QualSights is a Delaware (USA) corporation, and our principal office is located at 541 N. Fairbanks Ct, Suite 2200, Chicago, IL 60611 USA.
Before you read the rest of this policy, please understand that we are committed to respecting the privacy rights of all individuals, wherever located. QualSights is certified under the
For CCPA and “Do Not Sell”: For specific information relating to our practices regarding the collection and sale of personal information and the principles of the CCPA, please see our Do Not Sell policy statement, which can be accessed via the following link: https://www.qualsights.com/do-not-sell/.
Please review the terms of this policy carefully.
1. The Scope of this Policy
2. How our Service Works
QualSights provides a unique online service which allows our customers (which are generally businesses) to observe and understand how consumers shop for, use, consume, and/or experience products, services and related items (e.g. groceries, packaging, marketing materials) in a variety of real-world environments. To make this possible, our platform provides several interrelated features that allow our customers (again, businesses) to initiate and engage in live or recorded interview sessions and activities with research participants using any of a variety of possible devices (e.g. smartphones, cameras, etc.) in any of a variety of contexts (e.g. video/photo/audio activities, video/audio interviews & focus groups, surveys, in-person fieldwork). All participation by research participants is entirely voluntary.
All of the features of our platform can be fully configured by our customers, and as such, any given research project may include audio recording, recorded videos or photographs, screen captures, video live feed and recording, and collection of surveys and text/written comments/responses. QualSights’ platform then allows customers to process the raw data resources so gathered using a variety of technologies, to generate highly-focused insights into research subjects’ behavior. Examples of such processing technologies include machine transcription, identification of keywords & topics, sentiment analysis, etc.
3. QualSights is Usually a Data Processor/Service Provider
For the vast majority of our engagements we operate as a data processor (under the GDPR) or as a service provider (CCPA). This is because our customers choose which data to collect and process, and how; and as such our customers function as data controllers and/or covered businesses.
4. Occasionally, QualSights Is a Data Controller/Covered Business
In certain circumstances QualSights may enter into engagements directly with research subjects (individuals) in order to allow such individuals to participate in research studies that are intended to reveal broad consumer or market insights that may be shared with one or more of our customers. We refer to these as “Direct Engagements”. For Direct Engagements, QualSights acknowledges that it may be functioning as a data controller (GDPR) or covered business (CCPA) for that portion of an engagement in addition to its role as a data processor/service provider overall.
5. Overview of The Personal Data That We Process; and The Legal Basis for Such Processing
A. Customer Account Information:
In order to operate our service, we collect basic account information from our customers. That information includes personal data such as employee names, business contact information (e.g. address, phone number, e-mail address), employment titles/roles, the employment status of certain individuals. Payment processing data is addressed as set forth in Section 6, below.
QualSights acts as a data controller for all such data; and we process all such data on the basis of the express consent of the customers and individuals involved and our legitimate interests in operating our business.
B. General Browsing Data/Site Usage Data:
We collect general browsing and/or usage data from individuals who visit the Sites; however, all such data are fully anonymized for internal research purposes. In this activity, QualSights acts as a data controller; and we process these data on the basis of our legitimate interests in understanding and improving our services.
In addition, we reserve the right to use certain information (e.g. IP addresses) that may be collected in order to identify a visitor when we feel it is necessary to enforce compliance with our Terms or to: (i) fulfill a government request; (ii) conform with the requirements of the law or legal process; (iii) protect or defend our legal rights or property, our Site, or other users; or (iv) in an emergency to protect the health and safety of our Site users or the general public.
C. Research Participant Data:
Depending on the options selected by a customer, the personal data that may be collected by a customer using our platform may include the following: names, age information, geographic information (e.g. city, country) and other account-related information (e.g. telephone number, email address). In addition, the service may capture audio recordings, photographs, screen captures, video recordings (including faces), survey responses and written comments. And the service tracks a limited amount of information to verify which activities a research participant has completed during a research session. Further, the platform can be configured by our customers to substitute a unique identifier (a number or alphanumeric code) for account information. We refer these data collectively as “Participant Personal Data”.
We process Participant Personal Data based on the express consent of research participants and as required in order to fulfil our contractual obligations with our customers. We may also use Participant Personal Data to communicate directly with research participants, if requested or necessary.
We also process Participant Personal Data in accordance with our “Do Not Sell” policy statement (see https://www.qualsights.com/do-not-sell/).
We may use the following types of cookies on the Sites:
You can change your Internet browsers’ preferences (whether computer or mobile device) to disable or delete non-necessary cookies, although that may affect certain functions on the Sites. To learn how to manage your cookies, please follow the instructions from your specific browser. If you wish to opt out of any cookies on our Sites, and need additional assistance, please contact us.
7. Third Parties with Whom we May Share Personal Data
By necessity, QualSights may share certain personal data with third party service partners which are under contract with us and which perform Site-related functions on our behalf. These service partners are sub-processors under the GDPR. These service partners include certain cloud-based service providers (listed below) which provide aspects of the Sites’ functionality (e.g. cloud-based application hosting, cloud-based storage).
We share data with our service partners on the basis of our users’ express consent and our legitimate interests in operating our business, and all exchanges of data with sub processors are subject to the terms of written agreements.
Third Party Service Partners include: Microsoft Azure, Amazon Web Services, Digital Ocean, Google Cloud, IBM Cloud, VoiceBase, Rev, GoTranscript.
In addition, we may allow or facilitate payment processing functions via our Sites. QualSights has no access to, and does not retain or record, any payment processing information.
8. Measures Adopted by QualSights to Protect Privacy Interests
A. Data Mapping; and Data Protection by Design and Default:
We build data maps to ensure that we understand what personal data may be collected via our Sites and how it may flow through our services. We have adopted internal policies that require us to prioritize privacy concerns in the design phase of all new features for our platform. And (when we are the data collector) we only collect and process those data that we need to perform the processing that we have disclosed to research participants.
B. Data Minimization; Data Disposal:
Where possible, we minimize the personal data being processed. And we have adopted policies that require us to delete or anonymize all data that are no longer required for research purposes.
C. Security of Data and Processing:
We have implemented technical and organizational measures that are designed to limit access to personal data to authorized individuals (either our team or customer representatives, as applicable), including multiple levels of authorization, audit trails, security monitoring tools, and procedures designed to limit and remove access when no longer required.
We have also implemented data security technologies designed to preserve the security of all data collected and/or processed on our platform, including encryption for all such data in transit, and also encryption of sensitive data at rest within our platform.
We have also implemented technological and administrative controls designed to prevent the loss or corruption of data.
D. Independent Recourse Mechanism (Privacy Shield):
We have implemented processes and procedures that are designed to provide clear information to all Site users on all privacy matters, and to respond to all privacy-related requests that we may receive from Site users.
9. Other Terms
A. Geographic Aspects of our Privacy Practices; International Transfer:
QualSights is based in Chicago, IL, USA; we have significant operations in India; and we serve customers and research participants who are located throughout the world. Please be aware that your personal data may be transferred to, and be processed in, countries other than the country in which you are a resident. These countries may have data protection laws that are different to the laws of your country.
Further, please understand that elements of our service platform (including servers) are located in the United States, Europe and Asia, and our third-party service providers (including cloud service providers and partners) operate around the world. This means that when we collect personal information, we or our customers may process it in foreign jurisdictions.
We have implemented measures (including Privacy Shield certification) to assure that transfers of data between us and our customers are compliant with applicable laws. If you have concerns, please contact us.
B. Transfer of Assets:
As we continue to develop our business, we may sell or purchase assets. If another entity acquires us or acquires all (or substantially all) of our assets, the personal data in our platform will be transferred to and used by this acquiring entity. Also, if any bankruptcy or reorganization proceeding is brought by or against us, all such information may be considered an asset of ours and as such may be sold or transferred to third parties.
C. Children, Parental Consent, and Privacy:
The Sites are not directed toward individuals under age 18; we do not knowingly collect information from anyone under age 18 (a “Minor”); and if we find out that we have collected information from a minor under age 18, we will delete that information immediately.
The only exception to the preceding statement may arise if a parent voluntarily consents to the participation of a Minor (child) in a research study. In such circumstances the parent will be deemed to have provided express and informed consent to the participation of such Minor in such capacity; such parent is responsible for communicating with QualSights about the interests of such Minor; and the parent must remain with the Minor at all times that the Minor participates in the relevant project. In no event may a Minor create an account or use the Sites on an individual basis.
D. Third Party Sites and Links:
We are not responsible for the privacy practices and/or security practices employed by any third-party website or service, including but not limited to any such sites or services that may be linked to or referred to in any way on the Sites.
E. Do Not Track:
The Site itself may not respond to web browser-based “do not track” signals.
Notwithstanding anything herein to the contrary, we reserve the right to disclose any personal data if we are required to do so by law, in order to assert or defend copyright or other intellectual property infringement claims, or if we believe that such action is necessary to: (1) fulfill a government request; (2) conform with the requirements of the law or legal process; (3) protect or defend our legal rights or property, our Sites, or other users; or (4) in an emergency to protect the health and safety of our Sites’ users or the general public.
10. Contact Information
We will respond to your request and, if applicable and appropriate, make the requested changes as soon as reasonably practicable. Please note that fulfilling certain requests may have an impact on your use of the Sites.