Effective date: May 25, 2018
This Privacy Statement describes how Discuss.io collects, uses and discloses information, and what choices you have concerning the information.
Updates in this version of the Privacy Statement reflect changes in data protection law in Europe, commonly referred to as GDPR. Also, we have worked to make the Privacy Statement clearer and more understandable by:
- organizing it into the sections listed in the Table of Contents below,
- providing a series of examples that help illustrate how the policies may be implemented by Discuss.io and
- defining and capitalizing a few terms that are used more than once for simplicity and brevity.
When we refer to “Discuss.io,” we mean the Discuss.io entity that acts as the controller or processor of your information, as explained in more detail in the “Identifying the Data Controller and Processor” section below.
Table of Contents:
- Applicability of this Privacy Statement
- Information we collect and receive
- What we do with your information
- How we share and disclose your information
- Your rights
- Data retention
- Age Limitations & Children’s Privacy and Consent
- International Transfer of Data; EU-U.S. and Swiss-U.S. Privacy Shield
- Data Protection Officer
- Data Protection Authority
- Changes to this Privacy Statement
- Contacting Discuss.io
Applicability of this Privacy Statement
This Privacy Statement applies to Discuss.io‘s online meeting rooms and platform, (collectively, the “Services”), www.discuss.io, and other interactions (e.g., customer service inquiries, user conferences, etc.) you may have with Discuss.io. If you do not agree with the terms, do not access or use the Services, Website or any other aspect of Discuss.io‘s business.
This Privacy Statement does not apply to any third party applications or software that integrate with the Services through the Discuss.io platform (“Third Party Services”), or any other third party products, services or businesses. Also, a separate agreement governs delivery, access and use of the Services (the “Customer Agreement”), including the processing of any audio, video, files or other content submitted through Services accounts (collectively, “Interview Data”).
Identifying the Data Controller and Processor
Data protection law in certain jurisdictions differentiates between the “controller” and “processor” of information. In general, Customers are the controller of Interview Data. In general, Discuss.io., a US company based in Seattle, Washington is the controller of Other Information and a processor of Interview Data relating to Authorized Users and Participants who use the Services.
Information we collect and receive
Discuss.io may collect and receive Interview Data and other information and data (“Other Information”) in a variety of ways:
Information you provide to us – Interview Data
Customers, individuals granted access to a Project by a Customer, and Service Providers (collectively, “Authorized Users”) routinely submit Interview Data to Discuss.io when using the Services, as do prospective and qualified participants (collectively, “Participants”).
We may ask Participants for information to determine your eligibility for a market research interview, for scheduling and coordination purposes, and during an interview. In the course of an interview, audio and video recordings will be created unless previously specified by a Customer. Examples of information required for participation in an interview include:
- Demographic information – Age, gender, geographic location, marital status, household income, profession – Used to determine your eligibility to participate in an interview
- Name – In screening you for eligibility, we will ask for your real name for coordination and scheduling purposes. During the interview setup, you may choose a nickname you want to use for the interview. We’d prefer that you use a nickname or a false name to ensure you remain anonymous! Just remember, the moderator and other participants will use that name during the interview, so be prepared to answer to it.
- Email address – For scheduling tech checks and interviews, and for payment of rewards after participating in the interview. We will not use your email address for any other contact.
- Phone number – To allow participants to join an interview should internet connectivity be inadequate. We may also use this number to provide technical assistance immediately prior to and during the session, as well as to send a reminder of the upcoming interview via SMS if you opt-in to receiving reminders. We may also use this number to contact you about the payment of rewards after participating. We will not use your phone number for any other purpose.
- Questions relevant to the purpose of the study – This could be anything from questions about personal hygiene or personal preferences to financial or health information. These questions may be asked in a survey to determine your eligibility to participate in an interview, and they may be asked again via video or with a Discuss.io employee to verify the authenticity of your survey responses. Finally, such questions may be asked in the course of the interview.
- Video and audio responses – We will collect these using your browser, your telephone, or both. These will only be obtained during the interview pre-screening, to determine compliance with the research objectives, and during the interview itself.
- Chat – Comments made in the public chat will be stored in our databases.
- Whiteboard input – When you have used the online whiteboard to add markings to the materials shared, we will record that data.
We may ask Authorized Users for identifying information such as name, phone number, email address, company name, and/or similar account details to create an account to organize and execute online market research. In the course of using our Services, Authorized Users may be required to provide Interview Data to participate in an interview.
Information we collect automatically when you use the services – Other Information
Certain Information is collected automatically and, if some Information, such as video and audio responses, is not provided, we may be unable to provide the Services. When you access or use our Services, we automatically collect Other Information about you, including:
- Log information: We log information about your use of the Services, including the type of browser you use, clickstream data, date/time stamp, pages and files viewed on our site (e.g., HTML pages, graphics, etc.), your IP address, and your bandwidth.
- Device information: We collect information about the computer or mobile device you use to access our Services, including the hardware model, operating system and version, unique device identifiers, mobile network information, and connected audio and video devices.
What we do with your information
Discuss.io uses the following services. Note that we do not share contact information of Authorized Users or Participants with any of these vendors.
- US-based WebRTC vendor to record video/audio. The vendor sends the video/audio directly to Discuss.io, with a maximum time of retention of three (3) days if Discuss.io is unable to receive the data immediately.
- US-based telephony vendors to provide inbound and outbound call capabilities. The vendors do not record any of the contents of the phone calls.
- US-based machine transcription service. The service creates a machine transcription of the audio content of the interview. The machine transcription is deleted as soon as it is successfully transferred to Discuss.io.
- Human transcription services are sourced from a pre-approved set of providers. The service creates a transcription of the audio content of the interview using human transcription for higher quality. The transcription is deleted as soon as it is transferred to Discuss.io.
- Rewards issuance services are sourced from a pre-approved set of providers. We provide your email address to these providers to issue payment for your participation in the interview.
- US-based infrastructure provider. We use Amazon Web Services to host our Services and to transcribe video into alternate formats. Amazon does not access any of your personal data.
Interview Data will be used by Discuss.io in accordance with Customers’ instructions, including any applicable terms in the Customer Agreement and Customer’s use of Services functionality, and as required by applicable law. Discuss.io is a processor of Customer Data and Customers are the controller. Customers may, for example, use the Services to grant and remove access to a project, schedule interviews, access, modify, export, share and remove Interview Data and otherwise apply its policies to the Services.
Discuss.io uses Other Information in furtherance of our legitimate interests in operating our Services, website, and business. More specifically, Discuss.io uses Other Information:
- To provide, update, maintain and protect our Services, website, and business. This includes the use of Other Information to support delivery of the Services under a Customer Agreement, prevent or address service errors, security or technical issues, analyze and monitor usage and trends.
- As required by applicable law, legal process or regulation.
- To communicate with you by responding to your requests, comments, and questions. If you contact us, we may use your Other Information to respond.
- To develop and provide research and insights-building tools and additional features. Discuss.io tries to make the Services as useful as possible for Authorized Users. For example, we may improve search functionality by using Other Information to help determine and rank the relevance of content to an Authorized User or make Services suggestions based on historical use and predictive models, identify organizational trends and insights, to customize a Services experience or create new productivity features and products.
- To send emails and other communications. We may send you service, technical and other administrative emails, messages and other types of communications. We may also contact you to inform you about changes in our Services, our Services offerings, and important Services-related notices, such as security and fraud notices. These communications are considered part of the Services, and you may not opt out of them. In addition, we sometimes send emails about new product features, promotional communications or other news about Discuss.io. These are marketing messages so you can control whether you receive them.
- For billing, account management, and other administrative matters. Discuss.io may need to contact you for invoicing, account management and similar reasons and we use account data to administer accounts and keep track of billing and payments.
- To investigate and help prevent security issues and abuse.
If Information is aggregated or de-identified so it is no longer reasonably associated with an identified or identifiable natural person, Discuss.io may use it for any business purpose. To the extent Information is associated with an identified or identifiable natural person and is protected as personal data under applicable data protection law, it is referred to in this Privacy Statement as “Personal Data.”
How we share and disclose your information
This section describes how Discuss.io may share and disclose Information. Customers determine their own policies and practices for the sharing and disclosure of Information, and Discuss.io does not control how they choose to share or disclose Information.
- Customer’s instructions. Discuss.io will solely share and disclose Interview Data in accordance with a Customer’s instructions, including any applicable terms in the Customer Agreement and Customer’s use of Services functionality, and in compliance with applicable law and legal process.
- Displaying the services. When an Authorized User or Participant submits Interview Data, it may be displayed to Authorized Users in the same interview. For example, a Participant’s name may be displayed with their video stream.
- Customers access. Owners, administrators, Authorized Users and other Customers representatives and personnel may be able to access, modify or restrict access to Other Information. This may include, for example, your employer using Service features to export logs of Services activity, or accessing or modifying any project artifacts such as video recordings or insights reports.
- Third party service providers and partners. We may engage third party companies or individuals as service providers or business partners to process Information and support our business. These third parties may, for example, provide virtual computing and storage services.
- During a change to Discuss.io’s business. If Discuss.io engages in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of Discuss.io’s assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence), some or all Information may be shared or transferred, subject to standard confidentiality arrangements.
- Aggregated or de-identified data. We may disclose or use aggregated or de-identified Information for any purpose. For example, we may share aggregated or de-identified Information with prospects or partners for business or research purposes, such as telling a prospective Discuss.io customers the average amount of time spent organizing a Project.
- To comply with laws. If we receive a request for information, we may disclose Information if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation or legal process.
- To enforce our rights, prevent fraud, and for safety. To protect and defend the rights, property or safety of Discuss.io or third parties, including enforcing contracts or policies, or in connection with investigating and preventing fraud or security issues.
- With consent. Discuss.io may share Information with third parties when we have consent to do so.
Individuals located in certain countries, including the European Economic Area (EEA), have certain statutory rights about their personal data. Subject to any exemptions provided by law, you may have the right to request access to Information, as well as to seek to update, delete or correct this Information.
If you are an Authorized User, you can usually do this using the settings and tools provided in your Services account. If you are an unregistered Participant and you wish to update, delete, or correct your Information, please email firstname.lastname@example.org. If desired, we will destroy all data associated with the entire interview and alert our partners and Customers to do the same (this right is limited to data which according to law and regulation may only be processed with your consent, if you withdraw your consent for processing). Please note that we may need to retain certain information for record keeping purposes, to complete transactions or to comply with our legal obligations. When technically feasible, Discuss.io will -at your request- provide your personal data to you or transmit it directly to another controller (this right is limited to data provided directly by you).
Our Services are intended for use by individuals and organizations. Where the Services are made available to you through an organization (e.g., your employer), that organization is the administrator of the Services and is responsible for the accounts. If this is the case, please direct your data privacy questions to your administrator, as your use of the Services is subject to that organization’s policies. We are not responsible for the privacy or security practices of an organization, which may be different than the ones described in this Privacy Statement.
To the extent that Discuss.io’s processing of your Personal Data is subject to the General Data Protection Regulation, Discuss.io relies on its legitimate interests, described above, to process your data. Discuss.io may also process Other Information that constitutes your Personal Data for direct marketing purposes, and you have a right to object to Discuss.io’s use of your Personal Data for this purpose at any time.
Discuss.io takes the security of your data very seriously. Discuss.io works hard to protect Other Information you provide from loss, misuse, and unauthorized access or disclosure. These steps take into account the sensitivity of the Other Information we collect, process and store, and the current state of technology. Given the nature of communications and information processing technology, Discuss.io cannot guarantee that Information, during transmission through the Internet or while stored on our systems or otherwise in our care, will be absolutely safe from intrusion by others.
The video and audio of the interviews, the transcripts, and the chat room transcripts are made available to our Customers so they can better understand their customers. Other Interview Data required only for the organization of an interview, such as demographic information, contact information, and answers to pre-screening questions will be destroyed at the completion of the project. Discuss.io retains interview data for up to three (3) years so our Customers can assess whether the changes they have made to the business as a result of the interview have been effective, or in accordance with a Customer’s instructions, including any applicable terms in the Customer Agreement, and as required by applicable law. The deletion of Interview Data and other uses of the Services by Customers may result in the deletion and/or de-identification of certain associated Other Information. Discuss.io may retain Other Information about you for as long as necessary for the purposes described in this Privacy Statement. This may include keeping your Other Information after you have deactivated your account for the period of time needed for Discuss.io to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal and regulatory obligations, resolve disputes and enforce our agreements.
Age Limitations & Children’s Privacy and Consent
To the extent prohibited by applicable law, Discuss.io does not allow the use of our Services and Websites by anyone younger than 16 years old. If you learn that anyone younger than 16 has unlawfully provided us with personal data, please contact us and we will take steps to delete such information.
Discuss.io follows market research industry standards regarding the management of studies involving children younger than 16 years of age. When recruiting potential participants, the point of first communication is always with a parent or legal guardian, at which time we will inform that responsible adult of the type of data collected and how it is processed, used, and stored, as well as their right to be present during the interview. Parental or guardian consent is required prior to the collection of any personal data from a child.
International Transfer of Data
We collect information globally and primarily store that information in the United States. We may transfer, process and store your information outside of your country of residence, to wherever we, Discuss.io or our third-party service providers operate for the purpose of providing you the Services. Whenever we transfer your information, we take steps to protect it.
Discuss.io has released a Data Processing Agreement (“DPA”) that contains contractual commitments from us to help you respond to requests to correct, amend or delete personal data, detect and report personal data breaches and demonstrate your compliance with the GDPR. The DPA is available upon request via email@example.com.
EU-U.S. and Swiss-U.S. Privacy Shield
To comply with European Union and Swiss data protection laws, we are self-certified members of the E.U.-U.S. Privacy Shield and Swiss-U.S. Privacy Shield. This framework was developed to enable companies to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States. We comply with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
We have further committed to cooperate with the panel established by the EU data protection authorities and the Swiss Federal Data Protection and Information Commissioner (FDPIC) about unresolved Privacy Shield complaints concerning human resources data transferred from the EU and Switzerland in the context of the employment relationship.
To learn more about the Privacy Shield Program, please see http://www.privacyshield.gov/welcome.
Data Protection Officer
To communicate with our Data Protection Officer, please contact us via email at firstname.lastname@example.org.
Data Protection Authority
Subject to applicable law, you also have the right to (i) restrict Discuss.io’s use of Other Information that constitutes your Personal Data and (ii) lodge a complaint with your local data protection authority. If you are a resident of the European Economic Area and believe we maintain your Personal Data within the scope of the General Data Protection Regulation (GDPR), you may direct questions or complaints to the lead supervisory authority in your country, link provided below for your convenience:
Changes to this Privacy Statement
Discuss.io may change this Privacy Statement from time to time. Laws, regulations and industry standards evolve, which may make those changes necessary, or we may make changes to our business. We will post the changes to this page and encourage you to review our Privacy Statement to stay informed. If we make changes that materially alter your privacy rights, Discuss.io will provide additional notice, such as via email or through the Services.
If you disagree with any changes to this Privacy Statement, you will need to stop using the Services or contact your organization’s administrator, as outlined above.
Please also feel free to contact Discuss.io if you have any questions about this Privacy Statement or Discuss.io’s practices, or if you are seeking to exercise any of your statutory rights. You may contact us at email@example.com, by using our Contact form (please include Data Compliance in the subject line), or at our mailing address below:
1300 N Northlake Way #103
Seattle, WA 98103