Suzy, Inc. respects your privacy. This Privacy Policy describes how Suzy, Inc. and its subsidiaries and affiliates (collectively, "Suzy", "we," "our" or "us") collect, use, and share personal information in connection with the suzy.com, live.suzy.com, and app.suzy.com, and all other Suzy websites, products, services, and apps (collectively, the "Sites," and any, a "Site"), except where otherwise noted.
This Privacy Policy (“Policy”) applies solely to information collected via the Sites. It does not apply to Crowdtap – our consumer-facing survey platform – or its website(s) and mobile application(s), which has a separate privacy policy.
By using or accessing the Sites, you accept and unambiguously consent to this Policy and to our use of your Personal Data as described in this Policy. IF YOU DO NOT AGREE TO THE TERMS OF THIS POLICY, DO NOT USE THE SITES. For details on your privacy rights, see the Section titled “Your Privacy Rights”.
1. Who are we?
The Sites are operated by Suzy, Inc., a company headquartered in New York, NY, USA.
Suzy combines advanced research tools with an on-demand network of screened and verified consumers to help companies make data-driven decisions with confidence. Our business-to-business services are Suzy™. Our proprietary consumer network is called Crowdtap®.
2. Who are "you"?
Such a deep question! "You" are someone really important to us. There are a lot of moving parts to our end-to-end solutions, so here is how we think of "you" with respect to this Policy:
- "Client": You hold an account within a Suzy service and you either directly create surveys, forms, applications, or questionnaires, or you are collaborating on, commenting on, or reviewing surveys, forms, applications, or questionnaires within an account. References to "Client" include potential Clients who are considering our products and services and/or demoing same.
- "Visitors": You are just visiting one of the Sites because you are curious or you have heard about us from our marketing and sales channels.
3. Who are “Respondents”?
Our consumer services like Crowdtap are used by people who are interested in responding to surveys, interviews, focus groups, and the like (collectively, "Actions") in exchange for financial incentives.
- "Members" means individuals who have either (a) signed up for Crowdtap and agreed to respond to an Action(s), or (b) accepted an email invitation from Crowdtap to participate in an Action(s). When we refer to Members, we are referring only to our U.S.-based proprietary Crowdtap audience (the Crowdtap platform is only intended for residents of the United States).
- “External Audiences” is an overarching term for Non-Members and Global Audiences.
- “Non-Members” means U.S. survey respondents sourced from another panel or other non-Suzy source, such as client CRMs.
- “Global Audiences” means non-U.S. survey respondents sourced by our third-party provider or another source, such as client CRMs.
- “Respondents” is an overarching term for Members and External Audiences.
4. What is Personal Data?
Data: References to "data" in this Policy will refer to whatever data you use with our Services, whether it be survey or questionnaire responses, data collected in a form or application, or data inserted on a site hosted by us – it's all data!
Personal Data: When we use the term "Personal Data" in this Policy, we use it as a catchall term to mean any information that is linked or reasonably linkable to an identified or identifiable natural person. This includes information that relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular person or household. Some states and countries refer to this as "personal information" or "personally identifiable information." References to Personal Data means information that we collect or for which we act as custodian.
Sensitive Personal Data: Some Personal Data is so sensitive that it requires heightened care and protection. Different laws consider different types of personal data sensitive but generally include:
- Financial information
- Health information (physical health, mental health, and/or substance use information)
- Citizenship / immigration status
- Sexual orientation, sexual preferences, or sexual practices
- Driver's license information
- Passport information or other government-issued identification information
- Zip code
- Genetic information
- Biometric information
- Data of children under the age of 13
- Racial or ethnic origin
- Religious or philosophical beliefs
- Political opinions or affiliations
- Trade union membership
- Criminal history / record information
- Precise geolocation information
5. Who is the data controller?
Personal Data we collect from Clients and Visitors: Suzy is the data controller of this data and is responsible for holding and keeping it in compliance with privacy laws.
Personal Data of Respondents: We perform certain data processing activities as a processor and other processing activities as an independent or joint controller. Our “Suzy’s Roles” sheet – available on our Trust Center – explains why.
Where we act as the controller, the details for who you can contact are listed below. If we can’t resolve your concerns (we hope we can!), you may also raise your concerns to your local statutory authority.
United States
Suzy, Inc.
Address: 228 Park Avenue South, PMB 85529, New York, NY 10003
Request Portal: Privacy Request Form
Email: trust@suzy.com
United Kingdom
Data Protection Representative Limited
Address: available here
Request Portal: http://www.datarep.com/data-request
Email: datarequest@datarep.com
European Union
Data Protection Representative Limited
Address: available here
Request Portal: http://www.datarep.com/data-request
Email: datarequest@datarep.com
6a. How is your Personal Data collected?
We use different methods to collect Personal Data from Clients and Visitors, including through:
- Direct interactions. Often, we receive Personal Data directly from you. For example, you may give us your Personal Data by creating a Suzy account, filling in forms, following us on social media, or by corresponding with us.
- Information Your Company Provides to Us. Clients may provide us with Personal Data about individuals – typically their employee or contractor – who are authorized to use the Sites under their agreement with us. This information typically includes name, occupation, email address, and phone number.
- Automated technologies or interactions. As you interact with our Sites, we, our service providers, and business partners will automatically collect certain technical data about your equipment, browsing actions, and patterns. This includes collecting Personal Data by using cookies, web beacons, and other similar technologies. Read our full Cookie Policy here.
- Third parties. We also receive Personal Data from third parties, such as:
- Technical information from analytics providers and advertising networks.
- Contact information and other information from social media networks.
- Contact information from Clients about their customers for purposes of developing brand panels and other requested services.
6b. How is Personal Data from Respondents collected?
For details on:
- how we collect Members' Personal Data, see Section 5 of our Crowdtap Privacy Policy.
- how we collect External Audiences' Personal Data, see our Privacy Notice for External Audiences
7. What Personal Data do we use?
We're in the business of data, and transparency is important to us. Below is a chart of the categories of Personal Data we use, analyze, or otherwise process about Clients and Visitors.
(For details on how we collect Members' Personal Data, see Section 6 of our Crowdtap Privacy Policy.)
| Category of Data | Whose Data | Use | Lawful Purpose, in addition to consent |
|---|
| Account Creation Information. When you register for an account, we collect your first and last name, username, password, email address, phone number, and last login IP address. | Clients | We use your name, username, password, and email address for user account creation on the Suzy platform. We use your phone number and last login IP address for security purposes.
We also use registration information to render services to you and to send you transactional emails and updates about usage and billing. | Performance of a contract |
| Account Settings. You can set various preferences and personal details on pages like your account settings page. These may include, for example, your default language, time zone, and communication preferences (e.g., opting in or out of receiving marketing communications from us). | Clients | We use this information to run your account and honor your service preferences. Depending on your company's underlying contract, we sometimes co-manage this information in conjunction with your organization. | Performance of a contract; Necessary for our legitimate interests |
| Basic Profile Information. This includes your name, occupation, title, email address, and phone number and other criteria you have voluntarily shared with us. It may also include a profile picture, if you so choose. | Clients | We use this information to provide you with a personalized service experience, to help others identify you (if you are in a team account), to personalize marketing information, as well as to make product, feature, and service recommendations to you and your organization so you can optimize the use of our services | Performance of a contract |
| Billing Information. | Clients | If you make a payment to Suzy, we require you to provide your billing details, a name, address, email address, and financial information corresponding to your selected method of payment (e.g., a credit card number and expiration date, a bank account number, etc). If you provide a billing address, we will regard that as the location of the account holder to determine the contracting entity and the sales tax, if applicable, to be applied to your purchase. We use this information to bill you, to properly manage your payments, and for our own internal financial audit purposes.
We use third-party financial institutions and/or payment processing services to process your billing information. | Performance of a contract |
| Brand Panel Referral Information. | Clients | We use information you provide us from your CRM to deliver Crowdtap invitations and Actions to your desired panels. We may work with a third-party service provider to deliver the invitations to your desired panels. | Performance of a contract |
| Contact Information. For example, your name, phone number, and email address. | Clients | We use it when we need to contact you about products and services (unless you unsubscribe) or to provide you with account and transactional information and updates (Although you cannot unsubscribe from the latter, we try to contact you only when necessary). We will also respond back to you if you contact our customer support or sales teams. | Performance of a contract; Necessary for our legitimate interests |
| Contact Information. For example, your name, phone number, and email address. | Visitors | We will respond to you if you contact our customer support or sales teams and for our own business development – for example, we may contact you in response to your inquiries or send you information about our services where you operate in a business which may be interested in our services. | Necessary for our legitimate interests (for running our marketing outreach services) |
| Cookies. For example, data we get from first and third party cookies, page tags, pixels and similar technology placed on your device. | Clients; Visitors | Read our Cookie Policy for details. Generally, we will infer common identities across different services and multiple devices such as tablets, browsers, and mobile phones to create a continuous product experience or for security reasons, for example. We will also tailor ads to you when you are browsing other sites online, to enable us to determine the success of our advertising campaigns, and to improve upon them. Emails sent by Suzy or Clients through our services also include page tags that allow the sender to collect information about who opened those emails and clicked on links in them. | Necessary for our legitimate interests (to define types of users for our Sites, to keep our Sites updated and relevant, to develop our business, and to inform our marketing strategy) |
| Data Quality Information. For example, IP addresses, email domains, phone numbers, survey responses, behavioral information, etc. | Clients; Visitors | We use this information to moderate for bots, to authenticate users, and to prevent fraud and abuse This helps us preserve the security of our Sites and helps us provide quality assurance controls. For example, we employ IP and email domain blocking to prevent fraud and abuse, as well as patented technology that identifies behavior patterns indicative of bots. | Necessary for our legitimate interests (to prevent fraud and abuse, ensure data quality, and help improve network security). |
| Device and Browser Data. For example, IP address, device type, MAC ID, browser type. | Clients; Visitors | We use this data for service optimization and troubleshooting for your specific device/browser of preference (in other words, we want you to see the best possible view of the Sites on your specific device). We also infer your location from your IP address. | Necessary for our legitimate interests (to study usage of our Sites, to develop them, to grow our business and to inform our marketing strategy) |
| Inferred Data. | Clients; Visitors | We may infer information about you (e.g., your preferences and habits) from all of the above categories of information which we collect about you. | Necessary for our legitimate interests (to study usage of our Sites, to develop them, to grow our business, and to inform our marketing strategy) |
| Information from third parties and integration partners. This includes your name and email address or IP address where you have given permission to those third parties to share that information with us or where that information is publicly available either online or through your device/browser data. | Clients, Visitors | We use this information to ensure you can sign-up to our service from a third party integration like Facebook, LinkedIn, Microsoft, Google/SSO; to personalize our services for you; and to ensure you can use our service in conjunction with other services. | Performance of a contract; Necessary for our legitimate interests (provision of, and to improve, our services) |
| Log Data or Log Files that record data each time a device accesses a server. This contains data about the nature of access, for example, originating IP addresses, Internet service providers, the files viewed on our site (like HTML pages, graphics, etc.), operating system versions, device type, and timestamps. | Clients, Visitors | Log data can be used for a lot of different things but predominantly we use it for: monitoring abuse and troubleshooting site and security issues, improving the product functionality and creating new features, tracking behavior for content and services at an aggregate level (for example, to monitor service requests or service denial on our site overtime to ensure our site remains stable) and fixing bugs or functionality issues. We will also use log data to help us make recommendations to you or track your visits to our sites. | Necessary for our legitimate interests (to prevent fraud and abuse and ensure network security) |
| Matched Data. | Clients, Visitors | We utilize matching services (i.e., third parties who are specialized in data management, such as customer relation insights) to acquire additional information about you from public and private data sources (such as social networks, industry groups, and content subscription services with whom you have an account) or to use your Personal Data as an aid to develop additional or new types of de-identified data sets. The matching service provider holds the Personal Data we share for a short time, uses it to assemble the additional information, and then return the combined information to us. Partners are contractually bound to delete the data we share with them and are not authorized to use it other than as authorized. | Performance of a contract; Necessary for our legitimate interests |
| Metadata. | Clients, Visitors | We receive data from the device you use to access surveys, such as your operating system version, device manufacturer and model, carrier (i.e., mobile provider), system locale. We may also store any information collected by the core SDK, like device name (can be personalized by device owner) and user agent string. | Necessary for our legitimate interests |
| Questions Data. For example, survey questions, focus group questions, etc. | Clients | The terms of the applicable Master Services Agreement between a Client and us governs the ownership of Questions Data.
Generally speaking, we store Clients' survey/form/application data (questions) and Respondents' responses to provide analysis tools for you to use with respect to this data. Clients' questions are private. We don't sell those materials but we may include them in Aggregate Data; we use them only for purposes related to providing, improving, supporting, or operating the Sites. | Performance of a contract; Necessary for our legitimate interests |
| Referral Data. This is information about the place where you were before you came to a Site – for example, if you were on social media before clicking on a link to a Site, we record information about the source that referred you to us. | Clients, Visitors | We use this data to track the success of our integrations and referral processes and to plan further referrals. For example, if you arrive at suzy.com from an external source (such as a link on another website or in an email), we record information about the source that referred you to us. | Necessary for our legitimate interests (to study how customers use our Sites, to develop them, to grow our business, and to inform our marketing strategy) |
| Response Data. This is responses to Actions, which may include things like Respondents' occupation field, interests, opinions, or other information they voluntarily provide to us when they participate in an Action. | Clients | The terms of the applicable Master Services Agreement between a Client and us governs the ownership of Response Data. Generally speaking, we own responses to Actions and "Member Data", as that term is defined in our Terms.
We use Response Data to deliver our services to Clients, to return analyzed response data to Clients, and to improve our Sites.
We internally use the data to improve the quality of our services. We also may use techniques like machine learning on Response Data for ensuring compliance with Respondent terms of use, detecting quality to maintain reliable panelists, and to provide automated market research services like heatmapping, dynamic segmentation, data explorer, AI summaries, and the like.
We also use Response Data to give you and other Clients more ways to reach desired target demographics in future Actions and for benchmarking and Aggregate Data use. For example, if you ask "How much weight can you deadlift?", we may give other Clients the ability to target Respondents who can deadlift more than, say, 100lbs (based on the responses data). Other Clients would not be able to determine that the question originated from your Action. | Performance of a contract; Necessary for our legitimate interests |
| Response Rate Information. For example, page view data, response rates, response types, and survey type | Clients | We use and analyze this information:
To improve the user interface;
To maintain a consistent and reliable Respondent experience; and
To improve our Client services by looking at what questions Clients are asking and the quality of their responses and response rates so that we can enhance our existing features and build new ones to optimize question/answer rates for Clients. | Performance of a contract; Necessary for our legitimate interests (to improve our Sites, to develop them, to grow our business, and to inform our product development and marketing strategy) |
| Sales Automation & Analytics. | Clients | We use and share your contact information with third parties to automate our sales processes and generate actionable insights to help manage inbound and outbound sales processes. | Necessary for our legitimate interests |
| Sales Team Engagement. For example, audio and video recording of you. | Clients | We utilize third-party Gong.io , a digital communications solution, or a functionally equivalent third party, to enable our sales team to capture, record, and summarize Client communications to improve customer engagement. Specifically, we use service providers like Gong to record audio, video, and shared screens. Consent is obtained prior to collecting such information. | Necessary for our legitimate interests |
| Sensitive Personal Data. See the section in this Policy titled "What is Personal Data" for details on what is considered Sensitive Personal Data. | Clients | If you moderate or attend a Suzy Live IDIs or Focus Groups, your Sensitive Personal Data will be captured via the video and audio recording of the live interaction. | Performance of a contract |
| Usage Information. (how you use the Sites, what pages you click on, etc.) | Clients; Visitors | We collect usage information about you whenever you interact with our Sites. This includes which webpages you visit, what you click on, when you perform those actions, what language preference you have, what you buy and so on. We use this information to improve our services. We also will market to you (unless you unsubscribe or change cookie preferences). | Necessary for our legitimate interests (to help us improve user experience, to study how customers use our Sites, to develop them, to grow our business, to inform our marketing strategy, and for machine learning purposes (we use the data to keep training our models and to build new ones)) |
| All of the above categories - Aggregate Data | Clients, Visitors | We may collect and use data about access to and use of our Sites that we automatically collect as a form of "Aggregate Data" to determine how much time visitors spend on each page of our Site, how visitors navigate throughout the Site and how we may tailor our web pages to better meet the needs of visitors. We may use your Aggregate Data for our own legitimate business purposes, including operating and enhancing our Sites, performing statistical analysis business planning, and for market research purposes. | Performance of a contract; Necessary for our legitimate interests |
| All of the above categories - Artificial Intelligence / Machine Learning | Clients; Visitors | We use techniques like machine learning or artificial intelligence for ensuring compliance with legal and regulatory requirements, detecting quality to maintain reliable Respondents, and to provide automated market research services like heatmapping, dynamic segmentation, data explorer, AI summaries, and the like. We also use automated processes and machine learning to: - analyze Response Data, which in turn helps us to identify trends, build product features that optimize responses, make product recommendations, and provide guidance on which products and services work best in different scenarios
- extract and analyze usage patterns, which in turn helps us to improve our services and ease of use (for example, we might identify when Respondents prefer multiple choice versus open text questions and make predictive response suggestions when certain question types are selected)
- improve user experience and undertake personalization for Clients (for example, by collecting and using device and browser information to improve how our service operates on those devices and in those browsers)
- improve, develop, analyze, and provide customer relations, sales engagement, and business development
- identify insightful data trends (via Aggregate Data)
- to build features, improve our services, for fraud detection, and to develop Aggregate Data products
| Performance of a contract; Necessary for our legitimate interests |
| All of the above categories - Legal and Security. | Clients; Visitors | For legal and security purposes such as enforcing our agreements, responding to legal inquiries and lawful requests, and protecting against fraud, illegal activity (such as incidents of hacking or misuse of our Sites), and claims and other liabilities, including by enforcing the terms and conditions that govern the Sites | Necessary to comply with a legal obligation; Necessary for our legitimate interests |
| All of the above categories - Marketing | Clients; Visitors | To help improve our marketing by, for example, building user profiles to ensure our marketing materials are relevant to you and optimize our campaigns using machine learning. | Necessary for our legitimate interests |
| All of the above categories - Other | Clients, Visitors | We may also use your Personal Data to:
-Communicate about the products and services we offer
-Respond to requests, inquiries, comments, and suggestions
-Provide our products and services
-Analyze use of our products and services
-Operate, evaluate and improve our business, our Sites, and other products and services we offer (including to research and develop new products and services)
-Establish and maintain an individual's profile on our Sites
-Analyze and enhance our communications and strategies (including by identifying when emails we sent have been received and read)
-Tailor the content we display in our communications and on our Sites
-Perform our agreements with Clients, if you are using the Sites on behalf of a company that has an agreement with us (e.g., your employer) | Performance of a contract; Necessary for our legitimate interests |
8. Who do we disclose your Personal Data to and what do we disclose?
We recognize that because you give us and allow us to use your Personal Data, we are entrusted with safeguarding the privacy of that information. Your continuing trust is very important to us, so the only time we will disclose or share that information to a third party is where we have:
- given you notice (e.g., in this privacy notice);
- obtained your consent (e.g., based on your account's opt-in/opt-out settings);
- anonymized or de-identified the information in such a way that you cannot reasonably be linked, directly or indirectly, by it; or
- fulfilled a Respondent’s data subject access request to include providing their responses to them.
In addition to the sharing of your Personal Data noted elsewhere in this Policy, we disclose or share your Personal Data to the following (if you would like more information on our processors/subprocessors, please contact your account manager):
(a) Your Company and its Designees
If you are using the Sites on behalf of a company that has an agreement with us (e.g., your employer), we will share your Personal Data, including information about how you use the Sites, with that company and with such other parties as that company may direct.
(b) Respondents
If a Respondent requests which Client we are sharing their responses with, and if our contract with the Client permits, we will disclose the name of your organization. We will not disclose the identity of individual employees, unless you direct us to or unless you choose to reveal that information. An example would be an individual from an organization choosing to moderate a Suzy Live interview and providing their contact information (such as name or email address) and face and voice (as they appear on camera) as part of that interview process.
(c) Service providers and contractors
We share your Personal Data with vendors, service providers, and contractors that perform services on our behalf. This includes, but is not limited to, independent subcontractors we engage as part of our Managed Services offerings. It also includes the third-party we use to facilitate our Suzy Academy services, as well as the Subprocessors listed at https://suzy.com/subprocessor-list .
(d) Technical consultants and third-party auditors
Where required, we share Personal Data with technical consultants and third party auditors to ensure we meet our security, legal, and regulatory compliance requirements.
(e) Investors, successor entities, or purchasers
We reserve the right to transfer your Personal Data, including profile data, account details, or other information to a successor entity upon a merger, consolidation, or other corporate reorganization in which Suzy participates or to a purchaser of all or substantially all of Suzy's assets.
(f) Law enforcement
We may disclose your Personal Data as required by law, including for purposes of law enforcement, or when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, harassment, physical threats, or other violations of any law, rule or regulation; and/or to comply with a judicial proceeding, court order, subpoena, or other legal process served on us. We may also disclose your Personal Data to investigate suspected violations of the Site rules or policies.
(g) Anonymized or de-identified information
We may publish or disclose anonymized or de-identified information about Suzy's services, including Response Data. For example, we may post on our blog or otherwise include in our marketing emails interesting statistics like how many Actions were completed in a month.
(h) Aggregate information
We use Aggregate Data to analyze aggregate trends amongst Respondents. We may use this information for our own business purposes or sell or share this aggregate information with other Clients and third parties for advertising, promotional or other commercial purposes. Where data has been de-identified, we take appropriate technical and organizational measures to prevent future re-identification.
(i) Vital interests
In rare events, we may disclose your Personal Data where we believe in good faith that access or disclosure is necessary to protect the personal safety or vital interests of Suzy employees, customers, users, or the public.
(j) Other
Information obtained in connection with the Sites may be intermingled with and used by us in conjunction with information obtained through sources other than the Sites, including both offline and online sources.
We may also disclose or share information about you with third parties as part of provisioning and improving our services. We will not share or sell your Personal Data to any third parties for reasons outside of provisioning and improving our services and for the other purposes described in this Policy unless we have:
- obtained your consent; or
- anonymized or de-identified the information such that the information does not contain your Personal Data.
9. What Respondent Personal Data do we disclose, sell, or share with Clients?
It depends. Clients decide what Respondent Personal Data they receive by selecting which Actions and Site features they wish to use. A general summary is provided in the chart below. For more details, see our Crowdtap privacy policy and our privacy notice to External Audiences.
| Feature | Data Shared to Clients |
|---|
| Suzy Insights - Quantitative Only (no video or qualitative Actions) | Assuming you tailor survey questions and Actions accordingly, responses shared with Clients are aggregated and/or de-identified. |
| Suzy Insights - with video or qualitative Actions | If you launch a video or qualitative Action or use a video feature (like Showreels), Respondent Personal Data will be transferred to you. For example, video recordings capture the Respondent’s face and voice, which can be used to identify them, along with their responses to survey questions, transcriptions, and Standard Attributes. By launching a video or qualitative Action, you are asking to receive biometric information. You agree to comply with all laws regarding the use of biometric information. |
| Suzy Live (IDIs or Focus Groups) | If you use Suzy Live, Respondent Personal Data will be transferred to you. The video recordings capture the Respondent's name and face, which can be used to identify them, along with their responses to survey questions, transcriptions, and Standard Attributes. By launching a Suzy Live Action, you are asking to receive biometric information. You agree to comply with all laws regarding the use of biometric information. |
| Suzy Home (In-Home Usage Testing / "IHUT") | Respondent Personal Data may be shared depending on how you design the Action (for example, if you ask that photos or videos be shared as part of the IHUT response, Respondent Personal Data would be shared with you). |
| Suzy Solutions (Managed Services) | Deliverables provided to Clients only contain aggregated and/or de-identified information, so long as the underlying Actions are tailored accordingly by you. |
All of the above features. | We share the following attributes with Action results: - Gender
- Age – displayed as a number, not as date of birth
- State or Region
We also provide the following with Action results, if the Respondent chose to provide the information: - Ethnicity
- Household Size
- Employment Status
- Income Level
- Parenting Status
- Relationship Status
- Education Level
- Other demographics, interests, or preferences attributes (for example, primary member of household responsible for grocery shopping, dietary restrictions, etc)
These "Standard Attributes", along with Respondents' previous response activity and Inferred Data, can be used by Clients for re-targeting, persona development, profiling, and for purposes of Saved Audiences, Panels, Segmentation, and similar audience features we offer Clients. To help preserve Respondent privacy, we typically require a Client's targeting criteria to meet a certain minimum number of Respondent before we allow an Action to be conducted. That way, the responses can be aggregated with other Respondents' responses to reduce re-identification. |
| Suzy Global Audiences - Quantitative Only | Personal Data is not transferred to Clients, unless otherwise specified. Suzy collects data from Global Audiences via a trusted third-party provider using generic user IDs across project and panelists. The information provided to Clients is aggregated and includes (1) standard demographics: gender, age, and region (or province, depending on the country); and (2) additional profiling attributes, which vary depending on the country but could include: - annual household income,
- education level,
- grocery shopper status,
- age of children,
- industry sector,
- marital status,
- pets/animals,
- beverage consumption,
- job role,
- smoking status, or
- ethnicity.
We display explicit consent questions to global respondents when a Client selects the sensitive topic box for a question. |
| Global Audiences - with video or qualitative Actions | This feature would involve the transfer of Respondent Personal Data to you. |
| External Links | This feature would involve the transfer of Respondent Personal Data to you. |
10. What Respondent Personal Data do we disclose, sell, or share with Clients?
To Suzy/us, the answer is no. For example, we link Members' responses with their Member account, but never fear, we do not abuse or exploit this. We do this to provide Clients with additional targeting criteria and to otherwise provide the services you have asked us to provide.
To Clients/you, the answer is maybe. It depends on what types of Actions you choose to initiate, what information you request in surveys/interviews, and what information Respondents choose to provide in their responses. Of course, if Respondents disclose their full name in a response, they won't be anonymous. But even if they don't, the information they do provide may be identifying, such as when combined with other information (like Standard Attributes). Also, as detailed before, if you choose to initiate any Video Action, Respondent Personal Data will be shared with you.
11. How long does Suzy retain Personal Data?
Except as otherwise specified in this Policy, we retain each category of Personal Data for as long as your account is active or for no longer than necessary to provide you with the services requested, to comply with our legal obligations, or to resolve disputes and enforce our agreements.
For Clients, we generally do not delete the data in your account as long as your account is active – you are responsible for and control the time periods for which you retain this data. Some exceptions apply. For example, if you are a user on our Sites and you have not engaged with the service actively for some time, we reserve the right to delete your account and data in accordance with our data retention policy.
12. Where is your Personal Data processed and stored? What about international data transfers?
Suzy is based in the United States, our servers and systems are located in the United States, and many of our service providers are based in the United States.
By using the Sites, you freely and specifically give us your consent to export, process, and/or store your Personal Data in the United States. You understand that the United States may not have the same data protection / privacy laws as your country and that data stored in the United States may be subject to lawful requests by the courts or law enforcement authorities in the United States.
In some cases, we may transfer your Personal Data overseas to our service providers in places with different laws and protections. We’ll use appropriate technical and organizational measures and safeguards to protect your data during international transfers and at all other times it is in our care.
If you are resident in or a visitor of the EEA, United Kingdom, or Switzerland, we will protect your Personal Data when it is transferred outside of such locations by processing it in a territory which the European Commission has determined provides an adequate level of protection for personal information or otherwise implementing appropriate safeguards to protect your Personal Data, including through the use of Standard Contractual Clauses or another lawful transfer mechanism approved by the European Commission.
13. Security
The security of your Personal Data is very important to us. We put in place reasonable and appropriate technical and organizational measures to ensure your Personal Data is kept secure and protected from unauthorized access, use, disclosure, alteration or destruction, in accordance with applicable laws and regulations. When you enter sensitive information (such as login credentials), we encrypt the transmission of that information using Transport Layer Security (TLS). When we share your Personal Data with service providers, subcontractors, or other third parties, we base our selection on said parties having adequate safeguards in place that meet our data protection standards. We perform risk assessments or otherwise audit their compliance with such standards and incorporate applicable contractual provisions ensuring compliance with (i) such standards and (ii) applicable data privacy laws and regulations. For more information, visit our Trust Center.
Notwithstanding the foregoing, transmissions over the Internet and/or a mobile network are not one hundred percent (100%) secure, and Suzy does not guarantee the security of transmissions. Suzy is not responsible for any errors by you in submitting Personal Data to us.
14. Minors
The Sites are not intended for and may not be used by minors. "Minors" are individuals under the age of 13 (or under a higher age if required by the laws of their residence). We do not knowingly collect nor intend to collect Personal Data from Minors or allow them to register for the Sites without verifiable parental consent. Where appropriate, we take reasonable measures to inform Minors not to submit such information to our Sites. If we learn that a Minor has provided us with Personal Data without verification of parental consent, we will use all reasonable efforts to delete such information from our systems.
15. Links to other websites
We may provide links to websites and other third-party content that we do not own or operate. The websites and third-party content to which we link may have separate privacy policies. We are not responsible for the privacy practices of any entity that we do not own or control. To ensure the protection of your privacy, always review the privacy notice(s) of the websites you visit.
16. Bulletin boards and chat areas
You should be aware that Personal Data which you voluntarily include and transmit online may be viewed and used by others. Users of the Site are solely responsible for the content of messages they post online, including on public forums. These forums include but are not limited to chat rooms on our Sites or other websites, bulletin boards, blogs, social media web pages, or other publicly accessible forums which may be viewed and used by anyone with access to such forums. You should be aware that when you voluntarily disclose Personal Data within a public forum, your information may be collected and used by others. The Site is unable to control such uses of your Personal Data, and by using such services, you assume the risk that the Personal Data provided by you may be viewed and used by third parties.
17. Your Privacy Rights
In certain circumstances, you have the following rights regarding your Personal Data. Your rights and choices may vary depending on the laws applicable to your Personal Data. Such laws may extend additional rights and choices to you or may limit or except the rights listed below.
| Right | Details |
|---|
| Right of Access | Find out what kind of Personal Data we process about you and request details of this information, including categories of recipients to whom the Personal Data have been or will be disclosed and purposes of processing. |
| Right to Know | Ask us for a notice identifying the categories of Personal Data that we collect (and from whom), disclose, or share (and to whom we disclose or share), as well as our business or commercial purposes for collecting, disclosing, or selling that Personal Data. In most respects, this Policy serves as such notice. |
| Right to Rectify, also known as Right to Correct | Ask for your Personal Data to be rectified, updated or, corrected. We may need to verify the accuracy of the new information you provide to us. |
| Right to Transfer, also known as Right to Data Portability | Ask us to package up your Personal Data in a structured, commonly used and machine-readable format, so you can move, copy, or transfer it to another organization in a secure manner and without interrupting the integrity and usability of the information. |
| Right to Restrict or Object to Processing | Object to certain types of processing of your Personal Data, including profiling, targeted advertising, direct marketing, and statistical, scientific, or historical research purposes. |
| Right to not be Subject to Fully Automated Decisions | Ask to not be subject to decisions with a legal or similarly significant effect (including profiling) that are based solely on the automated processing of your Personal Data, unless you have given us your explicit consent or where necessary for the performance of a contract with us. |
| Right to Limit Use of Sensitive Information | Tell us to limit or stop processing your Sensitive Personal Data. |
| Right to Withdraw Consent at Any Time | Withdraw any consent you may have previously given us. |
| Right to Delete, also known as the Right to be Forgotten | Request that your Personal Data be erased. Where required, we will delete your Personal Data. We will decline your request for deletion if processing of your Personal Data is necessary: (i) for us to comply with our legal obligations; (ii) for the establishment, exercise, or defense of legal claims; (iii) for the performance of a task in the public interest, or (iv) for us to perform certain actions in accordance with applicable laws, such as detecting security incidents and protecting against fraudulent activity. |
| Right to Opt-Out of the Sale or Sharing of your Personal Data | Direct us not to sell your Personal Data to third parties. California residents: You have the right to tell us not to sell or share your Personal Data to third parties. This right is referred to as the "right to opt-out of sale or sharing." |
18. Exercising your privacy rights
You can exercise your rights by:
- submitting a Privacy Request,
- e-mailing us,
- contacting your account manager,
- contacting Customer Support, or
- writing to: Suzy, Inc. Attn: Legal, 228 Park Avenue South, PMB 85529 Broadway, New York, NY 10003
- If you are in the European Union, European Economic Area, or UK, you can contact our Article 27 Data Protection Representative.
We will not charge you fees in connection with the exercise of your rights, unless the request is manifestly unfounded or excessive (for example, because of its repetitive character). We will not discriminate against you for exercising your privacy rights. However, please note that honoring some of your rights may mean that we are unable to perform the actions necessary for you to use or take full advantage of the Sites.
Response timing and format
We will respond to your request in a reasonably timely manner and typically within 30-60 days, depending on the laws applicable to you. We'll either fulfill your request or explain why we're not taking action. If we don't take action, and if the applicable laws so require, we'll also provide instructions on any rights to appeal our decision.
In order to protect the security of your Personal Data, we will not honor a request if we cannot verify your identity or authority to make the request and confirm the Personal Data relates to you. The method used to verify your identity will depend on the type, sensitivity and value of the information, including the risk of harm to you posed by any authorized access or deletion. Generally speaking, verification will be performed by matching the identifying information provided by you to the Personal Data that we already have.
If you are in the European Union and you are not satisfied with our response, you have the right to complain or seek advice from your local data protection supervisory authority and/or bring a claim against us in any court of competent jurisdiction.
In so far as practicable, we will notify any third parties to whom we have disclosed your Personal Data with any correction, deletion, and/or restriction to the processing of your Personal Data.
19. Your privacy controls
In addition to your Privacy Rights, there are several mechanisms you can use to control your Personal Data.
| Control | Available to | Details |
|---|
| Account Settings | Clients | You can control some Personal Data directly within your account by editing the information entered on your profile pages. |
| Deleting Questions | Clients | You have control over your questions and can delete them at any time through the Suzy platform. |
| Terminating Account | Clients | You may terminate your account by contacting your account manager. Within a reasonable time thereafter, we will remove the following Personal Data from our database(s): Suzy password, profile, full name, address, email address, other contact information. |
| Advertising Controls | Clients; Visitors | Some of the business partners that may collect information about your activities on our Sites may be members of organizations or programs that provide choices to individuals regarding the use of their browsing behavior for purposes of targeted advertising. - For example, you may opt out of receiving targeted advertising through members of the Network Advertising Initiative by clicking here or the Digital Advertising Alliance by clicking here.
- European users may opt out of receiving targeted advertising through members of the European Interactive Digital Advertising Alliance by clicking here, selecting your country, and then clicking "Choices" (or similarly-titled link).
Please note that we may also work with companies that offer their own opt-out mechanisms and may not participate in the opt-out mechanisms that we linked to above. |
| Marketing Emails and Service Announcements Controls | Clients; Visitors | Individuals may unsubscribe from receiving marketing or other commercial emails from us by following the instructions included in the email. However, even if an individual opts out of receiving such communications, we retain the right to send them non-marketing communications (such as notices regarding changes in our Terms and Conditions, this Privacy Policy, or the Sites). We may also send you service related email announcements on rare occasions when it is necessary to do so. For instance, if our service is temporarily suspended for maintenance, we might send you an email. You do not have an option to opt out of these emails, which are not promotional in nature. |
| Do Not Track signals | Clients; Visitors | "Do Not Track" is a feature enabled on some browsers that sends a signal to request that a website disable its tracking or cross-website user tracking. We treat any user-enabled global privacy controls, such as a browser plug-in or privacy setting, device setting, or other mechanism, that communicate or signal your choice to opt-out of the sale of your Personal Data as a valid request submitted pursuant to applicable privacy laws for that browser or device, or, if known, for the individual. |
20. Terms and Conditions
Use of the Sites is governed by, and subject to, the legal notices contained in the Suzy Terms and Conditions or the applicable Client agreement. Your use, or access, of the Sites constitutes your agreement to be bound by these provisions.
21. How do I contact Suzy?
You can contact us by:
- e-mailing us,
- contacting your account manager,
- contacting Customer Support, or
- writing to: Suzy, Inc., Attn: Legal, 228 Park Avenue South, PMB 85529 Broadway, New York, NY 10003
- If you are in the European Union, European Economic Area or UK, you can contact our Article 27 Data Protection Representative.
22. Changes to this Policy
We reserve the right to change, add, or remove portions from this Policy at any time. When we make any updates to this Policy that are deemed material under applicable legal requirements, we will notify you of such changes by updating the date of this Policy and providing other notification as required by applicable law. We may also provide notification of such changes to the Policy in other ways, such as via email or using other contact information provided to us. For all other changes, please review the Policy from time to time to stay informed of how we are processing personal data.
By using the Sites following any Policy change, you freely and specifically give us your consent to collect, use, transfer, and disclose your Personal Data in the manner specified.
Prior Versions of this Policy
