Community Marketing & Insights Privacy Notice
Privacy Notice
Effective Date: December 16, 2019
Data Controller Contact Information:
LGBTQ, Inc. (DBA Community Marketing & Insights)
145 Corte Madera Town Center #202
Corte Madera CA 94925 USA
[email protected]
415-343-4656 or toll-free at 844-542-8746
This document governs the privacy notice of our websites www.CMI.info, communitymarketinginc.com, TAGApproved.com and CMI’s LGBTQ research practice.
Our privacy notice tells you what personal data and nonpersonal data we may collect from you, how we collect them, how we protect them, how we share them, how you can access and change them, and how you can limit our sharing of them. Our privacy notice also explains certain legal rights that you have with respect to your personal data. Any capitalized terms not defined herein will have the same meaning as where they are defined elsewhere on our website.
About LGBTQ, Inc. and Community Marketing & Insights
Community Marketing & Insights (CMI) is a trade name of LGBTQ, Inc. We are an LGBTQ-owned and -operated research firm, based in Corte Madera CA, USA (outside of San Francisco).
Community Marketing & Insights is primarily a research company specializing in supporting the LGBTQ community. We do not sell or rent to outside parties our panel/subscriber email addresses, contact information, or data that can be connected to your personal data. We are not a direct marketing firm, a telemarketing firm, nor a firm that does telephone polling; we will not call you without asking your permission and making arrangements in advance. We will not contact research panel members for any reason other than for research projects or to provide information about the research practice. We will never ask research panel members for financial/banking information, social security number, driver’s license number, credit card numbers or an exact date of birth. We may ask customers who purchase research products from CMI some of this information above only for the purposes of paying for a product or service.
Definitions in this Document
‘NONPERSONAL DATA’ (NPD) is information that is in no way personally identifiable.
‘PERSONAL DATA’ (PD) means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified directly or indirectly by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. PD is in many ways the same as Personally Identifiable Information (PII). However, PD is broader in scope and covers more data.
Topics Covered in Our Privacy Notice
YOUR RIGHTS
INFORMATION WE COLLECT AND HOW WE COLLECT IT
HOW YOUR INFORMATION IS USED AND SHARED
RETAINING AND DESTROYING YOUR PD
UPDATING YOUR PD
REVOKING YOUR CONSENT FOR USING YOUR PD
PROTECTING THE PRIVACY RIGHTS OF THIRD PARTIES
DO NOT TRACK SETTINGS
LINKS TO OTHER WEBSITES
PROTECTING CHILDREN’S PRIVACY
OUR EMAIL POLICY
OUR SECURITY POLICY
USE OF CREDIT CARDS
CHANGES TO OUR PRIVACY NOTICE
YOUR RIGHTS
If you want to exercise any of your rights included in this privacy notice, contact us by using the information at the top of this privacy notice.
When using our services and submitting PD to us, you have certain rights.
- The Right to Be Informed – You have the right to be informed about the PD that we collect from you and how we process them.
- The Right of Access – You have the right to get confirmation that your PD are being processed and you have the ability to access your PD.
- The Right to Erasure (Right to Be Forgotten) – You have the right to request the removal or deletion of your PD if there is no compelling reason for us to continue processing them.
- The Right to Restrict Processing – You have the right to ‘block’ or restrict the processing of your PD. When your PD are restricted, we are permitted to store your data, but not to process them further.
- Automated Individual Decision-Making and Profiling – You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects regarding you or similarly significantly affects you.
You Have the Right Not to Have Your Personal Information Sold
CMI does not sell your personal data. CMI does not collect most of the data mentioned below. However, we must inform you of this right. See further section that describes the information that we do collect. You have the right to request that we do not sell any of your personal information. Personal information for this section means a natural person’s first name or first initial and last name in combination with any one or more of the following data elements when the name and data elements are not encrypted: social security number, driver’s license number, driver authorization card number, or identification card number. Account number, credit card number, or debit card number, in combination with any required security code, access code, or password that would permit access to the person’s financial account. A medical identification number or a health insurance identification number. A username, unique identifier, or electronic mail address in combination with a password, access code, or security question and answer that would permit access to an online account.
If you wish to make this request, please email us at: [email protected] telling us that you do not want to have any of your personal information sold. Please include enough personal information so that we can reasonably verify your identification. We will respond to your request within 60 days after receiving it.
Your California Privacy Rights
Californian consumers have certain rights under the California Consumer Privacy Act (CCPA) AB 375. For us to comply with some of these rights, we must be able to reasonably verify a consumer’s identity. These rights include:
- the right of Californians to know what personal information is being collected about them
- the right of Californians to know whether their personal information is sold or disclosed and to whom
- the right of Californians to say no to the sale of their personal information
- the right of Californians to access their personal information
- The right to data portability. Californians have the right to request
- their personal information that they provided to us and use them for their own purposes. We will provide Californians their personal information within 30 days of their request
- the right of Californians of the deletion of their personal information
- the right of Californians of equal service, price, and not being discriminated against even if they exercise their privacy rights
one or more designated means for Californian consumers to submit requests under the CACPA including (at minimum) a toll-free telephone number, and if the business maintains an Internet website, a website address - the right of Californians to designate an authorized agent to make a request on their behalf. When designating an authorized agent, you must provide a valid power of attorney, the requester’s valid government issued identification, and the authorized agent’s valid government issued identification.
These rights include the right to request what personal information we collect and disclose about consumers.
Personal information includes:
- categories of personal information that a business collected about the consumer
- categories of sources from which the personal information was collected
- specific pieces of personal information that the business has collected about consumers
- categories of third parties with whom the business shares personal information
- the business or commercial purpose of collecting or selling personal information
INFORMATION WE COLLECT AND HOW WE COLLECT IT
Generally, you control the amount and type of information that you provide to us when using our website and responding to our research projects.
The CMI LGBTQ Research Panel
For the purposes of inviting individuals into various LGBTQ research projects, CMI maintains a research participant panel.
The panel contains the following information that participants self-provide. When panel participants provide this information on the panel sign-up survey, participants give consent to both maintain this information on the research panel database, and email participants about future research projects.
- Email address to invite participants to the research
- Gender identity
- Sexual orientation
- Race/Ethnicity
- Year of birth
- State and/or country of residence
- Type of community (i.e. urban, rural etc.)
- Household income
- Education level
- Relationship status
- Parental status
- Which research projects you completed with CMI (but not the responses to the survey questions)
No other information is maintained in the panel. This is the only database of information that is considered ongoing. All other data is deleted periodically (see following section). CMI may update the above information based on your opt-in participation in future surveys after signing up for the panel.
Emails Inviting You to Participate in Research Are Sometimes LGBTQ-specific
As a panel member CMI will invite you to participate in various research projects. We are an LGBTQ research company, therefore the research will be LGBTQ-oriented (lesbian, gay, bisexual, transgender, queer). Our emails may include subject lines such as: “New LGBTQ Research Project on Food” or “We Need More Lesbian and Bi+ Women to Take a Survey.” We mention this because the titles and content of our emails are LGBTQ-specific and may carry risk of “outing” you should others have access to your email account.
Individual Research Projects
As a panel member, you will be given the option of participating in various research projects. These projects will ask a variety of questions, and some questions may be personal. Personal and non-personal data is collected through our third-party research software (see later section).
When collecting personal and non-personal data for any individual research project, the information that you provide is connected to your personal information in two ways: First through the email address that you provided to be part of the panel and second the survey software may collect your IP address and other information (see future section).
CMI maintains all data collected for that project in the research software system for the purposes of the individual research project. CMI maintains this information in the third-party research software for a period of no longer than 12 months from the time the data is provided by a panel member. Once deleted, the participant and CMI staff cannot trace back responses to the individual. CMI has been conducting research for over 20 years. Some may wonder how much past information is saved in our systems from past research projects. The answer is not much. As indicated earlier, all data connected to the individual from past research projects has been deleted if greater than 12 months in the past. The aggregate research report may still exist. The one personal data exception is the research panel database discussed earlier; this panel database is ongoing.
Third Party Referral Projects
Most of our research projects are in-house, using CMI internal data collections systems. On occasion, we may partner with a university or other research firm where the information provided by you is stored on their systems. If this ever occurs, you will be clearly informed about this in the research invitation, and you may opt out of these projects. This is not hidden in boilerplate, it is clearly indicated. In these cases, the privacy policy governing your data is connected to the university or outside firm collecting the data.
Some Exceptions
On occasion, CMI may ask for your full name and address in order to write and mail a check for participation in a project. That data is stored in our accounting software only, and not tied to your other personal information or the research database.
On occasion, we may ask for your email address in order to provide an e-card gift certificate from vendors such as Amazon or Starbucks. In order for CMI to deliver your e-card, we will need to provide your email address to the vendor.
Qualitative Research: Focus Groups and Individual Interviews
At times, CMI may accept qualitative research projects such as live or online focus groups, or individual telephone interviews. These projects are recruited from the CMI LGBTQ Research Panel. Typically, qualitative projects include the recording of an individual conversation/group interaction, transcribing the group/individual statements and then reporting back both individual statements and group consensus comments. This information might be shared with the sponsors of the research and outside contractors such as focus group facilities or transcription services. CMI removes the names and identifying information from qualitative reporting, but qualitative work most likely discloses direct quotes of the individuals participating. Every qualitative project is different, and potential participants will be given a consent form to sign that outlines who has access to listen to the groups/interviews and what happens to the recordings and transcripts. Participants are fully informed, and sign a consent form (in person or electronically) before being accepted into qualitative projects.
Automatic Information when Visiting our Website or Research Software
We automatically receive information from your web browser or mobile device. This information may include the name of the website from which you entered our website, if any, as well as the name of the website you’ll visit when you leave our website. This information may also include the IP address of your computer/the proxy server you use to access the Internet, your Internet service provider’s name, your web browser type, the type of mobile device, your computer operating system, and data about your browsing activity when using our website. We use all this information to analyze trends among our users to help improve our website.
When Entering and Using Our Website
When you enter and use our website and agree to accept cookies, some of these cookies may contain your PD.
Our Use of Cookies
Our websites (CMI.info ad TAGApproved.com) and our research software use cookies. A cookie is a small piece of data or a text file that is downloaded to your computer or mobile device when you access certain websites. Cookies may contain text that can be read by the web server that delivered the cookie to you. The text contained in the cookie generally consists of a sequence of letters and numbers that uniquely identifies your computer or mobile device; it may contain other information as well.
By agreeing to accept our use of cookies you are giving us and the third parties with which we partner permission to place, store, and access some or all the cookies described below on your computer.
- Strictly Necessary Cookies – These cookies are necessary for proper functioning of the website, such as displaying content, logging in, validating your session, responding to your request for services, and other functions. Most web browsers can be set to disable the use of cookies. If you disable these cookies, you may not be able to access features on our website correctly or at all.
- Performance Cookies – These cookies collect information about the use of the website, such as pages visited, traffic sources, users’ interests, content management, and other website measurements.
- Functional Cookies – These cookies enable the website to remember users’ choices, such as their language, usernames, and other choices while using the website. They can also be used to deliver services, such as letting a user create a blog post, listen to audios, or watch videos on the website.
- Session Cookies – These cookies allow websites to link the actions of a user during a browser session. They may be used for a variety of purposes, such as remembering a survey page number as they browse a website. Session cookies also permit users to be recognized as they navigate a website so that any item or page changes they make are remembered from page to page. Session cookies expire after a browser session; they are not stored long term.
- Persistent Cookies – These cookies are stored on a user’s device between browser sessions, which allows the user’s preferences or actions across a website or across different websites to be remembered. Persistent cookies may be used for several purposes, including remembering users’ choices and preferences when using a website or identifying whether a person completed a survey.
- Media Cookies – These cookies can be used to improve a website’s performance and provide special features and content. They can be placed by us or third parties who provide services to us. These types of cookies may be used our business websites, not our research data collection website.
- Advertising or Targeting Cookies – These cookies are usually placed and used by advertising companies to develop a profile of your browsing interests and serve advertisements on other websites that are related to your interests. You will see less advertising if you disable these cookies. These types of cookies may be used our business websites, not our research data collection website.
- We may also use cookies for:
o identifying the areas of our website that you have visited
o personalizing content that you see on our website
o our website analytics
o remarketing our products or services to you
o remembering your preferences, settings, and login details
o allowing you to post comments
o allowing you to share content with social networks.
Most web browsers can be set to disable the use of cookies. However, if you disable cookies, you may not be able to access features on our website correctly or at all.
Web Beacons:
We may also use a technology called web beacons to collect general information about your use of our website and your use of special promotions or newsletters. The information we collect by web beacons allows us to statistically monitor the number of people who open our emails. Web beacons also help us to understand the behavior of our customers and users.
When Buying Products or Services from CMI
If you buy products or services from us, we collect your first and last name, email address, physical address, credit card or other payment information, phone number, and other information listed.
Collecting Information About Your Physical Location
When you use our services, we may collect and process information about your actual physical location. We use several technologies such as GPS and IP tracking to determine your location. These technologies may also give us information about nearby cell towers, Wi-Fi access points, and other devices.
Google Ad and Content Network
Third-party vendors, including Google, use cookies to serve ads based on a user’s past visits to our website. Google’s use of cookies enables it and its partners to serve ads to our users based on their visits to our site and/or other sites on the Internet. Users may opt out of the use of Google’s cookies for interest-based advertising by visiting http://www.aboutads.info/choices/ For European users visit http://www.youronlinechoices.eu
Google Analytics
Our website uses Google Analytics to collect information about the use of our website. Google Analytics collects information from users such as age, gender, interests, demographics, how often they visit our website, what pages they visit, and what other websites they have used before coming to our website. We use the information we get from Google Analytics to analyze traffic, improve our marketing, advertising, and website. Google Analytics collects only the IP address assigned to you on the date you visit our website, not your name or other identifying information. We do not combine the information collected using Google Analytics with PD. Although Google Analytics plants a permanent cookie on your web browser to identify you as a unique user the next time you visit our website, the cookie cannot be used by anyone but Google. Google also uses specific identifiers to help collect information about the use of our website.
- For more information on how Google collects and processes your data visit: https://www.google.com/policies/privacy/partners/
- You can prevent Google Analytics from using your information by opting out at this link: https://tools.google.com/dlpage/gaoptout
What Happens If You Don’t Give Us Your PD
If you do not provide us with enough PD, we may not be able to provide you all our products and services. However, you can access and use some parts of our website without giving us your PD.
HOW YOUR INFORMATION IS USED AND SHARED
Community Marketing & Insights is a research company. We produce and sell research reports that are comprised of the aggregate data collected in the project. We also publish reports on our website, available for download at no charge. We collect data from hundreds and often thousands of participants, and report the aggregate results of each question. Your individual contact information or identifying information is never sold or included in these aggregate reports. Many are available for free to everyone interested in LGBTQ research. You can get an idea of the types of reports we produce by going to this link:
https://cmi.info/cmis-free-lgbtq-research-reports/
We use the information we receive from you to:
- Write and post our research reports, products and services to the general population, to you or to our research clients that have requested or purchased from us
- improve and implement our market research and online surveys
- personalize and customize our content
- make improvements to our website
- contact you with updates to our research practice, website, products, and services
- contact you about research opportunities, or if a customer, with marketing and advertising that we believe may be of interest to you.
Communications and Emails
When we communicate with you about our website or research practice, we will use the email address you provided when you registered as a panel member, user or customer. We may also send customers emails with promotional information about our website or offers from us or our affiliates unless you have opted out of receiving such information. You can change your contact preferences at any time through your account or by contacting us using the contact information at the top of this privacy notice.
Sharing Information with Business Partners and Other Third Parties
We do not sell or rent your PD to third parties for marketing purposes. However, for data aggregation purposes we may use your NPD, which might be sold to business partners and other parties at our discretion. Any such data aggregation would not contain any of your PD. We may give your PD to third-party service providers whom we hire to provide services to us. These third-party service providers may include but are not limited to data management services and contractors, incentive payment processors, web analytics companies, data management services, help desk providers, accountants, law firms, auditors, shopping cart and email service providers, and shipping companies.
Legally Required Releases of Information
We may be legally required to disclose your PD if such disclosure is (a) required by subpoena, law, or other legal process; (b) necessary to assist law enforcement officials or governmental enforcement agencies; (c) necessary to investigate violations of or otherwise enforce our terms and conditions; (d) necessary to protect us from legal action or claims from third parties, including you and/or other users; or (e) necessary to protect the legal rights, personal/real property, or personal safety of our company, users, employees, and affiliates.
Disclosures to Successors
If our business is sold or merges in whole or in part with another business that would become responsible for providing the website to you, we retain the right to transfer your PD to the new business. The new business would retain the right to use your PD according to the terms of this privacy notice as well as to any changes to this privacy notice as instituted by the new business. We also retain the right to transfer your PD if our company files for bankruptcy and some or all of our assets are sold to another individual or business.
RETAINING AND DESTROYING YOUR PD
We retain information that we collect from you (including your PD) only for as long as we need it for legal, business, or tax purposes. Your information may be retained in electronic, paper, or a combination of both forms. When your information is no longer needed, we will destroy, delete, or erase it.
UPDATING YOUR PD
You can update your PD using services found on our website. If no such services exist, you can contact us using the contact information found at the top of this privacy notice and we will help you. However, we may keep your PD as needed to enforce our agreements and to comply with any legal obligations. The best way to update or delete your information is to email [email protected]
REVOKING YOUR CONSENT FOR USING YOUR PD
You have the right to revoke your consent for us to use your PD at any time. Such optout will not affect disclosures otherwise permitted by law including but not limited to: (i) disclosures to affiliates and business partners, (ii) disclosures to third-party service providers that provide certain services for our business, such as payment processors, web analytics companies, advertising networks, call centers, data management services, help desk providers, accountants, law firms, auditors, shopping cart and email service providers, and shipping companies, (iii) disclosures to third parties as necessary to fulfill your requests, (iv) disclosures to governmental agencies or law enforcement departments, or as otherwise required to be made under applicable law, (v) previously completed disclosures to third parties, or (vi) disclosures to third parties in connection with subsequent contests or promotions you may choose to enter, or third-party offers you may choose to accept. If you want to revoke your consent for us to use your PD, please contact us through the contact information at the top of this privacy notice.
PROTECTING THE PRIVACY RIGHTS OF THIRD PARTIES
If any postings you make on our website contain information about third parties, you agree to make sure that you have permission to include that information. While we are not legally liable for the actions of our users, we will remove any postings about which we are notified, if such postings violate the privacy rights of others.
DO NOT TRACK SETTINGS
Some web browsers have settings that enable you to request that our website not track your movement within our website. Our website does not obey such settings when transmitted to and detected by our website. You can turn off tracking features and other security settings in your browser by referring to your browser’s user manual.
LINKS TO OTHER WEBSITES
Our website may contain links to other websites. These websites are not under our control and are not subject to our privacy notice. These websites will likely have their own privacy notices. We have no responsibility for these websites and we provide links to these websites solely for your convenience. You acknowledge that your use of and access to these websites are solely at your risk. It is your responsibility to check the privacy notices of these websites to see how they treat your PD.
PROTECTING CHILDREN’S PRIVACY
We never knowingly invite children under the age of 16 to participate in research studies without taking measures to ensure appropriate parental consent unless youth anonymity is required, and the survey is under IRB review standards. Typically, CMI projects have a minimum age of 18 to participate.
Even though our website or research practice is not designed for use by anyone under the age of 16, we realize that a child under the age of 16 may attempt to access our website or take our surveys. We do not knowingly collect PD from children under the age of 16. If you are a parent or guardian and believe that your child is using our website or entered our research practice, please contact us. Before we remove any information, we may ask for proof of identification to prevent malicious removal of account information. If we discover that a child is accessing our website, we will delete his/her information within a reasonable period of time. You acknowledge that we do not verify the age of our users nor have any liability to do so.
OUR EMAIL POLICY
You can always opt out of receiving email correspondence from us or our affiliates. We will not sell, rent, or trade your email address to any unaffiliated third party without your permission except in the sale or transfer of our business, or if our company files for bankruptcy.
OUR SECURITY POLICY
We have built our website using industry-standard security measures and authentication tools to protect the security of your PD. We and the third parties who provide services to us also maintain technical and physical safeguards to protect your PD. Unfortunately we cannot guarantee prevention of loss or misuse of your PD or secure data transmission over the Internet because of its nature. We strongly urge you to protect any password you may have for our website and not share it with anyone.
Security of our Survey Software Provider and Additional Data Collected
Community Marketing & Insights utilizes third party data collection software operated by Verint. Verint is a globally certified ISO 27001 Information Security organization. It manages information security based on the ISO 27001 Information Security Management System (ISMS) and implements controls based on the ISO 27002. The company is audited at regular intervals by external auditors to validate its compliance with the ISO program, and any findings are managed under its Risk Management program in the same way as other risk findings. Through the use of cookies and internal software, the Verint software system uses and records log files. The information stored in those files includes IP addresses, browser type, internet service provider (ISP), referring/exit pages, platform type, date/time stamp, and number of clicks. Verint does create daily back-ups of all data collected on its systems for all clients. This data is stored for a period of 60 days and then deleted. Once CMI staff deletes data from our interface with Verint, CMI does not have access to this data without special request and payments. CMI cannot delete data on these Verint back-up systems during the 60 day backup window period. This means that once CMI staff deletes data on Verint using our interface, the data may continue to exist in their back-up systems for 60 days.
USE OF YOUR CREDIT CARD
Customers of our products and services may have to provide a credit card to buy products and services from our company. We use third-party billing services and have no control over them. We use commercially reasonable efforts to ensure that your credit card number is kept strictly confidential by using only third-party billing services that use industry-standard encryption technology to protect your credit card number from unauthorized use. However, you understand and agree that we are in no way responsible for any misuse of your credit card number.
CHANGES TO OUR PRIVACY NOTICE
We reserve the right to change this privacy notice at any time. If our company decides to change this privacy notice, we will post those changes on our website so that our users and customers are always aware of what information we collect, use, and disclose. If at any time we decide to disclose or use your PD in a method different from that specified at the time it was collected, we will provide advance notice by email sent to the email address on file in your account. Otherwise we will use and disclose our users’ and customers’ PD in agreement with the privacy notice in effect when the information was collected. In all cases your continued use of our website, services, and products after any change to this privacy notice will constitute your acceptance of such change. If you have questions about our privacy notice, please contact us through the information at the top of this privacy notice.