How we collect your information
We collect your personal information whenever you interact with us, our site or our partners such as when you participate in a study. Additionally, we look at how visitors to sonarapp.com interact with the site in order to gain insights into how to improve our own customer experience. We collect information when:
- You participate in a study using our site through video and screen recording in addition to the information that you fill out during and before the test;
- You contact us directly through email, phone, post, or message functions;
- You browse and interact with sonarapp.com.
What information we collect
UserTribe store and process personal data submitted by you such as but not limited to your name, address, e-mail, telephone number, bank information, gender, date of birth and occupation. Testers should be aware that by participating in studies, they may be disclosing information that could make them personally identifiable to UserTribe clients. Testers should be aware that they are responsible for the content provided during their user tests. UserTribe will not process personal data for purposes or by other means than as instructed by clients or as otherwise necessary to provide the services. In order to provide the services to clients, UserTribe collects certain types of data from its clients. Further, clients may collect or request information from testers when utilising the services, subject to the terms of service entered into between UserTribe and all clients.
Use of your information
UserTribe will only process information about you if there is a lawful basis for doing so and if there is a specific reason to do so that cannot be done without processing of your data. These lawful bases are: if we need to process your information in order to provide you with the service you have requested or to enter into a contract; we have your consent; we have a legitimate reason for processing your data, or we are under a legal obligation to do so. We have a legal obligation for the processing of selected personal data as required by Danish law and International law:
- In order to prevent and detect fraud, money laundering and other financial crimes;
- Comply with any legal or regulatory obligation that may be relevant to us.
Where you have given us the consent to do so we may process select personal data, this consent may be withdrawn in according to the “Your Rights” section:
- To provide coverage of the monthly newsletter for direct marketing purposes;
- Segmentation of participants into groups based on pre-existing conditions required by
Personal data may also be processed for purposes related to the performance of a contract or if it required to enter into a contract:
- To enable us to provide you with access to the relevant parts of the sites;
- Supply the services that you have requested;
- Process and collect payments from you;
- Contracting you regarding the services that you have requested from us.
Processing may also occur where we have a legitimate interest in doing so or where you have given explicit consent. Where processing occurs due to our legitimate interest, we will have conducted a litmus test in order to ensure that our interests do not override your rights:
- Enables identification of the individual to prevent fraud;
- Contacting and payments of participants within and after conducting studies;
- Segmentation of target group required by clients;
- Gathering insights into the thoughts and emotions of participants through video, audio
recording and/or screen capture on a subject.
UserTribe will not retain your information for longer than we believe is necessary and for maximum five (5) years. Each category of information that we collect is evaluated and retained as long as required in order to fulfil the purposes set out in the “Use of Information” section, in line with our legitimate interest or as is required by national regulation/law. For more details relating to how long categories of your information are stored, please contact us through the details mentioned previously.
You have the following rights in relation to our processing of your personal data at set out in the GDPR, if you wish to exercise any of these rights, contact firstname.lastname@example.org. Below you can find a more thorough definition of each of your rights.
1. The right to be informed. You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is provided by us through this document.
2. The right of access. You have the right to obtain access to your information that we are processing. This right can be exercised by requesting the information at the contact details listed above.
3. The right to rectification. You are permitted to have your information corrected if it is inaccurate or incomplete. You can request that we rectify any errors in the information that we hold by contacting us through the details listed above.
4. The right to erasure. More commonly known as “the right to be forgotten” allows you to request the deletion or removal of certain of the information that we hold about you if certain conditions are met (You can find out more about this by reading https://gdpr-info.eu/art-17-gdpr/). You can request that we erase your information that we hold by contacting us through the details listed above.
5. The right to restrict processing. You have rights to stop further use of your information. When processing is restricted, we can still store your information, but will not use it further.
6. The right to data portability. You have the right to obtain your personal information in an accessible and transferrable format so that you can re-use it for your own purposes with another controller.
7. The right to lodge a complaint. You have the right to lodge a complaint about the way we handle or process your information with the national data protection authority.
8. The right to withdraw consent. If you have given your consent to anything we do with your information (i.e. we rely on consent as a legal basis for processing your information), you have the right to withdraw that consent at any time. You can do this by contacting us (see Contact Details). Withdrawing consent will not however make unlawful our use of your information while consent had been apparent.
9. The right to object to processing. You have the right to object to certain types of processing, including processing for direct marketing and profiling based on your personal situation.
Disclosure of your information
UserTribe is the data controller for this personal data and will as a starting point not disclose your personal data to a third party unless to service providers and joint data controllers, who undertake work on behalf of or with UserTribe. This includes the sharing of participant videos recorded during studies to clients along with first name and job title or company in order to fulfil our contract with the client.
How we keep it secure
UserTribe has agreed on internal rules of security of information, which contain instructions and precautions protecting user’s personal data against determination, loss, or amendments against unauthorized publication and against that unauthorized person get access or knowledge to the user’s personal information. For this UserTribe has a specific named person for staff to turn to, if a breach occurs and procedures for reporting a breach within 72 hours to the Data Protection Agency. Additionally, UserTribe is a Danish Company whose primary offices are in Copenhagen. All websites in use are hosted within the EU as well as backups of the information contained in multiple EU cities. Any information that is transferred outside of the EU has the appropriate contractual and security measures in place to ensure that the personal data is protected to industry-standard levels.
Our customer relationship management, marketing and accounting systems for all our businesses are either EU-based or hosted by companies participating in the EU-US Privacy Shield Framework.
We may change this privacy statement from time to time. Laws, regulations and industry standards evolve, which may make those changes necessary, or we may make changes to our business. We will post the changes to this page and encourage you to review sonarapp.com to stay informed. If we make changes that significantly alter the terms, then we shall provide additional notice, through an email or more substantial form of communication.
Last updated: 15 February 2019
If you have a complaint about how we use your personal information, please contact us at the address below. You also have the right to lodge a complaint with Datatilsynet in Denmark at any time through the following methods. Address: Datatilsynet, Borgergade 28, 5. DK-1300 Copenhagen K
Telephone number: +45 33 19 32 00
Telephone: +45 77 34 86 85