Before you read this policy, please understand that we are committed to respecting the privacy rights of all individuals, wherever located.
To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
In compliance with the Privacy Shield Principles, QualSights commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact QualSights at: firstname.lastname@example.org.
If a privacy complaint arises and cannot be resolved through QualSights’s internal processes, QualSights has agreed to participate in the VeraSafe Privacy Shield Dispute Resolution Procedure. Subject to the terms of the VeraSafe Privacy Shield Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe under the Privacy Shield Dispute Resolution Procedure, please submit the required information to VeraSafe here: https://www.verasafe.com/privacy-services/dispute-resolution/submit-dispute/
CCPA and ‘Do Not Sell’
All data collected or processed by QualSights will be processed in accordance with our “Do Not Sell” policy statement. For specific information relating to our practices regarding the collection and sale of personal information and the principles of the CCPA, please review the policy statement at: https://www.qualsights.com/do-not-sell/.
If you are an Individual and You Have Privacy Questions or Concerns
If you are an individual (whereever located) and you have concerns or questions about QualSights’ privacy practices, or if you want to understand how you can limit the use or disclosure of your personal information, please contact us at email@example.com..
1. The Scope of this Policy
2. How our Service Works
QualSights provides a unique online service which allows our customers (which are generally businesses) to observe and understand how consumers shop for, use, consume, and/or experience products, services and related items (e.g. groceries, packaging, marketing materials) in a variety of real-world environments.
To make this possible, our platform provides several interrelated features that allow our customers (again, businesses) to initiate and engage in live or recorded interview sessions and activities with research participants using any of a variety of possible devices (e.g. smartphones, cameras, etc.) in any of a variety of contexts (e.g. video/photo/audio activities, video/audio interviews & focus groups, surveys, in-person fieldwork). All participation by research participants is entirely voluntary.
All of the features of our platform can be fully configured by our customers, and as such, any given research project may include audio recording, recorded videos or photographs, screen captures, video live feed and recording, and collection of surveys and text/written comments/responses. QualSights’ platform then allows customers to process the raw data resources so gathered using a variety of technologies, to generate highly-focused insights into research subjects’ behavior. Examples of such processing technologies include machine transcription, identification of keywords & topics, sentiment analysis, etc.
3. QualSights is Usually a Data Processor/Service Provider
For the vast majority of our engagements we operate as a data processor (under the GDPR) or as a service provider (CCPA). This is because our customers choose which data to collect and process, and how; and as such our customers function as data controllers and/or covered businesses.
4. Occasionally, QualSights Is a Data Controller/Covered Business
In certain circumstances QualSights may enter into engagements directly with research subjects (individuals) in order to allow such individuals to participate in research studies that are intended to reveal broad consumer or market insights that may be shared with one or more of our customers. We refer to these as “Direct Engagements”. For Direct Engagements, QualSights acknowledges that it may be functioning as a data controller (GDPR) or covered business (CCPA) for that portion of an engagement in addition to its role as a data processor/service provider overall.
5. Overview of The Personal Data That We Process; and The Legal Basis for Such Processing
A. Customer Account Information:
In order to operate our service, we collect basic account information from our customers. That information includes personal data such as employee names, business contact information (e.g. address, phone number, e-mail address), employment titles/roles, the employment status of certain individuals. Payment processing data is addressed as set forth in Section 6, below.
QualSights acts as a data controller for all such data; and we process all such data on the basis of the express consent of the customers and individuals involved and our legitimate interests in operating our business.
B. General Browsing Data/Site Usage Data:
We collect general browsing and/or usage data from individuals who visit the Sites; however, all such data are fully anonymized for internal research purposes. In this activity, QualSights acts as a data controller; and we process these data on the basis of our legitimate interests in understanding and improving our services.
In addition, we reserve the right to use certain information (e.g. IP addresses) that may be collected in order to identify a visitor when we feel it is necessary to enforce compliance with our Terms or to: (i) fulfill a government request; (ii) conform with the requirements of the law or legal process; (iii) protect or defend our legal rights or property, our Site, or other users; or (iv) in an emergency to protect the health and safety of our Site users or the general public.
C. Research Participant Data:
Depending on the options selected by a customer, the personal data that may be collected by a customer using our platform may include the following: names, age information, geographic information (e.g. city, country) and other account-related information (e.g. telephone number, email address). In addition, the service may capture audio recordings, photographs, screen captures, video recordings (including faces), survey responses and written comments. And the service tracks a limited amount of information to verify which activities a research participant has completed during a research session. Further, the platform can be configured by our customers to substitute a unique identifier (a number or alphanumeric code) for account information. We refer these data collectively as “Participant Personal Data”.
We process Participant Personal Data based on the express consent of research participants and as required in order to fulfil our contractual obligations with our customers. We may also use Participant Personal Data to communicate directly with research participants, if requested or necessary.
We also process Participant Personal Data in accordance with our “Do Not Sell” policy statement (see https://www.qualsights.com/do-not-sell/).
We may use the following types of cookies on the Sites:
You can change your Internet browsers’ preferences (whether computer or mobile device) to disable or delete non-necessary cookies, although that may affect certain functions on the Sites. To learn how to manage your cookies, please follow the instructions from your specific browser. If you wish to opt out of any cookies on our Sites, and need additional assistance, please contact us.
7. Third Parties with Whom We May Share Personal Data
In addition to the sharing of the personal data of Research Participants with applicable Customers, by necessity, QualSights may share certain personal data with third party service partners which are under contract with us and which perform Site-related functions on our behalf. These service partners are sub-processors under the GDPR; and they include certain cloud-based service providers (listed below) which provide aspects of the Sites’ functionality (e.g. cloud-based application hosting, cloud-based storage).
We share data with our service partners on the basis of our users’ express consent and our legitimate interests in operating our business. We maintain written contracts with these third parties and require that these third parties provide at least the same level of privacy protection and security as required by the Privacy Shield Principles.
In addition, please understand that these disclosures are to third parties which are providing services to QualSights, in connection with the operation of our business, and we will only make such disclosures as are consistent with the purpose for which the personal information was collected. To the extent provided by the Privacy Shield Principles, QualSights remains responsible and liable under the Privacy Shield Principles if a third-party that it engages to process personal information on its behalf does so in a manner inconsistent with the Privacy Shield Principles, unless Qualsights proves that it is not responsible for the matter giving rise to the damage.
Third Party Service Partners include: Microsoft Azure, Amazon Web Services, Digital Ocean, Google Cloud, IBM Cloud, VoiceBase, Rev, GoTranscript.
In addition, we may now or in the future allow or facilitate payment processing functions via our Sites. QualSights has no access to, and does not retain or record, any payment processing information.
8. Measures Adopted by QualSights to Protect Privacy Interests
A. Data Mapping; and Data Protection by Design and Default:
We build data maps to ensure that we understand what personal data may be collected via our Sites and how it may flow through our services. We have adopted internal policies that require us to prioritize privacy concerns in the design phase of all new features for our platform. And (when we are the data collector) we only collect and process those data that we need to perform the processing that we have disclosed to research participants.
B. Data Minimization; Data Disposal:
Where possible, we minimize the personal data being processed. And we have adopted policies that require us to delete or anonymize all data that are no longer required for research purposes.
C. Security of Data and Processing:
We have implemented technical and organizational measures that are designed to limit access to personal data to authorized individuals (either our team or customer representatives, as applicable), including multiple levels of authorization, audit trails, security monitoring tools, and procedures designed to limit and remove access when no longer required.
We have also implemented data security technologies designed to preserve the security of all data collected and/or processed on our platform, including encryption for all such data in transit, and also encryption of sensitive data at rest within our platform.
We have also implemented technological and administrative controls designed to prevent the loss or corruption of data.
9. Other Terms
A. Geographic Aspects of our Privacy Practices; International Transfer:
QualSights is based in Chicago, IL, USA; we have significant operations in India; and we serve customers and research participants who are located throughout the world. Please be aware that your personal data may be transferred to, and be processed in, countries other than the country in which you are a resident. These countries may have data protection laws that are different to the laws of your country.
Further, please understand that elements of our service platform (including servers) are located in the United States, Europe and Asia, and our third-party service providers (including cloud service providers and partners) operate around the world. This means that when we collect personal information, we or our customers may process it in foreign jurisdictions.
We have implemented measures (including Privacy Shield certification) to assure that transfers of data between us and our customers are compliant with applicable laws. If you have concerns, please contact us.
B. Transfer of Assets:
As we continue to develop our business, we may sell or purchase assets. If another entity acquires us or acquires all (or substantially all) of our assets, the personal data in our platform will be transferred to and used by this acquiring entity. Also, if any bankruptcy or reorganization proceeding is brought by or against us, all such information may be considered an asset of ours and as such may be sold or transferred to third parties.
C. Children, Parental Consent, and Privacy:
The Sites are not directed toward individuals under age 18; we do not knowingly collect information from anyone under age 18 (a “Minor”); and if we find out that we have collected information from a minor under age 18, we will delete that information immediately.
The only exception to the preceding statement may arise if a parent voluntarily consents to the participation of a Minor (child) in a research study. In such circumstances the parent will be deemed to have provided express and informed consent to the participation of such Minor in such capacity; such parent is responsible for communicating with QualSights about the interests of such Minor; and the parent must remain with the Minor at all times that the Minor participates in the relevant project. In no event may a Minor create an account or use the Sites on an individual basis.
D. Third Party Sites and Links:
We are not responsible for the privacy practices and/or security practices employed by any third-party website or service, including but not limited to any such sites or services that may be linked to or referred to in any way on the Sites.
E. Do Not Track:
The Site itself may not respond to web browser-based “do not track” signals.
F. Biometric ID Processing:
QualSights does not use any technologies (e.g. face recognition) that are designed to identify an individual based on data (e.g. photogaphs) collected/processed by the system, and we prohibit our customers from doing so as well.
G. Legally Required Disclosures, Investigatory Power of FTC:
Notwithstanding anything herein to the contrary, we reserve the right to disclose any personal data if we are required to do so by law, in order to assert or defend copyright or other intellectual property infringement claims, or if we believe that such action is necessary to: (1) fulfill a government request; (2) conform with the requirements of the law or legal process; (3) protect or defend our legal rights or property, our Sites, or other users; or (4) in an emergency to protect the health and safety of our Sites’ users or the general public.
In addition, QualSights and the Sites are fully subject to the investigatory and enforcement power of the Federal Trade Commission (FTC).
10.Dispute Resolution; Binding Arbitration
If a Claim relates to a Privacy Shield principle, and the Claim is not resolved by QualSights to the satisfaction of the individual who submitted the Claim, and the Claim is not otherwise resolved by any other Privacy Shield mechanism, then the individual may initiate binding arbitration under provisons of Annex I to the Privacy Shield. Annex I is available at: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
10. Contact Information
We will respond to your request and, if applicable and appropriate, make the requested changes as soon as reasonably practicable. Please note that fulfilling certain requests may have an impact on your use of the Sites.