Effective Date: November 14, 2024
HANSA|GCR, LLC GLOBAL PRIVACY POLICY
1. INTRODUCTION: YOUR PRIVACY IS IMPORTANT TO US
Hansa|GCR, LLC (“Hansa,” “Hansa GCR,” “We,” “Our,” “Us”) is a market research and consulting firm. Hansa|GCR, LLC, our parent company Hansa Marketing Services, Inc., or our clients are the sole owners of the information and the personal information collected by Hansa. Hansa collects personal information that you voluntarily provide when contacting us or by taking our surveys as described in our policy below.
This privacy policy applies to Hansa|GCR, LLC, including HansaGCR.com, owned by Hansa|GCR, LLC.
Hansa only markets or sells our products and services to companies and organizations.
By using our website, contacting us, or taking our surveys, you accept the conditions of our privacy policy.
If you are an individual outside of the United States, by contacting us, registering for our webinars, or taking our surveys, you hereby consent to the transfer of your personal information to the United States where it is processed and stored. Read more information on international data transfer by clicking here.
We update our policy from time to time, so check our policy frequently for current information and disclosures.
Hansa is committed to processing your personal data in a lawful, transparent, and fair manner. If you have any questions about our policy or have a disability and would like an alternative way of accessing our policy, please see Contact Us in Section 19 of this policy.
2. SUMMARY
The following information summarizes our policy for safeguarding your privacy while using our website, taking our surveys, or doing business with us.
The purpose of our website is to provide you with information about our company and our professional services.
The purpose of our surveys is to enable us or our clients to gain a better understanding of people like yourself.
The purpose of our business communications is to support clients and prospects with our research products and services.
Our privacy policy describes the personal information we collect and share, how it is collected, and how you may make requests to confirm, know, access, limit or restrict, correct, delete, object to, withdraw consent, or obtain a copy of your personal information. We also provide information on how we transfer personal information and the security safeguards we have implemented to protect your personal information.
Our policy also provides our cookies policy in Section 8.
Please read the entirety of our policy carefully for details.
3. DEFINITION
When used in our privacy policy, the term “personal information” means any information that can be used to identify you or can be reasonably linked to you.
“Personal information” or similar terms have specific meanings under US state or international laws and regulations. When specific states or countries have jurisdiction, the relevant terms and definitions for those states or countries will apply.
4. WHAT IS OUR LEGAL BASIS FOR COLLECTING PERSONAL INFORMATION?
Hansa only collects personal information about you for business purposes and collects the minimum necessary to fulfill these business purposes.
Our lawful grounds for collecting and processing your personal information are our legitimate business interests, contractual obligations, compliance with judicial or other legal proceedings, or your consent to our privacy policy.
5. DO WE COLLECT PERSONAL INFORMATION FROM CHILDREN?
Hansa does not market to children and does not knowingly collect or share personal information from children less than 18 years of age through our website or our surveys. We have no actual knowledge of having or sharing personal information on children. If you are a parent or guardian and have knowledge that we collect or maintain any personal information not permitted by the U. S. Children’s Privacy Protection Act, please email us at Contact Us in Section 19 of this privacy policy and we will assess, delete, or correct our records.
6. HOW DO WE COLLECT YOUR PERSONAL INFORMATION?
We collect your personal information by:
You contacting us: You volunteering information when you contact us through our website or other means.
Volunteered information when you take our surveys. You taking an Internet (web) survey, telephone survey, mail survey, or face-to-face survey such as participating in an-person interview or focus group.
Client sharing: Hansa clients sharing your personal information with us for our surveys.
Other third-party sharing: Panel vendors, recruiters of survey respondents, or survey list providers sharing your personal information with us for us to send or process invitations to take a survey.
When a business shares personal information with Hansa, it has provided assurance or disclosures that it is allowed to share that information.
7. HOW DO WE USE YOUR PERSONAL INFORMATION?
If you take one of our surveys, we use your personal information to administer our surveys and respond to your inquiries. We do not use personal information collected in our surveys for marketing or sales purposes. We use your personal information to:
Contact you for surveys and market research.
Gain your responses to surveys and market research requests.
Respond to any questions you might have.
Provide any incentives or rewards for your completion of a survey.
From time to time, contact you to validate answers you provided in a survey.
From time to time, contact you to determine an additional fact of analytical importance to a survey.
From time to time, analyze your survey responses along with appended data from client-provided or third party-provided information about you (for example, past purchase history) so that, for business purposes, we can better understand people like yourself or so that our clients can enhance or deliver their products and services. Any such analyses that incorporate data about you from our clients or third parties would use data that clients or third parties share with us, and their privacy policies would apply to such sharing of data. Their privacy policies are not controlled by Hansa and Hansa is not responsible or liable for them.
Your personal information that we share with clients or third parties will only be done with your express permission; otherwise, our analyses that use your personal information will be done on a de-identified and aggregated basis. Further, your individual responses to surveys are confidential and will only be attributable to you when shared with clients if we have your express permission to do so.
If you contact us by submitting your information though our website or other means, we collect personal information that you volunteer so that we can respond to your communications. We do not use your personal information for marketing or sales purposes unless you have contacted us for a commercial purpose.
If you contact us for a commercial purpose such as an inquiry or request regarding our research and consulting services, we use your personal information for business communications and marketing or sales purposes. By providing your contact information you are expressly agreeing to receive (opting into) future marketing communications and/or sales contact from us or our parent company, Hansa Marketing Services, Inc., until such time as you inform us that you no longer wish to receive such communications or contact. You may opt out of these communications by contacting us in Contact Us in Section 19 of our privacy policy.
We use the information we collect from you to:
Assess the needs of your business to determine suitable products.
Send you requested product or service information.
Respond to customer service requests.
Send you Hansa information materials and invitations to webinars from us or our parent company.
Send you marketing communications.
Respond to your questions and concerns.
Improve our website and marketing efforts.
8. WHAT IS OUR COOKIES POLICY?
Use of cookies: Cookies are small files that are placed on your computer. Hansa places a cookie on your computer when visiting our website. This cookie is technically necessary for the website to function. If you do not accept the cookie, the website will not be accessible. We place no other cookies on your computer when accessing our website and we collect no personal information.
We do not use log files or tracking technologies such as beacons, tags, and scripts. We do not do any behavioral targeting. Our website does not use any social media widgets or contain links to other sites.
Tracking your web behavior by other companies: Other companies such as browsers and search engines may track your overall web behavior. Hansa has no control over what those companies may track and the information they obtain about you, and we are not liable for anything they might do.
Your choices: You have a choice whether to accept cookies when you access our website. If you click “Accept,” or if you proceed to use our website, you agree to our use of technically necessary cookies. If you do not agree to these cookies, then do not use our website.
9. WHAT CATEGORIES OF INFORMATION DO WE COLLECT?
If you contact us:
Hansa may collect the following categories of personal information:
Name.
Personal phone number.
Address.
Email address.
Other information, if required to verify your identity.
Information about your company, if applicable: Company name, your company email address and phone number, your title or role, and other business-related information.
This information enables us to respond to your questions and requests and provide information for you.
If you take a survey:
Hansa conducts surveys for a variety of businesses and organizations who want to know more about their market and/or customers. Surveys are never mandatory, and a respondent (someone who answers questions in a survey) always has the choice whether to provide personal information. We may collect the following personal information:
Personal contact information: We may collect your name, email, land line or cell phone number, postal address, or other information so that we can invite you to a survey or manage your survey responses. We may also collect your contact information to provide an incentive for taking our surveys.
Business contact information: We may collect information on your organization name, your title, role, business email, business phone number, size of your company, location of your company, or similar information in the context of the organization in which you work so that we can contact you to invite you to a survey, manage your survey responses, or analyze the survey results.
Demographic information: We may collect information on your age, income, geographic location, and other demographic information so that we can analyze survey results for our clients to better understand people like yourself.
Video or photographic images: We may collect your image when we communicate with you through interactions online or in person but only if you volunteer such images or with your express permission. We collect this information only as a means of personalizing our interactions with you while you are taking the survey.
Video or audio-recorded conversations: We may collect and record information about you in the course of conducting our surveys and engaging in conversations with you. We will only record such conversations with your express permission. We record conversations to enable analysis of your responses along with others on a de-identified and aggregated basis or, with your explicit permission, to share with our client on an identified basis.
Appended information: We may collect information about you that is obtained from third-party sources such as client databases or from other sources but only with your permission that you provide to us or our client. We append data to provide a more complete understanding of you so that our clients can enhance their products and services and marketing programs.
Sensitive information: We may collect sensitive personal information about you with your permission, or that you volunteer, in our surveys. This information could vary depending upon the survey we are conducting. We will collect this information to more fully understand your responses to questions we pose in our surveys. We may use sensitive personal information to infer characteristics about you as an individual, but only with your permission. This information might be used by our clients to enhance their products and services and marketing programs.
Notices: Hansa provides survey respondents with information about our privacy policy and the personal information we will collect prior to collecting such information. We do this either in the survey invitation process or during the survey.
10. WHAT INFORMATION DO WE SHARE OR DISCLOSE ABOUT YOU?
We do not sell, rent, provide access to, or otherwise disclose any personal information you provide us to unaffiliated persons or organizations for commercial gain. “Unaffiliated persons or organizations” are defined as persons not employed by an organization owned in whole or in part by our parent company, Hansa Marketing Services, Inc. We do not sell your personal information to third parties.
We may share your name, email address, or telephone number with clients of our company or with a third-party service provider in order that it may perform survey services, email functions, or file storage on our behalf. We use third-party service providers to conduct our web surveys and occasionally third-party providers to conduct telephone interviews, in-person interviews, mail surveys, or focus group research, among other methods, and those companies are prohibited from using your personal information for any other purpose.
Categories of third parties with whom we may share your personal information include:
Companies that provide services to help us with our surveys: We may use a third party to distribute survey invitations, collect survey responses, or conduct analysis of survey responses. Categories of information shared with these companies could be your name, title or role, phone number, email address, or other information provided to us such as your location, company name or size, if relevant, among other descriptive information. These companies are authorized to use your personal information only as necessary to provide these services and are contractually obligated to keep your information confidential.
Companies that provide email services and data storage: Your personal information may be collected via emails and stored on third-party email servers. Your personal data may be stored on a third-party storage provider.
Clients: We share your survey responses with clients on an anonymized or pseudonymized basis for analytic purposes. We may share your personal information with clients or third parties where you have granted permission for us to do so, for example, where you explicitly agree in a survey to share your responses, ask to be contacted by the client or third party, or you have granted permission to the client or third party through other means for us to share your information.
Our parent company Hansa Marketing Services, Inc.: If you have provided personal information in the context of potentially using our services for commercial purposes, then we may share your personal information with our parent company, Hansa Marketing Services, so that we can provide you with access to our marketing communications and webinar invitations and registrations. If you do not want us to share your personal information with this company, let us know at Contact Us in Section 19.
Change of ownership of Hansa GCR: We may share your personal information with another party if Hansa GCR or its parent company, Hansa Marketing Services are sold, reorganized, merged with another company, or dissolved.
Governmental authorities, legal proceedings or to protect our rights or your safety: We reserve the right to disclose your personal information as required by law and when we believe that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, and/or to comply with a judicial proceeding, subpoena, court order, or legal process served on our company or website. We also may be required to disclose your personal information in response to a lawful request by public authorities, including requests to meet national security or law enforcement requirements.
11. WHAT ARE YOUR OPTIONS FOR CHOICE AND OPT-OUT FOR YOUR PERSONAL INFORMATION?
Your rights: You have the right to confirm, know, access, limit or restrict the use, correct, erase, object, withdraw consent to use of your personal information, or request transportability or obtain a copy of your personal information. We will not discriminate against you for exercising these rights.
If your personal information changes or you have questions or requests, please let us know at Contact Us in Section 19. Please provide your existing personal information so we can locate your record(s) and include specifics of your request. We may ask for additional information to validate your identity. If we cannot confirm your identity, we may deny your request.
Upon verifying your identity as needed, we will respond to your request within 10 business days and update your personal information as appropriate in our records within 45 calendar days and direct any third parties with whom we have shared your personal information to do the same. Please note that if we received your personal information from a client or third party, we will let you know that fact and you must contact them directly to make requests regarding your personal information. We are not responsible for the information they may collect and retain about you or their response to your inquiries.
Opt out. You can opt out or limit the use of your sensitive personal information by contacting us at Contact Us in Section 19. Survey respondents or individuals who receive promotional communications also can opt out by following the instructions in those invitations or communications.
Note that Hansa limits the use of sensitive personal information only to that which is reasonably necessary to perform our research services for our clients.
Note also that if your name or email address was provided to us by one of our clients or other third parties who provide lists for our surveys or promotional communications, your request to opt out applies only to Hansa survey invitations or promotional communications, not to our client or other third party. If you want to opt out of any other or all of the client’s or third party’s communications to you, you will need to contact the client or third party directly.
You may designate an authorized agent to opt out for you.
We will respond to opt out requests within 15 business days.
12. WHAT MAY BE REQUIRED IF YOU USE AN AUTHORIZED AGENT?
If you have an authorized agent that submits requests on your behalf, please provide us with written documentation of the agent’s authorization to act on your behalf. We will then proceed with our normal verification procedures. If you do not have such documentation, we may deny your agent’s request.
13. HOW DO WE TRANSFER YOUR INFORMATION?
We will transfer your personal information to third parties, including clients, with documented agreements in place for them to comply with United States and international laws and regulations. By providing your personal information, you agree to the transfer of such information to us, our clients, and to our third-party service providers for storage or processing.
We manage any data transfer carefully to ensure the transfer of personal information is done in compliance with our privacy policy. Unless stipulated by our clients, personal information collected in our surveys is transferred via secure file sharing on our third-party cloud services provider. Your sharing of personal information via email, phone, or other means of communication relies on these methods for transfer of personal information. Personal information we collect in our surveys, or you provide to us, will be handled as confidential. If you are a resident of the United Kingdom, Switzerland, or European Economic Area, please see the Additional Disclosures for the EU, UK, and Switzerland later in this policy for more details on how we transfer information internationally.
14. HOW LONG DO WE RETAIN YOUR INFORMATION?
We retain your personal information only as long as necessary to perform our services for clients, maintain records of survey respondents and respondent requests, maintain records of other requests, comply with client requirements, and comply with any legal requirements. Personal information is deleted when no longer needed. In any case, we retain personal information obtained to perform our surveys and research services for no longer than 7 years.
15. HOW DO WE MANAGE SECURITY?
The security of your personal information is important to us. All personal information is stored on secure, encrypted servers in the United States.
We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it. Our Information Security Management System is certified to ISO 27001 standards by an ANAB Accredited Certification Body.
Hansa annually conducts an assessment and audits of our entire information security management system, including our risk assessment and policies and procedures for handling personal information.
Personal information you provide is accessible only to a limited number of employees who have special rights to such information. Our Information Security Management System includes procedures for training employees on data security management and the proper transfer and storage of personal information. Files containing personal information are de-identified prior to transmittal to our clients, unless a survey respondent has agreed to disclose their personal information. De-identification procedures include processing personal information in aggregate with either anonymized data or creating separate files for pseudonymized data. This information is stored in a third-party cloud services provider.
Be advised that no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.
If you have any questions about security on our website or while taking our surveys, please let us know at Contact Us in Section 19.
16. WHAT PERSONAL INFORMATION DO WE COLLECT AND USE FOR JOB APPLICANTS AND EMPLOYEES?
Employees within Hansa are advised of their rights regarding their personal information. If you apply for a position within Hansa, we will share those employee rights with you. We also will collect personal information that you submit to us as part of your employment inquiry or application.
17. CHANGES IN OWNERSHIP
If Hansa is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified by a prominent notice on our website for 30 days of any such change in ownership or control. Such notice will include your choices regarding your personal information.
18. CHANGES TO THIS POLICY
We may update this privacy policy to reflect changes to our information practices. We post the effective date of the most recent version of our policy that incorporates any changes at the beginning of our privacy policy.
19. CONTACT US
If you want to opt out of Hansa sharing your personal information or have questions, suggestions, or requests regarding our privacy policy or your personal information, please contact us by email at services@hansagcr.com or write to us at Hansa|GCR, LLC, 111 SW 5th Avenue, Suite 3150, Portland, OR 97204; Attention: Privacy Policy. If you are a United States resident, you also have the option of calling us on our toll-free number at 800-755-7683. Please include any of the following in an email subject line:
Opt out of all communications.
Opt out of survey invitations.
Do not sell or share my personal information.
Limit my sensitive personal information.
Know my personal information.
Delete my personal information.
Correct my personal information.
Withdraw consent.
Other.
Help us respond to your request by providing your name and brief details on the nature of your request.
If you are a resident of any of the following example states, please see your state for Additional Disclosures: California, Virginia, Colorado, and Connecticut.
If you are a consumer in Washington State, Nevada, or other state that has consumer health data privacy laws and have questions about how we protect your health data, please see Additional Disclosures: Consumer Health Data Privacy Policy
If you are a resident of any of the following geographic areas, please see your area for Additional Disclosures: European Economic Area, the United Kingdom, Switzerland, Canada, or Australia.
ADDITIONAL DISCLOSURES FOR CALIFORNIA RESIDENTS
These additional disclosures apply only to California residents who are consumers pursuant to the California Consumer Privacy Act as amended by the California Privacy Rights Act.
Definitions:
Consumer: means a natural person who is a California resident.
Personal information is information that identifies, relates to, or could reasonably be linked with you or your household. For example, it could include your name, social security number, email address, records of products purchased, internet browsing history, geolocation data, fingerprints, and inferences from other personal information that could create a profile about your preferences and characteristics.
Sensitive personal information is a specific subset of personal information that includes certain government identifiers (such as social security numbers); an account log-in, financial account, debit card, or credit card number with any required security code, password, or credentials allowing access to an account; precise geolocation; contents of mail, email, and text messages; genetic data; biometric information processed to identify a consumer; information concerning a consumer’s health, sex life, or sexual orientation; or information about racial or ethnic origin, religious or philosophical beliefs, or union membership.
Notice of collection and sharing of personal information and sensitive personal information:
In the past 12 months, Hansa GCR has collected the following categories of personal information and sensitive personal information:
Website usage: We collected or received no personal information or sensitive personal information.
Website user contacts and requests: We received no contact information or requests of any kind through our website or from our contact information listed in this privacy policy.
Business correspondence: We received emails, phone calls, or IM (instant message) requests and conduct conversations with individuals who contact us for commercial purposes. Such correspondence could be on-going communications with clients or business prospects.
Use of information: We use this information for business purposes including marketing and sales.
Sharing of information: We shared occasional emails from clients and prospects with our parent company.
Survey administration: We received lists of customers and prospects from clients to take a survey. We also received survey respondent personal information from third party recruiters we use for potential surveys.
Use of information: We use this information to invite individuals to surveys, administer our surveys, and analyze survey results.
Sharing of information: We shared client lists with third parties to administer our surveys. Third parties include companies that process survey invitations and survey processing or conduct phone interviews. Lists contain names, email addresses, and phone numbers, plus, in some cases, business characteristics such as size of business.
During surveys: While conducting our surveys, we have collected additional personal information on occasion, including sensitive personal information, but only with the permission of the respondent. We also have appended personal information provided by our clients to survey respondents. This information included, for example, the customer’s purchase history, types of products or services purchased, or other information from the client’s customer database.
Use of information: We use this information to administer our surveys and analyze survey results. We use sensitive personal information, such as health information, as volunteered by survey respondents and with their permission, to understand the respondent’s particular situation.
Sharing of information: We have not shared this information with third parties unless the survey respondent has agreed to share the information.
Your Privacy Rights:
You have the following rights regarding your personal information. We have provided a process for you to submit your requests at Contact Us in Section 19.
Right to know: You have the right to know about personal information collected, sold, or shared. You have the right to request the categories and specifics of the personal information we have about you.
Right to delete: You have the right to request deletion of the personal information we collect.
Right to opt-out of the sale or sharing: You have the right to request (opt out) that we do not sell or share your information.
Note that in many cases where we share your information, we do so in order to conduct market research surveys for which you may be invited to participate. If you request us not to share such information with third parties, you may thus preclude yourself from receiving an invitation to a market research survey which we may be conducting, for example, for a Hansa client with whom you are a customer.
Right to correct: You have the right to request that we correct inaccurate personal information that we have about you.
Right to limit the use and disclosure of your sensitive personal information: You have the right to limit our use of your sensitive personal information. Hansa limits the use of your sensitive personal information to that which is reasonably necessary in our research surveys.
Right to data portability: You have the right to request that we transfer any personal information we have about you to another organization. We will transfer your personal information or provide a copy of your information upon your request.
Right to object to automated behavioral profiling and automated decision making: Hansa does not use automated behavioral profiling for purposes of targeting our marketing communications or for ads. As explained in our privacy policy, we only use appended profiling information with your permission.
Right to non-discrimination: Hansa will never discriminate against you in exercising any of your rights.
You can submit requests regarding the above rights at Contact US in Section 19.
Notice of right to opt out: Hansa does not sell your personal information. We share your personal information as described in our privacy policy. You may opt out of the sharing of your personal information or limit the use of your sensitive personal information by following the instructions in Contact US in Section 19. We will respond to opt out requests within 15 business days.
Notice of financial incentives: In conducting our surveys, Hansa may offer an incentive to respondents to complete a survey. The respondent would have a choice about whether to proceed with the survey and become eligible for the incentive. For a completed survey, Hansa will fulfill the incentive in a manner specified in the incentive offer. Respondents will need to provide their contact information to receive the incentive. We maintain a record of respondents who were sent incentives and delete such records when no longer needed but, in any case, no longer than 7 years.
ADDITIONAL DISCLOSURES FOR VIRGINIA RESIDENTS
These additional disclosures apply only to Virginia residents who are consumers pursuant to the Virginia Consumer Data Protection Act.
Definitions:
Consumer: means a natural person who is a resident of the Commonwealth acting only in an individual or household context. It does not include a natural person acting in a commercial or employment context.
Personal data: means any information that is linked or reasonably linkable to an identified or identifiable natural person. "Personal data" does not include de-identified data or publicly available information.
Sensitive personal data: includes the following categories:
Racial or ethnic origin, religious beliefs, mental or physical health diagnosis, sexual orientation, or citizenship or immigration status;
Genetic or biometric data for the purpose of uniquely identifying a natural person;
Personal data collected from a known child; or
Precise geolocation data.
Controller: means the natural or legal person that, alone or jointly with others, determines the purpose and means of processing personal data. Hansa or our clients, vendors, or other third parties may act as the controller of personal data.
Processor: means a natural or legal entity that processes personal data on behalf of a controller. Hansa may be a processor, and Hansa may be both a processor and controller.
Your privacy rights:
Right to confirm whether we are processing your personal data.
Right to access your personal data.
Right to correct inaccuracies in your personal data.
Right to delete personal data that we collect or maintain on you.
Right to obtain a copy of your personal data in a portable and usable format.
Right to opt out of the processing of your personal data for purposes of targeted advertising, sale of your personal data, or profiling of you.
We will not discriminate against you for exercising any of your rights.
If you have a complaint or want to appeal a decision made by Hansa, you may file a complaint with the Virginia Attorney General: File a Complaint (state.va.us)
Please submit your requests or questions regarding your rights and our privacy policy per the instructions in Contact Us in Section 19 of this privacy policy.
ADDITIONAL DISCLOSURES FOR COLORADO RESIDENTS
These additional disclosures apply only to Colorado residents who are consumers pursuant to the Colorado Privacy Act.
Definitions:
Consumer: means an individual who is a Colorado resident acting only in an individual or household context and does not include an individual acting in a commercial or employment context, as a job applicant, or as a beneficiary of someone acting in an employment context.
Personal data: means information that is linked or reasonably linkable to an identified or identifiable individual; and does not include de-identified data or publicly available Information.
Controller: means a person that, alone or jointly with others, determines the purposes for and means of processing personal data. Hansa or our clients, vendors, or other third parties may act as the controller of personal data.
Processor: means a person that processes personal data on behalf of a Controller. Hansa may be a processor or both a processor and controller.
Your privacy rights:
You have the right to:
Opt-out of Hansa’s categories of data processing.
Withdraw consent.
Access your personal data.
Correct your personal data.
Delete your personal data.
Data portability, that is, receive a copy of your personal data.
Hansa will not discriminate against you for exercising any of your rights.
Please submit your requests or questions regarding your rights and our privacy policy per the instructions in Contact Us in Section 19 of this privacy policy.
ADDITIONAL DISCLOSURES FOR CONNECTICUT RESIDENTS
These additional disclosures apply only to Connecticut residents who are consumers pursuant to the Connecticut Data Privacy Act.
Definitions:
Consumer: means an individual who is a resident of Connecticut. "Consumer" does not include an individual acting in a commercial or employment context or as an employee, owner, director, officer or contractor of a company, partnership, sole proprietorship, nonprofit or government agency whose communications or transactions with the controller occur solely within the context of that individual's role with the company, partnership, sole proprietorship, nonprofit or government agency.
Personal data: means any information that is linked or reasonably linkable to an identified or identifiable individual. Personal data does not include de-identified data or publicly available information.
Sensitive data: means personal data that includes any of the following:
Data revealing racial or ethnic origin, religious beliefs, mental or physical health condition or diagnosis, sex life, sexual orientation or citizenship or immigration status.
The processing of genetic or biometric data for the purpose of uniquely identifying an individual.
Personal data collected from a known child.
Precise geolocation data.
Controller: means an individual who, or legal entity that, alone or jointly with others determines the purpose and means of processing personal data. Hansa GCR or our clients, vendors, or other third parties may act as the controller of personal data.
Processor: means an individual who, or legal entity that, processes personal data on behalf of a controller. Hansa may be a processor or both a processor and controller.
Hansa will not discriminate against you for exercising any of your rights.
Please submit your requests or questions regarding your rights and our privacy policy per the instructions in Contact Us in Section 19 of this privacy policy.
ADDITIONAL DISCLOSURES: CONSUMER HEALTH DATA PRIVACY POLICY
These Additional Disclosures apply to you if you are a consumer in Washington State, Nevada, or other U.S. state that has similar consumer health data privacy laws.
Occasionally, Hansa may collect personal data that could constitute Consumer Health Data as defined under applicable U.S. state consumer health privacy laws. Example health privacy laws are the Washington State My Health My Data Act (MHMDA) or Nevada’s Consumer Health Data Law (NCHDL).
Under the above state laws, Consumer Health Data is generally defined as Personal Information that is linked or reasonably linkable to a consumer and that may identify the consumer's past, present, or future physical or mental health status or that is used to identify health status. The following definitions for Washington State and Nevada provide further details.
Select definitions applicable under the Washington MHMDA:
Consumer means (a) a natural person who is a Washington resident; or (b) a natural person whose consumer health data is collected in Washington. "Consumer" means a natural person who acts only in an individual or household context, however identified, including by any unique identifier. "Consumer" does not include an individual acting in an employment context
Consumer health data is defined as “personal information that is linked or reasonably linkable to a consumer and that identifies the consumer's past, present, or future physical or mental health status.
Personal information means information that identifies or is reasonably capable of being associated or linked, directly or indirectly, with a particular consumer.
Select definitions applicable under the Nevada NCHDL:
Consumer means a natural person who resides in this State or whose consumer health data is collected in this State. The term does not include a natural person acting in an employment context.
Consumer health data means personally identifiable information that is linked or reasonably capable of being linked to a consumer and is related to the past, present or future health of the consumer.
Personally identifiable information means information that, alone or in combination with other information, may be used to identify a person or an electronic device used by the person.
These Additional Disclosures explain how Hansa collects, uses, and otherwise processes Consumer Health Data in connection with the services we provide.
Categories of health data we collect
We may collect the following types of consumer health data:
Categories of personal information we collect
We may collect your personal information such as name, telephone number, geographic location, age, gender, ethnicity, or email address.
Why we collect your information and health data
We collect your personal information (personally identifiable information) so that we can communicate with you regarding market research surveys or interviews. We also may collect your personal information such as age, gender, or ethnicity for analysis of research results on a deidentified basis so that we can understand consumers such as yourself.
We collect your health data when you participate in a research survey or interview so that we can understand consumer perspectives on health matters.
Sources of your information and health data
We may obtain your personal information or health data from third-party recruiters with whom you shared such information so that we may request your participation in a research survey or interview.
We collect your health data from information you provide directly, for example, when taking one of our surveys or participating in a research interview.
We do not collect any personal information or health data about you from visiting our website, from the Internet, or through the use of Artificial Intelligence.
How we use your personal information and health data
We use personal information to communicate with you when conducting our research studies. We also may use your deidentified personal information such as age, gender, or ethnicity so that we can analyze research results by different groups of consumers.
We use your health data to understand consumer perspectives on health matters related to health services that our clients may provide.
The health data we collect, however, is never associated with you and your personal information. Any personal information we collect is deidentified and removed from any records that contain your health data as soon as we no longer need that personal information to communicate with you. As an example, we may use your name and email to send you an invitation to participate in a research interview. When the interview is completed, we create a transcript of the interview that removes any reference to your identity or means of associating any health data to your identity. Then, your personal information is deleted from our files.
We will only collect or share your health data associated with your personal information with your explicit consent, except where necessary to comply with legal requirements.
How we share your personal information and health data
We only share your health data and personal information associated with your personal information to internal Hansa project team members who have a need to know (for example, to conduct an interview with you or contact you about a question we might have). We may share your deidentified health data with our clients.
We may share your personal information but not your health data that you provided to us with third-party service providers, for example third-party recruiters to contact you or thank you for a research interview we conducted.
We do not sell your health data or your personal information.
Your rights
You have the following rights:
Security measures
As explained in our Privacy Policy, we implement reasonable administrative, technical, and physical safeguards to protect your data from unauthorized access or misuse. Access is restricted to employees and third-parties who need the information to perform their jobs.
Geofencing and targeted messaging
We do not use geofencing technologies around healthcare facilities to track, identify, or send targeted messages to consumers based on their proximity to these locations.
Please submit your requests or questions regarding your rights and our privacy policy per the instructions in Contact Us in Section 19 of this privacy policy.
ADDITIONAL DISCLOSURES FOR DATA SUBJECTS IN THE EU, UK, AND SWITZERLAND
Pursuant to the General Data Protection Regulation (GDPR), these additional disclosures apply only to natural persons of the European Economic Area, United Kingdom, Switzerland, or any jurisdiction to which similar laws apply.
Definitions:
Personal data: means any information relating to an identified or identifiable natural person.
Special categories of data: means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
Controller: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Hansa clients are data controllers for data on their clients or customers. A Hansa third party such as a panel provider would be the data controller for its panel members.
Occasionally, Hansa may be the data controller. For example, we would be the data controller when we obtain personal data from someone who registers for one of our webinars or when we receive personal data from a research recruiter.
Processor: means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. When Hansa clients ask Hansa to survey their customers, Hansa would conduct the survey and analyze the results and would be the data processor.
At times, we may be both the data controller and the data processor: For example, if we receive contact information for potential survey respondents from a third party and then we conduct survey research with those respondents, then we would be the controller as well as the processor.
Legal basis for processing personal data:
Hansa may process personal data based on:
Legitimate business interests: Hansa conducts market research for clients who have a legitimate business interest in understanding their markets and customers. We also have legitimate business interests such as maintaining appropriate business records and marketing communications to commercial prospects and clients.
Consent to our privacy policy: Hansa or Hansa client as controller also has a lawful basis for processing based on research participant agreeing to the client’s and/or Hansa’s privacy policy.
Contractual obligations: Hansa processes personal data based on contractual requirements with our clients.
Legal obligations: Hansa may process personal data based on legal obligations such as court orders, law enforcement or other government requests.
Your privacy rights:
You have the right to:
Withdraw consent at any time.
Access and receive a copy of the data you have provided.
Have Hansa erase all the data you have provided.
Rectify inaccurate or incomplete data.
Restrict or object to the processing of your data.
Complain to a supervisory authority.
Subcontractors:
Hansa uses subcontractors to collect survey responses for web or phone surveys, recruit survey participants, and host focus group facilities, among other tasks. Hansa subcontractors provide assurance through contractual agreements with Hansa that they have in place GDPR-compliant procedures. Hansa uses a third party for storing survey response data, client lists of customers, and personal data.
Information audit:
Hansa annually conducts a comprehensive information security management system audit as part of our compliance with ISO 27001.
Notices:
Hansa complies with GDPR requirements for notice to data subjects when personal data are collected by Hansa as controller. We provide the required notices in advance of collecting the personal data and then collect personal data only with the data subject’s permission.
Notices include our identity and contact details; purpose and legal basis for processing; our legitimate interests, intentions to transfer personal data to the United States; safeguards we employ, period for storing the personal data; and specific rights.
International data transfer:
By agreeing to our privacy policy, you are providing your consent for your data to be transferred to the United States.
Hansa includes requirements in NDAs, MSAs, or SOWs or other documentation that client or third-party lists containing personal data are provided to us with adequate levels of protection and permission for international data transfer.
All personal data in our surveys with any accompanying research results are processed and stored within the United States. Transfers of survey data are non-repetitive and done strictly for our specific research projects.
Transfers of data submitted to us outside of our surveys, such as client or prospect communications, are done for business purposes.
Hansa complies with the EU-U.S. Data Privacy Framework (DPF), the UK Extension to the EU-US DPF, and the Swiss-US DPF as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the United Kingdom, and/or Switzerland to the United States in reliance on the Data Privacy Framework. Hansa has self-certified to the Department of Commerce that it adheres to the DPF Principles with respect to such information. If there is any conflict between the terms in this privacy policy and the DPF Principles, the DPF Principles shall govern. To learn more about the DPF, and to view our certification, please visit https://www.dataprivacyframework.gov/.
In compliance with the DPF, Hansa commits to resolve complaints about privacy and our collection or use of personal information. EU, UK, and Swiss citizens with inquiries or complaints regarding this privacy policy should first contact Hansa at:
COMPLAINT CONTACT NAME: Jenny Opsahl
ADDRESS: Hansa|GRC, LLC, 111 SW 5th Avenue, Suite 3150, Portland, OR 97204
PHONE: (503) 241-8036
Email: services@hansagcr.com
Hansa has further committed to refer unresolved privacy complaints under the DPF to the Insights Association Data Privacy Framework Services Program, a non-profit Independent Recourse Mechanism located in the United States and operated by the Insights Association. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.insightsassociation.org/Resources/Data-Privacy-Framework/Information-for-EU-Swiss-Citizens-to-file-a-complaint for more information and to file a complaint.
Pursuant to the DPF Principles, under certain limited conditions, you may invoke binding arbitration by selecting an arbitrator from the list of arbitrators developed by the US Department of Commerce and the European Commission. We also are under the enforcement authority of the U.S. Federal Trade Commission.
Hansa responsibility for data transfer:
Hansa is responsible and liable for the transfer of your personal information to a third party if the third-party processes such personal information in a manner inconsistent with the Data Privacy Framework Principles unless Hansa can prove that Hansa is not responsible for an event giving rise to damage as a result of the transfer of such information.
Hansa will not discriminate against you for exercising any of your rights.
Please submit your requests or questions regarding your rights and our privacy policy per the instructions in Contact Us in Section 19 of this privacy policy.
Alternatively, you may contact Hansa’s Chief Privacy Officer:
Wayne Marks, as Hansa’s president and ISMS Officer, serves as Hansa’s Chief Privacy Officer and as a point of contact for inquiries about Hansa policies and procedures to comply with GDPR. He ensures that management supports Hansa’s data protection policies and processes and that employees are trained on data protection policies and processes. Contact info: Wayne Marks, President, Hansa|GCR, LLC, 111 SW 5th Avenue, Suite 3150, Portland, OR 97204 USA. +1.503.241.1103. wmarks@hansagcr.com.
ADDITIONAL DISCLOSURES FOR CANADA
These additional disclosures apply only to residents of Canada pursuant to The Personal Information Protection and Electronic Documents Act (PIPEDA).
Definitions:
Personal information: means any factual or subjective information, recorded or not, about an identifiable individual. This includes information in any form, such as:
Age, name, ID numbers, income, ethnic origin, or blood type.
Opinions, evaluations, comments, social status, or disciplinary actions
Employee files, credit records, loan records, medical records, existence of a dispute between a consumer and a merchant, intentions (for example, to acquire goods or services, or change jobs).
Fair Information Principles:
PIPEDA outlines 10 Fair Information Principles:
An organization is responsible for personal information under its control. It must appoint someone to be accountable for its compliance with these fair information principles. Hansa’s president and Chief Privacy Officer, Wayne Marks, oversees compliance with these principles.
Principle 2 - Identifying Purposes
The purposes for which the personal information is being collected must be identified by the organization before or at the time of collection. Hansa’s privacy policy describes our processes and the specific purposes for which we collect personal information.
The knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate. Hansa processes provide for the consent of individuals in our surveys, using our website, or contacting us as described in our privacy policy.
Principle 4 - Limiting Collection
The collection of personal information must be limited to that which is needed for the purposes identified by the organization. Information must be collected by fair and lawful means. Hansa only collects information necessary to respond to questions or requests, conduct our business, or conduct our surveys as described in our privacy policy.
Principle 5 - Limiting Use, Disclosure, and Retention
Unless the individual consents otherwise or it is required by law, personal information can only be used or disclosed for the purposes for which it was collected. Personal information must only be kept as long as required to serve those purposes. Hansa only uses personal information and retains personal information as long as necessary as described in our privacy policy.
Personal information must be as accurate, complete, and up-to-date as possible in order to properly satisfy the purposes for which it is to be used. Individuals can request corrections or deletions of their personal information as described in our privacy policy.
Personal information must be protected by appropriate security relative to the sensitivity of the information. Hansa’s Information Security Management System is certified to the standards of ISO 27001.
An organization must make detailed information about its policies and practices relating to the management of personal information publicly and readily available. Access to Hansa’s privacy policy is displayed on the landing page of our website: www.HansaGCR.com.
Principle 9 - Individual Access
Upon request, an individual must be informed of the existence, use, and disclosure of their personal information and be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate. Individuals can contact us to learn what information we have about them as described in our privacy policy.
Principle 10 - Challenging Compliance
An individual shall be able to challenge an organization’s compliance with the above principles. Their challenge should be addressed to the person accountable for the organization’s compliance with PIPEDA, usually their Chief Privacy Officer. Individuals can contact Hansa’s Chief Privacy Officer, Wayne Marks, President, Hansa|GCR, LLC, 111 SW 5th Avenue, Suite 3150, Portland, OR 97204 USA. +1.503.241.1103. wmarks@hansagcr.com.
Breach notification:
Hansa Information Security Management System (ISMS) is certified to ISO 27001 standards by CIRQ. Our ISMS provides processes for notification in the event of a breach of our security safeguards.
Complaints:
You can contact Hansa’s president if you have a complaint: WMarks@HansaGCR.com; 1.503.241.1103
You also can file a complaint with the Office of the Privacy Commissioner:
Office of the Privacy Commissioner of Canada 30 Victoria Street, 8th floor Gatineau, QC K1A 1H3 Telephone: (819) 994-5444 Toll-free: 1-800-282-1376
Hansa will not discriminate against you for exercising any of your rights.
Please submit your requests or questions regarding your rights and our privacy policy per the instructions in Contact Us in Section 19 of this privacy policy.
ADDITIONAL DISCLOSURES FOR AUSTRALIA
The Australian Privacy Act and the Australian Privacy Principles provide for the protection and handling of personal information about individuals.
Privacy Principles:
The Privacy Act specifies 13 privacy principles:
open and transparent management of personal information. Hansa privacy policy addresses this principal.
anonymity and pseudonymity. Hansa policies provide for maintaining confidentiality and provide the option for individuals in our surveys to identify their personal information; we also use de-identification procedures.
collection of solicited personal information. Hansa requires that survey recipients have opted in to receive survey invitations; We collect only personal information that is reasonably necessary, by lawful and fair means, and with the individual’s permission.
dealing with unsolicited personal information. Hansa policies provide for proper management and safeguarding of personal information volunteered by individuals. We delete or de-identify personal information if it is reasonable to do so and not required for our legitimate business purposes.
notification of the collection of personal information. Hansa notifies individuals prior to the collection of their personal information as described in our privacy policy.
use or disclosure of personal information. Hansa only uses and discloses personal information for stated purposes and with the understandings described in our privacy policy.
direct marketing. Hansa does not direct market to consumers who do not have a commercial purpose regarding our services. We only market to individuals who have commercial purposes related to the services we provide, and who have granted permission for us to market to them as described in our privacy policy. Individuals can request that we do not direct market to them.
cross-border disclosure of personal information. Hansa uses defined processes for the transfer of personal information internationally.
adoption, use or disclosure of government-related identifiers. Hansa does not use government-related identifiers except for employees as may be needed for compliance with government requirements and to administer employee benefits.
quality of personal information. Hansa relies on clients, panels, or list providers for our surveys and provides survey respondents and others opportunity in our privacy policy to correct or update their personal information.
security of personal information. Hansa’s Information Security Management System is certified to ISO 27001 standards. Our privacy policy describes the processes we use for applying appropriate safeguards and for retaining or destroying personal information.
access to personal information. Individuals can request access to their personal information that we hold per our privacy policy.
correction of personal information. Individuals can request correction of their personal information per our privacy policy.
Hansa will not discriminate against you for exercising any of your rights.
Please submit your requests or questions regarding your rights and our privacy policy per the instructions in Contact Us in Section 19 of this privacy policy.