Privacy Shield Statement
Last Updated: January 2024
Userlytics Corporation (“Userlytics,” “we,” “our,” and “us”) is a proud member of the Privacy Shield organization; as such, Userlytics adheres to the EU-U.S. Data Privacy Framework Principles, and the UK Extension to the EU-U.S Data Privacy Framework Principles and Swiss-US Privacy Shield Frameworks Principles (collectively, “Privacy Shield” or “Framework” or “Principles”), as administered by the United States Department of Commerce. EU-U.S. Data Privacy Framework Principles
As an organization that adheres to the U.S. regulatory frameworks in regards to applicable data privacy law, Userlytics’ self certification has been approved by the United States Department of Commerce. If there is any conflict between the terms in this Privacy Shield Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. Additionally, with respect to protecting data and information received under the Privacy Shield, Userlytics Corporation is subject to the regulatory powers of the Federal Trade Commission, along with applicable U.S. Law.
To learn more about the Privacy Shield Program, and view Userlytics’ certification page, please visit: https://www.dataprivacyframework.gov/
- “Data Subject” means an identified or identifiable natural person who is the subject of Personal Data (PI) as defined by the Privacy Shield Framework and applicable Data Protection Law;
- Privacy Shield’ encompasses the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. Data Privacy Framework (UK Extension to the EU-U.S. DPF), and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF). These frameworks enable secure transatlantic data transfers from the European Union / European Economic Area, the United Kingdom (including Gibraltar), and Switzerland to the United States while adhering to EU, UK, and Swiss data privacy laws.
- “Personal Data” refers to information that meets the following criteria:
- It is transferred from the European Economic Area (EEA), Switzerland, and/or the United Kingdom to the United States, relying on the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).
- It relates to or concerns a specific individual.
- It can be directly or indirectly associated with that individual.;
- “Sensitive Personal Data” means Personal Data about race or ethnicity, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sexual life, any actual or alleged criminal offenses or penalties, national identification number, or any other information that may be deemed to be sensitive under applicable law.
2. Scope: Types of Personal Data Collected.
- This policy applies uniformly to Personal Information collected and used by Userlytics while providing Services to clients. Userlytics’ Employees, and all Testers, or Market research participants, who voluntarily offer data shall benefit from the rights and privileges afforded to data subjects by the Privacy Shield Framework. Userlytics does not rely on the EU-U.S. or the Swiss-U.S. Privacy Shield to transfer data that originated in the EEA, Switzerland, or the UK to the U.S.
- For the avoidance of doubt, in all processing activities, personal information must be limited to the information that is relevant for the purpose of processing; Userlytics shall not deviate from the purpose.
- For more information on your rights, the purposes on collection, the type of data collected, and scope of our processing activities, please refer to the Policies here:
3. Limitations on Scope.
- Userlytics provides services worldwide; therefore, we must simultaneously remain compliant with the laws of multiple jurisdictions. In the event we transfer Personal Data covered by this Policy to third parties acting as Controllers (as defined by applicable law), we will do so in accordance with the rights and notices given to Data Subjects. We shall only process Sensitive Data if voluntarily (or otherwise, contractually) consented to such processing. We shall, at all times, provide at least the same level of protections and rights granted to Data Subjects as set forth by the Privacy Shield Frameworks. If we fail to abide by such Frameworks, we shall take the appropriate steps to remediate the violations and notify the applicable parties of such violations.
- Userlytics commits to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship.
4. Onward Transfers.
- In the event we transfer Personal Data under the Privacy Shield to third parties, such as Controllers (generally, Clients), we will ensure said Controllers protect the rights given to Data Subjects under applicable law. In addition, said onward transfers shall be limited to the specified purpose established via the appropriate consent form.
5. Security and Protection
- Userlytics has dedicated Security and Data Privacy Teams to ensure that the appropriate measures are taken to protect against loss, misuse, and unauthorized access, disclosure, alteration, and destruction.
- For more information on our Security Practices, please refer to the Security Information Page here.
6. Data Subject Access and Rights.
- Data Subjects have the right to request access to, correct, amend and/or delete personal data. You may also object to our processing of your personal data or ask that we restrict the processing of your personal data in certain instances. For any requests or questions, please contact us at DPO@userlytics.com.
- You have the right to choose (opt-out) whether your personal information is (i) to be disclosed to a third party; or (ii) to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individuals. Please keep in mind that some rights may be contractually withheld when a Tester voluntarily participates in the project.
- For the avoidance of doubt, Userlytics will require affirmative, express consent (opt-in) from individuals for information that is (i) disclosed to third parties and/or (ii) use for the purpose other than for which it was initially collected and has been modified.
7. Subprocessors and Third Parties.
- A subprocessor is a third party data processor engaged by Userlytics, who has or potentially will have access to or process data (which may contain Personal Data). Userlytics uses Third Party subprocessors, who may have access and process data on our behalf. Userlytics evaluates and performs due diligence on all subprocessors prior to onboarding; additionally, we have constant evaluation methods to ensure ongoing compliance with applicable data privacy law.
- Furthermore, Userlytics will (i) limit processing of Personal Data only for limited and specified purposes; (ii) require the third-party to provide at least the same level of privacy protection as is required by the Privacy Shield Principles; (iii) take reasonable and appropriate steps to ensure that processing of the Personal Data transferred is in a manner consistent with Userlytics’ obligations under the Privacy Shield Principles; and (iv) require third-parties to notify Userlytics if it is determined that it can no longer meet its obligation to provide the same level of protection as is required by the Privacy Shield Principles.
- For the avoidance of doubt, for all third party transfers, including those to Controllers or Subprocessors, we shall transfer only the information necessary to deliver Clients the purchased services.
8. Enforcement, and Liability.
- As a member of the Privacy Shield organization, Userlytics is subject to the investigation and administration of the Federal Trade Commission. Userlytics supports Data Subjects utilizing their rights, while having a complete understanding of their data use. Userlytics shall be subject to disciplinary action if we have violated, or otherwise, have not complied with the Privacy Shield principles.
- If any request is unanswered, or otherwise, is not acted on by Userlytics, Individuals may, under certain circumstances, invoke binding arbitration under Privacy Shield; for additional information, see https://www.privacyshield.gov.
- Userlytics also may be required to disclose Personal Data in response to a lawful request, including to meet national security or law enforcement requirements. Userlytics is liable for the appropriate onward transfer of Personal Data to third parties.
- Userytics may amend this Privacy Shield Statement from time to time consistent with the requirements of Privacy Shield. Notice regarding such amendments may be given for substantial changes.
10. Complaints and Notice.
- Userlytics adheres to Insights Association as our Independent Recourse Mechanism, in which each individual’s complaints and disputes are investigated and expeditiously resolved at no cost to the individual and by reference to the Principles. For more information, please visit the Insights Association website here.
- In compliance with the Privacy Shield Principles, Userlytics Corporation commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Userlytics at: DPO@Userlytics.com for any questions or concerns.
- Userlytics has further committed to refer unresolved Privacy Shield complaints to the Insights Association), an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.insightsassociation.org/Resources/Data-Privacy-Framework/Information-for-EU-Swiss-Citizens-to-file-a-complaint for more information or to file a complaint. The services of the Insights Association are provided at no cost to you.
- Corporation is committed to upholding the Privacy Shield Principles for the protection of personal data. In addition to our main operations, we have a subsidiary located in the European Union that fully adheres to the Privacy Shield Principles. Our subsidiary’s address is: C/ Pedro Heredia, 8 Madrid, 28028, Spain.
- Userlytics is committed to protecting the privacy of all data subjects. For questions or requests regarding our use of Personal Information, please contact us at:
Additional questions about our
Privacy Shield Policy
Analytics tells you what,
Userlytics tells you WHY.