This Privacy Statement explains the data practices of Satmetrix Systems, Inc. (”Satmetrix” or “Us”). This Privacy Statement covers the sites www.satmetrix.com and www.ccsurvey.com. Part I describes our data practices with respect to Personal Data (as defined below) that Satmetrix processes on behalf of its clients; and Part II describes our data practices with respect to information we collect about our business contacts and other visitors to the Satmetrix website. The general provisions in Part III apply to our data practices in both Part I and Part II.
Satmetrix complies with the U.S.-E.U. Safe Harbor framework and the U.S.-Swiss Safe Harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from European Union member countries and Switzerland. To learn more about the Safe Harbor program, and to view Satmetrix’s certification, please visit http://www.export.gov/safeharbor/. If you have any complaints regarding our compliance with the Safe Harbor you should first contact us. If contacting us does not resolve your complaint, you may raise your complaint with TRUSTe by Internet at: http://www.truste.com/consumers/watchdog_complaint.php, fax at 415-618-3421, or mail at Watchdog Complaints at the TRUSTe mailing address available at http://www.truste.com/about-TRUSTe/contact-us. If you are faxing or mailing TRUSTe to lodge a complaint, you must include the following information: our name, the alleged privacy violation, your contact information, and whether you would like the particulars of your complaint to be shared with us. For information about TRUSTe or the operation of TRUSTe’s dispute resolution process, see http://www.truste.com/consumers/watchdog_complaint.php or request this information from TRUSTe at any of the addresses listed above. The TRUSTe dispute resolution process shall be conducted in English.
As a general description of our data processing services, Satmetrix collects (and analyzes) survey responses from our clients’ customers who consent to be contacted or who have pre-existing relationships with the Satmetrix client for which Satmetrix is conducting a survey. As described in this Part I, Satmetrix does not own the Personal Data that we process.
1. SATMETRIX IS A DATA PROCESSOR
Satmetrix processes, on behalf of its clients (Satmetrix’s “Clients”), Personal Data that has been collected by or on behalf of those Clients. “Personal Data” means information relating to an identified or identifiable person. Under the United States/European Union Data Protection Safe Harbor Arrangement (the “Safe Harbor”), Satmetrix acts as a Data Processor and each Satmetrix Client acts as a Data Controller. For the purposes of the Safe Harbor and this Privacy Statement: a “Data Processor” is an entity that processes Personal Data on behalf of a Data Controller; a “Data Controller” is an entity that determines the purposes for which Personal Data are processed. To “process” Personal Data means to carry out an operation or set of operations on such Personal Data, such as collecting, recording, storing, disclosing, or organizing it. The “Data Subject” means the person to whom a certain set of Personal Data relate; for example, the person who responds to a survey.
2. CLIENT INSTRUCTIONS
As a Data Processor, Satmetrix will only process Personal Data pursuant to the instructions of the applicable Client. Satmetrix may use the services of third party Data Processors to process Personal Data in accordance with purposes identified for such Personal Data by the applicable Client. Subject to the foregoing sentence and Section 1 of Part III (”Security Measures”) below, Satmetrix will not transfer Personal Data to a Third Party (which, for purposes of this Privacy Statement, means an entity other than Satmetrix and its applicable Client) without instructions from the applicable Client. Satmetrix will not be responsible for determining the authenticity of any purported Data Subject’s request to access his or her Personal Data. In the absence of express instructions to do so from the applicable Client, Satmetrix will not provide a purported Data Subject with access to his or her Personal Data unless it is demonstrated to Satmetrix’s satisfaction that the applicable Data Controller has refused such access.
3. PERSONAL DATA COLLECTION
Customer satisfaction surveys are initiated to improve the processes and relationships between our Clients and their customers. Typically a Client’s customers provide the Client with certain information including their names, companies, job titles, phone numbers, and email addresses and the Client provides such information to Satmetrix to enable us to process and analyze surveys on behalf of the Client. In addition, commercial list services may provide Satmetrix with contact information for people who have opted to receive email (”opt-in lists”) on specific topics of interest.
We invite Client customers — via email, telephone, web page banners, web pop-ups, and other media — to fill out surveys hosted on Satmetrix’s site (i.e., satmetrix.com, ccsurvey.com, or any successor web site). Participation in these surveys is voluntary. When a survey respondent uses the Satmetrix site to fill out a survey, our servers (which are hosted by a third party service provider) may collect information indirectly and automatically (through, for example, the use of “cookies” or your “IP address”) about your activities on the site while responding to the survey. We use this browsing information, in non-personally identifiable form, for internal purposes such as to help understand how the site is being used and to improve it, and for systems administration purposes. We do not link the information we store in cookies to any personally identifiable information you submit while on our site.
Cookies are small pieces of information stored on respondent’s hard drive, not on our site. Cookies allow us to better understand how respondents use the site, which in turn helps us focus our resources on improvements to the site. We use session cookies, which expire when the browser window is closed, and persistent cookies to keep track of which survey(s) a particular respondent has answered. A respondent is always free to decline our cookies if her browser permits, but in that case, the survey site may not operate properly or a respondent may be prompted to fill out the same survey multiple times at a client’s site. An IP address is a number that is automatically assigned to a computer when it is used on a network like the Internet. In some cases the computer’s IP address stays the same from browser session to browser session; but, for computers connecting to the Internet via consumer Internet access providers, the IP address generally varies from session to session.
In some cases, we use unique identifiers in email messages, which enable us to determine which emails have generated responses. This allows us to gauge the effectiveness of certain communications and to exclude those persons who have already responded to a certain message from duplicate messages.
Survey respondents may be required to submit information such as a mailing address in order receive a gift or other offering (if applicable).
In the email survey invitations we send, we provide an opportunity for recipients to ‘opt-out’ of receiving future email survey invitations on behalf of the applicable Client.
4. USE OF NORMATIVE DATA
Satmetrix provides research services to its Clients in which Satmetrix analyzes a Client’s customer performance data in comparison with that of other companies in the same industry as the Client (”Normative Research”). However, Satmetrix does not process any Personal Data in performing Normative Research: (a) Satmetrix uses only non-Personal Data (i.e., data that includes no personally identifiable information or unique identifiers that could later be used to refer to the personally identifiable information to which the data was once associated) in performing this Normative Research, and (b) Satmetrix discloses only non-Personal Data in aggregate form (”Normative Data”) to its Clients who have requested Normative Research.
In addition to the data we process on behalf of our Clients, Satmetrix also processes (on its own behalf) information about our Clients and the individuals who represent our Clients, as described in this Part II.
1. COLLECTION AND USE OF BUSINESS CONTACT DATA
The individuals who represent Satmetrix’s Clients or potential Clients (”Business Contacts”) may voluntarily provide their contact information and related data (collectively “Business Contact Data”) to Satmetrix by various means, including telephone, email, postal mail, the “contact us” or “download” page on the Satmetrix site, or other means. The Business Contact Data submitted to Satmetrix is used to communicate with and provide services for Clients and potential Clients. Satmetrix will change, update or delete Business Contact Data when a request by the applicable Business Contact is requested. To send a request please fill out the contact request form or send mail to Satmetrix Systems, Inc.; 1100 Park Place, Suite 210, San Mateo, CA 94403 USA. We will respond to your request for access within 30 days.
When a Business Contact accesses reports through Satmetrix’s servers, or otherwise uses the Satmetrix site, our servers may place persistent cookies on the Business Contact’s computer in order to keep track of the Business Contact’s personalized settings.
In some cases, we use unique identifiers in email messages sent to Business Contacts, which enable us to determine which emails have generated responses. This allows us to gauge the effectiveness of certain communications and to exclude those Business Contacts who have already responded to a certain message from duplicate messages.
Periodically, we may have special offers that collect personal information. That information would be used for the stated purpose and as consistent with this privacy statement. These special offers include but are not limited to promotional giveaways, newsletters and fact kits. Out of respect for our users’ privacy we provide a way to opt-out of our newsletter and other promotional communications. Users may opt-out by clicking on the unsubscribe link that’s included in these communications.
In addition to Business Contact Data, Satmetrix may collect non-personally identifiable information indirectly and automatically about visitors’ use of the site, including the web pages viewed on the site, the web page from which the visitor linked to the site, the web page to which the visitor linked from the site, and information about the browser the visitor is using (through, for example, the use of “cookies” or the visitor’s “IP address” (see explanations in Part I.3 above)) about the visitor’s activities on the site. We use this browsing information for internal purposes such as to help understand how the site is being used and to improve it, and for systems administration purposes.
2. DISCLOSURE OF BUSINESS CONTACT DATA
Generally, Satmetrix does not provide Business Contact Data or other data to third parties. Satmetrix may provide Business Contact Data or other data to third parties to the extent such third parties provide operational assistance (i.e., outsourced or third party services) to Satmetrix and then only for that purpose. Satmetrix may share Business Contact Data or other data with its corporate family, including its parent company, subsidiaries, or other companies under common control with Satmetrix for the same operational assistance.
1. SECURITY MEASURES
Satmetrix uses industry-standard security measures to protect the integrity and confidentiality of Business Contact Data as well as Personal Data it processes on behalf of Clients, including, in appropriate circumstances, the use of firewalls, restricted access, and encrypted transmissions. Satmetrix limits access to Business Contact Data or Personal Data to those persons in Satmetrix’s organization who have a business need to process such Business Contact Data or Personal Data. However, no company, including Satmetrix, can fully eliminate the security risks associated with such Business Contact Data or Personal Data.
Due to factors beyond Satmetrix’s control, Satmetrix cannot ensure that Business Contact Data or Personal Data will not be disclosed to third parties. For example, Satmetrix may become legally obligated to disclose such data, or, despite precautions, third parties may circumvent security measures to intercept or access such data.
2. CORPORATE FAMILY AND SUCCESSORS
If another company acquires Satmetrix or substantially all of its assets, that company will (a) succeed to ownership of the Business Contact Data held by Satmetrix and will possess the Personal Data held by Satmetrix, and (b) assume the rights and obligations regarding such Business Contact Data and Personal Data described in this Privacy Statement.
Questions, comments, or complaints about this Privacy Statement or Satmetrix’s data practices please fill out the contact request form or mailed to Satmetrix Systems, Inc.; 1100 Park Place, Suite 210, San Mateo, CA 94403 USA. We will respond to your request for access within 30 days.
Any questions, comments, or complaints about the data practices (including without limitation compliance with the data privacy principles of notice, choice, onward transfer, access, security, data integrity, or enforcement) of a Satmetrix Client for whom Satmetrix processes data, should be directed to that Client.
4. Notification of Changes
5. Choice / Opt-out
We provide you the opportunity to ‘opt-out’ of having your personally identifiable information used for certain purposes, when we ask for this information. For example, if you request information but do not wish to receive any additional marketing material from us, you can indicate your preference on our contact form. If you no longer wish to receive our newsletter, surveys or promotional communications, you may opt-out of receiving them by following the instructions included in each correspondence or by emailing us at email@example.com. In addition you may contact us at 650-227-8300 or by mail at Satmetrix Systems, Inc.; 1100 Park Place, Suite 210, San Mateo, CA 94403 USA. You will be notified when your personal information is collected by any third party that is not our agent/service provider, so you can make an informed choice as to whether or not to share your information with that party.
6. Legal Disclaimer
We reserve the right to disclose your personally identifiable information as required by law and when we believe that disclosure is necessary to protect our rights and/or to comply with a judicial proceeding, court order, or legal process served on our Web site.
7. Data Retention
We will retain your information for as long as your account is active or as needed to provide you services. If you wish to request that we no longer use your information to provide you services contact us at firstname.lastname@example.org. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.