Privacy Policy for Our Web and Mobile Platforms

(Covering the Shopmetrics™ platform, MobiAudit™, Surveo™, Mobalytics™, HDCharts™, Open World Map™, the Research Store™, and other Research Metrics products.)

Last Updated: December 26, 2023

Introduction

We believe in protecting your privacy. This Privacy Policy describes the information we collect, how we use it, and how it is shared.

Your Role and Ours

To fully understand our Privacy Policy it is best for you to understand our role with respect to your personal data. We are a technology platform for companies that provide customer experience measurement, mystery shopping, and other business audit functions.

Our platform is used by those providers to collect data, store and process it, and report it to their end-clients. Depending on your role in this process you may be using our site, services, and/or products as one of the following types of users below:

1. A general visitor (General User)
2. An employee/agent of one of our providers (Provider User)
3. An independent contractor or respondent who submits data into our platform on behalf of one of our providers (Submitting User)
4. An end-client of one of our providers (End-client User)
5. An Outside Person* (see below)

*Outside Person: If you are not a Provider User, Submitting User, or End-client User, it is also possible that our platform still contains personal information about you loaded by one of those users. In this case you are an Outside Person. For example, a provider may have obtained your information and loaded it into our platform and then sent you an email, despite you having no commercial relationship yet with that provider.

Personal Data

Throughout this document we will use the term Personal Data to mean any of the above information that can be used alone or in combination with other sources to uniquely identify, contact, or locate a single person or to identify an individual.

Our providers or their end-clients may also collect your consent for some types of collection and processing of your Personal Data.

We will collect only as much Personal Data as needed to conduct specific, identified activities related to our business. As such, the “Do Not Track” browser setting is not relevant to our products and services.

Categories of Personal Data Collected

Personal Data is collected from you and used differently depending on your role as described above under “Your Role and Ours”. As examples:

If you are a General User of our products or services we may collect the following information about you:

• Contact information (such as name, address, phone, email, fax)
• Localization data (including geolocation/date/time)
• Connection data (such as usage information, device or browser information, IP address, and page visits and navigation data)

If you are a Submitting User, Provider User, or End-client User then our providers or their end-clients may collect the above, and also the following additional categories of information from you using our products or services:

• Employment and compensation details
• ID data
• Work/professional life data
• Professional skills information
• Personal life data
• Personal master data
• Contract master data (contractual relationships)
• Performance metrics and history
• Customer history
• Billing and payment data (tax ID numbers, bank account numbers)
• Media files and information from media files
• Results from mystery shopping, mystery calling, mystery mailing and other marketing, service evaluation, business audit, and data collection and reporting projects

If necessary in connection with performing the services, our providers or their end-clients may also collect special categories of data such as the following:

• Racial or ethnic origin
• Political opinions
• Religious or philosophical beliefs
• Trade union membership
• Genetic data
• Biometrics data for the purpose of uniquely identifying a natural person
• Data concerning health
• Data concerning a natural person’s sex life or sexual orientation

If you are an Outside Person, it is possible that any of the above categories of information has been collected about you and entered into our system.

Who We Collect Information From or About (Data Subjects)

With the above roles in mind (see “Your Role and Ours”), we collect the above information from or about the following individuals or entities (data subjects):

• Staff, employees, agents, advisors, business partners, vendors, subcontractors
• Independent Contractors such as field agents, mystery shoppers, callers, mailers, interviewers
• Respondents
• Friends & family
• Data subjects from end-client (or prospective end-client) sources:
  • Staff, employees, agents, advisors, business partners, vendors, subcontractors
  • Customers, prospects, friends & family
• Other third-party individuals

How We Use the Information We Collect

We do not sell or rent your Personal Data and only use the information that we collect to provide and improve our products and services. If you provide to us contact information for the purpose of staying informed about our products and services, or for support/troubleshooting operations, we will use the information for those purposes. Your IP address may be used to infer your geographical location. We keep various logs relating to Personal Data for internal purposes.

If you are a Submitting User, Provider User, End-client User, or Outside Person, your Personal Data may be used by us, our providers, and/or their end-clients for such things as contacting you, or for data verification, anti-abuse, and anti-fraud purposes.

For details about how our providers or their end-clients use the information they collect using our products and services, please refer to their specific Privacy Policies, or contact that company directly. If you need any assistance in this regard, please contact us using the contact information below.

Information We Share: Partners and integrations

Generally, we do not share your information except as required by law, or in connection with delivery of our products and services.

We may use third-party vendors to provide storage, hosting, infrastructure, support, and processing in the delivery of our products and services. We may also use third-party vendors for data verification and anti-fraud purposes. We enter into confidentiality and data processing agreements with each of our vendors to ensure that they comply with high levels of confidentiality and best practices in privacy and security standards. We regularly review these standards and practices. A list of these companies is available upon request.

Cookies

Our products use cookies and similar technologies to provide certain features and functionality. These are used only for our legitimate interests of delivering and optimizing services to you. Specifically, we use cookies for:

1. Security/Authentication: When you log in and we authenticate your identity we use a cookie to confirm that you are logged in.
2. Functionality: Certain functionality you use in the system may use a cookie to deliver the data or information you request.
3. Preferences: When you set certain configuration settings in our products we may use a cookie to store that setting.

You can read our specific cookie policy here.

You may use your browser settings to remove or disable cookies, however our products and services will likely not work correctly for you.

Security

We take the security of your Personal Data very seriously and take reasonable and appropriate measures to protect it from loss, misuse and unauthorized access, disclosure, alteration, and destruction. We have put in place appropriate physical, electronic, and managerial procedures to ensure the protection of your Personal Data.

External Links

We are not responsible for any content in external links. Content on third-party websites, and the related Privacy Policies covering those, are the responsibility of their respective owners.

Data Retention

We keep your Personal Data only as long as needed for the purposes for which it was originally collected, or as permitted by law.

For the data retention policies of our providers or their end-clients, please contact the appropriate company.

Safety of Minors

Our products and services are not intended to be used by anyone under 16 years of age. We do not allow them to register and do not knowingly collect Personal Data from them. If it comes to our attention that we have collected Personal Data from any younger than 16, we reserve the right to delete this information without notice. If you have reason to believe that this has occurred, please contact customer support.

Changes to Our Privacy Policy

From time to time we may update our privacy policy. Please check back periodically to see any changes. If we make a change to this privacy policy that materially affects your protections under the policy, we will notify you.

Our Mobile Apps

Shopmetrics Mobile, MobiAudit, and Surveo

The app syncs survey data with your device and platform servers so that you can work with surveys offline. If you have entered Personal Data into a survey it is stored on your device until the survey has been submitted and the app has synced with the server. Deleting the app will also remove that data from your device.

Note that submitting a survey does not necessarily remove media (images, videos, recordings) captured outside of the app (e.g. stored in your photo gallery). In some circumstances, media captured in the app may also have been copied to your device’s gallery. Any media in your gallery would need to be manually removed by you.

The app stores account email address(es) and passwords that you provide to it on your device to allow you to quickly sync data from our providers. You may delete this data by removing the account from the app or deleting the app entirely. Note that for certain older or special-market Android phones, after deleting the app you may also need to manually delete the file(s) located at:
Android/data/com.researchmetrics.mobile/files/11cb952d76c3
Android/data/com.NEW.mobiAudit/files/11cb952d76c3
Android/data/com.researchmetrics.surveo/files/11cb952d76c3

Mobalytics

The app syncs data with your device and the server so that you can work with results offline. It is possible that Personal Data is surfaced in those results. The data is stored on your device until the app fetches new results (which may again have Personal Data). Deleting the app will remove that data from your device.

The app stores account email address(es) and passwords that you provide to it on your device to allow you to quickly sync data from our providers. You may delete this data by removing the account from the app or deleting the app entirely. Note that for certain older or special-market Android phones, after deleting the app you may also need to manually delete the file(s) located at:
Android/data/com.researchmetrics.mobalytics/files/11cb952d76c3

EU / EEA / UK / Swiss Residents

For users who reside in the European Union, the European Economic Area (Norway, Liechtenstein, or Iceland), the United Kingdom (UK), or Switzerland, we have additional privacy-related information for you.

EU / EEA residents are covered under the General Data Protection Regulation (GDPR). UK residents are covered under the UK General Data Protection Regulation (UK GDPR). Swiss residents are covered under the Swiss Federal Data Protection Act (Swiss DPA). These provide certain protections and rights regarding how Personal Data is collected, processed, and how and when it may be transferred outside of those countries.

GDPR Rights and Your Data Controller

If you are an EU/EEA resident you have certain legal rights, listed below. You exercise these rights by contacting your data controller:

Your Data Controller

• In most cases your Personal Data is controlled by one of our providers. This is especially true if you are a Provider User, a Submitting User, or an Outside Person. Please contact the provider that collected the information, as they are the data controller.
• If you are an End-Client User, it is also possible that your employer is the data controller that collected and supplied your Personal Data to one of our providers. In that case, please contact the appropriate person at your employer.
• If you are a General User visiting our website or using our products, we collect only the limited Personal Data mentioned above, and are the data controller for that limited data. If you have questions about this data, please contact us using the contact information below.

If you need any assistance in determining who your data controller is, or how to contact them, please contact us using the contact information below.

As an EU/EEA/UK resident, your specific rights under the GDPR include:

• Right to request access
• Right to rectification
• Right to erasure (“Right to be forgotten”)
• Right to data portability
• Right to withdraw consent
• Right to restrict processing
• Right to object
• Right to lodge a complaint with a supervisory authority

In addition, you have the right to not be subject to decisions based solely on automated processing, including profiling, which produce legal or other significant effects for you.

If a Personal Data breach occurs and is likely to result in a high risk to your rights and freedoms, we will notify you, the Data Controller and the appropriate supervisory authority in a timely fashion.

Individuals wishing to lodge a complaint with the supervisory authority should do so with the contact information here:

EU/EEA residents: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080
UK residents: https://ico.org.uk/make-a-complaint/

Data Privacy Framework

In addition to the GDPR and other applicable laws, we also comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. We have certified to the U.S. Department of Commerce that we adhere to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Research Metrics, LLC has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Privacy Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, we commit to promptly resolve complaints about your privacy and our collection or use of your personal information. Individuals with inquiries or complaints regarding our handling of personal data should first contact us using the information below.

Additionally, please note the following:

• We are subject to the investigatory and enforcement authority of the U.S. Federal Trade Commission (FTC).
• We do not disclose Personal Data to non-agent third parties. If the need should arise, prior to disclosing Personal Data to a non-agent third party, we will notify you of such disclosure and allow you the choice to opt out of such disclosure. We will ensure that any third party to which Personal Data may be disclosed subscribes to the same principles for managing Personal Data and agrees in writing to provide an adequate level of privacy protection. We may be liable for the transfer of Personal Data to third parties. We also may be liable under the DPF Principles if an agent processes Personal Data in a manner inconsistent with those principles, unless we prove that we are not responsible for the event giving rise to the damage. Also note that we may be required to disclose your Personal Data in response to a lawful request by governmental authorities.
• We have further committed to refer unresolved privacy complaints under the Data Privacy Framework to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information and to file a complaint. This service is provided free of charge to you.
• If your complaint cannot be resolved through the above channels you have the possibility, under certain conditions, to invoke binding arbitration. See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2

Contacting Us

For privacy-related inquiries, such as requesting to have your personal data erased, please contact us at:

Web: https://researchmetrics.com/contactUs

E-mail: help@researchmetrics.com

Postal mail: