Acturus

Privacy Policy

Privacy Policy

 

EU-US Privacy Shield Privacy Policy Statement

Actûrus is a quality oriented, full service, custom market research firm providing actionable results in a cost efficient and timely manner.  As such, we believe that our survey respondents are key to our overall success.  For this reason, actûrus prides itself not only on its customer focus, but also on its efforts to protect the privacy of our respondents.  We pledge that in obtaining your assistance with any of our business related activities that we will not mislead you about the nature of our research methods or the use of any information provided by you.  We adhere to all legal and ethical standards of conduct for market research firms and are active members of ESOMAR, CASRO & MRA, all renowned professional and governing organizations for professionals in the market research industry.  We further promise that when collecting personal information in conjunction with our client research requests, that we will use the information solely for that purpose. 

Information We May Collect About You

Actûrus collects personal data for either surveys or other marketing related activities.  This Privacy Statement applies only to personal data (as defined below) that actûrus receives from the European Union (EU). 

Compliance with the Principles may be limited, however, in certain cases to the extent necessary to meet national security, public interest or law enforcement requirements.  Actûrus employees with access to personal data are obligated to familiarize themselves and comply with the provisions of this Statement.

Surveys

In terms of our market surveys, actûrus processes, on behalf of our clients, personal data that has been collected by or on behalf of our clients.  “Personal Data” is defined as information / data that is (a) transferred to the U.S. from the EU, (b) is about, or relates to, an identified or identifiable individual, (c) can be linked to that individual, and (d) is recorded.  Personal data may include, among other things, an individual’s name, address, phone number, e-mail address, or social security, national health insurance or an equivalent number.  For further clarity, the term “personal data” does not include data that pertains to a specific individual, but from which that individual cannot reasonably be identified.  Unless otherwise indicated, references herein to personal data include sensitive personal data (as defined below).  Sensitive personal data is a subset of personal data that indicates an individual’s medical or health condition, racial or ethnic origin, political opinions, religion, union membership, sexual orientation, or actual or alleged criminal activity. 

Under the EU-US Privacy Shield, actûrus acts as a Data Processor and each actûrus Client acts as a Data Controller.  For the purposes of the EU-US Privacy Shield and Privacy Statement a “Data Processor” is an entity that processes Personal Data on behalf of a Data Controller; a “Data Controller” is an entity that determines the purposes for which Personal Data are processed.  To “process” Personal Data means to carry out an operation or set of operations on such Personal Data, such as collecting, recording, storing, disclosing, or organizing it.  The “Data Subject” means the person to whom a certain set of Personal Data relate; for example, the person who responds to a survey. 

As a Data Processor, actûrus will only process Personal Data pursuant to the instructions of the applicable Client.  Actûrus may use the services of third party Data Processors to process Personal Data in accordance with purposes identified for such Personal Data by the applicable Client.  Actûrus will not use or share, either within actûrus or with a third party, any information collected, for our own direct marketing purposes or our service providers. 

How Your Information May Be Used: 

Surveys

Respondents are adequately informed about the nature of the survey (who is conducting it, how the information will be used, etc.) and understand that their cooperation is entirely voluntary and agree to participate on this basis. 

Your information may be stored and processed in the United States or any other country in which actûrus maintains facilities.  By participating in a survey, you consent to any such transfer of information outside of your county.  Acturus abides by the EU-US Privacy Shield framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of data from the European Union.

Adherence to EU-US Privacy Shield Principles:

Actûrus has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. 

Notice

Actûrus collects personal data from and about individuals for use generally in connection with the operation of its business.  Such personal data may be used by actûrus to provide market research services to its clients.

Actûrus may disclose personal data to third parties when such disclosure is necessary or appropriate for actûrus’s provision of such services to its clients or otherwise for actûrus’s operation of its business. 

When actûrus receives personal data from the EU merely for processing purposes and does not control the collection of the personal data, actûrus may not provide notification of this Statement to the individuals to which such personal data relates.  In such event, actûrus reserves the right to process personal data in the course of providing services to its clients without the knowledge of the individuals involved.

Choice

As part of our market research process, all actûrus questionnaires provide respondents with the following informational statements related to personal data:

“These last few questions are just to divide our interviews into groups, no one interview is looked at individually” and

“Finally, here are a few questions for classification purposes.  Please be assured that your responses will be kept in the strictest confidence.”

If a respondent chooses not to provide personal information, they are automatically “termed” out of the study; the choice to provide such information is purely voluntary. 

In addition, we review and communicate results to clients in a consolidated format and as such, no one individual’s personal info is ever reported separately. 

Any personal address information collected by respondents is used by actûrus only to validate the identity of the respondent who has agreed to participate in the study.

When actûrus receives personal data from the EU merely for processing purposes and does not control the collection of the personal data, actûrus may not provide such choices to the individuals to whom such personal data relates.  In such event, actûrus reserves the right to process personal data in the course of providing services to its clients without the knowledge of the individuals involved.

Onward Transfer to Third Parties

Actûrus would only disclose personal data to a 3rd party if (a) actûrus has received the applicable individual’s permission to make the disclosure, (b) the disclosure is required by law, (c) the disclosure is reasonably related to the sale or disposition of all or part of actûrus’s business, (d) the information in question is publicly available, and/or (e) the disclosure is reasonably necessary for the establishment of a legal claim. 

In cases of onward transfer to third parties of data of EU individuals received pursuant to the EU-US Privacy Shield, actûrus is potentially liable.

Security

Actûrus takes reasonable precautions to protect personal data from loss, misuse, tampering, destruction and unauthorized access.  These precautions include password protections for on-line information systems, restricted access to employee personal data within the Human Resources Department, and other measures implemented by actûrus.

Data Integrity

Actûrus takes reasonable steps to ensure that personal data is accurate, complete, current and relevant for the purposes for which it was collected. 

Access

EU individuals have the right to access their personal data.  Upon request, actûrus will permit respondents to access any personal data submitted as part of our research study process.  The individual may need to provide specific identifiable information to include, but not limited to, name, address, birth date or social security number.  Such access may be denied or limited by actûrus, however, if providing such access is unreasonably burdensome, time consuming or would result in significant and/or unreasonable monetary cost.

We also may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

Recourse, Enforcement and Liability

Actûrus has a Privacy Administrator who is responsible for the internal supervision of actûrus’s privacy policies.  Actûrus educates its employees about compliance with the EU-US Privacy Shield Principles and has self-assessment procedures in place to ensure its compliance.  Actûrus is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

The following is actual language taken from actûrus Online Policy Manual that is accessible by all employees through actûrus Intranet site:

 

Actûrus EU-US Privacy Shield Certification Policy Statement

Given our client relationships, which extend into the European Union, we have developed and implemented a formal EU-US Privacy Shield Certification Policy Statement, the purpose of which is to confirm our compliance with the regulations established by the EU to protect individuals with respect to the “processing” of personal information as well as to ensure the free movement of personal information within the EU through the coordination of national laws.  Actûrus complies with the EU-US Privacy Shield Framework as set forth by the U.S. Department of Commerce with regards to the collection, use and retention of personal information from European Union member countries.  Actûrus has certified that it adheres to the EU-US Privacy Shield Privacy Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access and recourse, enforcement and liability.  If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/

 The EU-US Privacy Shield Policy is posted on both our website (www.actûrus.com) and the actûrus Intranet site.  As an employee of actûrus, you are responsible for reading the contents of the EU-US Privacy Shield Policy Statement in order to familiarize yourself with the regulations, including the method of handling formal complaints.  In addition, as an employee of actûrus, you are required to abide by the terms of the policy at all times during your employment.  An employee who is found to be in violation of the policy will be subject to appropriate disciplinary action, up to and including termination of employment.

As stated in the EU-US Privacy Shield Policy Statement, actûrus conforms to all EU-US Privacy Shield Principles required by the EU.  ActûrusPrivacy Administrator is the internal individual who is responsible for ensuring the ongoing administration and maintenance of the actûrus EU-US Privacy Shield Certification Policy Statement.  The Privacy Administrator also conducts regular self-assessment reviews to ensure full compliance with the Principles.  Each assessment is a formal document which outlines any reported violations and the subsequent follow-up to address and resolve such complaints.  Self-Assessment documents are signed by a corporate officer of actûrus and are available upon request by individuals or in the context of an investigation or a complaint about non-compliance. 

Complaints & Dispute Resolution

In compliance with the EU-US Privacy Shield Principles, actûrus commits to resolve complaints about your privacy and our collection or use of your personal information.  European Union individuals with inquiries or complaints regarding this privacy policy should first contact actûrus at:

actûrus

270 Farmington Ave. Suite 200

Farmington, CT  06032

(860) 242-2005

(800) 873-7811

(860) 470-1799 (fax)

euprivacy@acturus.com

Actûrus has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus.  If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visitwww.bbb.org/EU-privacy-shield/for-eu-consumers/for more information and to file a complaint.

Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.

Modification & Amendment

Actûrus may modify or amend this Statement from time to time by posting a revised Statement on the web at www.actûrus.com.  If actûrus amends this Statement, the new statement will apply to personal data previously collected only in so far as the rights of the individuals affected are not reduced.  So long as actûrus adheres to the EU – US Privacy Shield Agreement, actûrus will not amend this Statement in a manner inconsistent with the Principles.