Great Blue Privacy Policy

Effective Date: _________, 2018

This privacy policy (“Policy”) is posted by Great Blue Research, Inc. (“we,” “us,” “our,” or “Great Blue”), and governs the use of greatblueresearch.com, including all webpages hosted under that domain name (the “Site”), as well as research services (the “Services”) provided by Great Blue to our clients (“you,” “your,” or “Client”).

This Privacy Policy describes:

  • how we collect, use, transfer, and store information of individuals who visit the Site or participate in the Services (“you,” “your,” or “Respondent”);
  • your choices regarding your information; and
  • how we ensure your privacy.

This Policy forms a binding agreement between you and Great Blue. Your continued use of the Site or the Services constitutes your freely given, specific, and informed consent and agreement to the collection and use of your personal information as described in this Policy.

 

Your Personal Information

As used in this Policy, “personal information” means any information relating to an individual that can be used, either on its own or in combination with other readily available information, to identify that individual.

Information You Actively Submit on the Site

In order to engage with us beyond visiting the Site, by inquiring about our Services for example, or by filling out a “Contact Us” form, you may be required to provide information such as your name, email address, or phone number. In such cases you know what information we collect, because you actively provide the information.

Information Collected Through Surveys

We also collect data through online surveys, phone or in-person interviews, and other research methods. We may collect demographic information, such as your profession, income levels, or gender, or information related to your health, including reasons for recent hospital or doctor visits. You may also have the option to answer open-ended questions and provide us with any information you choose.

When taking a survey, you should only provide responses to questions you are comfortable answering.

We also use third-party technology platforms for administering surveys where servers automatically recognize a Respondent’s domain name and IP addresses. No personal information about a Respondent is revealed to us in this process. We may also gather anonymous “traffic data” that does not personally identify a Respondent, but that may be helpful for improving the Services.

Information We Receive from Third Parties

We may also receive information, including personal information, from third parties who have previously collected such information from you. For example, we may receive information from Clients, or from third-party sampling companies, in order to request your participation in surveys. We do not receive or use such information unless we believe you have given your permission to share it with us.

Social Media Information

If you interact with us on social media, by liking our Facebook page or following us on Twitter, for example, we will have basic information about you available on those social media platforms. Any information collected via those platforms is also subject to those platforms’ privacy policies.

 

Cookies

We may also use “cookies,” small pieces of data placed on your computer which help us learn about your interaction with the Site. Specifically, Great Blue only uses session cookies, temporary cookies which help streamline your use of the Site and are deleted when your browser is closed.

Great Blue does not:

  • use any persistent cookies;
  • set any personal information in cookies;
  • allow any third-party cookies; or
  • employ any data capture mechanisms other than cookies.

You can choose whether to accept cookies by changing the settings on your browser. However, if you choose to disable this function, some features of the Site may not work as they were intended.

 

How We Use Your Information

How We Use Respondent Information

We report information gathered through surveys to our Clients. Except in the limited circumstances described in the “Sharing with Other Third Parties” section below, Great Blue does not disclose personal information to any third parties other than the Client who commissioned the survey.

We may also use information collected through surveys to contact you about opportunities to participate in future research. We do not use information of Respondents for marketing purposes.

How We Use Client Information

If you provide us with your name and contact information, we will use this information to answer your requests, to communicate with you regarding the Services, and to inform you about new products and services, unless and until you opt out of marketing information.

We also use your information to operate, evaluate and improve our business, including by developing new products and services, enhancing and improving the existing Services, managing our communications, and analyzing our products.

If you receive newsletters or promotional emails from Great Blue, we may use web beacons, customized links, or similar technologies to determine whether the email has been opened and which links you click in order to provide you with more focused communications.

Sharing with Other Third Parties

Aside from the sharing discussed above, we may also share information associated with your name:

  • with your consent;
  • with third-party service providers, subject to confidentiality agreements;
  • as required by law;
  • to protect you, our business, or third parties from harm; or
  • in a reorganization or sale of our assets, subject to the acquirer accepting the commitments made in this Policy and in compliance with applicable law.

Legally Required Uses

We reserve the right to disclose your personal information as required by law or when we believe that disclosure is necessary to:

  • comply with a judicial proceeding, court order, or legal process;
  • protect our legal rights;
  • enforce our Terms of Use;
  • detect, prevent, or otherwise address fraud, security or technical issues;
  • conduct maintenance of our Services or equipment, as authorized by law; or
  • protect against imminent harm to the rights, property, or safety of users or the public.

 

Communications from Us

We will not send you any email communications, such as newsletters or emails to focus group panels, unless you have asked for them. If you would no longer like to receive such emails from us, you can follow the directions for unsubscribing contained in the emails.

 

Do Not Track Signals

Some browsers have a “do not track” feature that lets you tell websites you do not want to have your online activities tracked. Because there is no commonly accepted response for “do not track” signals initiated by browsers, we do not presently respond to them.

 

Third-Party Links

The Site may contain links to external websites. These are provided for your convenience only. We do not have control over the content or privacy practices of such third parties. We encourage you to review the privacy policies of such third parties before providing them with personal information.

 

Information Accuracy & Retention

We make efforts to ensure that personal information we receive or maintain is accurate and complete, but we rely on the accuracy of the information provided directly to us.

In general, we keep personal information as long as we need it to provide our Clients the Services they requested and/or purchased However, we reserve the right to retain personal information for any period required by law, or to comply with our legal obligations, resolve disputes, and enforce our agreements.

To determine the appropriate retention period for specific information, we consider:

  • the amount, nature, and sensitivity of the information;
  • the potential risk of harm from unauthorized use or disclosure of your information;
  • the purposes for which we process your information; and
  • whether we can achieve those purposes through other means, and the applicable legal requirements.

 

Security

Great Blue uses reasonable security measures to prevent loss, misuse, and alteration of information under our control. However, we cannot guarantee the security of information transmitted via telephone or the Internet. We rely on various security procedures and systems to ensure the secure storage and transmission of data, including secure file transfer protocol (“SFTP”) and authentication technology, to effect secure transmission and storage of personal information.

If we learn of a security breach, we may attempt to notify you by posting a notice on the Site, or by sending an email to you at an email address you have previously provided to us, so you can take appropriate protective steps.

 

Your Choices Regarding Your Information

You can choose whether your personal information is disclosed to a third party or used for a purpose that is materially different from the purpose(s) for which it was originally collected. To exercise your right to make such choices, please contact us at privacy@greatblueresearch.com or at the address below.

Attn: Rachel Mitchell

Great Blue Research, Inc.

You also have the right to access, correct, amend, or request deletion of the personal information we hold about you by contacting us at the addresses provided above, except where the burden or expense of providing such access would be disproportionate to the risks to your privacy, or where the rights of third parties would be violated.

To protect your privacy and security, Great Blue may also take reasonable steps to verify your identity before making corrections to or deleting your information. We will respond to your request for access to modify or delete your information within a reasonable timeframe.

In certain cases, deleting or limiting the use and disclosure of your personal information may impact the functionality or prevent the use of the Site or the Services.

 

Individuals in Europe

If you are visiting the Site or taking a survey online, and you are outside the United States, your communications with us will result in the transfer of information across international boundaries. By communicating electronically with us, you consent to such cross-border transfers.

Purposes of and Legal Bases for Processing

We may process your personal information for a number of purposes, including as described in the “How We Use Your Information” section above.

We will not process any personal information of individuals in the European Economic Area (“EEA”) collected by us or received from a third party unless we have a legal basis for doing so as prescribed by the General Data Protection Regulation (“GDPR”). Such legal bases include the following:

  • you have given your consent to our processing the personal information for a specific purpose;
  • processing of your information is necessary for the performance of a contract; and
  • processing is necessary for the purposes of the legitimate interests pursued by us or one of our Clients, which interests include the efficient and effective delivery of communications or Services you have requested from us.

In cases where the basis for our processing is the “legitimate interest” purpose, we will also carefully balance those interests against your fundamental rights and freedoms related to your Information.

Sharing with Third Parties

When transferring the personal information of EEA data subjects out of the EEA, we also enter into GDPR-compliant data protection agreements, as appropriate.

When we share the personal information of individuals in the EEA with third-party service providers and/or sub-processors, we will:

  • transfer such data only for limited and specified purposes;
  • ascertain that the sub-processor is obligated to provide at least the same level of privacy protection as is required by GDPR;
  • take reasonable and appropriate steps to ensure that the sub-processor effectively processes the personal information transferred in a manner consistent with the organization’s obligations under GDPR; and
  • upon notice, take reasonable and appropriate steps to stop and remediate unauthorized processing.

Dispute Resolution

We commit to resolve complaints about your privacy and our collection or use of your personal information. EEA individuals with inquiries or complaints regarding this Privacy Policy should first contact us as at the address provided above.

Aside from the dispute resolution mechanisms discussed below, individuals in the EEA also have the right lodge a complaint with the relevant supervisory authority.

Children

We do not collect personal information from children under 13 without parental consent. If we learn we have collected or received personal information from a child under 13 without parental consent, we will delete that information. If you believe we might have received information from or about a child under 13 without parental consent, please contact us at the address provided above.

 

Information we collect from children includes the information described in the “Your Personal Information” section above. Information collected from children is collected directly, through survey methods. We do not knowingly collect such information passively (for example, through cookies).

 

Information collected from children is used, and may be shared with third parties, as described in the “How We Use Your Information” section above.

 

We will never require a child to disclose more information than is reasonably necessary to participate in an activity. Parents may review their child’s personal information, request that we delete it, and refuse to allow any further collection or use of the child’s information. Parents may exercise these or any other rights by contacting us at the address provided above.

 

Your California Privacy Rights

California’s “Shine the Light” law, Civil Code section 1798.83, requires certain businesses to respond to requests from California customers asking about the disclosure of personal information to third parties for the third parties’ direct marketing purposes.

If you are a California resident and wish to obtain information about our compliance with this law, please contact us as described in the “Your Choices Regarding Your Information” section above. Requests must include “California Privacy Rights Request” in the first line of the description and include your name, street address, city, state, and ZIP code. Please note we are not required to respond to requests made by means other than the addresses provided herein.

Dispute Resolution

All disputes arising under this Policy shall be governed by and interpreted in accordance with the laws of Connecticut, without regard to principles of conflict of laws. The parties to this Policy will submit all disputes arising under this agreement to arbitration in Hartford, CT, before a single arbitrator of the American Arbitration Association (“AAA”).

The arbitrator shall be selected by application of the rules of the AAA, or by mutual agreement of the parties, except that such arbitrator shall be an attorney admitted to practice law in Connecticut. No party to this Policy will challenge the jurisdiction or venue provisions as provided in this section. Nothing contained herein shall prevent the party from obtaining an injunction.

Any arbitration or court trial related to any claim under this Policy, whether before a judge or jury or pursuant to judicial reference, will take place on an individual basis, without resort to any form of class or representative action. (“Class Action Waiver”).

THIS CLASS ACTION WAIVER PRECLUDES ANY PARTY FROM PARTICIPATING IN OR BEING REPRESENTED IN ANY CLASS OR REPRESENTATIVE ACTION REGARDING A CLAIM UNDER THIS POLICY.

Changes to Privacy Policy

We reserve the right to modify this Policy at any time. If we decide to change our Policy, we will prominently post those changes here and any other place we deem appropriate, so you are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. We will use information in accordance with the Policy as it was in effect at the time information was collected.