Privacy Policy

1. Overview

PeopleMetrics, Inc. (“PeopleMetrics”, “we”, “our”, or “us”) provides cloud-based market research and experience management services (“Services”) to organizations.

We are committed to protecting personal data and handling it responsibly in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable privacy laws.

This Privacy Policy explains how we collect, use, disclose, and safeguard personal data.

2. Our Role

Depending on the context, PeopleMetrics acts as:

• A data controller for information collected directly from website visitors, prospective customers, and job applicants
• A data processor when processing data on behalf of our clients in connection with our Services

When acting as a processor, we handle personal data only on the instructions of our clients and in accordance with contractual agreements.

3. Information We Collect 

We may collect the following types of personal data:

Information You Provide

• Name, email address, phone number
• Company name and job title
• Communications submitted through forms or email
• Employment and education information for applicants

Information Collected Automatically

• IP address
• Device and browser type
• Website usage and interaction data
• Approximate location data

Customer Data
We process data on behalf of our clients, which may include survey responses, feedback data, and other information provided by our clients in connection with our Services.

4. How We Use Information 

We use personal data to:

• Provide and operate our Services
• Respond to inquiries and provide customer support
• Improve functionality, performance, and user experience
• Communicate with users, including marketing communications where permitted
• Recruit and evaluate job applicants
• Maintain the security and integrity of our systems
• Comply with legal and regulatory obligations

5. Legal Basis for Processing (Where Applicable) 

Where required by applicable data protection laws, we process personal data on the following legal bases:

• Performance of a contract: to provide our Services and fulfill contractual obligations to our clients
• Legitimate interests: to operate, improve, and secure our Services, including system monitoring, analytics, and business operations, provided such interests are not overridden by individual rights
• Consent: where required, including for certain marketing communications and use of non-essential cookies
• Legal obligation: to comply with applicable laws, regulations, and legal processes

The applicable legal basis depends on the specific context in which personal data is processed.

6. Data Retention 

We retain personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy, including to meet legal, regulatory, and contractual requirements.

Retention periods include:

• Customer Data: retained for the duration of the client contract. Certain data elements may be retained for defined periods after contract termination (e.g., up to 12 months for personal data and up to 3 years for aggregated or analytical data) to support legal, contractual, and business requirements.
  
• Applicant data: retained for up to 12 months unless a longer retention period is required or permitted by law
• System logs and security data: retained for up to 12 months
• Support and communication data: retained for up to 24 months

When personal data is no longer required, it is securely deleted or anonymized in accordance with applicable data protection requirements. Certain data may be retained for longer periods where required to comply with legal, regulatory, or contractual obligations, including financial and audit requirements.

7. Data Security 

We implement appropriate administrative, technical, and organizational safeguards designed to protect personal data, including:

• Encryption of data in transit
• Access controls limiting data access to authorized personnel
• Monitoring and logging of system activity
• Security training and confidentiality obligations for employees

We do not sell personal data.

We may share personal data with:

• Service providers that support our operations (such as cloud hosting providers and IT service providers)
• Professional advisors and auditors
• Authorities where required by law

All service providers are required to protect personal data and use it only for authorized purposes.

Personal data may be transferred to and processed in countries outside the jurisdiction in which it was originally collected.

Where required by applicable law, PeopleMetrics implements appropriate safeguards to protect personal data in connection with such transfers, including the use of contractual protections such as Standard Contractual Clauses (SCCs) or equivalent mechanisms.

We take reasonable steps to ensure that personal data remains protected in accordance with this Privacy Policy and applicable data protection requirements.

Depending on your location, you may have rights regarding your personal data, including:

• Access to your personal data
• Correction of inaccurate data
• Deletion of personal data
• Restriction or objection to processing
• Data portability

To exercise these rights, please contact us using the information below.

If your data was provided through one of our clients, please contact that organization directly.

We use cookies and similar technologies to:

• Operate and maintain our website
• Analyze usage and performance
• Improve user experience

You may control cookies through your browser settings. Where required, we obtain consent for non-essential cookies.