LAST REVISION UPDATE:
August 24, 2018
SERVICES COVERED BY THIS POLICY
EU – U.S. PRIVACY SHIELD AND SWISS – U.S. PRIVACY SHIELD COMPLIANT
- Respondents participating in our research studies through phone and emails for the purpose of primary market research.
- Clients who engage Grail Insights for research studies
- Website visitors
- Experts and other participants who participate in qualitative studies
- Other users
To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov
AFFILIATE, PARTNER AND THIRD-PARTY WEB SITES
RESEARCH INVITATIONS & REQUESTS
We contact potential respondents via calls or emails only if they meet specific research requirements such as one or more of the followings:
PURPOSE OF COLLECTION OF PERSONAL INFORMATION
- You recently purchased from or were contacted by one of our clients during a recent event/seminar/conference
- You have given permission to a company to supply your details to a third party for research purposes.
- You have taken part in previous research administered by Grail Insights and given us your permission to contact you in the future for research purposes.
“Personal Data" is any information that relates to you and that identifies you either directly from that information or indirectly, by reference to other information that we have access to.
How we use your personal data will depend on which Services you use and how you use those Services. We process your personal data only when we have a lawful basis. Presently, we use the Performance of Contract (i.e. to deliver the services to our customers) and legitimate interest as the lawful basis for processing. For certain processing, we may also use consent as a lawful basis provided under the Data Protection Regulations.
Where you have consented to a particular processing, you have a right to withdraw the consent at any time. When we use legitimate interest for processing, you may object to such processing.
WHAT PERSONAL INFORMATION GRAIL INSIGHTS ACTIVELY COLLECTS
A. Personal Data Collected from Respondents
- As a Respondent, you provide data to us for processing during the research study. We will disclose to you the nature of the research or how the data will be used. Where the research is for a client (also called customer) of ours, we will disclose the name of our client.
- The information we collect can contain your personal opinions as well as personal data such as name, address, postcode, gender (optional), occupation, age (optional), email address, telephone number etc.
- We record and retain our voice calls with you for regulatory purposes as evidence of consents.
- Where relevant to the research being undertaken, we may collect business contact information, such as, company name, job title, and department.
- When participating in focused groups or similar studies, we may collect video recordings for analysis purposes.
- In addition, for online surveys we will record your IP address and other basic metrics.
Your responses will be treated as confidential unless you consent to being identified.
B. Data from Social Media and Business Directories
- We build our respondent database in order to serve our customers. We collect data such as respondent’s Full Name, Business Phone, Company, Job Title and other demographic information.
- Grail insights may receive your publicly available data from sources other than from you, such as Social Media sites.
- As part of serving our clients or for business development purposes, we collect or receive data from well known business and consumer directories.
C. Other Users and website visitors.
- When you enquire about our products and services, we collect and store this data to communicate with you and respond to your enquiry.
- When you choose to register with our Site for newsletters or white papers, we may collect Personal Information that includes, but is not limited to, your name, position or role, company name, physical mailing address, your email address, and phone number(s).
- When you attend trade shows, conferences or other events, we may collect Personal Information that includes, but is not limited to, your name, position or role, company, address, email address, work address, and phone numbers.
- When you visit the careers section of the website or register your interest in working for us, you may be asked to provide your email address, residence, education, work experience and other similar information.
D. Sensitive Data
- We do not collect any sensitive data (Example health data, religion etc) as Data Controllers. We may receive this information from our clients or collect this data on behalf of our clients for the research studies.
WHAT PERSONAL INFORMATION GRAIL INSIGHTS PASSIVELY COLLECTS: COOKIES AND OTHER TECHNOLOGIES
This Site, Grail Insights’ online services, applications, platforms, email messages, and advertisements, if any, may use "cookies" and other technologies to collect information about you. A cookie is a small data file stored on the web browser on your computer’s hard drive. A cookie associates the identification numbers built into the cookie with information about you that you have provided to us. This association allows us to recognize you when you arrive at our web site. Other technologies tell us where on our website you have visited, counts how many users visited certain web pages within our web site, and measures the effectiveness of advertisements, if any, and web searches
HOW WE USE THE PERSONAL INFORMATION
A. Research Activities
We use your personal information for carrying out research studies for client projects or for internal studies. We only process respondent data for the purposes of the market research surveys. If we initially collected your information for phone survey, we may use this data for future online surveys and vice versa.
Additionally, we use your data for the following purposes
- To invite you via phone or email to participate in research
- To conduct research with you
- To validate answers/views you gave in a recent research we conducted
- To update and to ensure that our records of your personal information are correct
- To provide you incentives for taking part in surveys.
- To provide support when you contact us.
B. Aggregated Research Analysis and Insights
The personal data we collect is also combined with the responses/views/opinions of others who participated in the same research for analysis. Such analysis is reported back anonymously to the client that commissioned the study.
All of your survey responses are treated as confidential. We will never intentionally disclose your personal information or individual survey responses to the client that commissioned the study or any third parties unless you consent to sharing your personal data and/or individual responses
C. Periodic Newsletters and Marketing Materials
We may send you marketing / promotional materials. You may choose to restrict the collection or use of your personal information.
DISCLOSURE OF PERSONAL INFORMATION
While we aim to limit the sharing of your data, at times, it is necessary to share your data with certain service providers. The following categories of recipient will most likely receive your data in order for us to provide services to you
Accountability for Onward Transfer (Transfers to Third Parties):
- Data Hosting services such as Azure
- Data Archiving vendors – Iron Mountain
- IT Infrastructure, storage and backup services provided by our Affiliate Company Integreon
- Third party survey hosting platforms such as Confirmit, Survey Monkey
- Email marketing platforms such as Mailchimp
- Telemarketing vendors for marketing activities
- Data visualisation tools such as Marketsight
- Third party market research companies
- From time to time we may employ other companies and individuals to perform functions on our behalf. They will have access to the personal information needed to perform their functions, but will not use it for other purposes.
- Processing of prizes/incentives from the result may result in your contact details being passed onto a third party i.e. Amazon etc
- Affiliates: Grail Insights may share any or all of your Personal Information with and among its affiliated or related entities, including Grail Insights affiliates located in the EU and elsewhere.
If Grail Insights transfers information to a third party that is acting as its agent, Grail Insights will require the third party to have adequate privacy protection as is required by the relevant Privacy Shield Principles or under other Data Protection laws. With respect to onward transfers, Grail Insights remains liable under the Principles if its agent processes personal information in a manner inconsistent with the Principles, unless Grail Insights proves that it is not responsible for the event giving rise to the damage.
Grail Insights may, if required by law, legal process, litigation and/or requests from public or governmental authorities, disclose your Personal Information. We may also disclose Personal Information about you if we determine, in good faith and in our sole discretion, that such disclosure is necessary for purposes of national security, law enforcement, the prevention of a crime, or other issues of public importance. We may also disclose Personal Information about you if we determine, in our sole discretion, that it is reasonably necessary to enforce the T&Cs, or to protect our operations or users. Additionally, in the event of a corporate reorganization, merger or acquisition, or sale, we may transfer any and all Personal Information we collect to a relevant third party.
HOW YOU CONTROL THE USE OF YOUR PERSONAL INFORMATION
There may be times that you wish to access your Personal Information. Grail Insights makes commercially reasonable efforts to provide you with access to your Personal Information so you can instruct us to correct or update the Personal Information if it is inaccurate, or delete your Personal Information if Grail Insights is not required to retain it by law or for a legitimate business purpose. To receive a copy of your Personal Information, or to provide instructions to us on what you want corrected or updated, send us an e-mail at firstname.lastname@example.org
You can additionally contact us at email@example.com
regarding exercising the following rights.
- Change or Correct Data: You can also ask us to change, update or fix your data in certain cases, particularly if it’s inaccurate.
- Delete Data: You can ask us to erase or delete all or some of your personal data
- Object to, or Limit or Restrict, Use of Data: You can ask us to stop using all or some of your personal data (e.g. if we have no legal right to keep using it) or to limit our use of it (e.g. if your personal data is inaccurate or unlawfully held).
- Right to Access and/or Take Your Data: You can ask us for a copy of your personal data and can ask for a copy of personal data you provided in machine readable form.
In the event you decide that you want to opt out from Grail Insights’ use of your Personal Information that you previously provided to Grail Insights, you may opt out of our use of your Personal Information by contacting us at firstname.lastname@example.org
INTEGRITY AND INFORMATION SECURITY MEASURES
While Grail Insights endeavors to protect your Personal Information, we cannot warrant the security of any Personal Information, and ultimately you provide your Personal Information to us at your own risk. Grail Insights uses commercially reasonable efforts and security practices to safeguard your Personal Information, and employs security measures designed to protect your Personal Information from access by unauthorized persons. Some of those measures include, but may not be limited to, encryption, firewalls, physical access controls, restricted access to data, monitoring for threats and vulnerabilities and use of Secure Socket Layers (SSL).
DATA RETENTION POLICY
Survey Respondent’s personal information (other than survey responses) is retained for a period of two years from the date of collection or the date of last contact, whichever is later. If you choose to have your information deleted or opt out from future surveys, then we will delete all information except limited information necessary to avoid contacting you again.
Survey responses and personal information contained in files received from clients are retained as per customer contracts or as per Grail Insights retention policy.
CROSS BORDER DATA TRANSFER
Since we are a global company, your data may be processed outside of the EU region. Some countries where we process data may not have as protective laws as your own country and there are risks associated with such transfer. You agree to the cross border transfer of your data to countries outside of EU region. Where applicable, Eu – U.S. Privacy Shield And Swiss – U.S. Privacy Shield may be used to meet cross border transfers requirements. In the absence of this, Standard Contract Clauses are in place for cross border transfers
This web site is not intended for use by children. Grail Insights does not knowingly solicit or collect Personal Information from children under the age of 18. If you are under the age of 18, you must obtain the consent of your parent or guardian to use this Web Site. Grail Insights encourages parents and guardians to take an active role in their children’s online activities and interests.
INQUIRIES AND COMPLAINTS
Grail Insights has further committed to refer unresolved privacy complaints to an independent dispute resolution mechanism operated by the International Centre for Dispute Resolution (“ICDR”), the international division of the American Arbitration Association (“AAA”). If you do not receive timely acknowledgment of your complaint or if your complaint is not satisfactorily addressed by Grail Insights, then please visit http://info.adr.org/safeharbor
for more information or to file a complaint. The services of ICDR/AAA are provided at no cost to you. You may have the ability, under certain conditions, to invoke binding arbitration with a Privacy Shield Panel for complaints regarding Grail Insight’s Privacy Shield compliance not resolved by any of the other Privacy Shield mechanisms. For additional information regarding this arbitration, please visit: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
If you have questions or complaints regarding this policy, you may contact us through email at email@example.com
. You may contact us at our mailing address below:
Floor | Tower B | Tech Boulevard | Sector 127 | Noida | India | 201301
If you are a resident of the European Economic Area and we maintain your personal data within the scope of the General Data Protection Regulation (GDPR), you have additional rights. If you are not satisfied with the resolution, you can also lodge a complaint with the Supervisory Authority in the country of your residence.