This privacy policy lets you know what happens to certain personal data that you provide to us, or that we may collect about you. This notice was last updated on July 28th 2022. We may update this privacy policy to reflect changes to the way we process your personal data. If we propose to make any material changes, we will notify you by means of a notice on this page.

This policy only applies to personal data processed by or on behalf of UserZoom. The type of data that we collect and how that data is processed may vary depending on your relationship to us as further indicated below. 

Who do we share your information with and where are they?

Your personal information may be shared with our processors. We may also share your data amongst the UserZoom group companies (as outlined above). We will have in place an agreement with each of these processors which will restrict how they are able to process your personal information and require them to keep it secure. We will never sell your personal data.

We may also share your personal information: (a) as required by law or legal process; (b) in response to lawful requests by public authorities, including to meet national security or law enforcement requirements or other requests; (c) to investigate suspected violations of any terms or policies applicable to our products or the services provided by us or our third party providers or affiliates; (d) where we reasonably conclude that it is necessary for defending, exercising or establishing our legal rights; (e) to investigate alleged or actual fraud, misrepresentation or other misconduct; (f) in connection with a prospective sale, merger, change of control, bankruptcy or similar transaction; and (g) to other third parties with your express consent. 

Third-party websites

The website (or the platform) may contain links to other websites or Internet resources. When you click on one of those links, you are contacting another website or Internet resource. We have no responsibility or liability for, or control over, those other websites or resources or their collection, use and disclosure of your information. We suggest that you read the privacy policy and terms of use of each such website.

Security

The security of your personal information is important to us. We have adopted appropriate technical and organisational measures and follow industry best practices in order to protect any personal data submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore we cannot guarantee its absolute security.

How long do we keep your information for?

We may only retain your personal information for the purposes set out in this policy and for as long as we have a legal or business requirement to do so. By law, different retention periods apply to different types of records and data, however the longest we will normally hold any personal data is 7 years from the date of your last interaction with us. 

Exercising your rights

You have the right to request that we: 

• Provide you with access to your personal information 
• Rectify or correct your personal information
• Erase your personal information
• Restrict processing of your personal information, including refraining from selling it or otherwise providing it to any third parties

You also have the right to lodge a complaint with the appropriate supervisory authority in your country if applicable, if you consider that we are in breach of our obligations under data protection laws. The foregoing rights may be subject to certain limitations pursuant to applicable law. You may request the exercise of these rights by sending an email to privacy@userzoom.com. Additionally, you may unsubscribe from marketing emails by clicking the ‘unsubscribe’ button in the footer of any of those emails.

We will respond to your request within 30 days, unless a faster response is required by law.

Sources of Personal Data

We collect information about you from several sources, which include third party providers or directly from you. Because information from several sources may be combined into one record, it may be difficult or impossible to identify the exact source of one particular piece of information. 

EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield

We adhere to the principles of the EU-U.S. and Swiss-U.S. Privacy Shield frameworks, although we do not rely on such frameworks as a legal basis for transfers of personal data in light of the judgment of the Court of Justice of the EU in Case C-311/18. If any personal data is transferred outside of the EEA, we will ensure that any such transfer of personal data is governed by an adequacy decision or an alternative valid mechanism for international data transfers, such as the Standard Contractual Clauses. 

We participate in and have certified our compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework.  We are committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles.  To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce’s Privacy Shield List. 

We are responsible for the processing of personal data we receive, under each Privacy Shield Framework, and subsequently transfer to a third party acting as an agent on its behalf.  We comply with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, we are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.  In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.

What personal data do we collect and why?

We collect information from you when you use the applicable self-service digital user testing and customer experience measurement solution(s) (the “Platform”), including to create studies, contact us by email or other means (i.e. any other ticketing function) or otherwise interact with us on other properties that we operate.

We may collect the following types of data from you: 

• Identity Data. This is information that helps us identify who you are, like your name, email address/userID and organisation or workgroup name.  
• Contact Data. This is information that details how we can contact you, like your email address, telephone number or postal address.
• Survey Data. This is any information which you upload to the Platform or which is generated through Studies carried out on the Platform, like study questions, responses and other data.
• Observed Data. This is information about your online browsing behaviour on the Platform, including information about any devices or applications you have used to access our services (including the make, model and operating system, IP address, general location, browser type and mobile device identifiers) or information about how and when you used the Platform.
• Referral Data. This is information about how you arrived at our site (i.e. if you arrive on our website from an external source, such as a link on another website or in an email, we record information about the source that referred you to us).
• Voluntary Data. This is any other information you provide to us voluntarily, for example via the Platform or in correspondence between you and any UserZoom employee through any means of communications, including through email or other support means, or via our social media channels.

How do we use your data?

We may use the data we collect about you for a variety of purposes. European data protection legislation sets out specific “lawful bases” for processing personal data. The below sets out the basis under which we may process different information about you, and explains the purpose of that processing.

PURPOSE	EXAMPLE OF TYPES OF PERSONAL DATA USED FOR PURPOSES	LAWFUL BASIS
Contact you about your subscription to our services or your account (e.g. service related announcements, billing-related matters, changes to our services or policies)	Identity Data, Contact Data	Necessary for contract
Provide you with our services, including to provide customer support	Identity Data, Contact Data, Survey Data, Observed Data, Voluntary Data	Necessary for contract
Improve and manage our services and to create new services and features	Voluntary Data, Referral Data	Legitimate Interests
Contact you for marketing purposes (if you opt in)	Identity Data, Contact Data	Consent
Comply with legal obligations, including document retention or responding to relevant communications from supervisory authorities or other governmental authorities	Identity Data, Contact Data, Survey Data, Observed Data, Referral Data, Voluntary Data	Compliant with legal obligations