The EUREKAFACTS, LLC PRIVACY NOTICE
Last modified February 27, 2023
Additionally, we may notify all third parties involved in the provision of the research activity when you exercise these rights.
Personally Identifiable Information (PII)
We are the sole owners of the information collected on this site. We only have access to collect information that you voluntarily give us, including, but not limited to, your name, email address, postal mailing address, and home/mobile telephone number via email or other direct contacts from you. In some research studies, we may also ask you for permission to access other data such as location, administrative data, and direct observations.
We will use your information to respond to your inquiry. We will not share your information with any third party outside of our company, other than as necessary to fulfill your request or meet requirements under the law, which may include lawful requests for your information by public authorities.
- If you are a client, we collect services, areas of interest, and billing information.
- If you are a research participant, who participates in research projects on EurekaFacts premises, we may share your opinions and experiences but your PII will remain confidential. If you are a remote research participant, we may share your anonymized opinions and experiences to clients and your name, email address, and mailing address to Virtual Incentives, the company we engage to create and send out electronic gift cards to our participants. For more on our relationship with Virtual Incentives, see the section entitled Onward Transfer to Third Parties, below. If you are a minor (under the age of 18) or are entering information regarding minors participating in research, we collect the name of the parent/guardian that we should contact regarding proper parental consent. This website is intended for audiences older than thirteen (13) years of age.
- If you are a potential research participant, we may collect demographic information such as age, gender, ethnicity, interests, and other information necessary to invite you to participate in research activities that are appropriate to your characteristics. Your PII will remain confidential.
- If you are an employee or employment candidate, we may collect your name, contact email address, telephone numbers, position(s) you are interested in, resume, and other employment-related information. This information will be used exclusively to make decisions on employment with the company.
- If you are representing a community organization, teaming partner, or potential teaming partner, we will collect your name and position title, and your organization’s name and address, phone numbers, and areas of interest. We will use this information to make decisions relative to collaboration as appropriate.
We will request your express consent for participation in one or more research projects where we believe you are eligible. Your participation is always voluntary, and you may withdraw at any time. All personal information and responses to research questions will be kept confidential and only reported in the aggregate form. Your confidential responses will be used solely for the specific purpose of the study in which you agreed to participate.
EurekaFacts uses information collected solely for research purposes, to investigate the behavior, needs, attitudes, opinions, motivations, or other characteristics of individuals, companies, or other organizations. This is done to provide information to clients, government, commercial and nonprofit organizations, which will assist them in making decisions; participants are notified as to what client or organization will be receiving their anonymized information when they provide express consent to participate in the research project. EurekaFacts limits personal information to the information relevant for the purposes of processing.
Generally, the information we hold is not connected with details that identify individuals. However, when information remains identifiable, the individual is given notice and has the right either to request access to, correct or delete, any information held by our company.
Our company strives to ensure the security, integrity, and privacy of personally identifiable information (PII) of our respondents and customers. To do this, we use a variety of physical and electronic security measures including firewalls and secure databases to keep personal information secure from misuse, loss, or unauthorized use or disclosure.
At times, our company may wish to collect names and contact details of respondents to contact respondents about the research or for auditing purposes. Details that identify respondents are removed from responses to the research once they are no longer needed for the research.
Some of the information collected may be considered sensitive information, and we treat all PII as sensitive information. This may include information about an identified participant’s racial or ethnic origin, membership in a professional or trade association, membership in a trade union, household income, and marital status. Identifying details are removed as soon as they are no longer needed.
We do not forward or share PII with anyone outside the research team without the respondent’s explicit permission, nor publish information that would enable a respondent to be identified without their permission.
EurekaFacts will inform individuals of their rights to access their personal data, the requirement to disclose personal information in response to lawful request by public authorities, which enforcement authority has jurisdiction over EurekaFacts compliance with the Framework, and the EurekaFacts liability in cases of onward transfer of data to third parties.
Under certain conditions we may need to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
When we need to work with a third party, we ensure the precautions to protect privacy and confidentiality of your information within the permissions we have received for you and only in order to fulfill the services we provide.
Guiding Authority for Management of PII
EurekaFacts uses the following materials as guidance to manage processes and information management related to PII issues.
- NIST publication 800-122 – Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)
- Where and if applicable, OMB Guidelines on federal surveys – Office of Management and Budget Standards and Guidelines for Statistical Surveys
- Privacy Act of 1974– 5 U.S.C. § 552a
- The industry standards on ethics and respondent confidentiality published by Insights Association (Formerly CASRO Code of Standards and Ethicsand MRA Code of Marketing Research Standards) and the AAPOR Code of Ethics
- Where and if applicable, the Health Insurance Portability and Accountability Act of 1996 (HIPAA). In these cases, we handle health information only as required with employees and applicants for employment, as well as where necessary to fulfill research needs. We fully comply with all applicable laws and regulations, including strict privacy of protected health information, and employee security training specific to HIPAA.
- Children’s Online Privacy Protection Rule (COPPA)– to ensure the protection of children age 13 and younger
- EurekaFacts is certified to ISO Standard 20252: International Standard for Market, Public Opinion and Social Research. As such, we comply with privacy and confidentiality under such standards.
- EurekaFacts maintains an Internal Research Board (IRB) made of scientists and non-scientists with the sole purpose of ensuring the proper protection of human subjects in our research studies. The IRB is registered with the US Department of Health and Human Services Office of Human Research Protections (OHRA). The registration for EurekaFacts is IORG IRB00009628, and the IRB registration is IRB00009628. EurekaFacts Federal Wide Assurance registration is FWA00022062. As part of human subject protections, we work towards ensuring respondent privacy, confidentiality in participation in our research.
- For European Union residents in the EU, we comply with the European Union General Data Protection Regulation (GDPR), effective May 25, 2018. Your rights under the GDPR include:
- The right to object to processing.
- The right to access and rectification.
- The right to data portability.
- The right to be forgotten.
- We are required to notify third parties when you exercise these rights.
- Access to and control over your information.
- Protecting privacy of your data is important to us.
EU-US and Swiss-US The Insights Association Data Privacy Framework Services Program Frameworks
EurekaFacts has further committed to refer unresolved The Insights Association Data Privacy Framework Services Program complaints to Insights Association The Insights Association Data Privacy Framework Services Program, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact or visit The Insights Association Data Privacy Framework Services Program for more information or to file a complaint. The services of The Insights Association Data Privacy Framework Services Program are provided at no cost to you.
Further, under certain conditions, individuals have the opportunity to invoke binding arbitration for complaints regarding The Insights Association Data Privacy Framework Services Program compliance not resolved by any of the above The Insights Association Data Privacy Framework Services Program mechanisms. For additional information navigate to the following link: https://www.dataprivacyframework.gov.
The Federal Trade Commission has jurisdiction over EurekaFacts’ compliance with the The Insights Association Data Privacy Framework Services Program. And EurekaFacts will respond promptly to inquiries and requests by the Department of Commerce for information relating to the The Insights Association Data Privacy Framework Services Program Framework. We will make public any relevant The Insights Association Data Privacy Framework Services Program-related sections of any compliance or assessment report submitted to the FTC if the organization becomes subject to an FTC or court order based on non-compliance.
Onward Transfer to Third Parties
In some instances, EurekaFacts may transfer some of the information you provide to third parties acting as agents on our behalf. Importantly, some of our third-party agents do not have the ability to access information we provide to them, without explicit consent from us, which is not given unless requested by the individual who provided the information to us. In the context of an onward transfer, a EurekaFacts has responsibility for the processing of personal information we receive under the The Insights Association Data Privacy Framework Services Program and subsequently transfer to a third party acting as an agent on our behalf. We take steps to ensure that the third-party agent effectively processes the personal information transferred in a manner consistent with the organization’s obligations under the Principles. EurekaFacts requires the agent to notify the organization if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Principles. If this protection standard cannot be met EurekaFacts will take appropriate action to stop and reduce the unauthorized processing and provide a summary or a representative copy of the relevant privacy provisions of its contract with that agent to the Department upon request.
We only transfer data to our third-party partners only for limited and specific purposes. Our third-party controller that provides that such data may only be processed for limited and specified purposes consistent with the consent provided by the individual and that the recipient will provide the same level of protection as the Principles and will notify the organization if it makes a determination that it can no longer meet this obligation. The contract shall provide that when such a determination is made the third party controller ceases processing or takes other reasonable and appropriate steps to remediate. EurekaFacts shall remain liable under the The Insights Association Data Privacy Framework Services Program Principles if our agent processes such personal information in a manner inconsistent with the Principles, unless we can prove that we are not responsible for the event giving rise to the damage. EurekaFacts’ third-party agents are survey platform (Qualtrics and Verint EFM), Salesforce and Virtual Incentives:
Third Party Survey Platforms (Verint EFM or Qualtrics), :
- Permissions granted to survey platforms: The Survey platforms do not have the ability to access information uploaded by EurekaFacts unless we grant express permission, which we will not do unless such is requested by the individual who provided the information to us. These platforms do not have the ability to access information entered into a EurekaFacts survey hosted on the survey sites by a EurekaFacts research participant unless we grant express permission, which we will not do unless such is requested by the individual who provided the information to us.
- Where data provided to survey platforms originates: Individuals who elect to become part of the EurekaFacts panel may do so by entering their contact and demographic information directly into a EurekaFacts survey hosted on survey sites or by providing such information voluntarily to EurekaFacts via other means. When individuals elect to become a part of the EurekaFacts panel but do not enter the data directly into a EurekaFacts survey hosted on a survey site, EurekaFacts may upload the voluntarily provided contact information of the individual as part of our list of panelists. When EurekaFacts designs or programs surveys as the method of data collection for a specific research project, research participants enter data directly into a EurekaFacts survey hosted on a survey site. Lastly, EurekaFacts may lawfully purchase a list of individuals and their corresponding contact information from third-party companies for the purposes of expanding our panel or attempting to recruit the listed individuals as participants in research studies for which they may be eligible.
- Why data may be uploaded to survey platforms by EurekaFacts: Contact information provided by individuals electing to become part of the EurekaFacts panel may and contact information lawfully purchased by EurekaFacts in the form of an aggregate list, may be uploaded and stored on survey sites so that the panelists and other individuals can be notified by EurekaFacts, via email campaign, of an opportunity to participate in a EurekaFacts research study for which they may be eligible.
Salesforce.com, Inc (Salesforce):
- Permissions granted to Salesforce: Salesforce does not have the ability to access information uploaded by EurekaFacts unless we grant express permission, which we will not do unless such is requested by the individual who provided the information to us. Salesforce does not have the ability to access information entered into a EurekaFacts survey hosted on a Salesforce site by a EurekaFacts research participant unless we grant express permission, which we will not do unless such is requested by the individual who provided the information to us.
- Where data provided to Salesforce originates: Individuals who elect to become part of the EurekaFacts panel may do so by entering their contact information directly into a EurekaFacts survey hosted on a Salesforce site or by providing such information voluntarily to EurekaFacts via other means. When participants elect to become a part of the EurekaFacts panel but do not enter the data directly into a EurekaFacts survey hosted on a Salesforce site, EurekaFacts may upload the voluntarily provided contact and demographic information of the individual as part of our list of panelists.
- Why data may be uploaded to Salesforce by EurekaFacts: Contact and demographic information provided by individuals electing to become part of the EurekaFacts panel may be uploaded and stored on Salesforce sites so that our aggregate list of panelists may be sorted, based on demographic information, into smaller lists of individuals who may be eligible for a specific research project. This smaller list is then uploaded to Verint for the project-specific email campaign. Contact and demographic information provided by individuals electing to become part of the EurekaFacts panel may also be uploaded and stored on Salesforce sites for the purposes of monitoring and maintaining the engagement of panelists.
- Permissions granted to Virtual Incentives: Virtual Incentives does have the ability to view and process provided to them by EurekaFacts. Virtual Incentives is only allowed to use information provided to them by EurekaFacts for the purposes of paying “remote participants,” those participants who participated in research projects wherein data collection was executed online or in-person but not on EurekaFacts premises.
- Where data provided to Virtual Incentives originates: For research projects where a monetary incentive is promised to individuals who participate and where EurekaFacts is responsible for providing said incentive, EurekaFacts may transfer contact information provided to us by our remote participants to Virtual Incentives to ensure these participants receive are paid for their participation. EurekaFacts provides the participant’s name, email address, and mailing address to Virtual Incentives—in instances wherein there is an issue impeding delivery of the electronic gift card to the provided email address, Virtual Incentives will send a gift card to the participant via mail.
- Why participant data may be provided to Virtual Incentives: Participant contact information is transferred to Virtual Incentives where a) monetary incentive has been promised to individuals in exchange for their participation in a EurekaFacts research project, b) individuals participated in online data collection or in-person data collection that was not conducted at EurekaFacts offices and, c) where EurekaFacts is responsible for providing said monetary incentive to the participant.
We take precautions to protect your information online and offline. Our employees have been trained to identify and safeguard PII, and our IT environment is equipped to maintain PII securely.
HOWEVER, THIS IS NOT A GUARANTEE THAT SUCH INFORMATION MAY NOT BE ACCESSED, DISCLOSED, ALTERED, OR DESTROYED BY BREACH OF ANY OF OUR PHYSICAL, TECHNICAL, OR MANAGERIAL SAFEGUARDS.
We will notify any data breach likely to “result in a risk for the rights and freedoms of individuals” to the appropriate authority (including the Data Protection Authority (DPA) in your country of residence if you are an EU resident) within 72 hours of becoming aware of the breach, when feasible.
We will follow the legal requirements for notification applicable to your residence based on the information available to us.
We use “cookies” on this site. A cookie is a piece of data stored on a site visitor’s hard drive to help us improve your access to our site and identify repeat visitors to our site. For instance, when we use a cookie to identify you, you would not have to log in a password more than once, thereby saving time while on our site. Cookies can also enable us to track and target the interests of our users to enhance the experience on our site. Usage of a cookie is in no way linked to any personally identifiable information (PII) on our site. Tap for more information about cookies.
EurekaFacts tracks user traffic patterns throughout the website to improve the user experience and interactions of clients. You may also be tracked when you access a survey link or other online invitations to validate your access, to validate your responses, or to avoid duplicate entries.
To determine which areas of our website users prefer, EurekaFacts may track search terms that users enter in our “search function.” We use tracking information to better customize the content that is most relevant to our users/clients.
Commitment to Children’s Privacy
EurekaFacts is committed to protecting the privacy of young children. For that reason, EurekaFacts does not knowingly collect or maintain PII on the website from people under 13 years old, and no part of the website is directed to people under 13. If you are under 13 years of age, then please do not use or access the website at any time or in any manner. If EurekaFacts learns of any PII that has been collected from people younger than 13-years-old, then the appropriate steps will be taken to delete this information. Any information provided by a parent/ legal guardian on minors is collected with proper informed consent and is treated as sensitive information. Please contact firstname.lastname@example.org immediately if you suspect that your child has submitted his or her personal information without your permission or consent.
EurekaFacts Contact Information
EurekaFacts Privacy Officer
51 Monroe Street, Plaza East 10
Rockville, MD 20850