Last Updated: March 29th, 2021
- Personal Data that is collected from You.
- Our participation in the EU-US Privacy Shield Framework.
- Use of Your information.
- Sharing of Your information.
- Protection of Your information.
- Right to access, change or delete Your personal data.
- InCrowd’s contact address for privacy questions or complaints.
- Enforcement and Dispute Resolution.
InCrowd is committed to helping you understand how we manage and protect the information we collect. We take privacy seriously, and have taken many steps to help safeguard the information we collect from You.
EU-US AND SWISS-US PRIVACY SHIELD FRAMEWORK
InCrowd complies with the General Data Protection Regulation (GDPR) and the EU-US and Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal data from European Union and the United Kingdom and/or Switzerland. InCrowd has certified to the Department of Commerce that it adheres to the Privacy Shield Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, and recourse, enforcement and liability.
We may also process personal data relating to individuals in the United Kingdom, Switzerland and in the EU via other compliance mechanisms, including data processing agreements based on the EU Standard Contractual Clauses.
To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/.
RENEWAL / VERIFICATION OF PRIVACY SHIELD FRAMEWORK
InCrowd will renew our Privacy Shield certification annually, unless we subsequently determine that we no longer need such certification or if we employ a different adequacy mechanism. Prior to re-certification, InCrowd will conduct an in-house verification to ensure that our attestations and assertions with regard to our treatment of Personal Data are accurate and that we have appropriately implemented these practices. Specifically, as part of the verification process, InCrowd will undertake the following:
- Review its processes and procedures for training Employees about InCrowd’s participation in the Privacy Shield program and the appropriate handling of Your Personal Data.
InCrowd will prepare an internal verification statement on an annual basis.
PERSONAL DATA COLLECTED
- Data Integrity and Purpose Limitation InCrowd shall not process Personal Data in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the individual. To that end, InCrowd will take reasonable steps to ensure that Personal Data is reliable for its intended use, accurate, complete, and current. InCrowd uses reasonable efforts to maintain the accuracy and integrity of Personal Data and to update it as appropriate.
WEBSITE AND MOBILE APP TRACKING TECHNOLOGIES
When You visit our Sites, or Use our Mobile Apps, some information is automatically collected. For example, when You visit our Sites Your computer’s and mobile device’s operating system, device type, carrier provider, Internet Protocol (IP) address, access times, browser type and language, and the Websites You visited before our Sites may be logged automatically if you are redirected to our Site from our advertising campaigns. We also collect information about Your Usage and activity on our Sites and in our Mobile Apps. We collect mobile device information in order to send service notices directly to Your device. We may associate information we automatically collect with Your personal data such as Your login ID and information You give us at registration.
- Registration During the collection of information via the Profile pages on the Sites, You are required to give Your contact information (such as name, address, birth date, physician license information, medical school, institutional affiliations, email address and the like). An email address and birth date are used to confirm Your identity. An email address is also used to contact You about the materials and information on the Sites. Your email address and postal address will be used to compensate You for Your activities at InCrowd. When the Sites request Your identity, the Sites will clearly indicate the purpose of the inquiry before the information is requested. If you are based in the US, all of Your professional information is subject to authentication by third-party providers to confirm you are a validly licensed physician or clinician.
- Personal Profile Once you are a registered participant, You may provide additional information in Your personal profile describing Your credentials, professional experiences, academic background, biography and the like. If you are based in the US, such additional information must be truthful and accurate and is also subject to authentication by third-party providers. Providing additional information in Your personal profile beyond what is required at registration is entirely optional and may be altered or removed by You at any time.
- IP Addresses When You request a page from any page within the Sites, our Web servers automatically recognize Your domain name and IP address. The domain name and IP address reveal the IP address from which You have accessed the Sites.
- Opt Out Procedures You may opt-out of receiving further communications from InCrowd. To be completely removed from the InCrowd mailing list, contact email@example.com. If You are using an email forwarding service or other similar service, please make sure to include the correct email address or addresses.
USE OF YOUR PERSONAL DATA
- Use of Collected Information. InCrowd uses Personal Data that we collect for the following business purposes, without limitation: (1) maintaining and supporting our products, delivering and providing the requested products/services, and complying with our contractual obligations related thereto (including managing transactions, reporting, invoices and other operations related to providing/receiving services); (2) satisfying governmental reporting, tax, and other requirements (3) storing and processing data, including Personal Data, in computer databases and servers located in the United States; (4) verifying identity (e.g., for online access to accounts); (5) as requested by You; (6) for other business-related purposes permitted or required under applicable local law and regulation; and (7) as otherwise required by law.
- Legal Bases for Data Processing Our legal basis for the processing of your personal data are: 1) Your consent; 2) Our legitimate interest in engaging in commerce and offering products and services of value to You.
- Automated Decisions We reserve the right to make automated decisions, including using machine learning algorithms, about You in order to optimize the products and services offered and/or delivered.
- Trend Analyses InCrowd may use IP addresses to analyze trends, administer the Sites, to track Your movement within the Sites, and to gather broad demographic information for aggregate use.
- Links to Other Sites Our Sites includes links to other websites whose privacy practices may differ from InCrowd’s. If You submit personal data to any of those sites, Your information is governed by the privacy statements of those third-party sites.
- Choice with Respect to Uses and Disclosures of Personal Data InCrowd recognizes that EU and Swiss individuals have the right to limit the use and disclosure of their Personal Data, and we are committed to respecting those rights. We offer individuals the opportunity to opt out of disclosures of Personal Data to a third party or the use of Personal Data for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by You. We will comply with the GDPR with respect to disclosures of Sensitive Data including, when applicable, obtaining the explicit consent (i.e., opt in consent) of an individual prior to disclosing Sensitive Data to a third-party or using Sensitive Data for purposes other than those for which it was originally collected or subsequently authorized by the individual.
SHARING OF YOUR PERSONAL DATA
- Disclosures / Onward Transfers of Personal Data InCrowd is potentially liable in cases of onward transfers of Personal Data to third-parties, such as when third-parties that act as agents on our behalf process Personal Data in a manner inconsistent with the applicable data protection regulations. We will ensure that any third-party to which we disclose personal data provides the same level of privacy protection as is required by the applicable data protection regulations and agrees in writing to provide an adequate level of privacy protection. Except as otherwise provided herein, InCrowd discloses Personal Data only to third-parties who reasonably need to know such data. Such recipients must agree to abide by confidentiality obligations that adequately comply with the GDPR requirements.
- Consulting InCrowd may partner with third parties such as PayPal and Giftbit to provide specific services. When You sign up for these services, You agree that InCrowd may share names, or other contact information that is necessary for the third-party to provide these services. Per InCrowd’s contractual arrangements with such third-parties, these parties are not allowed to use personally identifiable information of InCrowd’s users except for the explicit purpose of providing services for InCrowd.
- Spam InCrowd maintains a strict “No-Spam” policy, which means that InCrowd does not intend to sell, rent or otherwise give Your email address to a third-party without Your consent.
- Legal Requests InCrowd also may disclose Personal Data under the following circumstances:
- Responding to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims;
- When we believe it is necessary to share information in order to investigate or prevent fraud, or to take action regarding illegal activities, situations involving potential threats to the physical safety of any person, or as otherwise required by law;
- In rare situations, it may be necessary to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
PROTECTION OF YOUR PERSONAL DATA
- Confidentiality and Security InCrowd has implemented physical and technical safeguards to protect Personal Data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. For example, electronically stored Personal Data is stored on a secure network with firewall protection, and access to InCrowd’s electronic information systems requires user authentication via password or similar means. InCrowd also employs access restrictions, limiting the scope of employees who have access to Your Personal Data. Further, InCrowd uses secure encryption technology to protect certain categories of Personal Data. For example, when InCrowd requests that You enter sensitive information, that information is encrypted using Secure Sockets Layer (SSL) software or other security protocols, which encrypts the information You input. No administrator at InCrowd will have knowledge of Your password. It is important for You to protect against unauthorized access to Your password and to Your computer. If You access the Sites using a shared computer, be sure to log off from the Sites when you have finished your session. To the extent InCrowd keeps physical records containing Your Personal Data, InCrowd limits access to such Personal Data to employees who InCrowd reasonably believes need that information to provide InCrowd services to You. Despite these precautions, no data security safeguards guarantee 100% security all of the time.
- Personnel Access of Personal Data InCrowd personnel may access and use Personal Data only if they are authorized to do so and only for the purpose for which they are authorized.
RIGHT TO ACCESS, CHANGE OR DELETE YOUR PERSONAL DATA
- Access, Rectification and Erasure . You have the right to obtain confirmation about whether Personal Data is included about You in our databases. Upon request, InCrowd will provide an individual access to Your Personal Data in the time frame dictated by the applicable data protection regulations . InCrowd will permit an individual to know what Personal Data about them is included in our databases and to ensure that such Personal Data is accurate and relevant for the purposes for which InCrowd collected the Personal Data. You may review Your Personal Data stored in the databases and correct, update, modify, or delete any data that is incorrect or incomplete. Your right to access your Personal Data may be restricted in exceptional circumstances, including, but not limited to, when the burden or expense of providing this access would be disproportionate to the risks to your privacy in the case in question, or where the rights of persons other than you would be violated by the provision of such access. If we determine that your access should be restricted in a particular instance, we will provide you with an explanation of our determination and respond to any inquiries you may have.
- Additional Rights for EU Data Subjects: (1) Objection. You may object, at any time, to your Personal Data being processed for a specific purpose. (2) Restriction of Processing. You may restrict processing of your Personal Data for certain reasons, such as, for example if you consider your Personal Data collected by us to be inaccurate or you have objected to the processing and the existence of legitimate grounds for processing is still under consideration. (3) Data Portability. You may request the Personal Data you provided to us in a commonly used and machine-readable form. (4) Right to Withdraw Consent. You have the right to withdraw your consent at any time, without affecting the lawfulness of our processing based on such consent before it was withdrawn, including processing related to existing contracts for our Services.
- Requests for Personal Data InCrowd will track each of the following and will provide notice to the appropriate parties under law and contract when either of the following circumstances arise: (a) legally binding request for disclosure of the Personal Data by a law enforcement authority unless prohibited by law or regulation; or (b) requests received from You.
INCROWD’S CONTACT ADDRESS FOR PRIVACY QUESTIONS OR COMPLAINTS
ENFORCEMENT AND DISPUTE RESOLUTION
We commit to resolving individuals’ complaints related to our privacy practices or our collection, or use, or disclosure of Personal Data. An individual may file a privacy complaint by contacting us at our contact information above. Further, individuals with questions or concerns about the use or disclosure of their Personal Data should contact us as outlined above.
InCrowd acknowledges that as a participant in the Privacy Shield Framework we are under the enforcement authority of the Federal Trade Commission.
If an individual’s complaint cannot be satisfied through our internal complaint process, the individual may bring a complaint before the INSIGHTS ASSOCIATION PRIVACY SHIELD PROGRAM, a non-profit alternative dispute resolution provider located in the United States and operated by the Insights Association. The INSIGHTS ASSOCIATION PRIVACY SHIELD PROGRAM is designed to handle eligible complaints brought by EU and Swiss citizens about Privacy Shield Principles. If you have any complaints regarding our compliance with the Privacy Shield Framework you should first contact us (as provided above).
If contacting us does not resolve your complaint or you do not receive timely acknowledgement of your complaint, please visit the INSIGHTS ASSOCIATION PRIVACY SHIELD PROGRAM website at http://www.insightsassociation.org/get-support/privacy-shield-program/privacy-shield-eu-swiss-citizens-file-complaint for more information and to file a complaint. We will cooperate with the independent dispute resolution mechanism to resolve any complaint that is not resolved through our internal processes. Please note that if an individual’s complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel. These dispute resolution services are provided at no cost to you.
FOR CALIFORNIA RESIDENTS
This PRIVACY STATEMENT FOR CALIFORNIA RESIDENTS supplements the information contained in the Privacy Notice of InCrowd (“InCrowd“). We adopt this statement to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and other California privacy laws. Any terms defined in the CCPA have the same meaning when used in this statement.
Information which we collect
You can review the types of Personal Information which we collect in our Privacy Notice which precedes this statement, as well as in the chart below.
A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, Social Security number, or other similar identifiers.
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code 1798.80(e)).
A name, signature, Social Security number, address, telephone number, , employment, or medical information., Some personal information included in this category may overlap with other categories.
C. Protected classification characteristics under California or federal law.
Age (40 years or older), race, color, , national origin, citizenship, , marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation.
F. Internet or other similar network activity.
Browsing history, search history, information on a consumer’s interaction with a website..
G. Geolocation data.
Physical location or movements.
H. Sensory data.
Audio, visual, or similar information.
I. Professional or employment-related information.
Occupation, Employer Information.
Use of your Personal Information
InCrowd uses Personal Information that it collects directly from the members of its network for the following business purposes, without limitation:
(1) maintaining and supporting our products, delivering, and providing the requested products/services, and complying with our contractual obligations related thereto (including managing transactions, reporting, invoices and other operations related to providing/receiving services);
(2) satisfying governmental reporting, tax, and other requirements
(3) storing and processing data, including Personal Information, in computer databases and servers located in the United States;
(4) verifying identity (e.g., for online access to accounts);
(5) as requested by You;
(6) for other business-related purposes permitted or required under applicable local law and regulation; and
(7) as otherwise required by law.
Disclosure of Personal Information for a Business Purpose
We may disclose your Personal Information to a third party for a business purpose. When we disclose Personal Information for a business purpose, we enter into a contract that describes the purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except performing the contract.
We disclose your Personal Information for a business purpose to the following categories of third parties:
Our affiliates and subsidiaries
Our clients or their agents
Service Providers and consultants
Professional services organizations, such as auditors and law firms
Our business partners
Internet service providers
Operating systems and platforms
In the preceding twelve (12) months, we have disclosed the following categories of Personal Information for a business purpose:
Category A: Identifiers.
Category B: Personal information categories listed in the California Customer Records statute (Cal. Civ. Code 1798.80(e)).
Category C: Protected classification characteristics under California or federal law.
Category F: Internet or other similar network activity.
Category G: Geolocation data.
Category H: Sensory data.
Category I: Professional or employment-related information.
Your Rights and Choices
Pursuant to the CCPA and subject to certain exceptions and limitations, California residents may contact us to exercise their rights with respect to certain Personal Information that we hold about them.
To the extent these rights may apply to you, they are described below.
Right to Know About Personal Information Collected, Disclosed, or Sold
You have the right to request that we provide you with details about the Personal Information we collect, use, disclose and sell.
You may contact us at firstname.lastname@example.org, by phone at +1-617-934-1600 extension 6 or via postal mail at InCrowd, Attn: Compliance Department, 480 Pleasant Street, Suite B100, Watertown, MA 02472 USA
Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable request related to your Personal Information.
As part of this process, we may ask to verify your identity. Your request must
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. Making a verifiable request does not require you to create an account with us. We will only use Personal Information provided in a verifiable request to verify your identity or authority to make the request.
In connection with this request, you are entitled to receive the following
- The categories of your Personal Information that we have collected in the preceding 12 months
- The categories of sources from which that Personal Information was collected
- The business/commercial purpose for the collection or selling
- The categories of third parties with whom we share Personal Information
- The specific pieces of Personal Information we has collected about you (subject to some exceptions)
Because we have disclosed or sold (as those words are defined in the CCPA) Personal Information to third parties in the last 12 months, you are also entitled to receive:
- The categories of Personal Information that we have disclosed or sold for a business purpose in the past 12
- months and the parties to whom that information was sold or disclosed.
Right to Request Deletion of Personal Information
You have the right to request deletion of the Personal Information we have collected about you (subject to some exceptions). You can submit your request as described above, and we reserve the right to conduct the verification described above.
We may deny your deletion request if retaining the information is necessary for us or our service providers to:
- Complete the transaction for which we collected the Personal Information, provide a service that you requested, or take actions reasonably anticipated within the context of our ongoing business relationship with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code 1546 seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Rights
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you use of our services.
- Provide you a different level or quality of services.
Right to Opt-Out of Sale of Personal Information
The term “sell” in the CCPA is defined broadly as “…selling, renting, releasing, disclosing, disseminating, making available, transferring… a consumer’s personal information by the business to another business or a third party for monetary or other valuable consideration.”
You have the right to opt-out of the sale of your Personal Information. You can submit a request by filling out the form found at https://preferences.incrowdnow.com/dont_sell. You may also submit a request at email@example.com, by phone at +1-617-934-1600 extension 6 or via postal mail at InCrowd, Attn: Compliance Department, 480 Pleasant Street, Suite B100, Watertown, MA 02472 USA
Please be advised that if you exercise this right, it may affect our ability to offer you survey opportunities and to maintain your membership in our network.
InCrowd provides registered members of our network with the opportunity to participate in research primarily for marketing or for social science purposes via survey invitations.
If you are a registered member who participates in our surveys, we provide you with financial incentives in the form of rewards which are added to your InCrowd account as consideration for your participation.
By accepting the rewards, you agree that these considerations represent fair value for your participation in the research studies you complete as a member of InCrowd’s network.
Response Timing and Format
We endeavor to respond to a verifiable request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.
We will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding receipt of a verifiable request. The response we provide will also explain the reasons we cannot comply with a verifiable request, if applicable.
We do not charge a fee to process or respond to your verifiable request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Changes to this Notice
This Notice may be amended from time to time, consistent with applicable data protection and privacy laws and principles. We will notify Members if we make changes that materially affect the way we handle Personal Information previously collected, and we will allow them to choose whether their Personal Information may be used in any materially different manner.
If you have any questions or comments about this notice, the ways in which we collect and use your personal information, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at firstname.lastname@example.org, by phone at +1-617-934-1600 extension 6 or via postal mail at InCrowd, Attn: Compliance Department, 480 Pleasant Street, Suite B100, Watertown, MA 02472 USA