SHG Privacy Notice
Last Updated: October 4, 2019
Universal Survey Center, Inc., d/b/a SurveyHealthcareGlobus/OpinionSite/OMR Globus, ("SHG”) has adopted this Privacy Notice ("Notice") to establish and maintain an adequate level of Personal Data privacy protection. This Notice applies to the processing of Personal Data that SHG obtains from its Customers.
|Notice for Residents of the European Union and Switzerland
SHG complies with the General Data Protection Regulation (GDPR), the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of Personal Data transferred from the European Union and Switzerland to the United States, respectively.
SHG has certified to the Department of Commerce that it adheres to the Privacy Shield Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, and recourse, enforcement and liability for personal data submitted by our Customers in Switzerland and in participating European Union countries and our Privacy Shield certification is available here. We may also process personal data our Customers submit relating to individuals in Switzerland and in the EU via other compliance mechanisms, including data processing agreements based on the EU Standard Contractual Clauses.
If there is any conflict between the terms in this privacy notice and the GDPR or the Privacy Shield Privacy Principles, the GDPR and the Privacy Shield Privacy Principles shall govern. SHG acknowledges that as a participant in the Privacy Shield Framework we are under the enforcement authority of the Federal Trade Commission.
To learn more about the Privacy Shield program, please visit https://www.privacyshield.gov/.
Capitalized terms are defined in Section XV of this Notice.
This Notice applies to the processing of SHG Customer Personal Data that SHG transfers to and stores in the United States.
We're committed to helping you understand how we manage and protect the information we collect. We take privacy seriously and have taken many steps to help safeguard the information we collect from you.
II. RESPONSIBILITIES AND MANAGEMENT
|SHG has designated the Privacy Department to oversee its information security program, including its compliance with the Privacy Shield program. The Privacy Department shall review and approve any material changes to this program as necessary. Any questions, concerns, or comments regarding this Notice also may be directed to email@example.com.|
SHG will maintain, monitor, test, and upgrade information security policies, practices, and systems to assist in protecting the Personal Data that it collects. SHG personnel will receive training, as applicable, to effectively implement this Notice. Please refer to Section VIII for a discussion of the steps that SHG has undertaken to protect Personal Data.
III. RENEWAL / VERIFICATION
SHG will renew its Privacy Shield certification annually, unless it subsequently determines that it no longer needs such certification or if it employs a different adequacy mechanism.
Prior to the re-certification, SHG will conduct an in-house verification to ensure that its attestations and assertions with regard to its treatment of Customer Personal Data are accurate and that the company has appropriately implemented these practices. Specifically, as part of the verification process, SHG will undertake the following:
SHG will prepare an internal verification statement on an annual basis.
IV. PURPOSES OF DATA PROCESSING, LEGAL BASES AND AUTOMATED DECISIONS
SHG provides research solutions to its Customers, which are predominantly business customers, although individuals are not restricted from purchasing such products nor supplying SHG with research support services. SHG collects Personal Data from Customers when they purchase our products, supply research support services, register with our website, request information from us, or otherwise communicate with us. For example, SHG Customers may choose to seek support via email communication.
|The Personal Data that we collect may vary based on the Customer's interaction with SHG. As a general matter, SHG collects the following types of Personal Data from its Customers: contact information, including a contact person's name, work email address, work mailing address, work telephone number, title, billing/bank details, Tax Identification Number, company name and IP address.|
SHG uses Personal Data that it collects directly from its Customers indirectly in its role as a service provider for the following business purposes, without limitation:
(1) maintaining and supporting its products, delivering and providing the requested products/services, and complying with its contractual obligations related thereto (including managing transactions, reporting, invoices and other operations related to providing/receiving services to/from a Customer);
(2) satisfying governmental reporting, tax, and other requirements;
(3) storing and processing data, including Personal Data, in computer databases and servers located in the United States;
(4) verifying identity (e.g., for online access to accounts);
(5) as requested by the Customer;
(6) for other business-related purposes permitted or required under applicable local law and regulation; and (7) as otherwise required by law.
|Our legal bases for the processing of your personal data are: 1) your consent and/or 2) any other applicable legal bases, such as our legitimate interest in engaging in commerce and offering products and services of value to our customers.We reserve the right to make automated decisions, including using machine learning algorithms, about our customers and website visitors in order to optimize the products and services offered and/or delivered.|
V. CHOICE WITH RESPECT TO USES AND DISCLOSURES OF PERSONAL DATA
SHG recognizes that EU individuals have the right to limit the use and disclosure of their Personal Data, and we are committed to respecting those rights. We offer individuals the opportunity to opt out of disclosures of Personal Data to a third party or the use of Personal Data for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individual. We will comply with the GDPR with respect to disclosures of Sensitive Data including, when applicable, obtaining the explicit consent (i.e., opt in consent) of an individual prior to disclosing Sensitive Data to a third party or using Sensitive Data for purposes other than those for which it was originally collected or subsequently authorized by the individual.
VI. DISCLOSURES / ONWARD TRANSFERS OF PERSONAL DATA
SHG is potentially liable in cases of onward transfers of Personal Data to third parties, such as when third parties that act as agents on our behalf process Personal Data in a manner inconsistent with applicable data protection regulations. . We will ensure that any third party to which we disclose Personal Data provides the same level of privacy protection as is required by the applicable data protection regulations and agrees in writing to provide an adequate level of privacy protection. Except as otherwise provided herein, SHG discloses Personal Data only to third parties who reasonably need to know such data. Such recipients must agree to abide by confidentiality obligations.
|SHG may provide Personal Data to third parties and our agents, consultants, and contractors to perform tasks on behalf of and under our instructions.For example, disclosure may occur to our third parties and agents, consultants and contractors who may include, but are not limited to: Market Research Survey Scripting and Hosting platforms, credit checking entities, auditors and taxing authorities.
We may provide Personal Data to such third parties for the following purposes, without limitation: survey reporting, credit checks, auditing purposes and governmental reporting, tax, and other requirements.
Such third parties must agree to use such Personal Data only for the purposes for which they have been engaged by SHG and they must either: (1) comply with the GDPR, the Privacy Shield principles, or another mechanism permitted by the applicable European data protection law(s) for transfers and processing of Personal Data; or (2) agree to provide adequate protections for the Personal Data that are no less protective than those set out in this Notice.
SHG also may disclose Personal Data for other purposes or to other third parties when a Data Subject has consented to or requested such disclosure or under the following circumstances:
Please be aware that in rare situations, it may be necessary disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
VII. DATA INTEGRITY, PURPOSE LIMITATION AND RETENTION
SHG shall not process Personal Data in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the individual. To that end, SHG will take reasonable steps to ensure that Personal Data is reliable for its intended use, accurate, complete, and current. SHG uses reasonable efforts to maintain the accuracy and integrity of Personal Data and to update it as appropriate.
|We will retain your information for as long as your account is active and for at least twenty-four (24) months thereafter to allow you to re-activate your account without loss of data. We will also retain your information as necessary to comply with our legal obligations, resolve disputes and enforce our agreements.|
VIII. DATA SECURITY
SHG has implemented physical and technical safeguards to protect Personal Data from loss, misuse, and unauthorized access, disclosure, alternation, or destruction. For example, electronically stored Personal Data is stored on a secure network with firewall protection, and access to SHG's electronic information systems requires user authentication via password or similar means. SHG also employs access restrictions, limiting the scope of employees who have access to Customer Personal Data. Further, SHG uses secure encryption technology to protect certain categories of personal data.
Despite these precautions, no data security safeguards guarantee 100% security all of the time.
SHG notifies Customers about its adherence to GDPR and other applicable data protection regulations, as well as the Privacy Shield principles, through its publicly posted website privacy notice, available at https://www.surveyhealthcareglobus.com/privacy-policy/
X. PERSONNEL ACCESS OF PERSONAL DATA
SHG personnel may access and use Personal Data only if they are authorized to do so and only for the purpose for which they are authorized.
XI. RIGHT TO ACCESS, CHANGE OR DELETE PERSONAL DATA
Access, Rectification and Erasure.
Customers (Data Subjects) have the right to obtain confirmation about whether Personal Data is included about them in our databases. Upon request, SHG will provide an individual access to his or her Personal Data within the time frame dictated by the applicable data protection regulations. .
SHG will permit an individual to know what Personal Data about them is included in our databases and to ensure that such Personal Data is accurate and relevant for the purposes for which SHG collected the Personal Data.
Customers may review their own Personal Data stored in the databases and correct, update, modify, or delete any data that is incorrect or incomplete.
Your right to access your Personal Data may be restricted in exceptional circumstances, including, but not limited to, when the burden or expense of providing this access would be disproportionate to the risks to your privacy in the case in question, or where the rights of persons other than you would be violated by the provision of such access. If we determine that your access should be restricted in a particular instance, we will provide you with an explanation of our determination and respond to any inquiries you may have.
|Customers may access their Personal Data by contacting SHG by phone or email at the contact information below. In making modifications to their Personal Data, Data Subjects must provide only truthful, complete, and accurate information.To request deletion of Personal Data, you should submit a written request to:
Via Postal Mail:
You may object, at any time, to your Personal Data being processed for a specific purpose.
Restriction of Processing.
You may restrict processing of your Personal Data for certain reasons, such as, for example if you consider your Personal Data collected by us to be inaccurate or you have objected to the processing and the existence of legitimate grounds for processing is still under consideration.
You may request the Personal Data you provided to us in a commonly used and machine-readable form.
Right to Withdraw Consent
You have the right to withdraw your consent at any time, without affecting the lawfulness of our processing based on such consent before it was withdrawn, including processing related to existing contracts for our Services. ‘
Requests for Personal Data.
SHG will track each of the following and will provide notice to the appropriate parties under law and contract when either of the following circumstances arise: (a) legally binding request for disclosure of the Personal Data by a law enforcement authority unless prohibited by law or regulation; or (b) requests received from the Data Subject.
XII. CHANGES TO THIS NOTICE
This Notice may be amended from time to time, consistent with the Privacy Shield Principles and applicable data protection and privacy laws and principles.. We will notify Customers if we make changes that materially affect the way we handle Personal Data previously collected, and we will allow them to choose whether their Personal Data may be used in any materially different manner.
XIII. QUESTIONS OR COMPLAINTS
|Customers may contact SHG with questions, concerns, or complaints concerning our privacy practices or this Privacy Notice at the following addresses:
Via Postal Mail:
Our data protection representative for the European Union is: Antonio Tropea, Managing Director - Europe, Survey Healthcare Limited, Citypoint Building, 9th Fl, 1 Ropemaker Street, London EC2Y 9HT, United Kingdom. Attention: Antonio.Tropea@surveyhealthcareglobus.com.
XIV. ENFORCEMENT AND DISPUTE RESOLUTION
We commit to resolving individuals’ complaints related to our privacy practices or our collection, or use, or disclosure of Personal Data. An individual may file a privacy complaint by contacting us at our contact information in Section XI. Further, individuals with questions or concerns about the use or disclosure of their Personal Data should contact us as outlined in Section XIII.
SHG acknowledges that as a participant in the Privacy Shield Framework we are under the enforcement authority of the Federal Trade Commission.
If an individual’s complaint cannot be satisfied through our internal complaint process, the individual may bring a complaint before the INSIGHTS ASSOCIATION PRIVACY SHIELD PROGRAM, a non-profit alternative dispute resolution provider located in the United States and operated by the Insights Association. The INSIGHTS ASSOCIATION PRIVACY SHIELD PROGRAM is designed to handle eligible complaints brought by Swiss and EU citizens about Privacy Shield Principles. If you have any complaints regarding our compliance with the Privacy Shield Framework you should first contact us (as provided above).
If contacting us does not resolve your complaint or you do not receive timely acknowledgement of your complaint, please visit the INSIGHTS ASSOCIATION PRIVACY SHIELD PROGRAM website at http://www.insightsassociation.org/get-support/privacy-shield-program/privacy-shield-eu-swiss-citizens-file-complaint for more information and to file a complaint. We will cooperate with the independent dispute resolution mechanism to resolve any complaint that is not resolved through our internal processes. Please note that if an individual’s complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.
Capitalized terms in this Privacy Notice have the following meanings:
"Customer" means a prospective, current, or former partner, vendor, supplier, customer, or client of SHG. The term also shall include any individual agent, employee, representative, customer, or client of an SHG Customer where SHG has obtained his or her Personal Data from such Customer as part of its business relationship with the Customer.
"Data Subject" means an identified or identifiable natural living person in the European Union. An identifiable person is one who can be identified, directly or indirectly, by reference to a name, or to one or more factors unique to his or her personal physical, psychological, mental, economic, cultural or social characteristics.
"Employee" means an employee (whether temporary, permanent, part-time, or contract), former employee, independent contractor, or job applicant of SHG or any of its affiliates or subsidiaries.
"Europe" or "European" refers to a country in the European Economic Area.
"Personal Data" as defined under Regulation (EU) 2016/679, the General Data Protection Regulation means any and all data (regardless of format) that (i) identifies or can be used to identify, contact or locate a natural person, or (ii) pertains in any way to an identified natural person. Personal Data includes obvious identifiers (such as names, addresses, email addresses, phone numbers and identification numbers) as well as biometric data, “personal data” (as defined in the GDPR), and any and all information about an individual’s computer or mobile device or technology usage, including (for example and without limitation) IP address, MAC address, unique device identifiers, unique identifiers set in cookies, and any information passively captured about a person’s online activities, browsing, application or hotspot usage or device location.
“Sensitive Data” is a subset of Personal Data which due to its nature has been classified by law as deserving additional privacy and security protections. Sensitive Personal Data consists of: (i) all government-issued identification numbers, (ii) all financial account numbers (including payment card information and health insurance numbers), (iii) individual medical records, genetic and biometric information, (iv) user account credentials, such as usernames, passwords, security questions/answers and other password recovery data, (v) data elements that constitute Special Categories of Data under the GDPR, namely EEA Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation, and (vi) any other Personal Data designated by SHG as Sensitive Personal Data.
FOR CALIFORNIA RESIDENTS
This PRIVACY STATEMENT FOR CALIFORNIA RESIDENTS supplements the information contained in the Privacy Notice of Universal Survey Center, Inc., d/b/a d/b/a SurveyHealthcareGlobus/OpinionSite/OMR Globus ("SHG"). We adopt this statement to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and other California privacy laws. Any terms defined in the CCPA have the same meaning when used in this statement.
Information which we collect
You can review the types of Personal Information which we collect in our Privacy Notice which precedes this statement, as well as in the chart below.
|A. Identifiers.||A real name, postal address, unique personal identifier, Internet Protocol address, email address, or other similar identifiers.||YES|
|B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).||A name, address, telephone number. Some personal information included in this category may overlap with other categories.||YES|
|D. Commercial Information||Records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||YES|
|F. Internet or other similar network activity.||Browsing history, search history, information on a consumer's interaction with a website.||YES|
|G. Geolocation data.||Physical location or movements.||YES|
|I. Professional or employment-related information.||Occupation, employer information.||YES|
Use of your Personal Information
SHG uses Personal Information that it collects directly from its Customers indirectly in its role as a service provider for the following business purposes, without limitation:
Sharing Personal Information
We may disclose your Personal Information to a third party for a business purpose. When we disclose Personal Information for a business purpose, we enter into a contract that describes the purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except performing the contract.
We disclose your Personal Information for a business purpose to the following categories of third parties:
In the preceding twelve (12) months, we have disclosed the following categories of Personal Information for a business purpose:
Your Rights and Choices
Pursuant to the CCPA and subject to certain exceptions and limitations, California residents may contact us to exercise their rights with respect to certain Personal Information that we hold about them.
To the extent these rights may apply to you, they are described below.
Right to Know About Personal Information Collected, Disclosed, or Sold
You have the right to request that we provide you with details about the Personal Information we collect, use, disclose and sell.
Via Postal Mail:
Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable request related to your Personal Information.
As part of this process, we may ask to verify your identity. Your request must
We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. Making a verifiable request does not require you to create an account with us. We will only use Personal Information provided in a verifiable request to verify your identity or authority to make the request.
You are entitled to receive the following
Because we have disclosed or sold (as those words are defined in the CCPA) Personal Information to third parties in the last 12 months, you are also entitled to receive:
Right to Request Deletion of Personal Information
You have the right to request deletion of the Personal Information we have collected about you (subject to some exceptions). You can submit your request as described above, and we reserve the right to conduct the verification described above.
We may deny your deletion request if retaining the information is necessary for us or our service providers to:
Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Rights
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
Right to Opt-Out of Sale of Personal Information
You have the right to opt-out of the sale of your Personal Information. You can submit a request by clicking here You can also submit a request via the methods noted below:
Via Postal Mail:
Response Timing and Format
We endeavor to respond to a verifiable request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.
We will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding receipt of a verifiable request. The response we provide will also explain the reasons we cannot comply with a verifiable request, if applicable.
We do not charge a fee to process or respond to your verifiable request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Changes to this Notice
This Notice may be amended from time to time, consistent with applicable data protection and privacy laws and principles. We will notify Customers if we make changes that materially affect the way we handle Personal Information previously collected, and we will allow them to choose whether their Personal Information may be used in any materially different manner.
If you have any questions or comments about this notice, the ways in which we collect and use your personal information, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:
|Via Email: firstname.lastname@example.org
Via Postal Mail: