Questionlab Consumer Insights Inc. (“Questionlab”,“Company” or ”We”) respects your privacy and takes the protection of personal data very seriously.
This policy describes:
We take steps to ensure that the personal information that we collect about you is adequate, relevant, not excessive, and used for limited purposes.
In this policy, “personal information” or “personal data” has the meaning given in the data protection law applicable to you, and includes any information about an identifiable individual, which includes information that can be used on its own or with other information to identify, contact, or locate a single person. Unless covered by the data protection law applicable to you, personal information does not include business contact information, including your name, title, or business contact information. This policy applies to information we collect, use, or disclose about you:
Please read this policy carefully to understand our policies and practices for collecting, processing, and storing your information. This policy may change from time to time (see Changes to Our Privacy Policy). Please check the policy periodically for updates. We will notify you in advance of any material changes to this policy.
The table below describes the categories of Personal Data we have collected about you in the last twelve months.
Personal Data We Collect, Process, or Store |
How We Obtain It |
|
You provide it directly to us when:
We receive it from:
|
|
You provide it directly to us when:
We receive it from:
|
|
You provide it directly to us when:
We receive it from:
|
|
You provide it directly to us when:
|
|
You provide it directly to us when you visit our websites and social media sites. |
|
You provide it directly to us when you visit our websites and social media sites. |
|
You provide it directly to us when you take a survey. |
|
You provide it directly to us when:
|
|
You provide it directly to us when:
|
As you navigate through and interact with our Website, we may use cookies or other automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:
The information we collect automatically is statistical information that includes personal information, and we may maintain it or associate it with personal information we collect in other ways, that you provide to us. It helps us to improve our Website and to deliver a better and more personalized service, including by enabling us to:
Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of our Website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Website
You may also set your browser to send a Do Not Track (DNT) signal. For more information, please visit https://allaboutdnt.com/. Please note that our websites does not have the capability to respond to “Do Not Track” signals received from web browsers.
We use information that we collect about you or that you provide to us, including:
We may disclose personal information that we collect or you provide as described in this privacy policy:
We may also disclose your personal information:
If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Questionlab, our customers, or others.
The following table describes, in the last twelve months, the categories of information we have disclosed to third parties for business purposes, and the categories of those third parties.
Personal Data Disclosed for Business Purposes |
||
Category | Yes or No | Categories of Third Parties Receiving Personal Data |
Identifiers | Yes |
|
Special categories of personal information | Yes |
|
Protected classification characteristics under California or federal law | Yes |
|
Commercial information | Yes |
|
Internet or similar network activity | Yes |
|
Geolocation data | Yes |
|
Professional or employment-related information | No |
|
Inferences drawn from other Personal Data | No |
|
Some of these third parties may be located outside of the European Union or the European Economic Area (“EEA”) or the United Kingdom (“UK”). In some cases, the European Commission may have determined that in some countries, their data protection laws provide a level of protection equivalent to European Union law. You can see here the list of countries that the European Commission as recognized as providing an adequate level of protection to personal data.
We may transfer personal information that we collect or that you provide as described in this policy to contractors, service providers, and other third parties we use to support our business (such as analytics and search engine providers that assist us with Website improvement and optimization) and who are contractually obligated to keep personal information confidential, use it only for the purposes for which we disclose it to them, and to process the personal information with the same standards set out in this policy.
You are welcome to contact us to obtain further information about Company policies regarding service providers outside of Canada. See Contact Information. By submitting your personal information or engaging with the Website, you consent to this transfer, storage, or processing.
We may disclose your personal data to the extent required by law, or if we have a good-faith belief that we need to disclose it in order to comply with official investigations or legal proceedings (whether initiated by governmental/law enforcement officials, or private parties). If we have to disclose your personal data to governmental/law enforcement officials, we may not be able to ensure that those officials will maintain the privacy and security of your personal data.
We may also disclose your personal data if we sell or transfer all or some of our company’s business interests, assets, or both, or in connection with a corporate restructuring. Finally, we may disclose your personal data to our subsidiaries or affiliates, but only if necessary for business purposes, as described in the section above.
We reserve the right to use, transfer, sell, and share aggregated, anonymous data for any legal purpose. Such data does not include any personal data. The purposes may include analyzing usage trends or seeking compatible advertisers, sponsors, and customers.
The security of your personal information is very important to us. We use physical, electronic, and administrative measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. We store all information you provide to us behind firewalls on our secure servers and use data encryption to the extent possible.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Website. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website.
Except as otherwise permitted or required by applicable law or regulation, we will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including to fulfill the services requested, as well as for the purposes of satisfying any legal, accounting, or reporting requirements. Under some circumstances we may anonymize your personal information so that it can no longer be associated with you. We reserve the right to use such anonymous and de-identified data for any legitimate business purpose without further notice to you or your consent.
Our Website is not intended for children under 16 years of age. No one under age 16 may provide any information to or on the Website. We do not knowingly collect personal information from children under 16, and we do not knowingly sell any personal information of any minor children under the age of 16. If you are under 16, do not use or provide any information on this Website or on or through any of its features/register on the Website, make any purchases through the Website, use any of the interactive or public comment features of this Website, or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received personal information from a child under 16 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 16, please contact us.
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes. You have the right to obtain from us, including confirmation of whether or not we process personal information concerning you, and, where that is the case, a copy or access to the personal information and certain related information.
You also have the right to ask us to correct without undue delay anything that you think is wrong with the personal information we have on file about you (or your child), and to complete any incomplete personal information.By law you have the right to request access to and to correct the personal information that we hold about you.
If you want to access, review, verify, correct, or withdraw consent to the use of your personal information you may also send us an email at privacy@questionlab.com to request access to, correct, or delete any personal information that you have provided to us. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect. We may charge you a fee to access your personal information, however, we will notify you of any fee in advance.
We may request specific information from you to help us confirm your identity and your right to access, and to provide you with the personal information that we hold about you or make your requested changes. Applicable law may allow or require us to refuse to provide you with access to some or all of the personal information that we hold about you, or we may have destroyed, erased, or made your personal information anonymous in accordance with our record retention obligations and practices. If we cannot provide you with access to your personal information, we will inform you of the reasons why, subject to any legal or regulatory restrictions.
We will provide access to your personal information, subject to exceptions set out in applicable privacy legislation. Examples of such exceptions include:
If you are concerned about our response or would like to correct the information provided, you may contact our Privacy Officer.
The CCPA does not allow us to disclose Social Security numbers, driver’s license numbers or other government-issued identification numbers, financial account numbers, any health insurance or medical identification numbers, account passwords, or security questions and answers. We can inform you that we have this information generally, but we may not provide the specific numbers, passwords etc. to you for security and legal reasons.
Where you have provided your consent to the collection, use, and transfer of your personal information, you may have the legal right to withdraw your consent under certain circumstances. If you withdraw your consent, our use of your personal information before you withdraw is still lawful. To withdraw your consent, if applicable, contact our Privacy Officer - privacy@questionlab.com. Please note that if you withdraw your consent we may not be able to provide you with a particular product or service. We will explain the impact to you at the time to help you with your decision. Opt out requests are processed within a maximum of 10 days after receipt of the email to the support inbox.
Apart from what is already set out in this privacy policy, see the below for other data protection rights you may have under applicable law with respect to your personal data:
Sometimes we will not be able to fulfill your request: if it prevents us from complying with our regulatory obligations or impacts other legal matters, if we cannot verify your identity, or if it requires extraordinary cost or effort, we will tell you in a reasonable time and give you an explanation.
To exercise any of the rights described above, please submit a request by either:
1. Calling us at +1(877) 886 8769
2. Contacting us by email at privacy@questionlab.com
3. Writing to us at 4711 Yonge Street, 10th Floor, Toronto, Ontario, M2N 6K8, Canada
In order to correctly respond to your privacy rights requests , we need to confirm that you made the request. Consequently, we may require additional information to confirm that you are who you say you are.
For requests submitted via password-protected accounts, your identity is already verified. For requests sent by other means, we will verify your identity by asking you for information that matches the information that we already hold about you.
We will only use the personal data you provide us in a request to verify your identity or authority to make the request.
If you are submitting a request on behalf of somebody else, we will need to verify your authority to act on behalf of that individual. When contacting us, please provide us with proof that the individual gave you signed permission to submit this request, a valid power of attorney on behalf of the individual, or proof of parental responsibility or legal guardianship. Alternatively, you may ask the individual to directly contact us by using the contact details above to verify their identity with us and confirm with us that they gave you permission to submit this request.
Response timing and format of our responses
We will confirm the receipt of your request within ten (10) business days and, in that communication, we will also describe our identity verification process (if needed) and when you should expect a response, unless we have already granted or denied the request.
Please allow us up to a month to reply to your requests (except requests to stop selling your personal data) from the day we received your request. If we need more time (up to 90 days in total), we will inform you of the reason why and the extension period in writing.
If we cannot satisfy a request, we will explain why in our response. For data portability requests, we will choose a format to provide your personal data that is readily useable and should allow you to transmit the information from one entity to another entity without difficulty.
We will not charge a fee for processing or responding to your requests. However, we may charge a fee if we determine that your request is excessive, repetitive, or manifestly unfounded. In those cases, we will tell you why we made that determination and provide you with a cost estimate before completing your request.
If we decline to take action regarding a request that you have submitted, we will inform you of our reason for doing so, and for Virginia, Colorado, and Connecticut residents, provide instructions for how to appeal the decision. If we decline to comply with a data subject rights request, residents of the above states will have the right to appeal our refusal within a reasonable period of time after receiving our decision. Within 60 days of the time provided by applicable U.S. state law, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, we will also provide you with an online mechanism, if available, or other method through which you may contact the your state’s regulatory authority to submit a complaint.
We must have a valid reason to use your personal information. This is called the "lawful basis for processing".
When we process personal data, we may process your personal data on the basis of:
We rely on our legitimate interests when, for example, we process the personal data we collect from you to send you marketing communications, to communicate with you about changes to our services, to enhance the safety and security of our facilities, and to provide, secure, and improve our services.
Changes To Our Privacy Policy
It is our policy to post any changes we make to our privacy policy on this page with a notice that the privacy policy has been updated on the Website home page. If we make material changes to how we treat our users’ personal information, we will notify you by email to the email address specified in your account or through a notice on the Website home page.
We include the date the privacy policy was last revised at the top of the page. You are responsible for ensuring we have an up-to-date, active, and deliverable email address for you, and for periodically visiting our Website and this privacy policy to check for any changes.
If the GDPR applies to our processing of your personal information, you have the right to lodge a complaint with a supervisory authority if you are not satisfied with how we process your personal data. Specifically, you can lodge a complaint in the Member State of the European Union of your habitual residence, place of work, or the alleged violation of the GDPR.
We welcome your questions, comments, and requests regarding this privacy policy and our privacy practices. Please contact our Privacy Officer at:
Ashwani Marwah
privacy@questionlab.com
+1(877) 886 8769
We have procedures in place to receive and respond to complaints or inquiries about our handling of personal information, our compliance with this policy, and with applicable privacy laws. To discuss our compliance with this policy please contact our Privacy Officer using the contact information listed above, or by contacting us at the address in the “Contact Us” section below.
We have appointed VeraSafe as our Data Protection Officer (DPO). While you may contact us directly, VeraSafe can also be contacted on matters related to the processing of Personal Data. VeraSafe’s contact details are:
VeraSafe LLC
100 M Street S.E., Suite 600
Washington, D.C.
20003
USA
Email: experts@verasafe.com
Web: https://www.verasafe.com/about-verasafe/contact-us/