CatalystMR Privacy Policy for Online Surveys
CatalystMR Inc. (www.catalystmr.com), (www.catalystsurvey.com), and (www.opinionsafe.com) (“CatalystMR” or referred to as “we”, “us” or “our”), is a world-class market research service provider conducting research with participants from around the world. CatalystMR believes in and respects your privacy and the sanctity of the information that may be provided. We subscribe to and uphold the standards for market research set forth by such organizations as The Insights Association, the Council for Marketing and Opinion Research (CMOR), and the European Society for Opinion and Marketing Research (ESOMAR). Additionally, CatalystMR is in compliance with HIPAA and COPPA privacy guidelines. 'CatalystMR is committed to respecting your privacy. CatalystMR Inc. complies with the Principles of the EU-US Data Privacy Framework and the UK Extension to the EU-US DPF (more information below).
In most cases, participants take surveys to share their opinions with us. If you have been asked to take a CatalystMR survey, you will find the privacy policy below.
CatalystMR also manages market research panels. Each of these panels has its own website with a description of the panel, the type of research performed, and the sponsors of this research. The privacy policies for these panels can be found at the respective panels’ websites.
This Agreement is effective as of August 24, 2023.
Third-Party Products and Services: We neither endorse nor accept responsibility for any third-party materials accessed through the Internet.
ENTIRE AGREEMENT: This Agreement constitutes the entire agreement between sponsor and you with respect to the subject matter contained in the Agreement.
Click a section to show the policy contents, click the section again to hide.In order to schedule and access some CatalystMR services, we may require personal information including your name, email address, mailing address and phone number. This information may be provided by you directly or another designated by you to schedule or complete a service. For example: When you register at one of CatalystMR managed panel portals, you will be asked to supply us with your name, email address, and phone number. This information is referred to as your “Panelist Profile Information”, which we obtain during the registration process. This information is treated differently than personal information we obtain via other means as noted below. We may also collect information about your visits to our website, including the pages you view, the links you click, and other actions taken in connection with our site and services. We also collect certain standard information that your browser sends to every website you visit, such as your IP address, browser type and language, access times and referring Website addresses. When you receive newsletters or promotional email from CatalystMR, we may use web beacons (described below), customized links or similar technologies to determine whether the email has been opened and which links you click in order to provide you more focused email communications or other information. On a case-by-case basis, CatalystMR may also collect additional personal information, subject to the voluntary consent of the discloser, including, but not limited to, likenesses, voices, race, ethnicity, gender, opinions and views on particular products and services from 3rd Parties. We may also supplement the information we collect with information obtained from other companies. For example, we may use services from other companies that enable us to associate your activity while on our website with your IP address in order to improve our site and services.
CatalystMR collects a wide range of information about survey respondents depending on the information needs of our clients requesting the surveys through its survey platform. For example, survey respondents may be requested to provide certain personally identifiable, financial or demographic information, as well as specific opinions about a variety of goods and services. Responses to all survey questions are completely voluntary. A survey respondent should only provide responses to questions they are comfortable answering and survey respondents may decline to answer any survey question.
CatalystMR, through its 3rd party software Kinesis Panel by CatalystMR, collects two kinds of information about users:
- Data that users volunteer by signing up to receive news and product information, entering contests, completing surveys, or buying directly from us; and
- Aggregated tracking data we collect when users interact with us.
CatalystMR uses the personal information you provide voluntarily to Kinesis to send information you’ve requested. The specific use of your personal information varies, depending on how you contact us:
- When you subscribe to Kinesis Platform mailing lists to receive Kinesis news and product information, you must provide an email address. We never sell or rent the email address you provide when subscribing to our lists.
- When you enter a contest or survey, we may ask for your name, address, and email address so we can administer the contest and notify winners.
CatalystMR collects and uses your personal login information, provided to us during the login process, solely to deliver the services you have requested, for security purposes and to provide you with important communications such as product improvements and technical service issues.
CatalystMR also collects and uses personal information provided to us during service scheduling or by other means including third party providers to deliver important information on our services and complete transactions you request. These uses may also include making our site or services easier to use by eliminating the need to repeatedly enter the same information.
Except as described in this statement, we will not disclose your personal login information outside of CatalystMR without your consent.
We may disclose personal information that CatalystMR and/or its subsidiaries collect or you provide:
- To clients of CatalystMR who commission market research studies, tools, analysis and software platforms.
- To our subsidiaries and affiliates.
- To contractors, service providers and other 3rd parties we use to support our business (and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them).
- To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of CatalystMR’s assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which personal information held by CatalystMR about our users is among the assets transferred.
- For any other purpose disclosed by us when you provide the information.
- With your consent.
- To comply with any court order, law or legal process, including to respond to any government or regulatory request.
- To protect and defend the rights or property of CatalystMR (including the enforcement of our agreements).
- To act in urgent circumstances to protect the personal safety of users of CatalystMR services or members of the public. We occasionally hire other companies to provide limited services on our behalf, such as handling the processing and delivery of mailings or for research purposes. Those companies will be permitted to obtain only the personal information needed to deliver the service. They are required to maintain the confidentiality of the information and are prohibited from using it for any other purpose.
Please be aware that CatalystMR may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
CatalystMR is liable for inappropriate onward transfers of personal data to third parties.
Our surveys are not intended for children under 13 years of age, and we do not knowingly collect personal information from anyone under the age of 13. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us at the address provided below.
CatalystMR recognizes the right of individuals to access their personal information. You have the ability to view or edit your personal information online. In order to help prevent your personal information from being viewed by others, you will be required to login with information provided by CatalystMR.
You can stop the delivery of future promotional email from CatalystMR sites and services by following the specific instructions in the email you receive. You may also have the option of proactively making choices about the communications you receive from CatalystMR by emailing privacy@catalystmr.com with your preferences.
CatalystMR complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. CatalystMR has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. CatalystMR has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, CatalystMR commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to INSIGHTS ASSOCIATION DATA PRIVACY FRAMEWORK SERVICES PROGRAM, an alternative dispute resolution provider based in the United States, the European Union, the United Kingdom, and/or Switzerland (as applicable). If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.insightsassociation.org/Resources/Data-Privacy-Framework/Information-for-EU-Swiss-Citizens-to-file-a-complaint for more information or to file a complaint. The services of INSIGHTS ASSOCIATION DATA PRIVACY FRAMEWORK SERVICES PROGRAM are provided at no cost to you.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, CatalystMR commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK individuals and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact CatalystMR at:
Privacy Office
CatalystMR Inc.
45 Yosemite Ave
Oakland, CA 94611
privacy@catalystmr.com
Paragraph C (Pre-Arbitration Requirements) of Annex I of the DPF Principles explains in detail when an individual can invoke binding arbitration. Rather than include this level of detail in a privacy policy, organizations may provide notice that an individual has the possibility, under certain conditions, to invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the other DPF mechanisms and then link to Annex I for additional information: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2
The Federal Trade Commission has jurisdiction over CatalystMR’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).
CatalystMR has further committed to refer unresolved Data Privacy Framework complaints (including the possibility, under certain conditions, for the individual to invoke binding arbitration) to Insights Association Data Privacy Framework Services Program, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit https://www.insightsassociation.org/Resources/Data-Privacy-Framework/Information-for-EU-Swiss-Citizens-to-file-a-complaint for more information or to file a complaint. The services of Insights Association Data Privacy Framework Program are provided at no cost to you.
CatalystMR complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, set forth by the U.S. Department of Commerce. CatalystMR has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, CatalystMR commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF to INSIGHTS ASSOCIATION DATA PRIVACY FRAMEWORK SERVICES PROGRAM, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit http://www.insightsassociation.org/get-support/privacy-shield-program/privacy-shield-eu-swiss-citizens-file-complaint for more information or to file a complaint. The services of Insights Association Data Privacy Framework Services Program are provided at no cost to you.
CatalystMR complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. CatalystMR has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. CatalystMR has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, CatalystMR commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK individuals and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact CatalystMR at:
https://www.insightsassociation.org/Resources/Data-Privacy-Framework/Information-for-EU-Swiss-Citizens-to-file-a-complaint
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, CatalystMR commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to https://www.insightsassociation.org/Resources/Data-Privacy-Framework/Information-for-EU-Swiss-Citizens-to-file-a-complaint, an alternative dispute resolution provider based in the United States, the European Union, the United Kingdom, and/or Switzerland (as applicable). If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.insightsassociation.org/Resources/Data-Privacy-Framework/Information-for-EU-Swiss-Citizens-to-file-a-complaint for more information or to file a complaint. The services of https://www.insightsassociation.org/Resources/Data-Privacy-Framework/Information-for-EU-Swiss-Citizens-to-file-a-complaint are provided at no cost to you.
Can a Data Privacy Framework participant rely on the EU-U.S. Data Privacy Framework to receive personal data from the United Kingdom in light of the UK’s withdrawal from the EU?
After the Transition Period, Data Privacy Framework participants still seeking to receive personal data from the UK in reliance on the Data Privacy Framework must have taken the following steps by December 31, 2020:
1. First, a Data Privacy Framework organization must update its public commitment to comply with the UK Extension to the EU-US Data Privacy Framework.
Public commitments must state specifically that the commitment extends to personal data received from the UK in reliance on the UK Extension to the EU-US Data Privacy Framework. If an organization plans to receive Human Resources (HR) data from the UK in reliance on the UK Extension to the EU-US Data Privacy Framework, it must also update its HR privacy policy. Model language for these updates is provided below:
CatalystMR complies with the EU-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and the United Kingdom to the United States in reliance on the UK Extension to the EU-US Data Privacy Framework. CatalystMR has self-certified to the Department of Commerce that it adheres to the Data Privacy Framework Principles with respect to such information. If there is any conflict between the terms in this privacy policy and the Data Privacy Framework Principles, the Data Privacy Framework Principles shall govern. To learn more about the Data Privacy Framework program, and to view our certification, please visit https://www.dataprivacyframework.gov/s/.
CatalystMR will offer individuals the opportunity to choose (opt-out) whether their Personal Information is (a) to be disclosed to a third party acting as a controller, or (b) to be used for a purpose that is materially different from the purpose for which it was originally collected or subsequently authorized by the individual. For sensitive personal information, CatalystMR will give individuals the opportunity to affirmatively and explicitly consent (opt-in) to the disclosure of their Sensitive Personal Information to (a) a third party acting as a controller or (b) the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. Should you choose to opt-out, simply email us using this link privacy@catalystmr.com.
If you are an EU Person about whom we hold personal Data on our own or client’s behalf, you may request access to, and the opportunity to update, correct or delete, such personal Data. To submit such requests or raise any other questions to our clients, please contact the business that provided your personal Data. You can also contact our EU-U.S. Data Privacy Framework Contact. We reserve the right to take appropriate steps to authenticate an applicant’s identity, to charge an adequate fee before providing access and to deny requests, except as required by the EU-U.S. Data Privacy Framework.
CatalystMR and its services use “cookies” to enable you to sign in to our services more easily and to help personalize your online experience. A “cookie” is a set of data that a web server stores on your computer that enables the server to recognize your computer. Cookies enable websites to “remember” your entries as you move from page to page, or when you revisit the site from time to time using the same computer. The data set that makes up a cookie will typically not have any meaning to anyone other than the party that placed the cookie. A cookie cannot retrieve other data from your computer’s hard drive or pass on computer viruses. Two different types of cookies are used in connection with our website: “Session cookies” track the user’s progression through our sites in a single visit. These cookies enable us to remember things as the user progresses from one page to another. With most Internet browsers, session cookies are either deleted or rendered inaccessible to us and our agents as soon as the user closes his or her browser. “Persistent cookies” allow us to remember a user at the user’s next visit. Persistent cookies are neither automatically erased nor rendered inaccessible upon closing the user’s browser, although persistent cookies will typically “expire” after some number of years. Upon expiration, such cookies may be deleted by the user’s browser or rendered inaccessible to us. (If you do not want these cookies to remain on your computer, you can erase them through use of your browser settings.) Both session and persistent cookies may also be used in connection with html email sent by us. Your browser or other software you install may permit you to restrict the use of session cookies, persistent cookies or all cookies. If you elect to not permit the use of persistent cookies only, you may enjoy the full functionality of our website; however, if you do so, you will need to re-enter some data upon your return visit or during the login process.
CatalystMR Web pages may contain electronic images known as “pixel tags”, “web beacons” or other technologies (collectively, “web beacons”). Web beacons are used to collect non-personally identifiable data and to assist in delivering cookies on our site and allow us to count users who have visited those pages and to deliver services. We may include Web beacons in promotional email messages or our newsletters in order to determine whether messages have been opened and acted upon.
If you have questions regarding this statement, please contact us at: Privacy Officer, CatalystMR Inc. 45 Yosemite Ave. Oakland CA. 94611
We will occasionally update this privacy statement to reflect changes in our services and customer feedback. When we post changes to this Statement, we will revise the “last updated” date at the top of this statement. If there are material changes to how CatalystMR will use your personal information, we will notify you either by prominently posting a notice of such changes prior to implementing the change or by directly sending you a notification. We suggest you periodically review this statement to be informed of how CatalystMR is protecting your information.
On May 25th, 2018 new data privacy regulation came into place in the EU, affecting anyone who collects personal data within that market.
In addition to GDPR, we comply with the ICC/ESOMAR International Code on Market, Opinion and Social Research and Data Analytics and other applicable guidelines and codes of conduct on market research.
Additionally, the policies outlined apply to our panelists, our clients, and all facets of data we collect and use.
You can find out more about our data policies and your privacy rights in our updated privacy and cookie policy by sending an email to privacy@catalystmr.com. Our policies comply with the GDPR, the European data protection law.
The General Data Protection Regulation (GDPR) was approved by the European Parliament and the Council of Europe on April 14th, 2016, to replace outdated legislation to protect the privacy of data subjects within the European Economic Area (EEA). GDPR compliance becomes immediately enforceable in all EEA countries on May 25th, 2018, for all entities when conducting business in, or engaging data subjects who are located in, the EEA. The main theme behind GDPR is to unify the laws and standards of data privacy across Europe and empower data subjects to take control over their personal data. As such, key components of GDPR include:
- Clear, transparent acquisition of consent
- Minimization of personal data storage
- Right to access, edit, and erasure of personal data
- Agency in the transfers of personal data
GDPR applies to not only data subjects in the countries of the European Union, but also those in the EEA. As such, the list of countries whose data subjects are covered under GDPR is as follows: Austria, Belgium, Bulgaria, Czech Republic, Cyprus, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, United Kingdom.
Failure to comply with GDPR regulations can result in penalties in the form of fines up to €20,000,000 or 4% of annual global turnover, whichever is greater.
Given the nature of our business in Market Research, GDPR requires rapid acceptance of standards across the industry. CatalystMR aims to be on the frontlines of compliance on May 25th, 2018. In addition, we will continue to keep the protection and privacy needs of our data subjects at the forefront of the work that we do.
The Articles of GDPR can be explored in detail here: https://gdpr-info.eu/art-7-gdpr
For more information, contact us at info@catalystmr.com
CatalystMR has undertaken several activities, based on EUGDPR.Org directives, to ensure your data is protected:
- EU-US Data Privacy Framework self-certification – CatalystMR is currently in the process of completing self-certification for EU-US data transfers safe and certified EU-US data transfers
- Updated terms of service and privacy policy – so anyone can learn how, where and why we collect and manage personal data
- Reviewed and revised our downstream terms with our vendors – all partners meet our standards for data security
- Implemented measures to obtain verifiable, GDPR-standard consents from data subjects – build trust with anyone we learn from
- Reviewed, identified and implemented any needed product changes
CatalystMR has systematically audited all systems, processes, and relationships to provide ultimate assurances of end-to-end GDPR compliance. Effective as of May 25, 2018, CatalystMR guarantees compliance for all research conducted in countries covered under the GDPR regulations, through initiatives including, but not limited to, those centered around the following measures.
CatalystMR has appointed a Data Privacy Officer who is responsible for overall organizational compliance and will maintain communication with supervisory authorities. Further, CatalystMR believes in fortifying all levels of its multi-layered approach to organizational accountability. As such, all users of CatalystMR’s information systems containing personal information must undergo rigorous compliance training. The CatalystMR compliance team will regularly verify compliance through various methods, including but not limited to business tool reports, simulated tests, periodic walk-throughs, internal and external audits, and feedback to the Data Privacy Officer.
Privacy and Consent are two principles that shape the foundation of GDPR. Under GDPR’s protections, CatalystMR’s panel members and respondents are entitled to a clear and comprehensive explanation of which data are to be collected, how long the information provided shall be stored, and under which circumstances their data may be used or shared. In compliance with this, CatalystMR has updated both its privacy policies and consent messaging at the point of impact, to ensure full transparency and true data subject intent. CatalystMR will not use pre-checked boxes or ambiguous language in pursuit of consent.
These steps are part of an ongoing process to safeguard your data privacy and security.
Should you have any further questions on GDPR, please contact your CatalystMR representative or email info@catalystmr.com
CatalystMR welcomes your comments regarding this privacy statement. If you have questions about this statement or believe that we have not adhered to it, please contact us at: Privacy Officer, CatalystMR Inc. 45 Yosemite Ave. Oakland CA. 94611 or privacy@catalystmr.com
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, CatalystMR commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF should first contact CatalystMR at: Privacy Officer, CatalystMR Inc. 45 Yosemite Ave. Oakland CA. 94611 or privacy@catalystmr.com