OpinionSite Privacy Shield Policy
OpinionSite complies with the EU-U.S. Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of Personal Data from European Union member countries. OpinionSite has certified that it adheres to the Privacy Shield Privacy Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, and recourse, enforcement and liability. OpinionSite acknowledges that as a participant in the Privacy Shield Framework we are under the enforcement authority of the Federal Trade Commission.
To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/.
Capitalized terms are defined in Section XV of this Policy.
This Policy applies to the processing of Member Personal Data that OpinionSite transfers to and stores in the United States. We operate OpinionSite through which we provide surveys that can be taken via electronic notification methods such as, but not limited to, email. We provide support to organizations that conduct research primarily for marketing or for social science purposes.
We're committed to helping you understand how we manage and protect the information we collect. We take privacy seriously, and have taken many steps to help safeguard the information we collect from you.
This Policy does not cover data from which individual persons cannot be identified or situations in which pseudonyms are used. (The use of pseudonyms involves the replacement of names or other identifiers with substitutes so that identification of individual persons is not possible.)
II. RESPONSIBILITIES AND MANAGEMENT
OpinionSite has designated the Privacy Department to oversee its information security program, including its compliance with the Privacy Shield program. The Privacy Department shall review and approve any material changes to this program as necessary. Any questions, concerns, or comments regarding this Policy also may be directed to privacy@OpinionSite.com.
OpinionSite will maintain, monitor, test, and upgrade information security policies, practices, and systems to assist in protecting the Personal Data that it collects. OpinionSite personnel will receive training, as applicable, to effectively implement this Policy. Please refer to Section VI for a discussion of the steps that OpinionSite has undertaken to protect Personal Data.
III. RENEWAL / VERIFICATION
OpinionSite will renew its Privacy Shield certification annually, unless it subsequently determines that it no longer needs such certification or if it employs a different adequacy mechanism.
Prior to the re-certification, OpinionSite will conduct an in-house verification to ensure that its attestations and assertions with regard to its treatment of Member Personal Data are accurate and that the company has appropriately implemented these practices. Specifically, as part of the verification process, OpinionSite will undertake the following:
- Review this Policy to ensure that it accurately describe the practices regarding the collection of Member Personal Data.
- Ensure that this Policy informs its Members of OpinionSite’s participation in the Privacy Shield program and where to obtain a copy of additional information (e.g., a copy of this Policy).
- Ensure that this Policy continues to comply with the Privacy Shield principles.
- Review its processes and procedures for training Employees about OpinionSite’s participation in the Privacy Shield program and the appropriate handling of Member Personal Data.
OpinionSite will prepare an internal verification statement on an annual basis
IV. COLLECTION AND USE OF PERSONAL DATA
Members may sign up for OpinionSite by completing the “Double Opt-in” process at our Site or through one of our many partners’ Sites. During the Double Opt-in process, members are sent a confirmation email following an initial request to subscribe at our Site or one of our partners’ Sites, and all members must affirmatively click an additional link in that confirmation email to confirm their opt-in preference.
As a general matter, OpinionSite collects the following types of Personal Data from its Members: name, phone number, email address, residential or work address, IP address, Operating System and Web browser data points. OpinionSite may also collect “non-personally identifiable information,” which we do not combine with Personal Data in order to identify any individuals, such as certain demographic information, as well as information regarding your hobbies, interests, product ownership, medical practice, your medical specialty and your professional activities and other information you provide to us by registering for OpinionSite, participating in our surveys or services, or making requests for information about our services.
Registration for OpinionSite is not required to view non-member areas of the Site. If you elect to register for OpinionSite, we ask you for information that enables us to provide an OpinionSite membership. You will be registering with OpinionSite on the form provided and such registration may require you to voluntarily provide contact information such as your email address, your name, your residential or work address, and certain demographic information. In addition, from time to time, we receive e-mail addresses from one of our partners, who may ask us to contact you to offer you a survey.
We use third party providers to validate the accuracy of personal information you provide so that we may offer better statistical samples to our clients, as well as to prevent fraud. We use third parties to provide us with data they have collected about you, and append this data to your demographic profile. In these cases, only a minimum amount of information is transferred to these third parties so as to enable them to perform specific security functions on our behalf.
Additionally, in certain circumstances, we offer individuals the ability to participate in our clients’ surveys outside of OpinionSite. If you are asked to participate in such a survey, we will request limited non-personally identifiable information about you. In some cases, after completion of the initial survey, we may request personally identifiable information (i.e., Personal Data) about you in order to provide rewards, to offer you the opportunity to join OpinionSite, or to participate in further surveys.
You may be referred to OpinionSite or our surveys by one of our third-party business partners. In the event that we ask such partner to contact you with additional survey opportunities, we may share certain basic personal information that we understand such partner already maintains (such as your e-mail address and gender) as well as certain basic information regarding your OpinionSite activity (such as the last time you completed a survey).
Any information provided to us will be retained and used solely for the purposes of fulfilling your requests, responding to your questions, offering you opportunities to participate in surveys, performing and carrying out the terms of OpinionSite (including fulfilling any rewards), or communicating with you as a Member of Opinion.
We support the rights of our Members by limiting the use of their information for legitimate market research purposes and we make every effort to conform to industry standards created to uphold ethical survey research.
OpinionSite uses Personal Data that it collects directly from its Members for the following business purposes, without limitation: (1) maintaining and supporting its products, delivering and providing the requested products/services including payment of honoraria to its Members, and complying with its contractual obligations related thereto (2) satisfying governmental reporting, tax, and other requirements; (3) storing and processing data, including Personal Data, in computer databases and servers located in the United States; (4) verifying identity (e.g., for online access to accounts); (5) as requested by the Member; (6) for other business-related purposes permitted or required under applicable local law and regulation; and (7) as otherwise required by law.
V. CHOICE WITH RESPECT TO USES AND DISCLOSURES OF PERSONAL DATA
OpinionSite recognizes that EU individuals have the right to limit the use and disclosure of their Personal Data, and we are committed to respecting those rights. We offer individuals the opportunity to opt out of disclosures of Personal Data to a Third Party or the use of Personal Data for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individual. We will comply with the Privacy Shield Principles with respect to disclosures of Sensitive Data including, when applicable, obtaining the explicit consent (i.e., opt in consent) of an individual prior to disclosing Sensitive Data to a Third Party or using Sensitive Data for purposes other than those for which it was originally collected or subsequently authorized by the individual.
VI. DISCLOSURES / ONWARD TRANSFERS OF PERSONAL DATA
OpinionSite is potentially liable in cases of onward transfers of Personal Data to third parties, such as when third parties that act as agents on our behalf process Personal Data in a manner inconsistent with the Privacy Shield Principles. We will ensure that any third party to which we disclose personal information provides the same level of privacy protection as is required by the Privacy Shield principles and agrees in writing to provide an adequate level of privacy protection. Except as otherwise provided herein, OpinionSite discloses Personal Data only to third parties who reasonably need to know such data. Such recipients must agree to abide by confidentiality obligations.
OpinionSite may provide Personal Data to third parties that act as agents, consultants, and contractors to perform tasks on behalf of and under our instructions. Examples of such third parties and agents, consultants, and contractors to whom we transfer Personal Data, as well as the purposes for which we provide them with Personal Data, are listed in Section IV above. Such Third Parties must agree to use such Personal Data only for the purposes for which they have been engaged by OpinionSite and they must either: (1) comply with the Privacy Shield principles or another mechanism permitted by the applicable European data protection law(s) for transfers and processing of Personal Data; or (2) agree to provide adequate protections for the Personal Data that are no less protective than those set out in this Policy.
OpinionSite also may disclose Personal Data for other purposes or to other Third Parties when a Data Subject has consented to or requested such disclosure or under the following circumstances:
a) To respond to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims;
d) We may sell or share OpinionSite Member non-PII information to other advertisers or businesses whom we believe you may find useful and in order to enhance the service provided to our Members.
e) We will not sell or share OpinionSite Member PII information to another company that will use it to sell you products or services.
Please be aware that in rare situations, it may be necessary disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
VII. DATA INTEGRITY AND PURPOSE LIMITATION
OpinionSite shall not process Personal Data in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the individual. To that end, OpinionSite will take reasonable steps to ensure that Personal Data is reliable for its intended use, accurate, complete, and current. OpinionSite uses reasonable efforts to maintain the accuracy and integrity of Personal Data and to update it as appropriate.
VIII. DATA SECURITY
OpinionSite has implemented physical and technical safeguards to protect Personal Data from loss, misuse, and unauthorized access, disclosure, alternation, or destruction.
For example, electronically stored Personal Data is stored on a secure network with firewall protection, and access to OpinionSite’s electronic information systems requires user authentication via password or similar means. OpinionSite also employs access restrictions, limiting the scope of employees who have access to Member Personal Data. Further, OpinionSite uses secure encryption technology to protect certain categories of personal data.
Despite these precautions, no data security safeguards guarantee 100% security all of the time.
OpinionSite Health: https://opinionsite.com/healthcare
OpinionSite Consumer: http://opinionsite.com/consumer
X. PERSONNEL ACCESSING OF PERSONAL DATA
OpinionSite personnel may access and use Personal Data only if they are authorized to do so and only for the purpose for which they are authorized.
XI. RIGHT TO ACCESS, CHANGE OR DELETE PERSONAL DATA
Right to Access.
Members (Data Subjects) have the right to obtain confirmation about whether Personal Data is included about them in our databases. Upon request, OpinionSite will provide an individual access to his or her Personal Data within a reasonable time period. OpinionSite will permit an individual to know what Personal Data about them is included in our databases and to ensure that such Personal Data is accurate and relevant for the purposes for which OpinionSite collected the Personal Data. Members may review their own Personal Data stored in the databases and correct, update, modify, or delete any data that is incorrect or incomplete. Your right to access your Personal Data may be restricted in exceptional circumstances, including, but not limited to, when the burden or expense of providing this access would be disproportionate to the risks to your privacy in the case in question, or where the rights of persons other than you would be violated by the provision of such access. If we determine that your access should be restricted in a particular instance, we will provide you with an explanation of our determination and respond to any inquiries you may have.
Members may access and modify their Personal Data by logging into their account profile or by contacting OpinionSite by phone or email. In making modifications to their Personal Data, Data Subjects must provide only truthful, complete, and accurate information. To request deletion of Personal Data, Members should submit a written request to:
Via Postal Mail:
218 West 40th Street
New York, NY 10018
Attention: OpinionSite Privacy Department
001-212-391-5243, option 6
Requests for Personal Data.
OpinionSite will track each of the following and will provide notice to the appropriate parties under law and contract when either of the following circumstances arise: (a) legally binding request for disclosure of the Personal Data by a law enforcement authority unless prohibited by law or regulation; or (b) requests received from the Data Subject.
Satisfying Requests for Access, Modifications, and Corrections.
OpinionSite will endeavor to respond within a reasonable time period to all reasonable requests to access, view, modify, or inactivate Personal Data.
XII. CHANGES TO THIS POLICY
This Policy may be amended from time to time, consistent with the Privacy Shield Principles and applicable data protection and privacy laws and principles. We will make employees available of changes to this policy either by email or other means. We will notify Members if we make changes that materially affect the way we handle Personal Data previously collected, and we will allow them to choose whether their Personal Data may be used in any materially different manner.
XIII. QUESTIONS OR COMPLAINTS
Members may contact Opinion Site with questions, concerns, or complaints concerning our privacy practices or this Privacy Shield Policy at the following addresses:
Via Postal Mail:
218 West 40th Street
New York, NY 10018
Attention: OpinionSite Privacy Department
001-212-391-5243, option 6
XIV. ENFORCEMENT AND DISPUTE RESOLUTION
We commit to resolving individuals’ complaints related to our privacy practices or our collection, or use, or disclosure of Personal Data. An individual may file a privacy complaint by contacting us at our contact information in Section XI. Further, Members with questions or concerns about the use or disclosure of their Personal Data should contact us as outlined in Section XIII.
OpinionSite acknowledges that as a participant in the Privacy Shield Framework we are under the enforcement authority of the Federal Trade Commission.
If a Member’s complaint cannot be satisfied through this process, Members may bring a complaint before the CASRO PRIVACY SHIELD PROGRAM, an independent dispute resolution mechanism. If you have any complaints regarding our compliance with the Privacy Shield Framework you should first contact us (as provided above).
If contacting us does not resolve your complaint or you do not receive timely acknowledgement of your complaint, please visit the CASRO PRIVACY SHIELD PROGRAM website at http://www.casro.org/?page=pscomplaintcasro for more information and to file a complaint. We will cooperate with the independent dispute resolution mechanism to resolve any complaint that is not resolved through our internal processes. Please note that if an individual’s complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.
"Member" means a prospective, current, or former member of OpinionSite.
"Data Subject" means an identified or identifiable natural living person in the European Union. An identifiable person is one who can be identified, directly or indirectly, by reference to a name, or to one or more factors unique to his or her personal physical, psychological, mental, economic, cultural or social characteristics.
"Employee" means an employee (whether temporary, permanent, part-time, or contract), former employee, independent contractor, or job applicant of OpinionSite or any of its affiliates or subsidiaries.
"Europe" or "European" refers to a country in the European Economic Area.
"Personal Data" as defined under the European Union Directive 95/46/EC means data that personally identifies or may be used to personally identify a person who is a Data Subject, either directly or indirectly, including an individual's name in combination with country of birth, marital status, emergency contact, salary information, terms of employment, job qualifications (such as educational degrees earned), address, phone number, e-mail address, user ID, password, and identification numbers. Personal Data does not include data that is de-identified or anonymous.
“Sensitive Data” is a subset of Personal Data and includes information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or the sex life of the individual.