Questionlab Inc. (“Company” or ”We”) respects your privacy and is committed to protecting it by complying with this policy.
This policy describes:
We will only use your personal information in accordance with this policy unless otherwise required by applicable law. We take steps to ensure that the personal information that we collect about you is adequate, relevant, not excessive, and used for limited purposes.
Privacy laws generally define “personal information” as any information about an identifiable individual, which includes information that can be used on its own or with other information to identify, contact, or locate a single person. Personal information does not include business contact information, including your name, title, or business contact information.
This policy applies to information we collect, use, or disclose about you:
We collect and use several types of information from and about you, including:
We use different methods to collect your information, including through:
Information You Provide to Us
The information we collect directly from you on or through our Website may include:
Information We Collect Through Cookies and Other Automatic Data Collection Technologies
The information we collect automatically is statistical information that includes personal information, and we may maintain it or associate it with personal information we collect in other ways, that you provide to us. It helps us to improve our Website and to deliver a better and more personalized service, including by enabling us to:
The technologies we use for this automatic data collection may include:
We use information that we collect about you or that you provide to us, including any personal information:
We may also disclose your personal information:
We may transfer personal information that we collect or that you provide as described in this policy to contractors, service providers, and other third parties we use to support our business (such as analytics and search engine providers that assist us with Website improvement and optimization) and who are contractually obligated to keep personal information confidential, use it only for the purposes for which we disclose it to them, and to process the personal information with the same standards set out in this policy.
You are welcome to contact us to obtain further information about Company policies regarding service providers outside of Canada. See Contact Information and Challenging Compliance. By submitting your personal information or engaging with the Website, you consent to this transfer, storage, or processing.
The security of your personal information is very important to us. We use physical, electronic, and administrative measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. We store all information you provide to us behind firewalls on our secure servers and use data encryption to the extent possible.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Website. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website.
Except as otherwise permitted or required by applicable law or regulation, we will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including to fulfill the services requested, as well as for the purposes of satisfying any legal, accounting, or reporting requirements. Under some circumstances we may anonymize your personal information so that it can no longer be associated with you. We reserve the right to use such anonymous and de-identified data for any legitimate business purpose without further notice to you or your consent.
Our Website is not intended for children under 16 years of age. No one under age 16 may provide any information to or on the Website. We do not knowingly collect personal information from children under 16, and we do not knowingly sell any personal information of any minor children under the age of 16. If you are under 16, do not use or provide any information on this Website or on or through any of its features/register on the Website, make any purchases through the Website, use any of the interactive or public comment features of this Website, or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received personal information from a child under 16 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 16, please contact our Privacy Officer.
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes. By law you have the right to request access to and to correct the personal information that we hold about you.
If you want to review, verify, correct, or withdraw consent to the use of your personal information you may also send us an email at email@example.com to request access to, correct, or delete any personal information that you have provided to us. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect. We may charge you a fee to access your personal information, however, we will notify you of any fee in advance.
We may request specific information from you to help us confirm your identity and your right to access, and to provide you with the personal information that we hold about you or make your requested changes. Applicable law may allow or require us to refuse to provide you with access to some or all of the personal information that we hold about you, or we may have destroyed, erased, or made your personal information anonymous in accordance with our record retention obligations and practices. If we cannot provide you with access to your personal information, we will inform you of the reasons why, subject to any legal or regulatory restrictions.
We will provide access to your personal information, subject to exceptions set out in applicable privacy legislation. Examples of such exceptions include:
If you are concerned about our response or would like to correct the information provided, you may contact our Privacy Officer.
Where you have provided your consent to the collection, use, and transfer of your personal information, you may have the legal right to withdraw your consent under certain circumstances. To withdraw your consent, if applicable, contact our Privacy Officer. Please note that if you withdraw your consent we may not be able to provide you with a particular product or service. We will explain the impact to you at the time to help you with your decision.
Rights of EEA and California Residents
Under the European Economic Area’s (“EEA”) General Data Protection Regulation (the “GDPR”) and the California Consumer Privacy Act (the “CCPA”), there are certain requests you can make related to personal data which we will respond to as much as we can under applicable laws. See the below for other legal rights you, as the data subject, may have with respect to your personal data:
Sometimes we will not be able to fulfill your request: if it prevents us from complying with our regulatory obligations or impacts other legal matters, if we cannot verify your identity, or if it requires extraordinary cost or effort, we will tell you in a reasonable time and give you an explanation.
To make a request relating to any of the aforementioned rights, please contact firstname.lastname@example.org, or by contacting us at the address in the “Contact Us” section below.
California State consumer privacy laws may provide residents with additional rights regarding our use of their personal information. To learn more about California residents’ privacy rights, visit the CCPA.
If you are a California resident, California Civil Code Section 1798.83 permits you to request information regarding the disclosure of your personal data by Questionlab to third parties for the third parties’ direct marketing purposes. To make such a request, please send an email to email@example.com,or by contacting us at the address in the “Contact Us” section below.
Subject to certain limitations and exceptions, you have the right to know what personal information is being collected, disclosed, used, or sold by Questionlab. We may collect certain types of personal information from you as described in the “Information We Collect About You” section above in connection with services and marketing that we provide. Specifically, within the last twelve months, we have collected the following categories of personal information from consumers or data subjects:
To learn more about the sources from which we collect those categories of personal information and the business purposes for which we collect them, see the “Information We Collect About You” and “How We Use Your Information” sections above. We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated or incompatible purposes without providing you notice.
We may share your personal information with a third party for a business purpose. Specifically, in the past twelve months, we have shared or disclosed each of the categories of personal information set out above.
We may share the personal information set out in the section “Personal Information of California Residents We Collect” with the following third parties for a business purpose:
In the past twelve months, we have shared identifiers, commercial information, internet activity information, and geolocation data to third party companies such as data enrichment services and analytics providers, using advertising technology or cookies which may be considered a “sale” under the CCPA for the purposes of delivering advertising and content targeted to your interests and enhancing your online experience. Except for the foregoing, Questionlab otherwise does not sell any personal information, including any personal information of any minor children under the age of 16.
The California Civil Code Section 1798.120 requires that we maintain a separate webpage that allows you to opt out of the sales of your personal information. You have the right to opt out of the sale of your personal information and may do so by clicking “Do Not Sell My Personal Information” on the Questionlab website.
DNT is the concept that has been promoted by regulatory authorities, in particular the U.S. Federal Trade Commission (“FTC”), for the internet industry to develop and implement a mechanism for allowing internet users to control the tracking of their online activities across websites.
Currently, various browsers (including Internet Explorer, Firefox, and Safari) offer a DNT option that relies on a technology known as a DNT header that sends a signal to websites visited by the browser user about the user’s DNT preference. You can usually access your browser’s DNT option in your browser’s preferences.
The World Wide Web Consortium (“W3C”) has been working with industry groups, internet browsers, technology companies, and regulators to develop a DNT technology standard. While some progress has been made on this issue, it has been slow, and to date no standard has been adopted. Without an industry standard for DNT, users cannot know how any given company abides by a DNT signal they receive from browser headers. Questionlab is committed to remaining apprised of the W3C efforts to develop a DNT standard.
Questionlab takes privacy and security very seriously and strives to put our data subjects and users first in all aspects of our business. With regard to DNT, Questionlab currently doesn't respond to DNT signals in browsers because no DNT standard has been adopted, as noted above.
Our third party partners may collect information about you and your online activities from time to time. These third parties may not change their tracking practices in response to DNT settings in your web browser, and we do not obligate these parties to honour DNT settings.
Because the need for data retention can vary for different data types in the context of different services, actual retention periods can vary significantly based on criteria such as user expectations or consent, the sensitivity of the data, the availability of automated controls that enable users to delete data, and our legal or contractual obligations. For example, we may retain your personal data for longer periods, where necessary, subject to applicable law, for security purposes.
Subject to certain limitations and exceptions, you have the right to request that Questionlab disclose information to you regarding our collection and use of your personal information at present and in the past twelve months, including the categories and specific pieces of personal information we collected, used, sold or disclosed. You may have the right to request that we delete your personal information that we have collected, subject to certain exceptions. You have the right to opt out of the sale of your personal information and may do so by clicking “Do Not Sell My Personal Information” on the Questionlab website.
If you are a California resident and you would like more information or would like to submit a privacy-related request, you may do so by emailing us at firstname.lastname@example.org describing the nature of your request, or by contacting us at the address in the “Contact Us” section below.
Questionlab complies with the principles of GDPR. The six overall guiding principles by which all personal data must be processed, as set out in Article 5 of the GDPR, are as follows:
When we process personal data, we will only do so in the following situations, in accordance with Article 6 of the GDPR:
If you are in the EEA, you have the right to access personal data we hold about you and to ask that your personal data be corrected. In certain cases, you may also have the right to request that we erase data we are processing or to restrict or object to certain of our processing activities. You may also have the right to request that we provide the personal data you have provided us in a portable form for transmission to another controller’s service. If you would like to exercise any of these rights, you may contact us as indicated in the “Contact Us” section below.
If you are in the EEA and have a concern about our processing of personal data that we are not able to resolve, you have the right to lodge a complaint with the data protection authority where you reside. If you would like to exercise this right, you may contact us at email@example.com, or by contacting us at the address in the “Contact Us” section below.
We have procedures in place to receive and respond to complaints or inquiries about our handling of personal information, our compliance with this policy, and with applicable privacy laws. To discuss our compliance with this policy please contact our Privacy Officer using the contact information listed above, or by contacting us at the address in the “Contact Us” section below.
Once you submit a request using one of the methods above, we will verify your personal identity based on the information we receive from you. Typically, we may ask business contacts for full name, email address, physical address or phone number. If you are contacting us from an email address not on file, we may ask for at least one other data point we already hold. Depending on data we have on file or other circumstances, we may ask for more or different information. You can also designate an authorized agent to exercise these rights on your behalf, who may do so through the methods described in Contact Information and Challenging Compliance above, but we will require proof that the person is authorized to act on your behalf and may also still ask you to verify your identity with us directly. You may also make a privacy request on behalf of your minor child.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or that you have the authority to request the personal information. We will use personal information provided in a request only to verify the requestor’s identity or authority to make the request.