Effective date: March 29, 2019
This Privacy Statement describes how Discuss.io collects, uses and discloses information, and what choices you have concerning the information.
Updates in this version of the Privacy Statement reflect changes:
- To more clearly outline how information we collect is shared with trusted third parties
- To clearly outline your responsibility for the Security of your account
- To more clearly outline our commitment to Privacy Shield Principles and your rights to resolve any complaint. Our obligation to the Jurisdiction of the Federal Trade Commission as a member of Privacy Shield, and outline our compliance with the transfer of Human Resources Data
When we refer to “Discuss.io,” we mean the Discuss.io entity that acts as the controller or processor of your information, as explained in more detail in the “Identifying the Data Controller and Processor” section below.
Table of Contents:
- Applicability of this Privacy Statement
- Information we collect and receive
- What we do with your information
- How we share and disclose your information
- Your rights
- Data retention
- Age Limitations & Children’s Privacy and Consent
- International Transfer of Data; EU-U.S. and Swiss-U.S. Privacy Shield
- Data Protection Officer
- Data Protection Authority
- Changes to this Privacy Statement
- Contacting Discuss.io
Applicability of this Privacy Statement
This Privacy Statement applies to Discuss.io‘s online meeting rooms and platform, (collectively, the “Services”), www.discuss.io, and other interactions (e.g., customer service inquiries, user conferences, etc.) you may have with Discuss.io. If you do not agree with the terms, do not access or use the Services, Website or any other aspect of Discuss.io‘s business.
This Privacy Statement does not apply to any third party applications or software that integrate with the Services through the Discuss.io platform (“Third Party Services”), or any other third party products, services or businesses. Also, a separate agreement governs delivery, access and use of the Services (the “Customer Agreement”), including the processing of any audio, video, files or other content submitted through Services accounts (collectively, “Interview Data”).
Identifying the Data Controller and Processor
Data protection law in certain jurisdictions differentiates between the “controller” and “processor” of information. In general, Customers are the controller of Interview Data. In general, Discuss.io., a US company based in Seattle, Washington is the controller of Other Information and a processor of Interview Data relating to Authorized Users and Participants who use the Services.
Information we collect and receive
Discuss.io may collect and receive Interview Data and other information and data (“Other Information”) in a variety of ways:
Information you provide to us – Interview Data
Customers, individuals granted access to a Project by a Customer, and Service Providers (collectively, “Authorized Users”) routinely submit Interview Data to Discuss.io when using the Services, as do prospective and qualified participants (collectively, “Participants”).
We may ask Participants for information to determine your eligibility for a market research interview, for scheduling and coordination purposes, and during an interview. In the course of an interview, audio and video recordings will be created unless previously specified by a Customer. Examples of information required for participation in an interview include:
- Demographic information – Age, gender, geographic location, marital status, household income, profession – Used to determine your eligibility to participate in an interview
- Name – In screening you for eligibility, we will ask for your real name for coordination and scheduling purposes. During the interview setup, you may choose a nickname you want to use for the interview. We’d prefer that you use a nickname or a false name to ensure you remain anonymous! Just remember, the moderator and other participants will use that name during the interview, so be prepared to answer to it.
- Email address – For scheduling tech checks and interviews, and for payment of rewards after participating in the interview. We will not use your email address for any other contact.
- Phone number – To allow participants to join an interview should internet connectivity be inadequate. We may also use this number to provide technical assistance immediately prior to and during the session, as well as to send a reminder of the upcoming interview via SMS if you opt-in to receiving reminders. We may also use this number to contact you about the payment of rewards after participating. We will not use your phone number for any other purpose.
- Questions relevant to the purpose of the study – This could be anything from questions about personal hygiene or personal preferences to financial or health information. These questions may be asked in a survey to determine your eligibility to participate in an interview, and they may be asked again via video or with a Discuss.io employee to verify the authenticity of your survey responses. Finally, such questions may be asked in the course of the interview.
- Video and audio responses – We will collect these using your browser, your telephone, or both. These will only be obtained during the interview pre-screening, to determine compliance with the research objectives, and during the interview itself.
- Chat – Comments made in the public chat will be stored in our databases.
- Whiteboard input – When you have used the online whiteboard to add markings to the materials shared, we will record that data.
We may ask Authorized Users for identifying information such as name, phone number, email address, company name, and/or similar account details to create an account to organize and execute online market research. In the course of using our Services, Authorized Users may be required to provide Interview Data to participate in an interview.
Information we collect automatically when you use the services – Other Information
Certain Information is collected automatically and, if some Information, such as video and audio responses, is not provided, we may be unable to provide the Services. When you access or use our Services, we automatically collect Other Information about you, including:
- Log information: We log information about your use of the Services, including the type of browser you use, clickstream data, date/time stamp, pages and files viewed on our site (e.g., HTML pages, graphics, etc.), your IP address, and your bandwidth.
- Device information: We collect information about the computer or mobile device you use to access our Services, including the hardware model, operating system and version, unique device identifiers, mobile network information, and connected audio and video devices.
What we do with your information
Interview Data will be used by Discuss.io in accordance with Customers’ instructions, including any applicable terms in the Customer Agreement and Customer’s use of Services functionality, and as required by applicable law. Discuss.io is a processor of Customer Data and Customers are the controller. Customers may, for example, use the Services to grant and remove access to a project, schedule interviews, access, modify, export, share and remove Interview Data and otherwise apply its policies to the Services.
Discuss.io uses Other Information in furtherance of our legitimate interests in operating our Services, website, and business. More specifically, Discuss.io uses Other Information:
- To provide, update, maintain and protect our Services, website, and business. This includes the use of Other Information to support delivery of the Services under a Customer Agreement, prevent or address service errors, security or technical issues, analyze and monitor usage and trends.
- As required by applicable law, legal process or regulation.
- To communicate with you by responding to your requests, comments, and questions. If you contact us, we may use your Other Information to respond.
- To develop and provide research and insights-building tools and additional features. Discuss.io tries to make the Services as useful as possible for Authorized Users. For example, we may improve search functionality by using Other Information to help determine and rank the relevance of content to an Authorized User or make Services suggestions based on historical use and predictive models, identify organizational trends and insights, to customize a Services experience or create new productivity features and products.
- To send emails and other communications. We may send you service, technical and other administrative emails, messages and other types of communications. We may also contact you to inform you about changes in our Services, our Services offerings, and important Services-related notices, such as security and fraud notices. These communications are considered part of the Services, and you may not opt out of them. In addition, we sometimes send emails about new product features, promotional communications or other news about Discuss.io. These are marketing messages so you can control whether you receive them.
- For billing, account management, and other administrative matters. Discuss.io may need to contact you for invoicing, account management and similar reasons and we use account data to administer accounts and keep track of billing and payments.
- To investigate and help prevent security issues and abuse.
If Information is aggregated or de-identified so it is no longer reasonably associated with an identified or identifiable natural person, Discuss.io may use it for any business purpose. To the extent Information is associated with an identified or identifiable natural person and is protected as personal data under applicable data protection law, it is referred to in this Privacy Statement as “Personal Data.”
How we share and disclose your information
This section describes how Discuss.io may share and disclose Information. Customers determine their own policies and practices for the sharing and disclosure of Information, and Discuss.io does not control how they choose to share or disclose Information.
- Customer’s instructions. Discuss.io will solely share and disclose Interview Data in accordance with a Customer’s instructions, including any applicable terms in the Customer Agreement and Customer’s use of Services functionality, and in compliance with applicable law and legal process.
- Displaying the services. When an Authorized User or Participant submits Interview Data, it may be displayed to Authorized Users in the same interview. For example, a Participant’s name may be displayed with their video stream.
- Customers access. Owners, administrators, Authorized Users and other Customers representatives and personnel may be able to access, modify or restrict access to Other Information. This may include, for example, your employer using Service features to export logs of Services activity, or accessing or modifying any project artifacts such as video recordings or insights reports.
- During a change to Discuss.io’s business. If Discuss.io engages in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of Discuss.io’s assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence), some or all Information may be shared or transferred, subject to standard confidentiality arrangements.
- Aggregated or de-identified data. We may disclose or use aggregated or de-identified Information for any purpose. For example, we may share aggregated or de-identified Information with prospects or partners for business or research purposes, such as telling a prospective Discuss.io customers the average amount of time spent organizing a Project.
- To comply with laws. If we receive a request for information, we may disclose Information if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation or legal process.
- To enforce our rights, prevent fraud, and for safety. To protect and defend the rights, property or safety of Discuss.io or third parties, including enforcing contracts or policies, or in connection with investigating and preventing fraud or security issues.
- With consent. Discuss.io may share Information with third parties when we have consent to do so.
Third Parties That Receive Personal Data
For personal information collected via our website, we share personal data with service providers, to carry out our services and other supporting activities, such as technical assistance, marketing, analytics, or customer service.
For personal information collected via our products and services, Discuss.io shares personal data with trusted businesses or persons to process it for us, based on our instructions and in compliance with this Privacy Statement and any other appropriate confidentiality and security measures.
These third parties may access, process, or store personal data while providing their services. Discuss.io has contracts with these third parties restricting their rights to access, use, and disclose personal data in compliance with Privacy Shield principles and solely for the purposes described in this statement.
Individuals located in certain countries, including the European Economic Area (EEA), have certain statutory rights about their personal data. Subject to any exemptions provided by law, you may have the right to request access to Information, as well as to seek to update, delete or correct this Information.
If you are an Authorized User, you can usually do this using the settings and tools provided in your account (see below for Enterprise Users). If you are an unregistered Participant and you wish to update, delete, or correct your Information, please email email@example.com. If desired, we will destroy all data associated with the entire interview and alert our partners and Customers to do the same (this right is limited to data which according to law and regulation may only be processed with your consent, if you withdraw your consent for processing). Please note that we may need to retain certain information for record keeping purposes, to complete transactions or to comply with our legal obligations. When technically feasible, Discuss.io will -at your request- provide your personal data to you or transmit it directly to another controller (this right is limited to data provided directly by you).
Our Services are intended for use by individuals and organizations. Where the Services are made available to you through an organization (e.g., your employer), that organization is the administrator of the Services and is responsible for the accounts. If this is the case, please direct your data privacy questions to your administrator, as your use of the Services is subject to that organization’s policies. We are not responsible for the privacy or security practices of an organization, which may be different than the ones described in this Privacy Statement.
To the extent that Discuss.io’s processing of your Personal Data is subject to the General Data Protection Regulation, Discuss.io relies on its legitimate interests, described above, to process your data. Discuss.io may also process Other Information that constitutes your Personal Data for direct marketing purposes, and you have a right to object to Discuss.io’s use of your Personal Data for this purpose at any time.
Discuss.io takes reasonable precautions to safeguard the information we collect in an effort to prevent loss, misuse and unauthorized access, disclosure, alteration and destruction.
If you use our Services, responsibility for securing your account rests with you and not Discuss.io. For example, it is your responsibility to keep your password confidential, and not share your credentials with others.
The video and audio of the interviews, the transcripts, and the chat room transcripts are made available to our Customers so they can better understand their customers.
Other Interview Data required only for the organization of an interview, such as demographic information, contact information, and answers to pre-screening questions will be destroyed at the completion of the project. Discuss.io retains interview data for up to three (3) years so our Customers can assess whether the changes they have made to the business as a result of the interview have been effective, or in accordance with a Customer’s instructions, including any applicable terms in the Customer Agreement, and as required by applicable law. The deletion of Interview Data and other uses of the Services by Customers may result in the deletion and/or de-identification of certain associated Other Information.
Discuss.io may retain Other Information about you for as long as necessary for the purposes described in this Privacy Statement. This may include keeping your Other Information after you have deactivated your account for the period of time needed for Discuss.io to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal and regulatory obligations, resolve disputes and enforce our agreements.
Age Limitations & Children’s Privacy and Consent
To the extent prohibited by applicable law, Discuss.io does not allow the use of our Services and Websites by anyone younger than 16 years old. If you learn that anyone younger than 16 has unlawfully provided us with personal data, please contact us and we will take steps to delete such information.
Discuss.io follows market research industry standards regarding the management of studies involving children younger than 16 years of age. When recruiting potential participants, the point of first communication is always with a parent or legal guardian, at which time we will inform that responsible adult of the type of data collected and how it is processed, used, and stored, as well as their right to be present during the interview. Parental or guardian consent is required prior to the collection of any personal data from a child.
International Transfer of Data
We collect information globally and primarily store that information in the United States. We may transfer, process and store your information outside of your country of residence, to wherever we, Discuss.io or our third-party service providers operate for the purpose of providing you the Services. Whenever we transfer your information, we take steps to protect it.
Discuss.io has released a Data Processing Agreement (“DPA”) that contains contractual commitments from us to help you respond to requests to correct, amend or delete personal data, detect and report personal data breaches and demonstrate your compliance with the GDPR. The DPA is available upon request via firstname.lastname@example.org.
EU-U.S. and Swiss-U.S. Privacy Shield
To comply with European Union and Swiss data protection laws, we are self-certified members of the E.U.-U.S. Privacy Shield and Swiss-U.S. Privacy Shield. This framework was developed to enable companies to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States. We comply with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
We have further committed to cooperate with the panel established by the EU data protection authorities and the Swiss Federal Data Protection and Information Commissioner (FDPIC) about unresolved Privacy Shield complaints concerning human resources data transferred from the EU, UK, and Switzerland in the context of the employment relationship.
In compliance with the Privacy Shield Principles, Discuss.io commits to resolve complaints about your privacy and our collection or use of your personal information. EU, UK, and Swiss individuals with inquiries or complaints regarding this statement should first contact Discuss.io at email@example.com.
Discuss.io has further committed to refer unresolved Privacy Shield complaints to Insights Association, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.insightsassociation.org/get-support/privacy-shield-program/privacy-shield-eu-swiss-citizens-file-complaint for more information or to file a complaint. The services of Insights Association are provided at no cost to you.
Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.
Human Resources Data
Discuss.io commits to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU, UK, and Switzerland in the context of an employment relationship with Discuss.io.
Subject to FTC Jurisdiction
Discuss.io's adherence to the Privacy Shield Principles is subject to the regulatory and enforcement powers of the Federal Trade Commission.
To learn more about the Privacy Shield Program, please see http://www.privacyshield.gov/welcome.
Data Protection Officer
To communicate with our Data Protection Officer, please contact us via email at firstname.lastname@example.org.
Data Protection Authority
Subject to applicable law, you also have the right to (i) restrict Discuss.io’s use of Other Information that constitutes your Personal Data and (ii) lodge a complaint with your local data protection authority. If you are a resident of the European Economic Area and believe we maintain your Personal Data within the scope of the General Data Protection Regulation (GDPR), you may direct questions or complaints to the lead supervisory authority in your country, link provided below for your convenience:
Changes to this Privacy Statement
Discuss.io may change this Privacy Statement from time to time. Laws, regulations and industry standards evolve, which may make those changes necessary, or we may make changes to our business. We will post the changes to this page and encourage you to review our Privacy Statement to stay informed. If we make changes that materially alter your privacy rights, Discuss.io will provide additional notice, such as via email or through the Services.
If you disagree with any changes to this Privacy Statement, you will need to stop using the Services or contact your organization’s administrator, as outlined above.
Please also feel free to contact Discuss.io if you have any questions about this Privacy Statement or Discuss.io’s practices, or if you are seeking to exercise any of your statutory rights. You may contact us at email@example.com, by using our Contact form (please include Data Compliance in the subject line), or at our mailing address below:
1300 N Northlake Way #103
Seattle, WA 98103