to obtain a copy of additional information (e.g., a copy of this Policy).
- Ensure that this Policy continues to comply with the Privacy Shield principles.
- Review its processes and procedures for training Employees about OpinionSite’s participation in the Privacy Shield program and the appropriate handling of Member Personal Data.
OpinionSite will prepare an internal verification statement on an annual basis
IV. PURPOSES OF DATA PROCESSING, LEGAL BASES AND AUTOMATED DECISIONS
Members may sign up for OpinionSite by completing the “Double Opt-in” process at our Site or through one of our many partners’ Sites. During the Double Opt-in process, members are sent a confirmation email following an initial request to subscribe at our Site or one of our partners’ Sites, and all members must affirmatively click an additional link in that confirmation email to confirm their opt-in preference.
As a general matter, OpinionSite collects the following types of Personal Data from its Members: name, phone number, email address, residential or work address and IP address. OpinionSite may also collect other information , such as certain demographic information, as well as information regarding your hobbies, interests, product ownership, medical practice, medical registration, your medical specialty and your professional activities and other information you provide to us by registering for OpinionSite, participating in our surveys or services, or making requests for information about our services.
Registration for OpinionSite is not required to view non-member areas of the Site. If you elect to register for OpinionSite, we ask you for information that enables us to provide an OpinionSite membership. You will be registering with OpinionSite on the form provided and such registration may require you to voluntarily provide contact information such as your email address, your name, your residential or work address, and certain demographic information. In addition, from time to time, we receive e-mail addresses from one of our partners, who may ask us to contact you to offer you a survey.
We use third party providers to validate the accuracy of Personal Data you provide so that we may offer better statistical samples to our clients, as well as to prevent fraud. We use third parties to provide us with data they have collected about you and append this data to your demographic profile. In these cases, only a minimum amount of information is transferred to these third parties so as to enable them to perform specific security functions on our behalf.
Depending on the type of survey or research activity in which you agree to participate, we may be required to transfer limited Personal Data, including name and telephone number, to our research partners (such as moderators and recruiters) for the purpose of contacting you in order for you to enable your full participation in the survey or research activity. Your Personal Data will be kept secure at all times and our research partners will be held to the same levels of protection as we apply to the Personal Data you provide to us. Please note that some of our research partners may be based, or have offices located, outside of the EU. Although our research partners have put measures in place to protect the Personal Data shared with them for the purposes stated above, there are possible risks related to the transfer of data outside of the EU in the absence of an adequacy decision by the European Commission (e.g. for transfers to the United States). By agreeing to participate in our surveys and research activities, you are consenting to the sharing of your Personal Data with our research partners for these purposes as outlined in this Privacy Notice. If you do not wish for your Personal Data to be shared for these purposes or have any questions regarding this use of your Personal Data , please contact our Privacy Team at email@example.com for further assistance.
Additionally, in certain circumstances, we offer individuals the ability to participate in our clients’ surveys outside of OpinionSite. If you are asked to participate in such a survey, we will request limited information about you. In some cases, after completion of the initial survey, we may request Personal Data about you in order to provide rewards, to offer you the opportunity to join OpinionSite, or to participate in further surveys.
You may be referred to OpinionSite or our surveys by one of our third-party business partners. In the event that we ask such partner to contact you with additional survey opportunities, we may share certain basic Personal Data that we understand such partner already maintains (such as your e-mail address and gender) as well as certain basic information regarding your OpinionSite activity (such as the last time you completed a survey).
Any information provided to us will be retained and used solely for the purposes of fulfilling your requests, responding to your questions, offering you opportunities to participate in surveys, performing and carrying out the terms of OpinionSite (including fulfilling any rewards), or communicating with you as a Member of Opinion.
We support the rights of our Members by limiting the use of their information for legitimate market research purposes and we make every effort to conform to industry standards created to uphold ethical survey research.
OpinionSite uses Personal Data that it collects directly from its Members for the following business purposes, without limitation:
(1) maintaining and supporting its products, delivering and providing the requested products/services including payment of honoraria to its Members, and complying with its contractual obligations related thereto
(2) satisfying governmental reporting, tax, and other requirements;
(3) storing and processing data, including Personal Data, in computer databases and servers located in the United States;
(4) verifying identity (e.g., for online access to accounts);
(5) as requested by the Member;
(6) for other business-related purposes permitted or required under applicable local law and regulation; and
(7) as otherwise required by law.
Our legal bases for the processing of your personal data are: 1) your consent and/or 2) any other applicable legal bases, such as our legitimate interest in engaging in commerce and offering products and services of value to our members.
We reserve the right to make automated decisions, including using machine learning algorithms, about our members and website visitors in order to optimize the products and services offered and/or delivered.
V. CHOICE WITH RESPECT TO USES AND DISCLOSURES OF PERSONAL DATA
OpinionSite recognizes that EU individuals have the right to limit the use and disclosure of their Personal Data, and we are committed to respecting those rights. We offer individuals the opportunity to opt out of disclosures of Personal Data to a Third Party or the use of Personal Data for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individual. We will comply with the GDPR with respect to disclosures of Sensitive Data including, when applicable, obtaining the explicit consent (i.e., opt in consent) of an individual prior to disclosing Sensitive Data to a Third Party or using Sensitive Data for purposes other than those for which it was originally collected or subsequently authorized by the individual.
VI. DISCLOSURES / ONWARD TRANSFERS OF PERSONAL DATA
OpinionSite is potentially liable in cases of onward transfers of Personal Data to third parties, such as when third parties that act as agents on our behalf process Personal Data in a manner inconsistent with applicable data protection regulations. We will ensure that any third party to which we disclose Personal Data provides the same level of privacy protection as is required by the applicable data protection regulations and agrees in writing to provide an adequate level of privacy protection. Except as otherwise provided herein, OpinionSite discloses Personal Data only to third parties who reasonably need to know such data. Such recipients must agree to abide by confidentiality obligations.
OpinionSite may provide Personal Data to third parties that act as agents, consultants, and contractors to perform tasks on behalf of and under our instructions.
Examples of such third parties and agents, consultants, and contractors to whom we transfer Personal Data, as well as the purposes for which we provide them with Personal Data, are listed in Section IV above.
Such Third Parties must agree to use such Personal Data only for the purposes for which they have been engaged by OpinionSite and they must either: (1) comply with the GDPR, the Privacy Shield principles or another mechanism permitted by the applicable European data protection law(s) for transfers and processing of Personal Data; or (2) agree to provide adequate protections for the Personal Data that are no less protective than those set out in this Policy.
OpinionSite also may disclose Personal Data for other purposes or to other Third Parties when a Data Subject has consented to or requested such disclosure or under the following circumstances:
a) To respond to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims;
d) We may sell or share OpinionSite Member non-PII information to other advertisers or businesses whom we believe you may find useful and in order to enhance the service provided to our Members.
e) We will not sell or share OpinionSite Member PII information to another company that will use it to sell you products or services.
Please be aware that in rare situations, it may be necessary disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
VII. DATA INTEGRITY, PURPOSE LIMITATION AND DATA RETENTION
OpinionSite shall not process Personal Data in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the individual. To that end, OpinionSite will take reasonable steps to ensure that Personal Data is reliable for its intended use, accurate, complete, and current. OpinionSite uses reasonable efforts to maintain the accuracy and integrity of Personal Data and to update it as appropriate.
OpinionSite Account Data:
We will also retain your information for as long as is permitted under applicable law.
VIII. DATA SECURITY
OpinionSite has implemented physical and technical safeguards to protect Personal Data from loss, misuse, and unauthorized access, disclosure, alternation, or destruction.
For example, electronically stored Personal Data is stored on a secure network with firewall protection, and access to OpinionSite’s electronic information systems requires user authentication via password or similar means. OpinionSite also employs access restrictions, limiting the scope of employees who have access to Member Personal Data. Further, OpinionSite uses secure encryption technology to protect certain categories of personal data.
Despite these precautions, no data security safeguards guarantee 100% security all of the time.
OpinionSite notifies Members about its adherence to the GDPR and other applicable data protection regulations, as well as the Privacy Shield principles through its publicly posted Privacy Notice, available at the following sites:
OpinionSite Health: https://healthcare.opinionsite.com/
OpinionSite Consumer: http://consumer.opinionsite.com/
X. PERSONNEL ACCESSING OF PERSONAL DATA
OpinionSite personnel may access and use Personal Data only if they are authorized to do so and only for the purpose for which they are authorized.
XI. RIGHT TO ACCESS, CHANGE OR DELETE PERSONAL DATA
Right to Access, Rectification and Erasure.
Members (Data Subjects) have the right to obtain confirmation about whether Personal Data is included about them in our databases. Upon request, OpinionSite will provide an individual access to his or her Personal Data within the timeframe dictated by the applicable data protection regulation.
OpinionSite will permit an individual to know what Personal Data about them is included in our databases and to ensure that such Personal Data is accurate and relevant for the purposes for which OpinionSite collected the Personal Data.
Members may review their own Personal Data stored in the databases and correct, update, modify, or delete any data that is incorrect or incomplete.
Your right to access your Personal Data may be restricted in exceptional circumstances, including, but not limited to, when the burden or expense of providing this access would be disproportionate to the risks to your privacy in the case in question, or where the rights of persons other than you would be violated by the provision of such access. If we determine that your access should be restricted in a particular instance, we will provide you with an explanation of our determination and respond to any inquiries you may have.
Members may access and modify their Personal Data by logging into their account profile or by contacting OpinionSite by phone or email. In making modifications to their Personal Data, Data Subjects must provide only truthful, complete, and accurate information. To request deletion of Personal Data, Members should submit a written request to:
Via Postal Mail:
Requests for Personal Data.
OpinionSite will track each of the following and will provide notice to the appropriate parties under law and contract when either of the following circumstances arise: (a) legally binding request for disclosure of the Personal Data by a law enforcement authority unless prohibited by law or regulation; or (b) requests received from the Data Subject.
Additional rights for EU Data Subjects:
You may object, at any time, to your Personal Data being processed for a specific purpose.
Restriction of Processing.
You may restrict processing of your Personal Data for certain reasons, such as, for example if you consider your Personal Data collected by us to be inaccurate or you have objected to the processing and the existence of legitimate grounds for processing is still under consideration.
You may request the Personal Data you provided to us in a commonly used and machine-readable form.
Right to Withdraw Consent
You have the right to withdraw your consent at any time, without affecting the lawfulness of our processing based on such consent before it was withdrawn, including processing related to existing contracts for our Services
XII. CHANGES TO THIS POLICY
This Policy may be amended from time to time, consistent with the Privacy Shield Principles and applicable data protection and privacy laws and principles. We will notify Members if we make changes that materially affect the way we handle Personal Data previously collected, and we will allow them to choose whether their Personal Data may be used in any materially different manner.
XIII. QUESTIONS OR COMPLAINTS
Members may contact Opinion Site with questions, concerns, or complaints concerning our privacy practices or this Privacy Notice at the following addresses:
Via Postal Mail:
XIV. ENFORCEMENT AND DISPUTE RESOLUTION
We commit to resolving individuals’ complaints related to our privacy practices or our collection, or use, or disclosure of Personal Data. An individual may file a privacy complaint by contacting us at our contact information in Section XI. Further, individuals with questions or concerns about the use or disclosure of their Personal Data should contact us as outlined in Section XIII.
OpinionSite acknowledges that as a participant in the Privacy Shield Framework we are under the enforcement authority of the Federal Trade Commission.
If an individual’s complaint cannot be satisfied through this process, the individual may bring a complaint before the INSIGHTS ASSOCIATION PRIVACY SHIELD PROGRAM, a non-profit alternative dispute resolution provider located in the United States and operated by the Insights Association. The INSIGHTS ASSOCIATION PRIVACY SHIELD PROGRAM is designed to handle eligible complaints brought by EU citizens about Privacy Shield Principles. If you have any complaints regarding our compliance with the Privacy Shield Framework you should first contact us (as provided above).
If contacting us does not resolve your complaint or you do not receive timely acknowledgement of your complaint, please visit the INSIGHTS ASSOCIATION PRIVACY SHIELD PROGRAM website at http://www.insightsassociation.org/get-support/privacy-shield-program/privacy-shield-eu-swiss-citizens-file-complaint for more information and to file a complaint. We will cooperate with the independent dispute resolution mechanism to resolve any complaint that is not resolved through our internal processes. Please note that if an individual’s complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.
"Member" means a prospective, current, or former member of OpinionSite.
"Data Subject" means an identified or identifiable natural living person in the European Union. An identifiable person is one who can be identified, directly or indirectly, by reference to a name, or to one or more factors unique to his or her personal physical, psychological, mental, economic, cultural or social characteristics.
"Employee" means an employee (whether temporary, permanent, part-time, or contract), former employee, independent contractor, or job applicant of OpinionSite or any of its affiliates or subsidiaries.
"Europe" or "European" refers to a country in the European Economic Area.
"Personal Data" as defined under Regulation (EU) 2016/679, the General Data Protection Regulation means any and all data (regardless of format) that (i) identifies or can be used to identify, contact or locate a natural person, or (ii) pertains in any way to an identified natural person. Personal Data includes obvious identifiers (such as names, addresses, email addresses, phone numbers and identification numbers) as well as biometric data, “personal data” (as defined in the GDPR), and any and all information about an individual’s computer or mobile device or technology usage, including (for example and without limitation) IP address, MAC address, unique device identifiers, unique identifiers set in cookies, and any information passively captured about a person’s online activities, browsing, application or hotspot usage or device location.
“Sensitive Data” is a subset of Personal Data which due to its nature has been classified by law as deserving additional privacy and security protections. Sensitive Personal Data consists of: (i) all government-issued identification numbers, (ii) all financial account numbers (including payment card information and health insurance numbers), (iii) individual medical records, genetic and biometric information, (iv) user account credentials, such as usernames, passwords, security questions/answers and other password recovery data, (v) data elements that constitute Special Categories of Data under the GDPR, namely EEA Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation, and (vi) any other Personal Data designated by Research Partnership as Sensitive Personal Data.
FOR CALIFORNIA RESIDENTS
This PRIVACY STATEMENT FOR CALIFORNIA RESIDENTS supplements the information contained in the Privacy Notice of Universal Survey Center, Inc., d/b/a OpinionSite ("OpinionSite"). We adopt this statement to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and other California privacy laws. Any terms defined in the CCPA have the same meaning when used in this statement.
Information which we collect
You can review the types of Personal Information which we collect in our Privacy Notice which precedes this statement, as well as in the chart below.
|A. Identifiers.||A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, Social Security number, or other similar identifiers.||YES|
|B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).||A name, signature, Social Security number, address, telephone number, employment or medical information. Some personal information included in this category may overlap with other categories.||YES|
|C. Protected classification characteristics under California or federal law.||Age (40 years or older), race, color, national origin, citizenship, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation.||YES|
|F. Internet or other similar network activity.||Browsing history, search history, information on a consumer's interaction with a website||YES|
|G. Geolocation data.||Physical location or movements.||YES|
|H. Sensory data.||Audio, visual or similar information.||YES|
|I. Professional or employment-related information.||Occupation, employer information.||YES|
Use of your Personal Information
OpinionSite uses Personal Information that it collects directly from its Members for the following business purposes, without limitation:
- (1) maintaining and supporting its products, delivering and providing the requested products/services including payment of honoraria to its Members, and complying with its contractual obligations related thereto;
- (2) satisfying governmental reporting, tax, and other requirements;
- (3) storing and processing data, including Personal Information, in computer databases and servers located in the United States;
- (4) verifying identity (e.g., for online access to accounts);
- (5) as requested by the Member;
- (6) for other business-related purposes permitted or required under applicable local law and regulation; and
- (7) as otherwise required by law.
Disclosure of Personal Information for a Business Purpose
We may disclose your Personal Information to a third party for a business purpose. When we disclose Personal Information for a business purpose, we enter into a contract that describes the purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except performing the contract.business purposes, without limitation:
We disclose your Personal Information for a business purpose to the following categories of third parties:
- Our affiliates and subsidiaries
- Our clients or their agents
- Service Providers
- Professional services organizations, such as auditors and law firms
- Our business partners
- Internet service providers
- Government entities
- Operating systems and platforms
In the preceding twelve (12) months, we have disclosed the following categories of Personal Information for a business purpose:
- Category A: Identifiers.
- Category B: Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
- Category C: Protected classification characteristics under California or federal law.
- Category G: Geolocation data.
- Category H: Sensory data.
- Category I: Professional or employment-related information.
Your Rights and Choices
Pursuant to the CCPA and subject to certain exceptions and limitations, California residents may contact us to exercise their rights with respect to certain PI that we hold about them.
To the extent these rights may apply to you, they are described below.
Right to Know About Personal Information Collected, Disclosed, or Sold
You have the right to request that we provide you with details about the Personal Information we collect, use, disclose and sell.
Via Postal Mail:
Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable request related to your Personal Information.
As part of this process, we may ask to verify your identity. Your request must
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. Making a verifiable request does not require you to create an account with us. We will only use Personal Information provided in a verifiable request to verify your identity or authority to make the request.
In connection with this request, you are entitled to receive the following
- The categories of your Personal Information that we have collected in the preceding 12 months
- The categories of sources from which that Personal Information was collected
- The business/commercial purpose for the collection or selling
- The categories of third parties with whom we share Personal Information
- The specific pieces of Personal Information we has collected about you (subject to some exceptions)
Because we have disclosed or sold (as those words are defined in the CCPA) Personal Information to third parties in the last 12 months, you are also entitled to receive:
- The categories of Personal Information that we have disclosed or sold for a business purpose in the past 12 months and the parties to whom that information was sold or disclosed.
Right to Request Deletion of Personal Information
You have the right to request deletion of the Personal Information we have collected about you (subject to some exceptions). You can submit your request as described above, and we reserve the right to conduct the verification described above.
We may deny your deletion request if retaining the information is necessary for us or our service providers to:
- Complete the transaction for which we collected the personal information, provide a service that you requested, or take actions reasonably anticipated within the context of our ongoing business relationship with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Rights
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you use of our services.
- Provide you a different level or quality of services.
Right to Opt-Out of Sale of Personal Information
The term “sell” in the CCPA is defined broadly as “…selling, renting, releasing, disclosing, disseminating, making available, transferring… a consumer’s personal information by the business to another business or a third party for monetary or other valuable consideration.”
While OpinionSite may share your personal information with your consent as outlined in our Privacy Notice and Terms and Conditions and as explained when you joined our community, there may be limited instances where our sharing of information may be considered a “sale” under CCPA.
You have the right to opt-out of the sale of your Personal Information. You can submit a request by clicking here You can also submit a request via the methods noted below:
Via Postal Mail:
Please be advised that if you exercise this right, it may affect our ability to offer you survey opportunities and to maintain your membership in our OpinionSite community.
OpinionSite provides registered members of our community with the opportunity to participate in healthcare research primarily for marketing or for social science purposes via survey invitations.
If you are a registered member who participates in our surveys, we provide you with financial incentives in the form of reward points which are added to your member account and redeemable through the OpinionSite portal as consideration for your participation.
By accepting the reward points, you agree that these considerations represent fair value for your participation in the research studies you complete as a member of the OpinionSite community.
Response Timing and Format
We endeavor to respond to a verifiable request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.
We will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding receipt of a verifiable request. The response we provide will also explain the reasons we cannot comply with a verifiable request, if applicable.
We do not charge a fee to process or respond to your verifiable request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Changes to this Notice
This Notice may be amended from time to time, consistent with applicable data protection and privacy laws and principles. We will notify Members if we make changes that materially affect the way we handle Personal Information previously collected, and we will allow them to choose whether their Personal Information may be used in any materially different manner.
If you have any questions or comments about this notice, the ways in which we collect and use your personal information, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:
Via Postal Mail: