Last updated: 18 February 2021 v1
Curizon Panel Privacy Notice
Who are we?
We are Toluna part of Toluna Holdings Limited, a worldwide group ("We" "Our" "Us" or "Curizon”). You can see who our group members are by clicking on the link below:
Curizon is an online data collection group focused on providing high-quality market research data to its clients who are in various business sectors, including other market research agencies and other global and corporate clients of all sizes. We also build and maintain large online consumer panels, providing real-time digital consumer insights to our clients via our market research surveys and analytics platforms.
Curizon is the controller and responsible for your personal data.
We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the DPO at https://www.curizon.com/contactus and completing the ‘New Issue’ form.
What is our Privacy Commitment to you?
We respect your privacy and are committed to protecting your personal data. This privacy notice describes how we collect, use, share and secure personal data you provide on http://www.curizon.com (our "site”) when you become a member of our panel and participate in surveys and/or research studies ("surveys”) that we conduct for, and on behalf of our clients. It also explains your privacy rights and how laws that are applicable to you may protect you and is intended to supplement other notices and privacy policies and not to override them.
The registration, use of and access to your Membership and use of our systems and media ("Services”) are subject to this privacy notice.
This privacy notice is provided in a layered format so you can click through to the specific areas set out below. Please also use the Glossary to understand the meaning of some of the terms used in this privacy notice.
Frequently asked questions:
- Who are we?
- What is our Privacy Commitment to you?
- What personal data do we collect about you?
- How do we use your personal data?
- Who do we share your personal data with?
- Do we transfer your personal data to other countries?
- What cookies do we use on our site?
- What other tracking technologies do we use for surveys you participate in and for other purposes?
- What security measures do we undertake to protect your personal data?
- What are our data retention and destruction policies?
- Business Transfers
- Children’s privacy
- Your rights
- Changes to the privacy notice and your duty to inform us of changes
- Privacy contact details
What personal data do we collect about you?
Personal data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (i.e. anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:
- Identity data – name (includes first, last, maiden and married names), date of birth, marital status, gender, panellist id, and username.
- Contact data – postal address, email address, and telephone number.
- Special categories of personal data – ethnic/racial origin, health, genetics, political opinion, religion, sexual orientation and sex life. (We don’t collect any Special Categories of personal data about you)
- Demographic/Profile data – occupation, job title, feedback and survey responses and including, but not limited to; age, gender, birthday, education, skills experience, specialties and employment status.
- Technical data includes internet protocol (IP) addresses, login data, browser type, and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
- Pseudonymised data are identifiable data as unique identifiers e.g. panellist ID’s or Technical data are used, however direct identifiers, such as; name and Contact data are removed.
Influencers Panel Members
When you agree to become a member of our Curizon panel ("Member"), you are able to participate in our surveys. Our partners who invited you to join our panel via their website, by email or other means such as via Social media platforms will ask you to complete the registration form via the links displayed.
How do we use your personal data?
In the table below, we have set out a more detailed explanation of the ways in which we use your personal data.
In many countries, we are required by law to explain the legal bases we rely on when we process your personal data. These legal bases are listed as follows and we may use more than one lawful basis when processing your personal data.
Consent – In certain cases, we collect and process your personal data with your consent e.g. when you participate in surveys, we will ask you if you wish to participate.
Contractual obligations – In some circumstances, we need to process your personal data to comply with a contractual obligation e.g. when we use your personal data to send you your rewards.
Legal compliance – If the law requires us to, we may need to collect and process your personal data in response to lawful requests by public authorities or if e.g. we believe in good faith that disclosure is necessary to protect our rights, to protect your safety or the safety of others, to investigate fraud or breaches of our site terms, or to respond to a government request.
Legitimate interest – means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
|Activity||Purpose||Type of data|
|Your Membership||To register and process your application to be a Member||(a) Identity data
(e) Technical Data
(f) Pseudonymised data (panellist ID)
|To manage our relationship with you, which will include:
(d) Demographic / Profile
(e) Technical data
(f) Pseudonymised data (panellist ID)
|Research surveys||We will ask you to participate in and provide feedback via surveys, including you telling us about your experiences, skills and knowledge. This may also include analyzing your thoughts and views in different ways and for different purposes, but only provided such uses are for market research.||(a) Identity
(d) Demographic / Profile
(e) Technical data
(f) Pseudonymised data (panellist ID)
|Scientific research/Safety monitoring (Pharmacovigilance Adverse Events Reporting)||We may ask you to participate in surveys for clients who are from a variety of types of organisations such as; public health organisations, commercial or charity organisations or academics from universities, etc and may be conducted using a variety of methods.||(a) Identity
(d) Demographic / Profile
|Profiling||We may use your Demographic/Profile data for profiling purposes and (if you previously gave us your speciality), we may also use those information for profiling purposes, provided this is permitted under local law. This means we will match you with appropriate surveys to see if you qualify for particular surveys. Your birth date is automatically updated so that we may ensure we select individuals, based on their age as may be required for the relevant survey||(d) Demographic / Profile|
|Legal/public authority disclosure||Though we make every effort to preserve your privacy, we may be required to disclose your personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements; or to comply with a subpoena, warrants, court orders or other legal process or regulatory requirements, and when we believe in good faith that disclosure is necessary to protect our rights, to protect your safety or the safety of others, to investigate fraud or breaches of our site terms, or to respond to a government request.||(a) Identity
(d) Demographic / Profile
(e) Technical data
(f) Pseudonymised data
|Fraudulent and quality checking||We use multiple Technology data for quality control, validation, and fraud detection and prevention purposes, including assisting us in ensuring the integrity of survey results. Please see the section entitled ‘What other tracking technologies do we use for surveys you participate in and for other purposes?’ for more on this.||(e) Technical data
(f) Pseudonymised data
Who do we share your personal data with?
Any of our group members found at https://www.tolunacorporate.com/locations may access or use your personal data for the purposes set out in table above and/or to carry out our regular business activities, such as to provide, maintain and personalise our sites and services, to communicate with you, and to accomplish our legitimate business purposes, pursuant to contractual safeguards.
In general, responses we collect from you via our surveys are provided to our clients either in anonymised and aggregated form or in pseudonymised form. If we provide the results in anonymised and aggregated form, the results include information about groups of individuals and not on an individual level. If we provide the results in pseudonymised form, the results will be on an individual basis, using unique identifiers, such as your assigned panellist ID, but will not include your Identity data or Contact data.
Identity data or Contact data about you would only be provided to our clients in specific surveys for the purposes of research and we would never provide such data to our clients unless we have first received your consent and confirmed with them that their use is in accordance with applicable law and market research codes of practice.
From time to time we may engage third parties to issue you with cheques or processing the delivery of your rewards. Such third parties are not allowed to use your personal data for any other reason and we enter into contracts with those third parties to ensure your personal data is kept secure and erased in accordance with our data retention and destruction policies.
Though we make every effort to preserve your privacy, we may be required to disclose your personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may also disclose your personal information as required by law, such as to comply with a subpoena or other legal process, when we believe in good faith that disclosure is necessary to protect our rights, to protect your safety or the safety of others, to investigate fraud or breaches of our site terms, or to respond to a government request.
Please see the table above for more on these uses.
Do we transfer your personal data to other countries?
Curizon is a trading name of Toluna, which is a global company and your personal data is transferred to other members of the Toluna group of companies and trusted service providers, who are located in countries other than where you live. Please be aware that laws in other countries may differ from the laws applicable in your own country of residence. See the attached list of all the Toluna companies: https://tolunacorporate.com/locations/.
If you reside in the EEA or the UK, to comply with the General Data Protection Regulation (GDPR) and/or UK data protection legislation, Toluna has put in place adequate safeguards to protect your data and your rights, including standard data protection clauses for the transfer of personal data to third parties in non-adequate countries as decreed by the European Commission.
Toluna USA Inc., - The EU-U.S. Privacy Shield Framework
Our global back-up and hosting service centre is located in the USA. Toluna USA Inc., (“Toluna USA”) is a member of the Toluna group of companies and all data we use are transferred to Toluna USA for those purposes. Toluna USA recognises that the EEA has established strict protections regarding the handling of personal data from the EEA, including requirements to provide adequate protection for such personal data transferred outside of the EEA and Toluna SAS has entered into standard contractual clauses with Toluna USA Inc., in respect of the processing of personal data in the USA. Toluna ensures that it provides adequate protection for the processing of certain EEA personal data about all individuals (including about you).
Toluna USA participates in and has certified its compliance with the EU-US Privacy Shield Framework Toluna is committed to subjecting all personal data received from European Union (EU) member countries, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List. [https://www.privacyshield.gov/list].
Toluna USA is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf (Iron Mountain). Toluna USA complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, UK and Switzerland, including the onward transfer liability provisions. If there is any conflict between the terms of this privacy notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern.
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Toluna is subject to the regulatory enforcement powers of the US Federal Trade Commission. For more information about the Privacy Shield, see the US Department of Commerce's Privacy Shield website located at https://www.privacyshield.gov. In certain circumstances, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In compliance with the Privacy Shield Principles, Toluna USA commits to resolve complaints about its collection or use of your personal data. Individuals residing in the EEA or the UK with enquiries or complaints regarding our Privacy Shield policy should first contact the Data Protection Officer at https://www.curizon.com/contactus and complete the ‘New Issue’ form.
Under certain conditions, more fully described on the Privacy Shield website https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted (See more under How do you ask a question or make a complaint? below.
What cookies do we use on our site?
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer's hard drive.
What other Tracking Technologies do we use for surveys you participate in and for other purposes?
Automated technologies or interactions.
Server log files:
We may collect Internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data. This Technical data may be combined with other information collected about you for the purposes of improving our services, site functionality and collecting analytical data.
In general, digital Fingerprinting technologies assign a unique identifier or "Machine-ID" to a user's computer to identify and track your device (“Technology"). The Technology will analyse publicly available information and data obtained from your computer's web browser and from other publicly available data points, including the technical settings of your computer, the characteristics of your computer, and its IP Address, to create a unique identifier, which will be assigned to your device. We use the Technology for quality control, validation, and fraud detection and prevention purposes, including assisting us in ensuring the integrity of survey results. Appropriate technical and operational processes and procedures will be put in place to ensure that the Technology is safe, secure and does not cause undue privacy or data security risks and the Technology will be used and distributed in a professional and ethical manner and in accordance with (a) this privacy notice, (b) any other statements and/or disclosures made to you as a member of the community and (c) applicable laws and market research codes of practice. In the event any unethical conduct is discovered in connection with the use of the Technology, or that the Technology is being used in a manner that is inconsistent with privacy notice, immediate action will be taken to prohibit such unethical conduct and to ensure the proper administration of the Technology.
We partner with third parties to either display advertising on our site or to manage our advertising on other sites. Our third-party partners may use technologies such as cookies to gather information about your activities on their site and other sites in order to provide you advertising based upon your browsing activities and interests. If you wish to not have this information used for the purpose of serving you interest-based ads, you may opt-out by clicking here (or if you are located in the EEA or the UK click here). Please note this does not opt you out of being served ads. You will continue to receive generic ads.
In general, digital Fingerprinting technologies assign a unique identifier or "Machine-ID" to a user's computer to identify and track your computer. We will not use digital fingerprinting technology (the “Technology") to collect your Identity or Contact data, or track your online activities; and will not disrupt or interfere with the use or control of your computer or alter, modify or change its settings or functionality. Occasionally, in specific market research programs, we will use the Technology to assist our clients in ensuring the integrity of survey results. The Technology will analyse publicly available information and data obtained from your computer's web browser and from other publicly available data points, including the technical settings of your computer, the characteristics of your computer, and its IP Address, to create a unique identifier, which will be assigned to your computer. The unique identifier will be an alpha-numeric ID In order to assist our clients in protecting and ensuring the integrity of survey results, we may; (a) link or associate your unique identifier to you and any of your personal data; (b) share your unique identifier with our clients and with other sample or panel providers; and (c) receive or obtain a unique identifier linked to you from a third party, including without limitation a sample or panel provider or our client, however, we will only provide such information to any third parties (including our clients) on an aggregated and anonymised or pseudonymised basis. In addition, any unique identifier(s) received or obtained by us and linked to you will be protected in accordance with this privacy notice and if required by law, we will ask for your consent in advance.
We shall do everything we can to ensure that the Technology is safe, secure and does not cause undue privacy or data security risks and we shall use and distribute the Technology in a professional and ethical manner and in accordance with (a) this privacy notice, (b) any other statements and/or disclosures made by us to you and (c) applicable laws and market research codes of practice. In the event that we discover or learn of any unethical conduct in connection with the use of the Technology, or that the Technology is being used in a manner that is inconsistent with the statements and/or disclosures made by us to you or is in breach of applicable laws and the market research codes of conduct, we will take immediate action to prohibit such unethical conduct and to ensure the proper administration of the Technology.
What security measures do we undertake to protect your personal data?
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
Although we do everything we can to keep your data safe, unfortunately, no systems can guarantee they are 100% secure. If you have questions about the security of your personal data, or if you have reason to believe that the personal data that we hold about you is no longer secure, please contact us immediately as described in this Privacy Notice.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator or supervisory authority of a breach where we are legally required to do so.
What are our data retention and destruction policies?
How long will you use my personal data for?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
If you are a citizen or resident of the EEA or the UK, or we are processing your personal data in the EEA or the UK, in some circumstances you can ask us to delete your data: see the section entitled Your legal rights below for further information.
As the results of the surveys and other aggregated or Pseudonymised data are used for research, scientific, historical and/or statistical purposes (whether publicly or privately funded), we and our clients or other third parties may use this information for such purposes in accordance with the terms indefinitely without further notice to you.
As we continue to develop our business, we might sell or buy additional assets. In such transactions, Toluna's right to contact you as a Member and the information you have voluntarily provided in your user profile would generally be one of the transferred business assets. Any merger, sale or transfer of Toluna of substantially or all of its business assets (which included our influencer panel), or other fundamental corporate transaction would be to an entity that agreed to comply with all of the material terms of our privacy notice. You will be notified via email and/or a prominent notice will be posted on our site if any transaction may result in any new proposed uses of your personal data which are incompatible with the uses set out in this Privacy Notice and of the choices you may have regarding your personal data.
From time to time we may offer visitors the ability to voluntarily link to other sites. Toluna does not review, and is not responsible for, the content or effect of the privacy policies of these sites.
Toluna will not knowingly collect any information from any child under the age of 16.
How do you access your information; use the member services area and/or update, correct or delete your information?
Upon request, Toluna will provide you with information about whether we hold any of your personal data. You may access, correct, or request the deletion of your personal data, or terminate your membership by visiting https://www.curizon.com/contactus and completing the ‘New Issue’ form You may also write to us at the postal address found at the end of this privacy notice, or contact us here. We will respond to all requests within a reasonable timeframe.
How do you terminate your panel membership?
If you choose to end your membership with Curizon, you may unsubscribe by either clicking the relevant link on email survey invitations or by visiting https://www.curizon.com/contactus and completing the ‘New Issue’ form.
In most cases it will take 2 to 3 days to process this change, but please allow up to two full weeks for your status to be finalised. Please note that you may continue to receive communications during this short period after changing your preferences while our systems are fully updated.
If you terminate your membership, we will no longer use your personal data to contact you, but in accordance with our backup procedures, we will retain your personal data until your personal data are eventually destroyed in accordance with our data retention and destruction policies and we will continue to employ the security procedures and technologies to keep your personal data safe.
How do you ask a question or make a complaint?
You can direct any questions or complaints about the use or disclosure of your personal data to our https://www.curizon.com/contactus and completing the ‘New Issue’ form. We will investigate and attempt to resolve any complaints or disputes regarding the use or disclosure of your personal data within 30 days of receiving your complaint.
We have registered with La Commission Nationale de l’informatique et des Libertés (CNIL) as our Lead Supervisory Authority. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, then you may make a complaint to the CNIL.
Under certain conditions, more fully described on the Privacy Shield website https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
You may have the option to select binding arbitration for the resolution of your complaint under certain circumstances, provided you have taken the following steps: (1) raised your complaint directly with Toluna and provided us the opportunity to resolve the issue; (2) made use of the independent dispute resolution mechanism identified under the How do you ask a question or make a complaint? paragraph below; and (3) raised the issue through the relevant data protection authority and allowed the US Department of Commerce an opportunity to resolve the complaint at no cost to you. For more information on binding arbitration, see the US Department of Commerce Privacy Shield Framework: Annex 1 (Binding Arbitration) at https://www.privacyshield.gov/EU-US-Framework.
Your other rights
- request access to your personal data and we may conduct ID checks before we can respond to your request.
- have your personal data erased, corrected or restricted if it is inaccurate or requires updating. You may also have the right under certain circumstances to request the deletion of your personal data; however, this is not always possible due to legal requirements and other obligations and factors. You can update your account information via your Account or by contacting us at the address given below.
Your rights in California
You have certain rights under the California Consumer Privacy Act 2018 (CCPA) if you are citizen of California. You can exercise the above rights by:
- calling us on the toll-free number 877-438-4224.
- contacting us at https://www.curizon.com/contactus and completing the ‘New Issue’ form process
- writing to us at the address given under the Privacy Contact Details; or
- following the process under the paragraph How do you terminate your influencers panel membership? Above
If you wish to opt out of our Membership program, you may do so in accordance with the process under the paragraph How do you terminate your influencers panel membership? above. Once you make an opt-out request, we will remove you from our Influencer panel and we will not contact you again unless you decide to re-register with us.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not exclude you from participating in any Surveys you may be eligible for on the basis of you exercising your CCPA rights.
Please note that you do not have the right to the erasure of the results of any surveys you participated in and we have provided to our clients in accordance with uses set out in the table under [What personal data do we collect about you and how do we use your personal data?]. Those results may include your Demographic and Profile data and/or Technical data but will not include any of your Identity data or Contact data allowing you to be directly identified. We don’t erase the results of the Surveys you participated in because we provide you with certain financial incentives as permitted by the CCPA. When you became a Member, you opted in to participate in Surveys from time to time and by way of a contract between you and us, we have provided you with certain rewards, such as; Toluna points and/or participation in our sweepstakes in return for; your time; your participation in surveys; and giving us your opinions. The rules on those rewards are found here: https://www.curizon.com/Terms
Your rights in the EEA and the UK
If you are in the EEA or the UK, you additionally will have the right to:
- have your personal data transferred to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- make a complaint at any time to:
We would, however, appreciate the chance to deal with your concerns before you approach the data protection regulator so please contact us in the first instance.
Changes to the privacy notice and your duty to inform us of changes
We reserve the right to modify this privacy statement at any time, so please review it frequently. If we do decide to change our privacy notice, we will post those changes to this privacy statement on the homepage, or other places we deem appropriate so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If we make material changes to this policy, we will notify you here, by email, or by means of a notice on our home page prior to the change becoming effective.
It is important that the personal data we hold about you is accurate and current. Please keep your Account details updated if your personal data changes during your relationship with us.
Privacy contact details
If you live outside the EEA or the UK - You may contact us by writing to:
The Privacy Officer
501 Merritt 7, 6th Floor,
Norwalk, CT 06851
If you are living in the EEA or the UK - You may contact us by writing to:
The Data Protection Officer
85 Uxbridge Road