Behavioral Insights, LLC Privacy Statement
Updated August 28 2018
This privacy statement explains how Behavioral Insights, LLC (Behavioral Insights) handles personal data collected during the normal course of business (sales, marketing, and support), as well as how data are processed in its products and services. Behavioral Insights complies with the EU-U.S. Privacy Shield framework and the Swiss Privacy Shield framework, and retains the American Arbitration Association/International Centre for Dispute Resolution.
1. BEHAVIORAL INSIGHTS PRODUCTS
Behavioral Insights creates and administers online assessment and attitude surveys for its clients. We work with each client to ensure that the content and process by which we collect the data adheres to the client’s standards. We do not collect or retain any data including individual employee data without the client’s consent. All data collected through our surveys are stored in a single secure data center; data do not “float” around in the cloud.
Surveys may be distributed in numerous ways depending on client need including email, a web link, or mobile app. Surveys may require a password or other authentication by the respondent to access the survey.
2. DATA COLLECTED DURING NORMAL BUSINESS TRANSACTIONS (UNRELATED TO OUR SURVEY SERVICES)
For the www.behavioralinsights.com site: Behavioral Insights collects and analyzes aggregate information of visitors, including the domain name, visited pages, referring URLs, and other publicly available information. We use this information to help improve our website and services, and to customize the content of our pages for each individual customer. Cookies may be used to customize content delivered to website visitors.
Behavioral Insights does not sell or make available specific information about our clients or their participants except as requested by a valid court order or otherwise required by law. Behavioral Insights does not conduct online credit card payment transactions, and does not record or store credit card information on its site or servers.
3. COMPLAINTS AND INQUIRIES
Behavioral Insights is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC), and individuals have a right to contact the FTC regarding services provided by Behavioral Insights.
In compliance with the Privacy Shield Principles, Behavioral Insights commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Behavioral Insights by visiting http://www.behavioralinsights.com and clicking on “Contact Us” or by calling the number listed on the main www.behavioralinsights.com web site. There is no charge for this inquiry. Behavioral Insights has a team of technical staff to maintain compliance with this policy. For legal inquiries, please contact: email@example.com.
Behavioral Insights has further committed to refer unresolved Privacy Shield complaints to the International Centre for Dispute Resolution (ICDR) American Arbitration Association (AAA), an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit http://go.adr.org/privacyshield.html for more information or to file a complaint. The services of AAA are provided at no cost to you.
4. INFORMATION RELATED TO PRIVACY SHIELD
For details about the Privacy Shield program: https://www.privacyshield.gov/
The key goals of Privacy Shield are to inform individuals, both EU and Swiss individuals, about:
• the right of individuals to access their personal data;
• the choices and means our organization offers individuals for limiting the use and disclosure of their personal data;
• the requirement for our organization to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Because adequate protection is provided by Privacy Shield participants, contracts with Privacy Shield participants for mere processing do not require prior authorization (or such authorization will be granted automatically by the EU and Swiss Member States), as would be required for contracts with recipients not participating in the Privacy Shield or otherwise not providing adequate protection.
Behavioral Insights self-certifies with Privacy Shield. A self-assessment is signed by a company officer or other authorized representative of the organization at least once a year and made available upon request by individuals or in the context of an investigation or a complaint about non-compliance. Behavioral Insights is required to respond promptly to EU or Swiss individual inquiries, and other requests for information from the Department of Commerce relating to its adherence to the Privacy Shield Principles.
Behavioral Insights commits to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship.
Under Privacy Shield, an individual has the possibility, under certain conditions, to invoke binding arbitration for complaints regarding Privacy Shield compliance not resolved by any of the other Privacy Shield mechanisms. Under Privacy Shield, Behavioral Insights must respond to individual complaints within 45 days. For additional information, visit: https://www.privacyshield.gov/article?id=ANNEX-I-introduction
Behavioral Insights’ Independent Dispute Resolution (IDR) Provider is:
American Arbitration Association
International Centre for Dispute Resolution
New York City, New York, USA
U.S. Department of Commerce:
Federal Trade Commission:
HANDLING OF PERSONAL INFORMATION
During the normal provisioning of the Behavioral Insights’ survey services, we may collect personal information about you as a data subject. Such personal information is typically restricted to your name and email address. Clients may also include other information about their data subjects such as location, function, tenure, etc. Such demographic information is at the discretion of the client and is never collected by Behavioral Insights without the client’s consent.
Survey data are encrypted and transferred to our data center located in Arizona, USA. If there is a case when personal data are transferred from the EU or Switzerland to the United States, it is solely for the purpose of processing as per instructions from our client. In cases of onward transfers of data, received pursuant to the EU-U.S. and Swiss-U.S. Privacy Shield, Behavioral Insights is potentially liable.
In order to perform our services for our clients, we may be required to disclose your information to our third party service providers. In each case we have agreements in place with the service provider to ensure that they provide appropriate protection for your information and to ensure that they are only permitted to access your information in accordance with our instructions and as necessary to provide the relevant service to us. We engage third parties to provide the following services:
• hosting our online survey platform
• conduct follow-up services such as personal coaching
Behavioral Insights provides appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction or accidental loss, alternation, unauthorized disclosure or access, and understands whether onward transfer is allowed.
At your request we will provide you with information about whether we hold any of your personal information and provide a copy of this information to you. To request this information please contact us at firstname.lastname@example.org. You may update, amend or request deletion of your personal information as described above.
If you are from the EEA or Switzerland you may have the right to exercise additional rights available to you, including:
• Right of Erasure: in certain circumstances you have the right to erasure of personal information held about you, although this may be qualified where e.g. it is necessary for that information to be retained for record keeping purposes or compliance with our obligations. If we are unable to comply with your request, we will explain why.
• Right of Rectification: you have the right to have your personal information rectified if it is inaccurate or incomplete.
• Right to Object: you have the right to request that we stop processing your personal information based on our legitimate interests. In some cases, we may be able to demonstrate that we have compelling legitimate grounds to continue to process your information.
• Right of Restriction: you may have the right to request that we restrict the processing of your personal information (e.g. where you believe that the personal information we hold about you is inaccurate or unlawfully held).
• Right to Data Portability: you may have the right to be provided with your personal information in a structured, machine readable and commonly used format and to request that we transfer the personal information provided by you to another data controller.
You also have the right to withdraw consent at any time where we are relying on consent to process your personal information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.
If you would like to exercise such rights, please contact us at email@example.com. To protect your privacy and security, we may take steps to verify your identity before complying with the request.
6. LIST OF SUB-PROCESSORS
Presently, Behavioral Insights does not use sub-processors to process Data personal or otherwise.