Privacy Policy
Last Updated: October 2022InCrowd, Inc, has adopted this Privacy Notice (“Notice”) to establish and maintain an adequate level of Personal Data privacy protection. This Notice applies to the processing of Personal Data that InCrowd obtains from the data subjects that join the InCrowd Panel of Healthcare Experts.

Please use the following links to select the Privacy Notice sections applicable to you:

Translations:

Privacy Notice General

I.          CONTROLLER OF THE PERSONAL DATA

InCrowd, Inc
480 Pleasant Street, Suite B100
Watertown, MA 02472
InCrowd Data Protection Contact & DPO:  privacy@incrowdnow.com

II.          SCOPE

This Notice applies to the processing of Personal Data that InCrowd transfers to and stores in the United States.

We’re committed helping you understand how we manage and protect the information we collect. We take privacy seriously and have taken many steps to help safeguard the information we collect from you.

This Privacy Notice was established in October 2022.

III.          PERSONAL DATA THAT WE COLLECT

InCrowd provides research solutions to its Clients, which are predominantly business customers, and individuals that may purchase products or participate to market research activities.

  1. General Data: InCrowd collects Personal Data of healthcare professionals that register with our community of healthcare professionals (Crowd).
  2. Communication Data: InCrowd may process information contained in or relating to any communication that you send to us or that we send to you. The communication data may include the communication content and metadata associated with the communication. Our website will generate the metadata associated with communications made using the website contact forms.
  3. Usage data: InCrowd may process data about your use of our website and services. The usage data may include your IP address, geographical location, browser type, version and language, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. We may also collect and process data on the websites you visited before our sites may be logged automatically if you are redirected to our site from our advertising campaigns. The source of the usage data is our analytics tracking system, marketing automation platform or other marketing technologies.
  4. Market Research data: InCrowd might also collect personal data and anonymized and/or pseudonymized data produced by individuals’ participation to market research activities.
  5. Information collected: The Personal Data that we collect may vary based on your interaction with InCrowd.  As a general matter, InCrowd collects the following types of Personal Data:

          Data collected from our Community of Healthcare Professionals (Crowd):

Category

Examples

Collected

A. Personal data A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, Social Security number, or other similar identifiers, telephone number, employment

Yes

B. Special categories of personal data Age (40 years or older), race, color, national origin, citizenship, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, biometric data.

Yes

C. Internet or other similar network activity. Browsing history, search history, information on a consumer’s interaction with a website.

Yes

D. Geolocation data. Physical location or movements.

Yes

E. Sensory data. Audio, visual, or similar information.

Yes

F. Professional or employment-related information. Occupation, Employer Information.

Yes

 

IV.          PURPOSES OF DATA PROCESSING

InCrowd processes Personal Data that it collects directly from individuals registered with the Healthcare Community and indirectly in its role as a service provider for the following business purposes:

  1. Operations: maintaining and supporting our products as well as delivering and providing the requested products/services;
  2. Contractual; complying with contractual obligations related thereto (including managing transactions, reporting, invoices and other operations related to providing/receiving services to/from clients and individuals). This may include data included in Category A
  3. Market Research: Allowing individuals to participate in market research surveys and interviews and related activities. Report back to clients results in an anonymized and aggregated form.  
  4. Publications: In certain occasions and strictly in accordance with your express instructions, we may process your personal data for the purposes of publishing such data on our website and elsewhere through our services.
  5. Relationships and communications: Processing contact data for the purposes of managing our relationships and communicating with you by email and/or telephone.
  6. Direct marketing: Processing contact data for the purposes of creating, targeting, and sending direct marketing communications by email and making contact by telephone for marketing-related purposes. We do this for improving and facilitating your participation in market research activities.
  7. Research and analysis: Processing usage data for the purposes of researching and analyzing the use of our website, for example monitoring, supporting, improving, and securing our website, services and business generally. InCrowd has a legitimate interest in maintaining security conditions on our websites to prevent malware, or other types of attacks. Security is essential to protect the personal data of customers and visitors.
  8. Record keeping: Processing your personal data for the purposes of creating and maintaining our databases, back-up copies of our databases and our business records in servers located in the United State. We do this to ensure that we have access to all the information we need to run our business properly and efficiently in accordance with this Notice.
  9. Legal compliance and vital interests: Processing your personal data where such processing is necessary for compliance with a legal obligation to which we are subject or to protect your vital interests or the vital interests of another natural person.
  10. Required by Law: for other business-related purposes permitted or required under applicable local law and regulation for example satisfying governmental reporting, tax, crime investigation and national security; and (7) as otherwise required by law). This may include data included in Category A
  11. In general: as requested by you;

V.          LEGAL BASES FOR PROCESSING YOUR PERSONAL DATA

InCrowd uses the following legal bases for processing your data in relation with the above identified purposes:

Legal Basis Purposes
Your Consent Market research
Publications
Record keeping
In general
Execution of a contract to which you or your company is party or in order to take preliminary steps at your request prior to entering into a contract Operations
Contractual
Relationships and communications
Direct marketing
Comply with a legal obligation to which the InCrowd is subject Legal compliance and vital interests
Required by Law
Legitimate interest Operations
Relationships and communications
Direct marketing
Research and analysis
Record keeping

VI.          SPECIAL CATEGORY OF PERSONAL DATA OR SENSITIVE DATA

InCrowd might process certain categories of data that can be considered very sensitive. This data may be collected when individuals participate in market research activities carried out by InCrowd directly or on behalf of their clients. We are committed to handle this data with extreme care and only few authorized people have access to it. Such data might include: information about your health, your ethnic origin, biometric data, trade union membership, etc. Where we process special categories of personal data, “Sensitive Personal Data,” we will always obtain your explicit consent to those activities unless:

  1. Consent is not required by law;
  2. To protect your vital interests where you are incapable of giving your consent;
  3. For the establishment, exercise or defense of legal claims or whenever courts are acting in their judicial capacity;
  4. Processing is necessary for reasons of public interest regarding public health as required by the local law.

Where this is allowed by law, you have the right to withdraw that consent at any time.

VII.          AUTOMATED DECISIONS

We reserve the right to make automated decisions, including using machine learning algorithms about website visitors to optimize and provide better experience when navigating our websites. Only digital data as specified in section VIII are included in this processing.

We may analyze your participation in our surveys with the purpose to enrich the profiling data we hold about you. The profiling data that we have collected might be used for making manual or automated decisions that involve your participation in market research activities. As results of this processing, we will be able to send you market research activities within your sphere of expertise and interest.

You may contact us if you would like any clarifications about the automated decisions.

VIII.          DIGITAL DATA

  1. Cookies: InCrowd may set and use cookies to enhance your user experience on the sites, such as retaining your personal settings and preferences.  You may set your browser to prevent or reject cookies, or you may manually delete any cookies set. If you reject the cookies on the sites, you may still be able to use the sites, but they shall be limited to certain minimal functionality. From time-to-time InCrowd may use third-party tracking utilities that use session ID cookies that track site usability and assist InCrowd in improving user experience. This Privacy Notice does not cover the use of cookies by our third-party providers as we do not have access or control over these cookies. We may collect information on our sites or in our emails using web beacons and or tracking pixels (electronic images). We may use beacons to count visits, understand usage and campaign effectiveness and to tell if an email has been opened and acted upon. You can review the cookies used by InCrowd’s website here.
  2. Trend Analyses: InCrowd may use IP addresses to analyze trends, administer the Sites, to track your movement within the Sites, and to gather broad demographic information for aggregate use.
  3. Links to other sites: our sites include links to other websites whose privacy practices may differ from InCrowd’s. If you submit personal data to any of those sites, your information is governed by the privacy statements of those third-party sites.
  4. Managing cookies: Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:
    1. https://support.google.com/chrome/answer/95647 (Chrome);
    2. https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop (Firefox);
    3. https://help.opera.com/en/latest/security-and-privacy/ (Opera);
    4. https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer);
    5. https://support.apple.com/en-gb/guide/safari/manage-cookies-and-website-data-sfri11471/mac (Safari);
    6. https://support.microsoft.com/en-gb/help/4468242/microsoft-edge-browsing-data-and-privacy (Edge).

      IX.          CHOICE WITH RESPECT TO USES AND DISCLOSURES OF PERSONAL DATA

      InCrowd recognizes that individuals have the right to limit the use and disclosure of their Personal Data, and we are committed to respect those rights.  We offer individuals the opportunity to opt out of disclosures of Personal Data to a third party or the use of Personal Data for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individual.  We apply a strict policy with respect to disclosures of Sensitive Data including, when applicable, obtaining the explicit consent (i.e., opt in consent) of an individual prior to disclosing Sensitive Data to a third party or using Sensitive Data for purposes other than those for which it was originally collected or subsequently authorized by the individual.

      X.          DISCLOSURE/TRANSFER OF INFORMATION FOR A BUSINESS PURPOSE

      InCrowd may disclose your Personal Information to a third party for a business purpose. We do this by entering into a contract that describes the purpose and requires the recipient to both keep that Personal Data confidential and not use it for any purpose except performing the contract. Furthermore, third parties must comply with data protection laws and agree to provide adequate protections that are no less protective than those set out in this Notice.

      1. Disclosure: We may disclose your Personal Information for a business purpose to the following categories of third parties:
        1. Our affiliates and subsidiaries
        2. Our clients or their agents
        3. Service Providers and consultants
        4. Professional services organizations, such as auditors and law firms
        5. Our business partners
        6. Internet service providers
        7. Government entities
        8. Operating systems and platforms
        9. Survey hosting providers
        10. Validation providers
        11. Rewards fulfillment providers
        12. SMS and video conference service providers
        13. Customer and panel support services
        14. Credit card processor
        15. Tax authorities
      2. Purposes of disclosure: InCrowd may disclose your personal information for the below purposes:
        1. Survey reporting
        2. Email services
        3. Authentication of medical licenses
        4. Identity verification of the panel members
        5. Offering and providing customer support
        6. Internal marketing campaigns for communicating new offers to our clients
        7. Internal marketing campaigns for improving and facilitating participation of Panel Members in market research activities
        8. Internal marketing engagement (e.g. newsletters )
        9. Honorarium processing and fulfillment
        10. Auditing purposes and governmental reporting
        11. Tax reporting
        12. Allowing participation in market research activities
        13. For complying with your requests or contract obligation we have with you
      3. Disclosures due to acquisition or merge: We may share your information in connection with a merger, sale of company assets, financing or acquisition of all or a portion of our business to another company, if any. In this event, InCrowd will notify you before information about you is transferred and becomes subject to a different privacy policy.
      4. Anonymous information: We may also share aggregated or anonymous information that does not directly identify you. InCrowd may share anonymized aggregated demographic information with InCrowd partners.
      5. Other forms of disclosures: InCrowd also may disclose your personal data for other purposes or to other third parties when you have consented to or requested such disclosure or under the following circumstances:
        1. We respond to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims;
        2. We believe it is necessary to share information to investigate or prevent fraud, or to take action regarding illegal activities, situations involving potential threats to the physical safety of any person, or as otherwise required by law.
        3. We transfer information about you if InCrowd is acquired by or merged with another company. In this event, InCrowd will notify you before information about you is transferred and becomes subject to a different privacy notice.
        4. In response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
      6. Third party compliance: Such third parties must agree to use such Personal Data only for the purposes for which they have been engaged by InCrowd and they must either:
        1. Comply with the data protection laws, Privacy Shield principles, or another safe and secure mechanism that provides high level of protection.; or
        2. Agree to provide adequate protections for the Personal Data that are no less protective than those set out in this Notice.
      7. Liability: InCrowd is potentially liable in cases of onward transfers of Personal Data to third parties, such as when third parties that act as agents on our behalf process Personal Data in a manner inconsistent with applicable data protection regulations.

      XI.          TRANSFER PERSONAL DATA OUTSIDE YOUR COUNTRY OF RESIDENCE

      The third parties as described in paragraph X might be based in US or in other countries. In these instances, InCrowd imposes strict contractual obligations to third parties to maintain a level of protection that is equal to the protection offered by this notice.

      In other instances, we may ask your consent to allow us to transfer your personal data into another country. In doing so we will provide you with full information about the transfer.

      You may contact our DPO if you would like to know more about our international transfer assessment and/or copy of the transfer mechanism that we use for sharing your Personal Data outside your country of residence.

      XII.           ANTI-SPAM

      InCrowd maintains a strict “No-Spam” policy, which means that InCrowd does not intend to sell, rent or otherwise give your email address to a third-party without your consent.

      XIII.          DATA INTEGRITY, PURPOSE LIMITATION AND RETENTION

      InCrowd will not process Personal Data in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by you.  To that end, InCrowd will take reasonable steps to ensure that your Personal Data is reliable for its intended use, accurate, complete, and current.  InCrowd uses reasonable efforts to maintain the accuracy and integrity of your Personal Data and to update it as appropriate.

      We retain your personal data as follow:

      1. Contact data will be retained for a minimum period of 2 years following the date of the most recent contact between you and us, or until an updating information request or removal request is made by you;
      2. Communication data will be retained for a minimum period of 2 years following the date of the communication in question or until a removal request is made by you;
      3. Usage data will be retained for a minimum period of 2 years or until a removal request is made by you following the date of collection;
      4. In general, we do not retain your personal data for more than 2 years since your last engagement/interaction with the Company;

      We may retain your information as necessary (including a longer period) to comply with our legal obligations, resolve disputes and enforce our agreements.

      XIV.          PERSONNEL ACCESS OF PERSONAL DATA

      Personnel from InCrowd may access and use your personal data only if they are authorized to do so and only for the purpose for which they are authorized.

      XV.          DATA SECURITY

      InCrowd have implemented physical and technical safeguards to protect Personal Data from loss, misuse, and unauthorized access, disclosure, alternation, or destruction. For example, electronically stored Personal Data is stored on a secure network with firewall protection, and access to InCrowd ‘s electronic information systems requires user authentication via password or similar means. InCrowd also employs access restrictions, limiting the scope of employees who have access to Customer Personal Data. Further, InCrowd uses secure encryption technology to protect certain categories of personal data.

      Despite these precautions, no data security safeguards guarantee 100% security all of the time.

      XVI.          YOUR RIGHTS

      1. Right of Access You have the right to obtain confirmation about whether your personal data is included in our databases. Upon request, InCrowd will provide an individual access to your personal data within the time frame dictated by the applicable data protection regulations. InCrowd will allow you to know what Personal Data is included in our databases and to ensure that such Personal Data is accurate and relevant for the purposes for which InCrowd collected the Personal Data. You may also request a copy of your data in a commonly used and machine-readable form.
      1. Right of Rectification: You may review your own Personal Data stored in the databases and correct, update, modify, or delete any data that is incorrect or incomplete.
      2. Right of Erasure: You may request to have the personal information that we have about you to be deleted from our servers. InCrowd will take reasonable steps, including technical measures, to comply with your request.
      3. Data Portability: You may request the Personal Data you provided to us in a commonly used and machine-readable form.
      4. Right to Withdraw Consent: You have the right to withdraw your consent at any time, without affecting the lawfulness of our processing based on such consent before it was withdrawn, including processing related to existing contracts for our Services.
      5. Limitations: these rights are subject to certain limitations and exceptions including, but not limited to, when the burden or expense of providing this access would be disproportionate to the risks to your privacy in the case in question, or where the rights of persons other than you would be violated by the provision of such access. If we determine that your access should be restricted in a particular instance, we will provide you with an explanation of our determination and respond to any inquiries you may have.

      XVII.         HOW TO EXERCISE YOUR RIGHTS

      You can exercise your rights by filling out the form found at https://preferences.incrowdnow.com/privacy.  You may also submit a request at incrowdprivacyrequest@incrowdnow.com, via postal mail at InCrowd, Attn: Compliance Department, 480 Pleasant Street, Suite B100, Watertown, MA 02472 USA

      XVIII.        RESPONSE TIMING AND FORMAT

      We endeavor to respond to a verifiable request within 30 days of its receipt.  If we require more time (up to two extra months), we will inform you of the reason and extension period in writing.

      We will deliver our written response by mail or electronically, at your option.

      The response we provide will also explain the reasons we cannot comply with a verifiable request, if applicable.

      We do not charge a fee to process or respond to your verifiable request unless it is excessive, repetitive, or manifestly unfounded.  If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

      Request that we can’t process: We cannot respond to your request or provide you with Personal Data if we cannot verify your identity or authority to make the request and confirm the Personal Data relates to you. Making a verifiable request does not require you to create an account with us.  We will only use Personal Information provided in a verifiable request to verify your identity or authority to make the request.

      Request for Personal Data: InCrowd will track each of the following and will provide notice to the appropriate parties under law and contract when either of the following circumstances arise:

      1. legally binding request for disclosure of the Personal Data by a law enforcement authority unless prohibited by law or regulation; or
      2. requests received from the Data Subject.

      XIX.          RESPONSIBILITIES AND MANAGEMENT

      InCrowd has designated the Privacy & Compliance Department to oversee its information security program, including its compliance with the Privacy Shield program and the GDPR and any other applicable Privacy Law. The Privacy & Compliance Department shall review and approve any material changes to this program as necessary. Any questions, concerns, or comments regarding this Notice also may be directed to incrowdprivacyrequest@incrowdnow.com.

Privacy Notice for EEA, UK and Swiss Residents

I.          CONTROLLER OF THE PERSONAL DATA

InCrowd, Inc
480 Pleasant Street, Suite B100
Watertown, MA 02472
UK Data Protection Representative: Antonio Tropea, Managing Director – Europe, Survey Healthcare Limited, Citypoint Building, 9th Fl, 1 Ropemaker Street, London EC2Y 9HT, United Kingdom. UKDataProtectionRepresentative@incrowdnow.com.
EU Data Protection Representative: Fabio Musumeci, Privacy and Compliance Director, InCrowd Intelligence Operating, LLC: EUDataProtectionRepresentative@incrowdnow.com.
InCrowd Data Protection Contact & DPO:  privacy@incrowdnow.com

II.        SCOPE

This Notice applies to the processing of Personal Data that InCrowd transfers to and stores in the United States.

We’re committed helping you understand how we manage and protect the information we collect. We take privacy seriously and have taken many steps to help safeguard the information we collect from you.

This Privacy Notice was established in October 2022.

III.          PERSONAL DATA THAT WE COLLECT

InCrowd provides research solutions to its Clients, which are predominantly business customers, and individuals that may purchase products or participate to market research activities.

  1. General Data: InCrowd collects Personal Data of healthcare professionals that register with our community of healthcare professionals (Crowd).
  2. Communication Data: InCrowd may process information contained in or relating to any communication that you send to us or that we send to you. The communication data may include the communication content and metadata associated with the communication. Our website will generate the metadata associated with communications made using the website contact forms.
  3. Usage data: InCrowd may process data about your use of our website and services. The usage data may include your IP address, geographical location, browser type, version and language, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. We may also collect and process data on the websites you visited before our sites may be logged automatically if you are redirected to our site from our advertising campaigns. The source of the usage data is our analytics tracking system, marketing automation platform or other marketing technologies.
  4. Market Research data: InCrowd might also collect personal data and anonymized and/or pseudonymized data produced by individuals’ participation to market research activities.
  5. Information collected: The Personal Data that we collect may vary based on your interaction with InCrowd.  As a general matter, InCrowd collects the following types of Personal Data:

          Data collected from our Community of Healthcare Professionals (Crowd):

Category

Examples

Collected

A. Personal data A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, Social Security number, or other similar identifiers, telephone number, employment

Yes

B. Special categories of personal data ART. 9 GDPR Age (40 years or older), race, color, national origin, citizenship, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, biometric data.

Yes

C. Internet or other similar network activity. Browsing history, search history, information on a consumer’s interaction with a website.

Yes

D. Geolocation data. Physical location or movements.

Yes

E. Sensory data. Audio, visual, or similar information.

Yes

F. Professional or employment-related information. Occupation, Employer Information.

Yes

IV.          PURPOSES OF DATA PROCESSING

InCrowd processes Personal Data that it collects directly from individuals registered with the Healthcare Community and indirectly in its role as a service provider for the following business purposes:

  1. Operations: maintaining and supporting our products as well as delivering and providing the requested products/services;
  2. Contractual; complying with contractual obligations related thereto (including managing transactions, reporting, invoices and other operations related to providing/receiving services to/from clients and individuals). This may include data included in Category A
  3. Market Research: Allowing individuals to participate in market research surveys and interviews and related activities. Report back to clients results in an anonymized and aggregated form.
  4. Publications: In certain occasions and strictly in accordance with your express instructions, we may process your personal data for the purposes of publishing such data on our website and elsewhere through our services.
  5. Relationships and communications: Processing contact data for the purposes of managing our relationships and communicating with you by email and/or telephone.
  6. Direct marketing: Processing contact data for the purposes of creating, targeting, and sending direct marketing communications by email and making contact by telephone for marketing-related purposes. We do this for improving and facilitating your participation in market research activities.
  7. Research and analysis: Processing usage data for the purposes of researching and analyzing the use of our website, for example monitoring, supporting, improving, and securing our website, services and business generally. InCrowd has a legitimate interest in maintaining security conditions on our websites to prevent malware, or other types of attacks. Security is essential to protect the personal data of customers and visitors.
  8. Record keeping: Processing your personal data for the purposes of creating and maintaining our databases, back-up copies of our databases and our business records in servers located in the United State. We do this to ensure that we have access to all the information we need to run our business properly and efficiently in accordance with this Notice.
  9. Legal compliance and vital interests: Processing your personal data where such processing is necessary for compliance with a legal obligation to which we are subject or to protect your vital interests or the vital interests of another natural person.
  10. Required by Law: for other business-related purposes permitted or required under applicable local law and regulation for example satisfying governmental reporting, tax, crime investigation and national security; and (7) as otherwise required by law). This may include data included in Category A
  11. In general: as requested by data subjects;

V.          LEGAL BASES FOR PROCESSING YOUR PERSONAL DATA

InCrowd uses the following legal bases for processing your data in relation with the above identified purposes:

Legal Basis Purposes
Your Consent Market research
Publications
Record keeping
In general
Execution of a contract to which you or your company is party or in order to take preliminary steps at your request prior to entering into a contract Operations
Contractual
Relationships and communications
Direct marketing
Comply with a legal obligation to which the InCrowd is subject Legal compliance and vital interests
Required by Law
Legitimate interest Operations
Relationships and communications
Direct marketing
Research and analysis
Record keeping

VI.        SPECIAL CATEGORY OF PERSONAL DATA OR SENSITIVE DATA

InCrowd might process certain categories of data that can be considered very sensitive. This data may be collected when individuals participate to market research activities carried out by InCrowd directly or on behalf of their clients. We are committed to handle this data with extreme care and only few authorized people have access to it. Such data might include: information about your health, your ethnic origin, biometric data, trade union membership, etc. Where we process special categories of personal data, “Sensitive Personal Data,” we will always obtain your explicit consent to those activities unless:

  1. Consent is not required by law;
  2. To protect your vital interests where you are incapable of giving your consent;
  3. For the establishment, exercise or defense of legal claims or whenever courts are acting in their judicial capacity;
  4. Processing is necessary for reasons of public interest in the area of public health as required by the local law.

Where this is allowed by law, you may have the right to withdraw that consent at any time.

VII.          AUTOMATED DECISIONS

We reserve the right to make automated decisions, including using machine learning algorithms about website visitors to optimize and provide better experience when navigating our websites. Only digital data as specified in section VIII are included in this processing.

We may analyze your participation in our surveys with the purpose to enrich the profiling data we hold about you. The profiling data that we have collected might be used for making manual or automated decisions that involve your participation in market research activities. As results of this processing, we will be able to send you market research activities within your sphere of expertise and interest.

You may contact us if you would like any clarifications about the automated decisions.

VIII.          DIGITAL DATA

  1. Cookies: InCrowd may set and use cookies to enhance your user experience on the sites, such as retaining your personal settings and preferences.  You may set your browser to prevent or reject cookies, or you may manually delete any cookies set. If you reject the cookies on the sites, you may still be able to use the sites, but they shall be limited to certain minimal functionality. From time-to-time InCrowd may use third-party tracking utilities that use session ID cookies that track site usability and assist InCrowd in improving user experience. This Privacy Notice does not cover the use of cookies by our third-party providers as we do not have access or control over these cookies. We may collect information on our sites or in our emails using web beacons and or tracking pixels (electronic images). We may use beacons to count visits, understand usage and campaign effectiveness and to tell if an email has been opened and acted upon. You can review the cookies used by InCrowd’s website here.
  1. Trend Analyses: InCrowd may use IP addresses to analyze trends, administer the Sites, to track your movement within the Sites, and to gather broad demographic information for aggregate use.
  2. Links to other sites: our sites include links to other websites whose privacy practices may differ from InCrowd’s. If you submit personal data to any of those sites, your information is governed by the privacy statements of those third-party sites.
  3. Managing cookies: Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:

IX.        CHOICE WITH RESPECT TO USES AND DISCLOSURES OF PERSONAL DATA

InCrowd recognizes that individuals have the right to limit the use and disclosure of their Personal Data, and we are committed to respecting those rights. We offer individuals the opportunity to opt out of disclosures of Personal Data to a third party or the use of Personal Data for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individual.  We will comply with the GDPR with respect to disclosures of Sensitive Data including, when applicable, obtaining the explicit consent (i.e., opt in consent) of an individual prior to disclosing Sensitive Data to a third party or using Sensitive Data for purposes other than those for which it was originally collected or subsequently authorized by the individual.

X.        DISCLOSURE/TRANSFER OF INFORMATION FOR A BUSINESS PURPOSE

InCrowd may disclose your Personal Information to a third party for a business purpose. We do this by entering into a contract that describes the purpose and requires the recipient to both keep that Personal Data confidential and not use it for any purpose except performing the contract. Furthermore, third parties must comply with the GDPR and agree to provide adequate protections that are no less protective than those set out in this Notice.

  1. Disclosure: We may disclose your Personal Information for a business purpose to the following categories of third parties:
    1. Our affiliates and subsidiaries
    2. Our clients or their agents
    3. Service Providers and consultants
    4. Professional services organizations, such as auditors and law firms
    5. Our business partners
    6. Internet service providers
    7. Government entities
    8. Operating systems and platforms
    9. Survey hosting providers
    10. Validation providers
    11. Rewards fulfillment providers
    12. SMS and video conference service providers
    13. Customer and panel support services
    14. Credit card processor
    15. Tax authorities
  2. Purposes of disclosure: InCrowd may disclose your personal information for the below purposes:
    1. Survey reporting
    2. Email services
    3. Authentication of medical licenses
    4. Identity verification of the panel members
    5. Offering and providing customer support
    6. Internal marketing campaigns for communicating new offers to our clients
    7. Internal marketing campaigns for improving and facilitating participation of Panel Members in market research activities
    8. Internal marketing engagement e.g. newsletters
    9. Honorarium processing and fulfillment
    10. Auditing purposes and governmental reporting
    11. Tax reporting
    12. Allowing participation in market research activities
    13. For complying with your requests or contract obligation we have with you
  3. Disclosures due to acquisition or merge: We may share your information in connection with a merger, sale of company assets, financing or acquisition of all or a portion of our business to another company, if any. In this event, InCrowd will notify you before information about you is transferred and becomes subject to a different privacy policy.
  4. Anonymous information: We may also share aggregated or anonymous information that does not directly identify you. InCrowd may share anonymized aggregated demographic information with InCrowd partners.
  5. Other forms of disclosures: InCrowd also may discloses your personal data for other purposes or to other third parties when you have consented to or requested such disclosure or under the following circumstances:
    1. We respond to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims;
    2. We believe it is necessary to share information in order to investigate or prevent fraud, or to take action regarding illegal activities, situations involving potential threats to the physical safety of any person, or as otherwise required by law.
    3. We transfer information about you if InCrowd is acquired by or merged with another company. In this event, InCrowd will notify you before information about you is transferred and becomes subject to a different privacy notice.
    4. In response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
  6. Third party compliance: Such third parties must agree to use such Personal Data only for the purposes for which they have been engaged by InCrowd and they must either:
    1. comply with the GDPR, the Privacy Shield principles, or another mechanism permitted by the applicable European data protection law(s) for transfers and processing of Personal Data; or
    2. agree to provide adequate protections for the Personal Data that are no less protective than those set out in this Notice.
  7. Liability: InCrowd is potentially liable in cases of onward transfers of Personal Data to third parties, such as when third parties that act as agents on our behalf process Personal Data in a manner inconsistent with applicable data protection regulations.

XI.        TRANSFER PERSONAL DATA OUTSIDE THE EEA, UK AND SWITZERLAND

The third parties as described in paragraph X might be based in US or in countries other than EEA, UK and Switzerland. In these instances, InCrowd imposes strict contractual obligations and executes Standard Contractual Clauses with third parties to maintain a level of protection that is equal to the GDPR requirements.

In other instances, we may ask your consent to allow us to transfer your personal data into another country. In doing so we will provide you with full information about the transfer.

You might contact our DPO if you would like to know more about our international transfer assessment and/or copy of the transfer mechanism that we use for sharing your Personal Data outside your country of residence.

XII.        ANTI-SPAM

InCrowd maintains a strict “No-Spam” policy, which means that InCrowd does not intend to sell, rent or otherwise give your email address to a third-party without your consent.

XIII.        DATA INTEGRITY, PURPOSE LIMITATION AND RETENTION

InCrowd will not process Personal Data in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by you.  To that end, InCrowd will take reasonable steps to ensure that your Personal Data is reliable for its intended use, accurate, complete, and current.  InCrowd uses reasonable efforts to maintain the accuracy and integrity of your Personal Data and to update it as appropriate.

We retain your personal data as follow:

  1. Contact data will be retained for a minimum period of 2 years following the date of the most recent contact between you and us, or until an updating information request or removal request is made by you;
  2. Communication data will be retained for a minimum period of 2 years following the date of the communication in question or until a removal request is made by you;
  3. Usage data will be retained for a minimum period of 2 years or until a removal request is made by you following the date of collection;
  4. In general we do not retain your personal data for more than 2 years since your last engagement/interaction with the Company;

 We may retain your information as necessary (including a longer period) to comply with our legal obligations, resolve disputes and enforce our agreements.

XIV.        PERSONNEL ACCESS OF PERSONAL DATA

Personnel from InCrowd may access and use your personal data only if they are authorized to do so and only for the purpose for which they are authorized.

XV.        DATA SECURITY

InCrowd has implemented physical and technical safeguards to protect Personal Data from loss, misuse, and unauthorized access, disclosure, alternation, or destruction. For example, electronically stored Personal Data is stored on a secure network with firewall protection, and access to InCrowd ‘s electronic information systems requires user authentication via password or similar means. InCrowd also employs access restrictions, limiting the scope of employees who have access to Customer Personal Data. Further, InCrowd uses secure encryption technology to protect certain categories of personal data.

Despite these precautions, no data security safeguards guarantee 100% security all of the time.

XVI.        YOUR RIGHTS

    1. Right of Access You have the right to obtain confirmation about whether your personal data is included in our databases. Upon request, InCrowd will provide an individual access to your personal data within the time frame dictated by the applicable data protection regulations. InCrowd will allow you to know what Personal Data is included in our databases and to ensure that such Personal Data is accurate and relevant for the purposes for which InCrowd collected the Personal Data. You may also request a copy of your data in a commonly used and machine-readable form.
      1. Right of Rectification: You may review your own Personal Data stored in the databases and correct, update, modify, or delete any data that is incorrect or incomplete.
      2. Right of Erasure: You may request to have the personal information that we have about you to be deleted from our servers. InCrowd will take reasonable steps, including technical measures, to comply with your request. In some circumstances your request might be rejected if it falls under one of the categories included in ART. 17.3:
        1. exercising the right of freedom of expression and information
        2. for compliance with a legal obligation
        3. for reasons of public interest in the area of public health
        4. archiving purposes in the public interest, scientific or historical research purposes or statistical purposes
        5. establishment, exercise or defense of legal claims
      3. Objection: You may object, at any time, to your Personal Data being processed for a specific purpose.
      4. Restriction of Processing:You may restrict processing of your Personal Data for certain reasons, such as, for example if you consider your Personal Data collected by us to be inaccurate or you have objected to the processing and the existence of legitimate grounds for processing is still under consideration.
      5. Data Portability: You may request the Personal Data you provided to us in a commonly used and machine-readable form.
      6. Right to Withdraw Consent: You have the right to withdraw your consent at any time, without affecting the lawfulness of our processing based on such consent before it was withdrawn, including processing related to existing contracts for our Services.
      7. Right to complain to a supervisory authority: you might lodge a complaint about our processing of your personal data with your local Data Protection Authority; InCrowd will collaborate with the authority to resolve it.
      8. Limitations: these rights are subject to certain limitations and exceptions. You can learn more about the rights of data subjects by visiting https://edpb.europa.eu/our-work-tools/general-guidance/gdpr-guidelines-recommendations-best-practices_en and https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/.

      XVII.        HOW TO EXERCISE YOUR RIGHTS

      You can exercise your rights by filling out the form found at https://preferences.incrowdnow.com/privacy. You may also submit a request at incrowdprivacyrequest@incrowdnow.com, via postal mail at InCrowd, Attn: Compliance Department, 480 Pleasant Street, Suite B100, Watertown, MA 02472 USA

      XVIII.        RESPONSE TIMING AND FORMAT

      We endeavor to respond to a verifiable request within 30 days of its receipt. If we require more time (up to two extra months), we will inform you of the reason and extension period in writing.

      We will deliver our written response by mail or electronically, at your option.

      The response we provide will also explain the reasons we cannot comply with a verifiable request, if applicable.

      We do not charge a fee to process or respond to your verifiable request unless it is excessive, repetitive, or manifestly unfounded.  If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

      Request that we can’t process: We cannot respond to your request or provide you with Personal Data if we cannot verify your identity or authority to make the request and confirm the Personal Data relates to you. Making a verifiable request does not require you to create an account with us.  We will only use Personal Information provided in a verifiable request to verify your identity or authority to make the request.

      Requests for Personal Data

      InCrowd will track each of the following and will provide notice to the appropriate parties under law and contract when either of the following circumstances arise:

      1. legally binding request for disclosure of the Personal Data by a law enforcement authority unless prohibited by law or regulation; or
      2. requests received from the Data Subject.

      XIX.        NOTIFICATION

      InCrowd notifies Clients and individuals about its adherence to GDPR and other applicable data protection regulations, as well as the Privacy Shield principles, through its publicly posted website privacy notice available at: Coming Soon

      XX.        RESPONSIBILITIES AND MANAGEMENT

      InCrowd has designated the Privacy Department to oversee its information security program, including its compliance with the Privacy Shield program. The Privacy Department shall review and approve any material changes to this program as necessary. Any questions, concerns, or comments regarding this Notice also may be directed to https://incrowdnow.com/privacy/.

      XXI.        ENFORCEMENT AND DISPUTE RESOLUTION

      We commit to resolving individuals’ complaints related to our privacy practices or our collection, or use, or disclosure of Personal Data.  An individual may file a privacy complaint by contacting our DPO at privacy@incrowdnow.com. Further, individuals with questions or concerns about the use or disclosure of their Personal Data should contact us as outlined in Section XVII.

      If an individual’s complaint cannot be satisfied through our internal complaint process, the individual may bring a complaint before the INSIGHTS ASSOCIATION PRIVACY SHIELD PROGRAM, a non-profit alternative dispute resolution provider located in the United States and operated by the Insights Association. The INSIGHTS ASSOCIATION PRIVACY SHIELD PROGRAM is designed to handle eligible complaints brought by Swiss and EU citizens about Privacy Shield Principles.  If you have any complaints regarding our compliance with the Privacy Shield Framework you should first contact us (as provided above).

      If contacting us does not resolve your complaint or you do not receive timely acknowledgement of your complaint, please visit the INSIGHTS ASSOCIATION PRIVACY SHIELD PROGRAM website at https://www.insightsassociation.org/Resources/Privacy-Shield/Information-for-EU-Swiss-Citizens-to-file-a-complaint for more information and to file a complaint.  We will cooperate with the independent dispute resolution mechanism to resolve any complaint that is not resolved through our internal processes.

      The above does not preclude your right to contact your local Data Protection Authority. We will collaborate with the DPA to find a solution to resolve the complaint.

      XXII.        CHANGES TO THIS NOTICE

      InCrowd will maintain, monitor, test, and upgrade information security policies, practices, and systems to assist in protecting the Personal Data that it collects. InCrowd personnel will receive training, as applicable, to effectively implement this Notice. Please refer to Section VIII for a discussion of the steps that InCrowd has undertaken to protect Personal Data.

      This Notice may be amended from time to time, consistent with the Privacy Shield Principles and applicable data protection and privacy laws and principles. We will notify Customers if we make changes that materially affect the way we handle Personal Data previously collected, and we will allow them to choose whether their Personal Data may be used in any materially different manner.

      XXIII.        DEFINITIONS

      Capitalized terms in this Privacy Notice have the following meanings:

      1. Customer” means a prospective, current, or former partner, vendor, supplier, customer, or client of InCrowd. The term also shall include any individual agent, employee, representative, customer, or client of an InCrowd Customer where InCrowd has obtained his or her Personal Data from such Customer as part of its business relationship with the Customer.
      2. Data Subject” means an identified or identifiable natural living person in the European Union. An identifiable person is one who can be identified, directly or indirectly, by reference to a name, or to one or more factors unique to his or her personal physical, psychological, mental, economic, cultural or social characteristics.
      3. Employee” means an employee (whether temporary, permanent, part-time, or contract), former employee, independent contractor, or job applicant of InCrowd.
      4. Europe” or “European” refers to a country in the European Economic Area.
      5. Personal Data” as defined under Regulation (EU) 2016/679, the General Data Protection Regulation means any and all data (regardless of format) that (i) identifies or can be used to identify, contact or locate a natural person, or (ii) pertains in any way to an identified natural person. Personal Data includes obvious identifiers (such as names, addresses, email addresses, phone numbers and identification numbers) as well as biometric data, “personal data” (as defined in the GDPR), and any and all information about an individual’s computer or mobile device or technology usage, including (for example and without limitation) IP address, MAC address, unique device identifiers, unique identifiers set in cookies, and any information passively captured about a person’s online activities, browsing, application or hotspot usage or device location.
      6. “Sensitive Data” is a subset of Personal Data which due to its nature has been classified by law as deserving additional privacy and security protections. Sensitive Personal Data consists of: (i) all government-issued identification numbers, (ii) all financial account numbers (including payment card information and health insurance numbers), (iii) individual medical records, genetic and biometric information, (iv) user account credentials, such as usernames, passwords, security questions/answers and other password recovery data, (v) data elements that constitute Special Categories of Data under the GDPR, namely EEA Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation, and (vi) any other Personal Data designated by InCrowd as Sensitive Personal Data.

      California Residents

      I.          CONTROLLER OF THE PERSONAL DATA

      InCrowd, Inc
      480 Pleasant Street, Suite B100
      Watertown, MA 02472
      InCrowd Data Protection Contact & DPO:  privacy@incrowdnow.com

      II.          SCOPE

      This Notice applies to the processing of Personal Data that InCrowd transfers to and stores in the United States.

      We’re committed to helping you understand how we manage and protect the information we collect. We take privacy seriously and have taken many steps to help safeguard the information we collect from you.

      This Privacy Notice was established in October 2022.

      III.            PERSONAL DATA THAT WE COLLECT

      InCrowd provides research solutions to its Client, which are predominantly business customers, and individuals that may purchase products or participate to market research activities.

      1. General Data: InCrowd collects Personal Data of healthcare professionals that register with our community of healthcare professionals (Crowd).
      2. Communication Data: We may process information contained in or relating to any communication that you send to us or that we send to you. The communication data may include the communication content and metadata associated with the communication. Our website will generate the metadata associated with communications made using the website contact forms.
      3. Usage data: We may process data about your use of our website and services. The usage data may include your IP address, geographical location, browser type, version and language, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. We may also collect and process data on the websites you visited before our sites may be logged automatically if you are redirected to our site from our advertising campaigns. The source of the usage data is our analytics tracking system, marketing automation platform or other marketing technologies.
      4. Market Research data: we might also collect personal data and anonymized and/or pseudonymized data produced by individuals’ participation to market research activities.
      5. Information collected: The Personal Information that we collect may vary based on your interaction with InCrowd. As a general matter, InCrowd collects the following types of Personal Data:

                Data collected from individuals:

      Category Examples Collected
      A. Identifiers. A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, Social Security number, or other similar identifiers. Yes
      B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code 1798.80(e)). A name, signature, Social Security number, address, telephone number, , employment,  or medical information., Some personal information included in this category may overlap with other categories. Yes
      C. Protected classification characteristics under California or federal law. Age (40 years or older), race, color, , national origin, citizenship, , marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation. Yes
      F. Internet or other similar network activity. Browsing history, search history, information on a consumer’s interaction with a website. Yes
      G. Geolocation data. Physical location or movements. Yes
      H. Sensory data. Audio, visual, or similar information. Yes
      I. Professional or employment-related information. Occupation, Employer Information. Yes

       

      IV.          PURPOSES OF DATA PROCESSING

      InCrowd processes Personal Data that it collects directly from individuals registered with the Healthcare Community and indirectly in its role as a service provider for the following business purposes:

      1. Operations: maintaining and supporting our products as well as delivering and providing the requested products/services;
      2. Contractual; complying with contractual obligations related thereto (including managing transactions, reporting, invoices and other operations related to providing/receiving services to/from clients and individuals). This may include data included in Category A
      3. Market Research: Allowing individuals to participate to market research surveys and interviews and related activities. Report back to clients results in an anonymized and aggregated form.  
      4. Publications: In certain occasions and strictly in accordance with your express instructions, we may process your personal data for the purposes of publishing such data on our website and elsewhere through our services.
      5. Relationships and communications: Processing contact data for the purposes of managing our relationships and communicating with you by email and/or telephone.
      6. Direct marketing: Processing contact data for the purposes of creating, targeting and sending direct marketing communications by email and making contact by telephone for marketing-related purposes. We do this for improving and facilitating your participation in market research activities.
      7. Research and analysis: Processing usage data for the purposes of researching and analyzing the use of our website, for example monitoring, supporting, improving and securing our website, services and business generally. InCrowd has a legitimate interest in maintaining security conditions on our websites to prevent malware, or other types of attacks. security is essential to protect the personal data of customers and visitors.
      8. Record keeping: Processing your personal data for the purposes of creating and maintaining our databases, back-up copies of our databases and our business records in servers located in the United State. We do this to ensure that we have access to all the information we need to run our business properly and efficiently in accordance with this Notice.
      9. Legal: Required by Law: for other business-related purposes permitted or required under applicable local law and regulation for example satisfying governmental reporting, tax, crime investigation and national security; and (7) as otherwise required by law. This may include data included in Category A;
      10. In general as requested by the clients and individuals;

      V.          LEGAL BASES FOR PROCESSING YOUR PERSONAL DATA

      InCrowd uses the below legal bases for processing your data in relation with the above identified purposes:

      Legal Basis Purposes
      Your Consent Market research
      Publications
      Record keeping
      In general
      Execution of a contract to which you or your company is party or in order to take preliminary steps at your request prior to entering into a contract Operations
      Contractual
      Relationships and communications
      Direct marketing
      Comply with a legal obligation to which the InCrowd is subject Legal compliance and vital interests
      Required by Law
      Legitimate interest Operations
      Relationships and communications
      Direct marketing
      Research and analysis
      Record keeping

      VI.          SPECIAL CATEGORY OF PERSONAL DATA OR SENSITIVE DATA

      InCrowd might process certain categories of data that can be considered very sensitive. This data may be collected when individuals participate to market research activities carried out by InCrowd directly or on behalf of their clients. We are committed to handle this data with extreme care and only few authorized people have access to it. Such data might include: information about your health, your ethnic origin, biometric data, etc. Where we process special categories of personal data, “Sensitive Personal Data,” we will always obtain your explicit consent to those activities unless:

      1. Consent is not required by law;
      2. To protect your vital interests where you are incapable of giving your consent;
      3. For the establishment, exercise or defense of legal claims or whenever courts are acting in their judicial capacity;
      4. Processing is necessary for reasons of public interest in the area of public health as required by the local law.

      Where this is allowed by law you, might have the right to withdraw that consent at any time.

      VII.          AUTOMATED DECISIONS

      We reserve the right to make automated decisions, including using machine learning algorithms about and website visitors in order to optimize the products and services offered and/or delivered. You may contact us if you would like any clarifications about the automated decisions.

      We might analyze your participation to our surveys with the purpose to enrich the profiling data we hold about yourself. The profiling data that we have collected might be used for making manual or automated decisions that involve your participation to market research activities. As results of this processing, we will be able to send you market research activities within your sphere of expertise and interest.

      You may contact us if you would like any clarifications about the automated decisions.

      VIII.          DIGITAL FINGERPRINT

      1. Cookies: InCrowd may set and use cookies to enhance your user experience on the sites, such as retaining your personal settings and preferences.  You may set your browser to prevent or reject cookies, or you may manually delete any cookies set. If you reject the cookies on the sites, you may still be able to use the sites, but they shall be limited to certain minimal functionality. From time to time InCrowd may use third-party tracking utilities that use session ID cookies that track site usability and assist InCrowd in improving user experience. This Privacy Notice does not cover the use of cookies by our third party providers as we do not have access or control over these cookies. We may collect information on our sites or in our emails using web beacons and or tracking pixels (electronic images). We may use beacons to count visits, understand usage and campaign effectiveness and to tell if an email has been opened and acted upon. For more information on the cookies used on the InCrowd websites, see the Cookies table at the bottom of this page
      2. Trend Analyses: InCrowd may use IP addresses to analyze trends, administer the Sites, to track Your movement within the Sites, and to gather broad demographic information for aggregate use.
      3. Links to other sites: our sites include links to other websites whose privacy practices may differ from InCrowd’s. If you submit personal data to any of those sites, your information is governed by the privacy statements of those third-party sites.
      4. Managing cookies: Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:
        1. https://support.google.com/chrome/answer/95647 (Chrome);
        2. https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop (Firefox);
        3. https://help.opera.com/en/latest/security-and-privacy/ (Opera);
        4. https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer);
        5. https://support.apple.com/en-gb/guide/safari/manage-cookies-and-website-data-sfri11471/mac (Safari);
        6. https://support.microsoft.com/en-gb/help/4468242/microsoft-edge-browsing-data-and-privacy (Edge).

        IX.          CHOICE WITH RESPECT TO USES AND DISCLOSURES OF PERSONAL DATA

        InCrowd recognizes that individuals have the right to limit the use and disclosure of their Personal Data, and we are committed to respecting those rights.  We offer individuals the opportunity to opt out of disclosures of Personal Data to a third party or the use of Personal Data for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individual.  We apply a strict policy with respect to disclosures of Sensitive Data including, when applicable, obtaining the explicit consent (i.e., opt in consent) of an individual prior to disclosing Sensitive Data to a third party or using Sensitive Data for purposes other than those for which it was originally collected or subsequently authorized by the individual.

        X.          DISCLOSURE/TRANSFER OF INFORMATION FOR A BUSINESS PURPOSE

        InCrowd may disclose your Personal Information to a third party for a business purpose. We do this by entering into a contract that describes the purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except performing the contract. Furthermore, third parties must comply with any privacy state of federal law and agree to provide adequate protections that are no less protective than those set out in this Notice.

        1. Disclosure: We may disclose your Personal Information for a business purpose to the following categories of third parties:
          1. Our affiliates and subsidiaries
          2. Our clients or their agents
          3. Service Providers and consultants
          4. Professional services organizations, such as auditors and law firms
          5. Our business partners
          6. Internet service providers
          7. Government entities
          8. Operating systems and platforms
          9. Survey hosting providers
          10. Validation providers
          11. Rewards fulfillment providers
          12. SMS and video conference service providers
          13. Customer and panel support services
          14. Credit card processor
          15. Tax authorities
        2. Purposes of disclosure: InCrowd may disclose your personal information for the below purposes:
          1. Survey reporting
          2. Email services
          3. Authentication of medical licenses
          4. Identity verification of the panel members
          5. Offering and providing customer support
          6. Internal marketing campaigns for communicating new offers to our clients
          7. Internal marketing campaigns for improving and facilitating participation of Panel Members in market research activities
          8. Internal marketing engagement e.g. newsletters
          9. Honorarium processing and fulfillment
          10. Auditing purposes and governmental reporting
          11. Tax reporting
          12. Allowing participation in market research activities
          13. For complying with your requests or contract obligation we have with you
        3. Disclosures due to acquisition or merge: We may share your information in connection with a merger, sale of company assets, financing or acquisition of all or a portion of our business to another company, if any. In this event, InCrowd will notify you before information about you is transferred and becomes subject to a different privacy policy.
        4. Other forms of disclosures: InCrowd also may disclose your personal data for other purposes or to other third parties when you have consented to or requested such disclosure or under the following circumstances:
          1. We respond to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims;
          2. We believe it is necessary to share information in order to investigate or prevent fraud, or to take action regarding illegal activities, situations involving potential threats to the physical safety of any person, or as otherwise required by law.
          3. We transfer information about you if InCrowd is acquired by or merged with another company. In this event, InCrowd will notify you before information about you is transferred and becomes subject to a different privacy notice.
          4. In response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
        5. Anonymous information: We may also share aggregated or anonymous information that does not directly identify you. InCrowd may share anonymized aggregated demographic information with InCrowd partners.
        6. Liability: InCrowd is potentially liable in cases of onward transfers of Personal Data to third parties, such as when third parties that act as agents on our behalf process Personal Data in a manner inconsistent with applicable data protection regulations.
        7. PERSONAL INFORMATION DISCLOSED IN THE PRECEDING TWELVE (12) MONTHS: InCrowd may have disclosed the following categories of Personal Information for a business purpose:
          1. Category A: Identifiers
          2. Category B: Personal information categories listed in the California Customer Records statute (Cal. Civ. Code 1798.80(e)).
          3. Category C: Protected classification characteristics under California or federal law.
          4. Category F: Internet or other similar network activity.
          5. Category G: Geolocation data.
          6. Category H: Sensory data.
          7. Category I: Professional or employment-related information.

            XII.          DISCLOSURE/TRANSFER OF PERSONAL DATA OUTSIDE US

            The third parties as described in paragraph X might be based in US or in other countries. In these instances, InCrowd imposes strict contractual obligations with third parties to maintain a level of protection that is equal to the state or federal law and in line with the terms of this Notice.

            In other instances, we may ask your consent to allow us to transfer your personal data into another country. In doing so we will provide you with full information about the transfer.

            You might contact our DPO if you would like to know more about our international transfer assessment and/or copy of the transfer mechanism that we use for sharing your Personal Data outside your country of residence.

            XIII.          ANTI-SPAM

            InCrowd maintains a strict “No-Spam” policy, which means that InCrowd does not intend to sell, rent or otherwise give your email address to a third-party without your consent.

            XI.          DATA INTEGRITY, PURPOSE LIMITATION AND RETENTION

            InCrowd will not process Personal Data in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by you.  To that end, InCrowd will take reasonable steps to ensure that your Personal Data is reliable for its intended use, accurate, complete, and current.  InCrowd uses reasonable efforts to maintain the accuracy and integrity of your Personal Data and to update it as appropriate.

            We retain your personal data as follow:

            1. Contact data will be retained for a minimum period of 2 years following the date of the most recent contact between you and us, or until an updating information request or removal request is made by you;
            2. Communication data will be retained for a minimum period of 2 years following the date of the communication in question or until a removal request is made by you;
            3. Usage data will be retained for a minimum period of 2 years or until a removal request is made by you following the date of collection;
            4. In general we do not retain your personal data for more than 2 years since your last engagement/interaction with the Company;

             We may retain your information as necessary (including a longer period) to comply with our legal obligations, resolve disputes and enforce our agreements.

            XIV.           PERSONNEL ACCESS OF PERSONAL DATA

            Personnel from InCrowd may access and use your personal data only if they are authorized to do so and only for the purpose for which they are authorized.

            XV.          DATA SECURITY

            InCrowd has implemented physical and technical safeguards to protect Personal Data from loss, misuse, and unauthorized access, disclosure, alternation, or destruction. For example, electronically stored Personal Data is stored on a secure network with firewall protection, and access to InCrowd ‘s electronic information systems requires user authentication via password or similar means. InCrowd also employs access restrictions, limiting the scope of employees who have access to Customer Personal Data. Further, InCrowd uses secure encryption technology to protect certain categories of personal data.

            Despite these precautions, no data security safeguards guarantee 100% security all of the time.

            XVI.           YOUR RIGHTS AND CHOICES

            Pursuant to the CCPA and subject to certain exceptions and limitations, California residents may contact us to exercise their rights with respect to certain Personal Information that we hold about them.

            To the extent these rights may apply to you, they are described below.

            1. Right to Know About Personal Information Collected, Disclosed, or Sold

            You have the right to request that we provide you with details about the Personal Information we collect, use, disclose and sell.

            Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable request related to your Personal Information.

            As part of this process, we may ask to verify your identity. Your request must:

            1. Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative;
            2. Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

            We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. Making a verifiable request does not require you to create an account with us.  We will only use Personal Information provided in a verifiable request to verify your identity or authority to make the request.

            In connection with this request, you are entitled to receive the following:

            1. The categories of your Personal Information that we have collected in the preceding 12 months
            2. The categories of sources from which that Personal Information was collected
            3. The business/commercial purpose for the collection or selling
            4. The categories of third parties with whom we share Personal Information
            5. The specific pieces of Personal Information we has collected about you (subject to some exceptions)

            Because we have disclosed or sold (as those words are defined in the CCPA) Personal Information to third parties in the last 12 months, you are also entitled to receive:

            1. The categories of Personal Information that we have disclosed or sold for a business purpose in the past 12 months and the parties to whom that information was sold or disclosed.

             2. Right to Request Deletion of Personal Information

            You have the right to request deletion of the Personal Information we have collected about you (subject to some exceptions). You can submit your request as described above, and we reserve the right to conduct the verification described above.

            We may deny your deletion request if retaining the information is necessary for us or our service providers to:

            1. Complete the transaction for which we collected the Personal Information, provide a service that you requested, or take actions reasonably anticipated within the context of our ongoing business relationship with you.
            2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
            3. Debug products to identify and repair errors that impair existing intended functionality.
            4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
            5. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code 1546 seq.).
            6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
            7. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
            8. Comply with a legal obligation.
            9. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

            3. Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Rights

            We will not discriminate against you for exercising any of your CCPA rights.  Unless permitted by the CCPA, we will not:

            1. Deny you use of our services.
            2. Provide you a different level or quality of services.

            4. Right to Opt-Out of Sale of Personal Information

            The term “sell” in the CCPA is defined broadly as “…selling, renting, releasing, disclosing, disseminating, making available, transferring… a consumer’s personal information by the business to another business or a third party for monetary or other valuable consideration.”

            While InCrowd may share your Personal Information with your consent as outlined in this Privacy Notice, there may be limited instances where our sharing of information may be considered a “sale” under CCPA.

            Please be advised that if you exercise this right, it may affect our ability to offer you survey opportunities and to maintain your membership in our network.

            XVII.          HOW TO EXERCISE YOUR RIGHTS

            You can exercise your rights by filling out the form found at https://preferences.incrowdnow.com/privacy.  You may also submit a request at incrowdprivacyrequest@incrowdnow.com, via postal mail at InCrowd, Attn: Compliance Department, 480 Pleasant Street, Suite B100, Watertown, MA 02472 USA

            XVIII.          RESPONSE TIMING AND FORMAT

            We endeavor to respond to a verifiable request within 45 days of its receipt.  If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.

            We will deliver our written response by mail or electronically, at your option.

            Any disclosures we provide will only cover the 12-month period preceding receipt of a verifiable request.  The response we provide will also explain the reasons we cannot comply with a verifiable request, if applicable.

            We do not charge a fee to process or respond to your verifiable request unless it is excessive, repetitive, or manifestly unfounded.  If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

            XIX.           RESPONSIBILITIES AND MANAGEMENT

            InCrowd has designated the Privacy and Compliance Department to oversee its information security program, including its compliance with the Privacy Shield program. The Privacy and Compliance Department shall review and approve any material changes to this program as necessary. Any questions, concerns, or comments regarding this Notice also may be directed to Privacy@incrowdnow.com.

            XX.          CHANGE TO THIS NOTICE

            This Notice may be amended from time to time, consistent with applicable data protection and privacy laws and principles. We will notify Members if we make changes that materially affect the way we handle Personal Information previously collected, and we will allow them to choose whether their Personal Information may be used in any materially different manner.

      Privacy Shield Notice

      I.          PRIVACY SHIELD FRAMEWORK

      InCrowd remains certified with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield  Framework as set forth by the US Department of Commerce. Our Privacy Shield certification is available here.

      InCrowd complies with the General Data Protection Regulation (GDPR), the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the US Department of Commerce when processing personal data of European Union and Swiss Citizens.

      As part of the decision of the European Court of Justice (C-311/18 Schrems II) InCrowd transfers personal data to US via other compliance mechanisms in accordance with Chapter V of the GDPR including the Standard Contractual Clauses issued by the European Commission on the 4th of June 2021.

      If there is any conflict between the terms in this privacy notice and the GDPR or the Privacy Shield Privacy Principles, the GDPR and the Privacy Shield Privacy Principles shall govern. InCrowd acknowledges that as a participant in the Privacy Shield Framework we are under the enforcement authority of the Federal Trade Commission.

      Individual resident in the European union and Switzerland may resolve their controversy as describe in paragraph XXI of the Privacy Notice for EEA, UK and Swiss residents.

      If you would like to learn more why InCrowd remains Privacy Shield certified, please visit the Insights Association webpage about Privacy Shield Program: https://www.insightsassociation.org/Resources/Privacy-Shield.

      You can also learn more about the Privacy Shield program, by visiting  https://www.privacyshield.gov/.

      II.          RENEWAL

      VERIFICATION

      1. InCrowd will renew its Privacy Shield certification annually, unless it subsequently determines that it no longer needs such certification or if it employs a different adequacy mechanism.
      2. Prior to the re-certification, InCrowd will conduct an in-house verification to ensure that its attestations and assertions with regard to its treatment of Personal Data are accurate and that the company has appropriately implemented these practices. Specifically, as part of the verification process, InCrowd will undertake the following:
        1. Review this Notice to ensure that it accurately describe the practices regarding the collection of Customer Personal Data.
        2. Ensure that this Notice informs about InCrowd’s participation in the Privacy Shield program and where to obtain a copy of additional information (e.g., a copy of this Notice).
        3. Ensure that this Notice continues to comply with the Privacy Shield principles and GDPR.
        4. Confirm that data subjects are made aware of the process for addressing complaints and any independent dispute resolution process (InCrowd may do so through its publicly posted website, its Privacy Notice and/or its Terms of Use).
        5. Review its processes and procedures for training Employees about InCrowd’s participation in the Privacy Shield program and the appropriate handling of Customer Personal Data.
      3. InCrowd will prepare an internal verification statement on an annual basis.

      Cookie Details

      The following Cookies are used on this website

      Cookie duration Domain Category Description Level of intrusion InCrowd or third parties Privacy Policy
      bscookie 2 years .www.linkedin.com Security Used for remembering that a logged in user is verified by two factor authentication. Minimally intrusive  LinkedIn  https://www.linkedin.com/legal/cookie-policy
      _ga 2 years .incrowdnow.com Analytics The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site’s analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors. Minimally intrusive Google https://policies.google.com/privacy?hl=en-US
      _gid 1 day .incrowdnow.com Analytics Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website’s performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously. Minimally intrusive Google https://policies.google.com/privacy?hl=en-US
      _gat_UA-21779967-3 1 minute .incrowdnow.com Analytics A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow website owners to track visitor behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to. Minimally intrusive Google https://policies.google.com/privacy?hl=en-US
      _gat_UA-21779967-1 1 minute .incrowdnow.com Analytics A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow website owners to track visitor behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to. Minimally intrusive Google https://policies.google.com/privacy?hl=en-US
      _hjid 1 year .incrowdnow.com Analytics This is a Hotjar cookie that is set when the customer first lands on a page using the Hotjar script. Minimally intrusive  Hotjar  https://www.hotjar.com/legal/policies/privacy/
      _hjFirstSeen 30 minutes .incrowdnow.com Analytics Hotjar sets this cookie to identify a new user’s first session. It stores a true/false value, indicating whether it was the first time Hotjar saw this user. Minimally intrusive  Hotjar  https://www.hotjar.com/legal/policies/privacy/
      _hjIncludedInPageviewSample 2 minutes incrowdnow.com Analytics Hotjar sets this cookie to know whether a user is included in the data sampling defined by the site’s pageview limit. Minimally intrusive  Hotjar  https://www.hotjar.com/legal/policies/privacy/
      _hjAbsoluteSessionInProgress 30 minutes .incrowdnow.com Analytics Hotjar sets this cookie to detect the first pageview session of a user. This is a True/False flag set by the cookie. Minimally intrusive  Hotjar  https://www.hotjar.com/legal/policies/privacy/
      pardot past .pardot.com Analytics The pardot cookie is set while the visitor is logged in as a Pardot user. The cookie indicates an active session and is not used for tracking. Minimally intrusive  Salesforce  https://help.salesforce.com/s/articleView?id=sf.pardot_basics_cookies.htm&type=5
      wordpress_google_apps_login session incrowdnow.com Functional This is a functional cookie used for WordPress. This cookie allows the users to login to the site with their Google account. Minimally intrusive Google https://policies.google.com/privacy?hl=en-US
      lang session .ads.linkedin.com Preferences Used to remember a user’s language setting to ensure LinkedIn.com displays in the language selected by the user in their settings. Minimally intrusive  LinkedIn  https://www.linkedin.com/legal/cookie-policy
      bcookie 2 years .linkedin.com Security Browser Identifier cookie to uniquely identify devices accessing LinkedIn to detect abuse on the platform. Minimally intrusive  LinkedIn  https://www.linkedin.com/legal/cookie-policy
      lidc 1 day .linkedin.com Functional To facilitate data center selection Minimally intrusive  LinkedIn   https://www.linkedin.com/legal/cookie-policy
      UserMatchHistory 1 month .linkedin.com Advertisement Linkedin – Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor’s preferences. moderately intrusive  LinkedIn  https://www.linkedin.com/legal/cookie-policy
      AnalyticsSyncHistory 1 month .linkedin.com Advertisement Used to store information about the time a sync with the lms_analytics cookie took place for users in the Designated Countries moderately intrusive  LinkedIn  https://www.linkedin.com/legal/cookie-policy
      slireg 7 days incrowdnow.com Other No description available.
      li_gc 2 years .linkedin.com Other No description
      sliguid 5 years incrowdnow.com Other No description available.
      slirequested 5 years incrowdnow.com Other No description available.
      visitor_id<accountid>-hash 10 years .pardot.com Necessary The visitor hash cookie contains the account ID and stores a unique hash. This cookie is a security measure to make sure that a malicious user can’t fake a visitor from Pardot and access corresponding prospect information. Minimally intrusive  Salesforce  https://help.salesforce.com/s/articleView?id=sf.pardot_basics_cookies.htm&type=5
      lpv<accountid> 30 minutes pi.pardot.com Fuctional This LPV cookie is set to keep Pardot from tracking multiple page views on a single asset over a 30-minute session. For example, if a visitor reloads a landing page several times over a 30-minute period, this cookie keeps each reload from being tracked as a page view. Minimally intrusive  Salesforce  https://help.salesforce.com/s/articleView?id=sf.pardot_basics_cookies.htm&type=5
      site_identity 2 years 8 months scout.salesloft.com Functional Collect users’ information from different websites showing relevant advertisements Moderately intrusive  Salesloft  https://salesloft.com/privacy-notice/
      cookieyes-consent 1 year incrowdnow.com Necessary CookieYes sets this cookie to remember users’ consent preferences so that their preferences are respected on their subsequent visits to this site. It does not collect or store any personal information of the site visitors. Minimally intrusive InCrowd https://incrowdnow.com