Effective: June 30, 2023

Privacy Notice for External Audiences

Your privacy is important to us. This Privacy Notice (“Notice”) describes how Suzy, Inc. and its subsidiaries and affiliates (collectively, “Suzy”, “we,” “our” or “us”) collects, uses, stores, and shares personal data with respect to external survey respondents.

By using or accessing the Sites, you accept and unambiguously consent to this Notice and to our use of your Personal Data as described in this Notice. IF YOU DO NOT AGREE TO THE TERMS OF THIS NOTICE, DO NOT USE OUR SERVICES. For details on your privacy rights, see Section titled “Your Privacy Rights”.

1. Who are we? When does this Notice apply?

Suzy, Inc. is a company headquartered in New York, NY, USA. Suzy is an end-to-end market research company that licenses its software and services to companies conducting market research (“Clients”).

Some of the solutions we offer our Clients include conducting market research with global consumers, customer relationship management lists, clients' social media followers, and similar audiences. We refer to these audiences as “External Audiences” as a way to distinguish them from our proprietary Crowdtap® audience.

This Notice applies solely to External Audiences. If you are a Crowdtap Member, there is a different privacy policy that applies to you. If you are a Client, there is a different privacy policy that applies to you.

2. Who are "you"?

Such a deep question! “You” are someone really important to us. Here is how we think of “you” with respect to this Notice:

“External Audiences” is an overarching term for Non-Members and Global Audiences.

• “Non-Members”: You are based in the U.S. and have received a survey, form, interview/focus group invitation, application, questionnaire, and the like (collectively, “Actions”) powered by a Suzy service or are interested in participating in an Action(s).

• “Global Audiences”: You are based in a non-U.S. country and have received or are interested in participating in an Action(s).

3. How did you get here?

The most likely scenarios are:

• you signed up to take surveys through another company (a “Panel Provider”) in return for some type of incentive. We partner with Panel Providers who source survey respondents like you to complete Actions for us and our Clients. They facilitate us (or the Client) forwarding Actions to you to complete. The Panel Provider who forwards you to an Action will be responsible for protecting your Personal Data and will have its own privacy notice which you should consult.

• you accepted an email invitation from a company that you are a patron of to participate in an Action (e.g., you are a patron of one of our Clients and/or are a subscriber of their mailing list); or

• you accepted an invitation posted to social media to participate in an Action.

4. What is Personal Data?

Personal Data: When we use the term “Personal Data”, we use it as a catchall term to mean any information that is linked or reasonably linkable to an identified or identifiable natural person. This includes information that relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular person or household. Some states and countries refer to this as “personal information” or “personally identifiable information.”

Sensitive Personal Data: Some Personal Data is so sensitive that it requires heightened care and protection. Different laws consider different types of personal data sensitive but generally include:

• Financial information

• Health information (physical health, mental health, and/or substance use information)

• Citizenship / immigration status

• Sexual orientation, sexual preferences, or sexual practices

• Driver’s license information

• Passport information or other government-issued identification information

• Zip code

• Genetic information

• Biometric information

• Data of children under the age of 13

• Racial or ethnic origin

• Religious or philosophical beliefs

• Political opinions or affiliations

• Trade union membership

• Criminal history / record information

• Precise geolocation information

5. Who is the data controller?

When you complete an Action from a Client or Panel Provider and provide Personal Data, that Client or Panel Provider is the controller/business responsible for your Personal Data, and Suzy acts as the processor. If you complete an Action from Suzy and provide Personal Data, Suzy is the controller/business responsible for protecting that Personal Data in compliance with applicable law.

Where we act as the controller, the details for who you can contact are listed below. If we can’t resolve your concerns (we hope we can!), you may also raise your concerns to your local statutory authority.

United States

Suzy, Inc.

Address: 228 Park Avenue South, PMB 85529, New York, NY 10003

Request Portal: Privacy Request Form

Email: trust@suzy.com

United Kingdom

Data Protection Representative Limited

Address: available here

Request Portal: http://www.datarep.com/data-request

Email: datarequest@datarep.com

European Union

Data Protection Representative Limited

Address: available here

Request Portal: http://www.datarep.com/data-request

Email: datarequest@datarep.com

6. How is Personal Data collected?

We use different methods to collect your Personal Data, including through:

• Direct interactions. We receive some Personal Data directly from you. For example, you may give us your Personal Data by filling in forms or by corresponding with us.

• Automated technologies or interactions. As you interact with our websites, we will automatically collect certain technical data about your equipment, browsing actions, and patterns. This includes collecting Personal Data by using cookies, web beacons, and other similar technologies.

• Third parties. We also receive Personal Data from third parties, such as technical or behavioral information from analytics providers or advertising networks and contact information from social media networks.

7. What Personal Data do we use?

Below is a chart of the categories of Personal Data we collect, use, analyze, or otherwise process.

What Personal Data we use depends in part on what Actions you choose to participate in. For example, if you choose to participate in live video interviews, additional nuances will apply. See Section 8 of this Policy for details on those feature-specific nuances.

Category of Personal Data	Whose Data	Use	Lawful Basis, in addition to Consent
Brand Panel Referral Information.	Non-Members; Global Audiences	If you are referred to participate in an Action powered by us from another company you're a customer of (for example, StateFarm), we tag you in our systems to reflect that referral. That way, StateFarm can send Actions to you.	Performance of a contract; Necessary for our legitimate interests
Contact Information. (Your name, email, address, phone number)	Non-Members; Global Audiences	You might choose to provide us with your contact information, whether through use of our services, a form on our website, an interaction with our support team, or a response to one of Suzy’s own Actions. We only use contact information to respond to an inquiry which you, as an External Audience, submit to us. Example: Our support team uses your email address to communicate with you if you have contacted us about a survey, form, application, or questionnaire you received.	Performance of a contract
Cookies. For example, data we get from first and third party cookies, page tags, pixels and similar technology placed on your device.	Non-Members; Global Audiences	Read our Cookie Policy for full details. We, our service providers, and third-party partners, may collect information about the use of our Sites by automated means, including via cookies, web beacons, and other technologies. This information may include information about the devices you use to access our Sites (such as IP address and browser and operating system type), dates and times of visits to, and use of our Sites, information about how our Sites are used (such as pages viewed, date and time of access, information about how users navigate on or between our webpages, or the features of our mobile applications that are used and how users navigate between screens on our mobile applications), the URLs that refer visitors to our Sites, and the search terms used to reach our Sites.	Necessary for our legitimate interests
Data Quality Information. For example, IP addresses, email domains, phone numbers, survey responses, behavioral information, etc.	Non-Members; Global Audiences	We use this information to moderate for bots, to authenticate users, to prevent fraud and abuse, and to gauge whether you are a high quality respondent. This helps us preserve the security of our Sites and helps us provide quality assurance controls for our Clients. For example, we employ IP and email domain blocking to prevent fraud and abuse, as well as patented technology that identifies behavior patterns indicative of bots.	Necessary for our legitimate interests (to prevent fraud and abuse, ensure data quality, and help improve network security).
Device and Browser Data. For example, IP address, device type, MAC ID, browser type.	Non-Members; Global Audiences	We use this data for service optimization and troubleshooting for your specific device/browser of preference (in other words, we want you to see the best possible view of the Sites on your specific device). We also infer your location from your IP address.	Necessary for our legitimate interests
Inferred Data	Non-Members; Global Audiences	We may infer information about you (including your location and your preferences) from the above categories of information which we collect about you.	Necessary for our legitimate interests
Information from Third Parties and integration Partners. This includes your name and email address or IP address where you have given permission to those third parties to share that information with us or where that information is publicly available either online or through your device/browser data.	Non-Members; Global Audiences	We collect your personal information from third parties where, for example, you give permission to those third parties to share your information with us, where such information is publicly available online or through your device/browser data. We will collect and use information from third parties and integration partners to facilitate Clients or Panel Providers sending Actions to you.	Necessary for our legitimate interests
Log Data or Log Files that record data each time a device accesses a server. This contains data about the nature of access, for example, originating IP addresses, Internet service providers, the files viewed on our site (like HTML pages, graphics, etc.), operating system versions, device type, and timestamps.	Non-Members; Global Audiences	Log data can be used for a lot of different things but predominantly we use it for: monitoring abuse and troubleshooting site and security issues, improving the product functionality and creating new features, tracking behavior for content and services at an aggregate level (for example, to monitor service requests or service denial on our site overtime to ensure our site remains stable) and fixing bugs or functionality issues. We will also use log data to help us make recommendations to you or track your visits to our sites. For example, your IP address is used for abuse monitoring purposes (so we can identify an External Audience who abused the survey taking experience in a manner contrary to our usage policies or to facilitate a Client in complying with their own legal obligations).	Necessary for our legitimate interests
Matched Data.	Non-Members; Global Audiences	We provide our Panel Provider with a profile of the type of panelist we wish to use for a particular survey. This may include requirements such as (on a non-exhaustive basis) panelists of a particular gender, age or age range, income bracket or location. If you respond to a particular survey, we will know that you have (or that it is likely you have) the characteristics or match the details listed in the panelist profile. We do not actively seek to re-identify you through use of this data. We may also utilize matching services (i.e., third parties who are specialized in data management, such as consumer behavior insights) to acquire additional information about you from public and private data sources (such as social networks, retailers, and content subscription services with whom you have an account) or to use your Personal Data as an aid to develop additional or new types of de-identified data sets (i.e., we compile your Aggregate Data with data from other consumers to create a new lifestyle segment). The matching service provider holds the Personal Data we share for a short time, uses it to assemble the additional information, and then return the combined information to us. They are contractually bound to delete the data we share with them and are not authorized to use it in any way other than for this specific purpose.	Necessary for our legitimate interests
Metadata.	Non-Members; Global Audiences	We receive data from the device you use to access surveys, such as your operating system version, device manufacturer and model, carrier (i.e., mobile provider), system locale. We may also store any information collected by the core SDK, like device name (can be personalized by device owner) and user agent string.	Necessary for our legitimate interests
Referral Data. This is information about the place where you were before you came to a Site – for example, if you were on social media before clicking on a link to a Site, we record information about the source that referred you to us.	Non-Members; Global Audiences	If you arrive at a Suzy website from an external source (such as a link on another website or in an email), we record information about the source that referred you to us.	Necessary for our legitimate interests
Response Data. This is responses to Actions, which may include things like your occupation field, interests, opinions, or other information you voluntarily provide to us when you participate in an Action.	Non-Members; Global Audiences	We collect and receive the responses you provide to Actions, which may directly identify you or which, when used with other information which we hold about you, may indirectly identify you. We use the information for our brand research and insights. We also share your responses to Actions with the Client(s) who purchased license(s) with us and who initiated the Action(s). The Client(s) use your responses to Actions for their brand research and insights, marketing, and promotions.	Necessary for our legitimate interests
Response Rate Information. For example, page view data, response rates, response types, and survey type	Non-Members; Global Audiences	We use and analyze this information: To improve the user interface; To maintain a consistent and reliable External Audience experience; and To improve our Client services by looking at what questions Clients are asking and the quality of their responses and response rates so that we can enhance our existing features and build new ones to optimize question/answer rates for Clients.	Necessary for our legitimate interests (to improve our Sites, to develop them, to grow our business, and to inform our product development and marketing strategy)
Sensitive Personal Data. See the section in this Notice titled "What is Personal Data" for details on what is considered Sensitive Personal Data.	Non-Members; Global Audiences	You may be asked to provide Sensitive Personal Data in response to Actions. If we collect that information or intend to disclose such information to a third party or use it for a purpose other than as described in this Notice, we will obtain your specific permission to do so prior to any such use or disclosure.	Performance of a contract
Usage Information. (how you use the Sites, what pages you click on, etc.)	Non-Members; Global Audiences	We collect usage information about you whenever you interact with our websites and services. This includes which webpages you visit, what you click on, when you perform those actions, what language preference you have, what you buy and so on. We use information about how you use our services to improve our services for you and all users. Examples: We collect information about the types of questions you answer via Aggregate Data, so we can examine patterns across External Audiences. We collect and use all this data for our legitimate interests like helping us improve the experience for External Audiences (so that questions are easier to answer), for training purposes, and to understand industry trends in and to help improve the completion rates on surveys/forms.	Necessary for our legitimate interests
All of the above categories - Aggregate Data.	Non-Members; Global Audiences	We may aggregate information you provide in a manner which does not identify you (“Aggregate Data”). We may collect and use data about access to and use of our Sites that we automatically collect as a form of Aggregate Data to determine how much time visitors spend on each page of our Site, how visitors navigate throughout the Site, and how we may tailor our web pages to better meet the needs of visitors. We may use your Aggregate Data for our own legitimate business purposes, including operating and enhancing our Site, for performing statistical analysis business planning, and for market research purposes.	Necessary for our legitimate interests
All of the above categories - Artificial Intelligence / Machine Learning.		We use techniques like machine learning or artificial intelligence on Personal Data for ensuring compliance with legal and regulatory requirements, detecting quality to maintain reliable External Audiences, and to provide automated market research services to Clients like heatmapping, dynamic segmentation, data explorer, AI summaries, and the like. Clients have some controls over how we use Response Data and may have turned off our ability to apply machine learning to responses where it is linked to a specific product feature. We also use automated processes and machine learning to: · analyze Response Data, which in turn helps us to identify trends, build product features that optimize responses, make product recommendations, and provide guidance on which products and services work best in different scenarios · extract and analyze usage patterns, which in turn helps us to improve our services and ease of use (for example, we might identify when respondents prefer multiple choice versus open text questions and make predictive response suggestions when certain question types are selected) · undertake personalization for Clients and you (for example by customizing the page on our website which you see at the end of a survey) · improve user experience (for example, by collecting and using device and browser information to improve how our service operates on those devices and in those browsers) · identify insightful data trends (via Aggregate Data) · to build features, improve our services, for fraud detection, and to develop Aggregate Data products	Necessary for our legitimate interests
All of the above categories - Legal and Security.	Non-Members; Global Audiences	For legal and security purposes such as enforcing our agreements, preventing unlawful or abusive activity, responding to legal inquiries and lawful requests, and preventing fraud. For example, we sometimes inspect and use techniques like machine learning on responses to Actions to ensure compliance with our Terms of Service.	Necessary for our legitimate interests
All of the above categories - Other.	Non-Members; Global Audiences	To respond to legal requests or prevent fraud, we may need to disclose any information or data we hold about you. If we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond.	Necessary to comply with a legal obligation

‍

8. Additional Personal Data for Specific Actions

In addition to the categories identified above, additional Personal Data will apply if you choose to participate the following specific Actions:

(a) Participating in live interviews or focus groups

You may be invited to participate in a Live In-Depth Interview (“IDI”) or Live Focus Group.

• IDIs are virtual 1-on-1 interviews

• Focus Groups are virtual interviews consisting of you and 3-4 other participants

If you choose to participate in either, your Personal Data – including Sensitive Personal Data – will be collected, processed, and shared with our Clients. Read our Biometric Data Privacy Notice for full details.

(b) Providing open-ended text responses

From time to time, you will receive Actions that involve open-ended questions. An open-ended question is a question that cannot be answered with a "yes", "no", or static response. Instead, open-ended questions allow you to respond in an open format, so you can answer based on your complete knowledge, feeling, and understanding.

• An example of a close-ended question is: Do you meditate weekly (yes or no)?

• An example of an open-ended question is: How do you typically deal with stress and anxiety?

If you choose to respond to an open-ended question, your responses will allow Clients to attain detailed and descriptive market research insights.

What level of detail you provide about yourself in response to these questions determines whether or not Personal Data is involved. For example, let’s say you were asked the question, “How do you choose a restaurant to eat at?” If you answered, “By location! I eat at Happy Diner STL at the corner of Smith and Jones Street because I live in the apartment above it!”, your Personal Data would be implicated.

(c) Providing open-ended video responses

You may be asked to respond to open-ended questions with a video recording. We call this “Video Open End” or “VOE” for short. If you choose to participate in VOE, your Biometric Data will be collected, processed, and shared with our Clients. Read our Biometric Data Privacy Notice for full details.

(d) Testing products

You may be asked to participate in an in-home use test (“IHUT”), which is a way of allowing our Clients to collect and analyze feedback from consumers' hands-on product testing experiences in their own native environment (home, work, etc). Among the variety of reasons Clients use IHUTs, some of the more common ones include: so product development teams can validate how a product is used; to study product flaws in order to make improvements; or to collect real usage claims about a product, such as “9 in 10 women would recommend this product”.

If you choose to participate, we will mail you a product or ask you to buy it in-store with a coupon and then you’ll answer questions about your experience with that product. In some cases, you may be asked to submit photos or videos using your device as part of the Action response. For example, you might be asked to video record yourself opening product packaging, to take a picture of yourself using the product, etc.

Every IHUT has eligibility conditions based on Client needs (availability, familiarity with product or service, demographic information, etc). If you participate in an IHUT, we will use your contact information to send you IHUT invitations, instructions, reminders, and and post-trial activation information. We will also use your name and mailing address to facilitate shipping and to send tracking information to you. We will share your name and mailing address with third-party fulfillment centers for purposes of sending you the product.

9. Why do we use Personal Data?

In addition to the uses explained above, we use your Personal Data for our legitimate commercial interests to:

• provide you with the Actions which you have selected to receive or participate in;

• provide you with surveys which it appears you are interested in receiving based on your previous survey-taking activities and the profile we, our Clients, or our Panel Providers have developed as a result of this usage history;

• administer the Actions, to improve both the content and frequency of future Actions, and to improve how Actions are presented to you;

• check that you only take a particular survey once (unless the survey allows multiple responses);

• customize the way that Actions are presented to you to enhance your survey taking experience;

• analyze responses (including by comparing your responses against others' responses) and understand response rates;

• track referring websites;

• maintain our processing records;

• perform system administration and maintenance including copying, modifying, and configuring data for business continuity and archiving purposes and in order to introduce new technologies into our systems;

• maintain the security of our system (e.g., controlling abuse, spam, and DDOS attacks); and

• to send/not send Actions to you.

10. Who do we share your Personal Data with?

We recognize that because you give us and allow us to use your Personal Data, we are entrusted with safeguarding the privacy of that information. Your trust is important to us, so we generally only disclose, sell, or share that data with third parties where we have given you prior notice (e.g., in this Notice); obtained your consent; or anonymized or de-identified the information in such a way that you or your household cannot reasonably be linked, directly or indirectly, by it.

In addition to the sharing of your Personal Data noted elsewhere in this Notice, we disclose, share, or sell Personal Data to:

(a) Suzy

We will use your Personal Data for our brand research and insights and may share it with our subsidiaries and affiliates, including Suzy Home, LLC. We may also disclose aggregated, de-identified, or anonymized statistics about External Audiences. For example, we may post on our blog or include in our marketing materials statistics like the average response rate for Actions or what percentage of External Audiences are male.

(b) Clients

We share your Action responses and any other Personal Data you have voluntarily provided with the Client who purchased license(s) to Suzy’s insights platform and initiated the Action to which you responded, or to prospects or potential clients that Suzy wishes to engage. We share this information with the Client team (i.e., it is viewable by any team members in the Client’s company with access to the Client’s dashboard). We also provide the Client with options to download the raw data with an excel spreadsheet or, in some instances, to download cluster, persona, or segment analysis in a PowerPoint deck. That Client will use the information for their brand research and insights.

We may also use the Personal Data you provide to comply with regulatory monitoring and reporting obligations imposed by Clients in connection with adverse events. In such instances, we may require further information from you in addition to Personal Data to comply with such regulatory monitoring and reporting obligations. Such information may be provided to the relevant Client.

Please note that you may never know which company (i.e., which of our Clients) initiated the Action. It could be a sports company, it could be an apparel company, or it could be a company whose values do not align with yours. You are always welcome to ask us which Client it is (and you might be able to infer based on the questions asked). However, please know that we may be contractually prohibited from disclosing their identity to you in some situations.

(c) Panel Providers

We will process your Personal Data in order to fulfill our contracts with Panel Providers.

(d) Service providers and trusted partners

To help us provide certain aspects of our services, we use trusted partners and service providers. In particular, we engage third parties to:

• facilitate our collectors for sending surveys by email or text to you;

• detect fraud (for example, verifying malicious IP addresses);

• deliver and help us track our marketing and advertising content;

• help us track website conversion success metrics; and

• manage our support services to you, including for resolving any disputes.

We enter into confidentiality and data processing terms with partners to ensure they comply with high levels of confidentiality and best practices in privacy and security standards and we regularly review these standards and practices.

You can view our Subprocessor List here.

(e) Subcontractors

We may provide your Personal Data to other companies or individuals we’ve hired to perform one or more services for us (such as quality assurance services, moderation services, translation services, targeting audiences, analyzing responses, matching data, etc.). Those companies or individuals are located both in the U.S. and abroad. These companies or individuals are authorized to use your Personal Data only as necessary to provide these services to us.

Internally, our Managed Services team may process your Personal Data as part of the work they perform for Clients (i.e., building segments, targeting audiences, analyzing responses, etc).

(f) Technical consultants and third-party auditors

We share Personal Data with technical consultants and third party auditors to ensure we meet our security, legal, and regulatory compliance requirements.

(g) Investors, successor entities, or purchasers

We reserve the right to transfer your Personal Data, including profile information, responses to Actions, or other information to a successor entity upon a merger, consolidation, or other corporate reorganization in which Suzy participates or to a purchaser of all or substantially all of Suzy’s assets.

(h) Law enforcement or Legal obligation

We may disclose your Personal Data as required by law, including for purposes of law enforcement, or when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, and/or to comply with a judicial proceeding, court order, subpoena, or other legal process served on us. We may also disclose your Personal Data to investigate suspected violations of the Site rules or policies.

(i) Anonymized or de-identified information

We may publish or disclose anonymized or de-identified information about our services, including responses to Actions. For example, we may post on our blog or otherwise include in our marketing emails interesting statistics like how many Actions were completed in a month.

(j) Aggregate information

We use Aggregate Data to analyze aggregate trends both amongst survey respondents. We may use this information for our own business purposes or sell this aggregate, de-identified information to our Clients or other third parties for advertising, promotional, or other commercial purposes. Where data has been de-identified, we take appropriate technical and organizational measures to prevent future re-identification.

(k) Vital interests

In rare events, we may disclose your Personal Data where we believe in good faith that access or disclosure is necessary to protect the personal safety or vital interests of Suzy employees, customers, or the public.

(l) Other

Information obtained in connection by us may be intermingled with and used by us in conjunction with information obtained through other sources, including both offline and online sources.

We may also disclose or share information about you with other third parties as part of provisioning and improving our services. We will not share or sell your Personal Data to any third parties for reasons outside of provisioning and improving our services and for the other purposes described in this Notice unless we have:

• obtained your consent; or

• anonymized or de-identified the information such that the information does not contain your Personal Data.

11. How long is Personal Data retained?

Except as otherwise specified in this Notice, we retain each category of Personal Data for no longer than necessary to provide you or our Clients the services requested, to comply with our legal obligations, or to resolve disputes and enforce our agreements. To the extent that your responses are stored in one of our Client accounts, that data is retained for as long as our Client’s account remains active or until our customer has deleted those responses. Your Personal Data is anonymized / deleted upon request or upon a reasonable period after Client account abandonment.

12. Where is Personal Data processed and stored?

Suzy is based in the United States, our servers and systems are located in the United States, and many of our service providers are based in the United States.

By using the Sites, you freely and specifically give us your consent to export, process, and/or store your Personal Data in the United States. You understand that the United States may not have the same data protection / privacy laws as your country and that data stored in the United States may be subject to lawful requests by the courts or law enforcement authorities in the United States.

Sometimes, we transfer your Personal Data overseas to our Clients, service providers, and subcontractors who operate around the world in places with different laws and protections. We’ll use appropriate technical and organizational measures and safeguards to protect your data during international transfers and at all other times it is in our care.

If you are resident in or a visitor of the EEA, United Kingdom, or Switzerland, we will protect your Personal Data when it is transferred outside of such locations by processing it in a territory which the European Commission has determined provides an adequate level of protection for personal information or otherwise implementing appropriate safeguards to protect your Personal Data, including through the use of Standard Contractual Clauses or another lawful transfer mechanism approved by the European Commission.

13. Security

The security of your Personal Data is very important to us. We put in place reasonable and appropriate technical and organizational measures to ensure your Personal Data is kept secure and protected from unauthorized access, use, disclosure, alteration or destruction, in accordance with applicable laws and regulations. When you enter sensitive information (such as login credentials), we encrypt the transmission of that information using Transport Layer Security (TLS). When we share your Personal Data with service providers, subcontractors, or other third parties, we base our selection on said parties having adequate safeguards in place that meet our data protection standards. We perform risk assessments or otherwise audit their compliance with such standards and incorporate applicable contractual provisions ensuring compliance with (i) such standards and (ii) applicable data privacy laws and regulations. For more information, visit our Trust Center.

Notwithstanding the foregoing, transmissions over the Internet and/or a mobile network are not one hundred percent (100%) secure, and Suzy does not guarantee the security of transmissions. Suzy is not responsible for any errors by you in submitting Personal Data to us.

14. Minors

Actions are not intended for and may not be used by minors. "Minors" are individuals under the age of 13 (or under a higher age if required by the laws of their residence). We do not knowingly collect nor intend to collect Personal Data from Minors without verifiable parental consent. Where appropriate, we take reasonable measures to inform Minors not to submit such information to our Sites. If we learn that a Minor has provided us with Personal Data without verifiable parental consent, we will use all reasonable efforts to delete such information from our systems.

15. Are survey responses anonymous?

To Panel Providers, the answer is no. For example, they typically link your response activity with your the account you have with them often via a unique user ID.

To Suzy, our Clients, and the third parties we share Personal Data with, the answer is maybe. It depends on what types of Actions you choose to participate in and what information you provide in your responses. Of course, if you disclose your name in a response, you won’t be anonymous. But even if you don’t, the information you do provide may be identifying, such as when combined with other information. We, our Clients, and some of our partners may have the ability to contact you regarding Actions for which you qualify. If you post your Personal Data on the Sites in a section of the Sites where it was not explicitly requested, or outside of the Sites where it may be viewable and/or accessible by Clients (e.g., contact information listed within feedback you provide or an email address you provided directly to a Client), we cannot control how third parties (such as Clients) may use that information).

16. Optional Additional Surveys

We may occasionally include optional additional surveys (accessible from the standard survey end page) on completion of our Actions to External Audiences. These surveys or forms were created by us as part of our own research projects. Participating in these research surveys is entirely voluntary. We are the data controller of any information you provide in as part of those optional research surveys.

17. Your Privacy Rights

If Suzy is the controller of your Personal Data, you have certain privacy rights as discussed in the chart below. If, on the other hand, a Client or Panel Provider is your controller, please reach out to them directly. If you are having difficulties finding this Client or Panel Provider or if you have any other questions after reading this Notice, you can contact us and we will try our best to help you.

Tip: Where you have responded to an Action sent to you by a Client or Panel Provider, you will need to reach out directly to that individual or organization to discuss managing, deleting, accessing, or otherwise withdrawing consent for use of your Personal Data which you provided to them. Suzy does not control that data and, accordingly, is not in a position to directly handle these requests in relation to that data.

You have the following rights regarding your Personal Data. Your rights and choices may vary depending on the laws applicable to your Personal Data. Such laws may extend additional rights and choices to you or may limit or except the rights listed below.

Right	Details
Right of Access	Find out what kind of Personal Data we process about you and request details of this information, including categories of recipients to whom the Personal Data have been or will be disclosed and purposes of processing.
Right to Know	Ask us for a notice identifying the categories of Personal Data that we collect (and from whom), disclose, or share (and to whom we disclose or share), as well as our business or commercial purposes for collecting, disclosing, or selling that Personal Data. In most respects, this Policy serves as such notice.
Right to Rectify, also known as Right to Correct	Ask for your Personal Data to be rectified, updated or, corrected. We may need to verify the accuracy of the new information you provide to us.
Right to Transfer, also known as Right to Data Portability	Ask us to package up your Personal Data in a structured, commonly used and machine-readable format, so you can move, copy, or transfer it to another organization in a secure manner and without interrupting the integrity and usability of the information.
Right to Restrict or Object to Processing	Object to certain types of processing of your Personal Data, including profiling, targeted advertising, direct marketing, and statistical, scientific, or historical research purposes.
Right to not be Subject to Fully Automated Decisions	Ask to not be subject to decisions with a legal or similarly significant effect (including profiling) that are based solely on the automated processing of your Personal Data, unless you have given us your explicit consent or where necessary for the performance of a contract with us.
Right to Limit Use of Sensitive Information	Tell us to limit or stop processing your Sensitive Personal Data.
Right to Withdraw Consent at Any Time	Withdraw any consent you may have previously given us.
Right to Delete, also known as the Right to be Forgotten	Request that your Personal Data be erased. Where required, we will delete your Personal Data. We will decline your request for deletion if processing of your Personal Data is necessary: (i) for us to comply with our legal obligations; (ii) for the establishment, exercise, or defense of legal claims; (iii) for the performance of a task in the public interest, or (iv) for us to perform certain actions in accordance with applicable laws, such as detecting security incidents and protecting against fraudulent activity.
Right to Opt-Out of the Sale or Sharing of your Personal Data	Direct us not to sell your Personal Data to third parties. California residents: You have the right to tell us not to sell or share your Personal Data to third parties. This right is referred to as the “right to opt-out of sale or sharing.”

‍

18. Exercising your privacy rights

You can exercise your rights by:

• submitting a Privacy Request,

• e-mailing us, or

• writing to: Suzy, Inc. Attn: Legal, 228 Park Avenue South, PMB 85529 Broadway, New York, NY 10003.

• If you are in the European Union, European Economic Area, or UK, you can contact our Article 27 Data Protection Representative.

We will not charge you fees in connection with the exercise of your rights, unless the request is manifestly unfounded or excessive (for example, because of its repetitive character). We will not discriminate against you for exercising your privacy rights. However, please note that honoring some of your rights may mean that we are unable to perform the actions necessary for you to use or take full advantage of our services.

Response timing and format

We will respond to your request in a reasonably timely manner and typically within 30-60 days, depending on the laws applicable to you. We'll either fulfill your request or explain why we're not taking action. If we don't take action, and if the applicable laws so require, we'll also provide instructions on any rights to appeal our decision.

In order to protect the security of your Personal Data, we will not honor a request if we cannot verify your identity or authority to make the request and confirm the Personal Data relates to you. The method used to verify your identity will depend on the type, sensitivity and value of the information, including the risk of harm to you posed by any authorized access or deletion. Generally speaking, verification will be performed by matching the identifying information provided by you to the Personal Data that we already have.

If you are in the European Union and you are not satisfied with our response, you have the right to complain or seek advice from your local data protection supervisory authority and/or bring a claim against us in any court of competent jurisdiction.

In so far as practicable, we will notify our Clients any third parties to whom we have disclosed your Personal Data with any correction, deletion, and/or restriction to the processing of your Personal Data.

19. Your privacy controls

In addition to your Privacy Rights, there are mechanisms you can use to control your Personal Data.

Control	Details
Voluntary Action Participation	You can always refuse to answer an Action. Your participation in any survey is entirely voluntary, and you may opt out of responding at any time by skipping the question, declining the invitation, or selecting “prefer not to say”, where applicable.
Advertising Controls	Some of the business partners that may collect information about your activities on our Sites may be members of organizations or programs that provide choices to individuals regarding the use of their browsing behavior for purposes of targeted advertising. · For example, you may opt out of receiving targeted advertising through members of the Network Advertising Initiative by clicking here or the Digital Advertising Alliance by clicking here. · European users may opt out of receiving targeted advertising through members of the European Interactive Digital Advertising Alliance by clicking here, selecting your country, and then clicking “Choices” (or similarly-titled link). · Mobile app users may opt out of receiving targeted advertising in mobile apps through members of the Digital Advertising Alliance by installing the AppChoices mobile app, available here, and selecting the user’s choices. Please note that we may also work with companies that offer their own opt-out mechanisms and may not participate in the opt-out mechanisms that we linked to above.
Marketing Emails and Service Announcements Controls	Individuals may unsubscribe from receiving marketing or other commercial emails from us by following the instructions included in the email. However, even if an individual opts out of receiving such communications, we retain the right to send them non-marketing communications (such as announcements regarding changes to this Notice). Under certain circumstances, we may need to contact you in order to make an important announcement about the Site. We will also post information regarding changes directly on the Site. We may also contact your to correct errors or to supply important information we deem relevant.
Do Not Track signals	"Do Not Track" is a feature enabled on some browsers that sends a signal to request that a website disable its tracking or cross-website user tracking. We treat any user-enabled global privacy controls, such as a browser plug-in or privacy setting, device setting, or other mechanism, that communicate or signal your choice to opt-out of the sale of your Personal Data as a valid request submitted pursuant to applicable privacy laws for that browser or device, or, if known, for the individual.

‍

20. Terms of Service

Use of our services is governed by, and subject to, the legal notices contained in the terms of use for our sites and services. Your use, or access, of the services powered by Suzy constitutes your agreement to be bound by these provisions.

21. How can you contact us?

You can contact us by:

• E-mailing us

• Writing to: Suzy, Inc., Attn: Legal, 228 Park Avenue South, PMB 85529 Broadway, New York, NY 10003

• If you are in the European Union, European Economic Area or UK, you can contact our Article 27 Data Protection Representative.

22. Changes to this Notice

We reserve the right to change, add, or remove portions from this Notice at any time. When we make any updates to this Notice that are deemed material under applicable legal requirements, we will notify you of such changes by updating the date of this Notice and providing other notification as required by applicable law. We may also provide notification of such changes to the Notice in other ways, such as via email or using other contact information provided to us. For all other changes, please review the Notice from time to time to stay informed of how we are processing personal data.

By using the Sites following any Notice change, you freely and specifically give us your consent to collect, use, transfer, and disclose your Personal Data in the manner specified.

23. Prior Versions of this Notice

N/A