This privacy policy lets you know what happens to certain personal data that you provide to us, or that we may collect about you. This notice was last updated on July 28th 2022. We may update this privacy policy to reflect changes to the way we process your personal data. If we propose to make any material changes, we will notify you by means of a notice on this page.

This policy only applies to personal data processed by or on behalf of UserZoom. The type of data that we collect and how that data is processed may vary depending on your relationship to us as further indicated below. 

Who do we share your information with and where are they?

Your personal information may be shared with our processors. We may also share your data amongst the UserZoom group companies (as outlined above). We will have in place an agreement with each of these processors which will restrict how they are able to process your personal information and require them to keep it secure. We will never sell your personal data.

We may also share your personal information: (a) as required by law or legal process; (b) in response to lawful requests by public authorities, including to meet national security or law enforcement requirements or other requests; (c) to investigate suspected violations of any terms or policies applicable to our products or the services provided by us or our third party providers or affiliates; (d) where we reasonably conclude that it is necessary for defending, exercising or establishing our legal rights; (e) to investigate alleged or actual fraud, misrepresentation or other misconduct; (f) in connection with a prospective sale, merger, change of control, bankruptcy or similar transaction; and (g) to other third parties with your express consent. 

Third-party websites

The website (or the platform) may contain links to other websites or Internet resources. When you click on one of those links, you are contacting another website or Internet resource. We have no responsibility or liability for, or control over, those other websites or resources or their collection, use and disclosure of your information. We suggest that you read the privacy policy and terms of use of each such website.

Security

The security of your personal information is important to us. We have adopted appropriate technical and organisational measures and follow industry best practices in order to protect any personal data submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore we cannot guarantee its absolute security.

How long do we keep your information for?

We may only retain your personal information for the purposes set out in this policy and for as long as we have a legal or business requirement to do so. By law, different retention periods apply to different types of records and data, however the longest we will normally hold any personal data is 7 years from the date of your last interaction with us. 

Exercising your rights

You have the right to request that we: 

• Provide you with access to your personal information 
• Rectify or correct your personal information
• Erase your personal information
• Restrict processing of your personal information, including refraining from selling it or otherwise providing it to any third parties
• You also have the right to lodge a complaint with the appropriate supervisory authority in your country if applicable, if you consider that we are in breach of our obligations under data protection laws. The foregoing rights may be subject to certain limitations pursuant to applicable law. You may request the exercise of these rights by sending an email to privacy@userzoom.com. Additionally, you may unsubscribe from marketing emails by clicking the ‘unsubscribe’ button in the footer of any of those emails.

We will respond to your request within 30 days, unless a faster response is required by law.

Sources of Personal Data

We collect information about you from several sources, which include third party providers or directly from you. Because information from several sources may be combined into one record, it may be difficult or impossible to identify the exact source of one particular piece of information. 

EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield

We adhere to the principles of the EU-U.S. and Swiss-U.S. Privacy Shield frameworks, although we do not rely on such frameworks as a legal basis for transfers of personal data in light of the judgment of the Court of Justice of the EU in Case C-311/18. If any personal data is transferred outside of the EEA, we will ensure that any such transfer of personal data is governed by an adequacy decision or an alternative valid mechanism for international data transfers, such as the Standard Contractual Clauses. 

We participate in and have certified our compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework.  We are committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles.  To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce’s Privacy Shield List. 

We are responsible for the processing of personal data we receive, under each Privacy Shield Framework, and subsequently transfer to a third party acting as an agent on its behalf.  We comply with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, we are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.  In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.

What personal data do we collect and why?

We collect information from you when you visit or participate in studies operated by us on the applicable digital user testing and customer experience measurement solution(s) (the “Platform”). 

We may also collect information about you from our customers who create studies or upload your data to such Platform(s) (“Study Creators”), including when you participate in studies operated by that Study Creator on the Platform. 

We may collect the following types of data from you: 

• Identity Data. This is information that helps us identify who you are, like your name and email address/userID.
• Contact Data. This is information that details how we can contact you, like your email address, telephone number or postal address.
• Survey Data. This is any information which you provide as part of a study, which may include any information recorded in your survey responses, audio and video recordings and/or any information collected during screen recording. Please note, all survey data is voluntary. You can always choose not to provide Survey Data, however, this may prevent you from participating in studies if the Study Creator has required this.
• Observed Data. This is information about your online browsing behaviour on the Platform, including information about any devices or applications you have used to access our services (including the make, model and operating system, IP address, general location, browser type and mobile device identifiers) or information about how and when you used the Platform.
• Referral Data. This is information about how you were invited to participate in such study
• Payment Data. This is information that you have provided in order to receive an incentive or payment (if applicable) for having completed a survey, including payment details
• Voluntary Data. This is any other information you provide to us voluntarily, for example in correspondence between you and any UserZoom employee through any means of communications, including through email or other support means, or via our social media channels

Third parties

We may receive some information from you from Study Creators, as a processor for that Study Creator. In all cases, such sharing is related to your participation in their study, such as sharing a video recording of your participation in a study. Please note, we do not control how Study Creators use and share your information once they receive it. You will need to contact such Study Creators directly for information about their privacy practices or to exercise rights you may have (including if you would like to opt-out of receiving future emails from a Study Creator). We maintain an up-to-date list of sub-processors at https://www.userzoom.com/sub-processors/. This list was last updated on 8 February 2022. 

We treat your study questions, responses and data as information that is private to you. We do not sell your survey data to third parties.

Additionally, your data may be shared with Imperium, LLC in order to verify the quality of the data provided to us. You may find more information about their own privacy practices in their privacy policy.

How do we use your data?

We may use the data we collect about you for a variety of purposes. European data protection legislation sets out specific “lawful bases” for processing personal data. The below sets out the basis under which we may process different information about you, and explains the purpose of that processing.

PURPOSE	EXAMPLE OF TYPES OF PERSONAL DATA USED FOR PURPOSES	LAWFUL BASIS
Provide you with access to the Platform, including the ability to participant in studies	Indentity Data, Contact Data	Necessary for contract
Improve and manage our services and to create new services and features	Observed Data, Voluntary Data, Referral Data	Legitimate interests
Contact you for marketing purposes (if you opt in), including to invite you to participate in studies	Identity Data, Contact Data	Consent
Comply with legal obligations, including document retention or responding to relevant communications from supervisory authorities or other governmental authorities	Identity Data, Contact Data, Survey Data, Observed Data, Referral Data, Voluntary Data	Compliance with legal obligations
If you are due to receive an incentive for having completed a study, to pay you that incentive	Contact Data, Payment Data	Necessary for contract