Privacy Policy

Privacy Policy

1. Commitment to Privacy and Survey Research Ethical Standards

Chadwick Martin Bailey is a full-service market research firm that conducts qualitative and quantitative studies with consumers and businesses. We are committed to respecting and protecting your privacy whether you are a research respondent who is participating in a study or an individual visiting our website to obtain information about our services. This policy explains how we collect, store, use and transfer data that we obtain via our own website or through surveys and other primary research methods used on behalf of our clients. We will explain this in a way that is easy to understand and provide ways for you to seek additional information or clarification as well as the means for resolving issues or complaints.

If you are visiting our website or are participating in one of our research studies from inside the United States and you have any concerns about the information we collect and store or how it is used, please contact Chadwick Martin Bailey at: privacy@cmbinfo.com or write to us at:

Privacy Office
Chadwick Martin Bailey, Inc.
2 Oliver St, 11th Floor

Boston, MA 02109

If you are visiting our website or are participating in one of our research studies from outside the United States, please be aware that your information may be transferred to, stored in and/or processed in the United States. While the data protection and other laws of the U.S. might not be as comprehensive as those in your country, please be assured that we take steps to ensure that your privacy is protected. We participate in the United States Department of Commerce Privacy programs that help U.S. companies comply with European and Swiss privacy laws and rules concerning the transfer of personal data from the European Union (“EU”) and from Switzerland to the United States. Additionally, we have taken steps to comply with the EUs General Data Protection Regulations (GDPR).

2. Protected Personal Data

Personal Data (PD) is any type of information, including information transferred from the EU or Switzerland to the United States, that is recorded in any form, that is about or pertains to a specific individual (you) and can be identified specifically to you. It may include your full name, identification numbers, date of birth, gender, mailing address, phone numbers, email address and other similar information. It may include information about your opinions and preferences. PD generally does NOT include your business title, address, phone number, fax or email in your capacity as an employee. In some jurisdictions, it does not include any publicly available information. We may collect PD from you directly when you voluntarily provide it to us or we may obtain PD from clients who ask us to conduct research on their behalf. We may also obtain PD from list providers who have assured us that their lists are made up only of individuals who have given their consent to be included in the list. Finally, we may collect and use PD obtained from publicly available sources, where this is permitted by law.

“Sensitive Personal data” means PD that pertains to attributes such as race, ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, trade union membership or that concerns an individual’s health.

3. Protection of Information Provided in a Research Context

Market research is used by many organizations to obtain information from customers, members, potential customers and other stakeholders. The information collected in a research context may be used to plan new products or services, gauge customer/member satisfaction, measure awareness of products or services, or to test reaction to products, services or communications.

Most research questionnaires include demographic questions such as racial or ethnic origin, age, gender or income. We use these questions to make sure that the research results reflect a representative sample of the population we are studying. We understand, however, if you are not comfortable answering certain questions.

We may occasionally collect information that is legally considered more sensitive, “Sensitive Personal data” as described above. In such instances, we will fully comply with legal restrictions on the collection, storage, use and transfer of such information.

We will never ask you for certain information which, if stolen or misused, could give rise to economic crimes against you, such as bank account or credit card numbers, social security or other similar government-issued ID numbers.

We may also automatically collect a variety of publicly-available machine information for system administration, service improvement and data integrity purposes. This is described in greater detail below.

Unless you have provided consent to do otherwise, we will protect the anonymity of your responses to questionnaires, in focus groups, on research websites or from any means of collecting feedback from you in a research context. If we obtain your contact information from a research panel or other third party, we will comply with the contact limitations and data protections that you agreed to when you signed up to participate in survey research or when you became a customer of a third party. We may occasionally re-contact you to validate your participation in a research study; we will identify ourselves and our purpose when we conduct such validation contacts.

4. Protection of Information Provided by Users of Our Website

You may provide personal data to us when you contact us through our website seeking information about our services. We will treat this information as confidential PI.

5. How We Use Information You Provide

If you provide information to us to inquire about our services, we will only use that information to contact you about our services. We will not sell or provide your information to any third party for any other use. By submitting this PD through our website contact form, you are consenting to us sharing your personal data within Chadwick Martin Bailey, including our parent company ITA Group and any subsidiaries. For more information about Chadwick Martin Bailey, please see the “Who We Are” section of our website: https://www.cmbinfo.com/who-we-are/about-cmb.

If we receive your contact information from a list or panel company, we will use it only in asking you to participate in market research, to conduct survey research with you, to validate answers you give or to respond to your requests to us or our client. We select panel companies that adhere to an opt-in process for obtaining panelists and have an adequate policy for protecting the privacy of panelists. We will not use your information in any other way that is inconsistent with the research or purposes for which you agreed to be contacted.

We may share your PD with employees of our company to analyze survey responses.

If we receive your contact information from our client and you are a customer of that client, we will only use your contact information to ask you to participate in market research for that client.  We will protect your anonymity when communicating your research responses to clients unless you have explicitly given permission for your identity and contact information to be shared with our client or you have specifically asked us to give that information to our client so that they may resolve questions or complaints you may have.

Whether we obtain your PD from a list company or from clients, we will not use this information to sell you any goods or services and we will not provide your contact information to any other party so that they may use that contact information to directly sell you goods or services. We will share your PD with our clients only with your specific permission or at your request, or with restrictions as permitted by the Insights Association Code of Standards and Ethics for Marketing Research and Data Analytics.

In rare cases, Chadwick Martin Bailey may be required to disclose an individual’s personal data in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

6. Data Collection

While interacting with our staff, our Website or while participating in Marketing Research activities, the following are some of the types of data and methods by which CMB may collect data on you:

Methods that CMB may use to collect data on you:

  • Data you entered on pages or forms on our Website;
  • Data you send to us via phone, email or other means;
  • Compensation fulfilment details including name, address and email address
  • In person interviews or focus groups

Data we may automatically collect about you:

  • Your IP addresses

Data we may receive from third parties about you:

  • Email address
  • Phone Number
  • Name
  • Mailing Address

7. How We Will Use the Data Collected and the Justification 

The use of your PD under EU data protection laws requires that a specific justification be determined as the legal “grounds” for each use.  The justifications used by us as detailed in the GDPR are referenced in the table below and are defined as follows:

Consent: you have given consent for the processing of your personal data for one or more specific purposes;

Legitimate interests: processing is necessary for the purposes of the legitimate interests pursued by us, except where such interests are overridden by your interests or fundamental rights and freedoms.

Data Collected Data Source and Usage Justification for use
Name, Address, Email Address, Phone Number Provided by research initiator (CMB Client) or panel provider and used to contact you for participation in a research survey Consent – provided by you to the initiator or to the panel provider for participation in surveys
IP Address Collected by CMB and our survey vendor for use in deduplication of survey data Legitimate interests – for the processing of surveys
Name, Address, Email Address Collected by CMB for the processing of compensation for some surveys Legitimate interests – for the processing of compensation

8. How Long We Will Keep Your Information

All research data collected is used strictly for the purposes of Market Research unless otherwise clearly explained.

When the research for a survey has been completed, data collection is formally closed, and findings are communicated to our clients, all PD will be deleted within 90 days of the project closing date.

In the event you participated in a survey requiring additional PD for the processing of compensation, all additional PD provided will be deleted when the payment of compensation has been initiated.
We do not hold any PD data beyond 90 days of the closing of a survey unless specifically disclosed prior to a survey commencing.

9. Your GDPR Rights

9.1 Right to Access

You have the right to request if your PD is being processed by us and request a copy of your data if that is the case.

9.2 Right to Rectification

You have the right to access your PD and to correct, amend or delete inaccurate information, except where the burden or expense of providing access would be disproportionate to the risks to your privacy in the case in question or where the rights of persons other than you would be violated.

9.3 Right to Erasure

You have the right to request that your PD be deleted by us unless doing so would cause a legal issue, in which case we will notify you in writing.

9.4 Right to Restriction of Processing

You have the right to request that we stop processing your PD at any time.

9.5 Right to Data Portability

You have the right to request a copy of your PD from us or that we transfer a copy of your PD to another process where legally allowable and technically feasible.

9.6 Right to Object (File a Complaint)

You have the right to file a complaint with a supervisory authority such as the Information Commissioners Office in the UK.

10. Adherence TO EU-US and Swiss- US Privacy Shield Principles

Chadwick Martin Bailey complies with the EU-US and Swiss-US Privacy Shield Frameworks established by the US Department of Commerce, under the enforcement authority of the Federal Trade Commission, regarding the collection, use, and retention of personal data from Switzerland and European Union member countries. Chadwick Martin Bailey has certified that it adheres to the Privacy Shield.  If there is any conflict between the terms in this privacy policy and the E.U. or Swiss Principles, the Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov.

11. E.U. and Swiss Principles

11.1 Notice

When we collect PD from you, we will notify you of the purpose for which we are collecting and using your PD and the type of non-agent third parties to which we disclose or may disclose that information. You will be provided with the choice and means for limiting the use and disclosure of your PI. This Notice will be provided in clear and conspicuous language when you are first asked to provide PI, or as soon as practicable thereafter, and in any event before we use or disclose the information for a purpose other than for which it was originally collected.

11.2 Accountability for Onward Transfers

Before we disclose your PD to a third party, we will ensure that any third party to which PD may be disclosed subscribes to the Principles or is subject to law providing the same level of privacy protection as is required by the Principles and agrees in writing to provide an adequate level of privacy protection.

We describe in detail above the types of information we collect and how we will use it. In some circumstances, to gain your participation in Internet-based, telephone or in-person survey research, we may transfer your name and email address or your name and telephone number to a market research field service facility, to a professional interviewer located in your home country, or to a company that operates Internet based research platform. Before doing so we will ensure that the third party provides and agrees in writing to provide an adequate level of protection and will not use it for any other purpose. In some circumstances, with your permission and where it is legal to do so, we may transfer your name and email address to a fulfilment company to send you an incentive for participating in survey research. Before doing so we will ensure that the fulfillment company provides and agrees in writing to provide an adequate level of protection for your personal data and will not use it for any other purpose. If you provide personal data in a survey or other research instrument to which you are responding, we will anonymize your response and will not supply any information that could personally identify you to any other entity, including our clients, without your permission.

11.3 Recourse, Enforcement, and Liability

In compliance with the EU-US and Swiss-US Privacy Shield Principles, Chadwick Martin Bailey commits to resolve complaints about your privacy and our collection or use of your personal data. European Union individuals or Swiss citizens with inquiries or complaints regarding this Privacy Notice should first contact Chadwick Martin Bailey at: privacy@cmbinfo.com

Or write to us at:

Privacy Office
Chadwick Martin Bailey, Inc.
2 Oliver St – 11th Floor
Boston, MA  02109

Chadwick Martin Bailey has further committed to refer unresolved privacy complaints under the EU-US and Swiss-US Privacy Shield Principles to the INSIGHTS ASSOCIATION PRIVACY SHIELD PROGRAM, a non-profit alternative dispute resolution provider located in the United States and operated by the Insights Association. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit http://www.insightsassociation.org/get-support/privacy-shield-program/privacy-shield-eu-swiss-citizens-file-complaint for more information and to file a complaint. These dispute resolution services are provided at no cost to you.

Under certain limited circumstances individuals may be able to invoke binding arbitration before the Privacy Shield Panel to be created by the US Department of Commerce and the European Commission.

12. Information Security

Chadwick Martin Bailey maintains an ISO 27001 certified ISMS (Information Security Management System) with all the necessary physical, electronic and procedural measures to help safeguard client data and personal data.  Third parties that provide us with support or services may also receive client data or personal data, and we require them to maintain security measures similar to ours with respect to such information.

13. Data Integrity and Purpose Limitation

We will only process PD in a way that is compatible with and relevant to the purpose for which it was collected or authorized by you. To the extent necessary for those purposes, we will take reasonable steps to ensure that your PD is accurate, complete, current and reliable for its intended use. We will limit use of your PD to the use we disclosed to you when we collected it. Prior to using any PD for another purpose, we will notify you and obtain your permission.

14. Children’s Privacy

Our general website does not direct any services to children. If we gain actual knowledge that a child under the age of 16 has provided any personal data to us without the parent’s or guardian’s consent, we will use that information only to respond directly to that child to inform him or her that we must have parental consent before receiving his or her personal data.

15. External Links

If our general website or any survey we conduct links you to other sites, those sites do not operate under this Privacy Notice. We recommend you examine the privacy statements posted on those other websites to understand their procedures for collecting, using, and disclosing personal data.

16. Changes to this Privacy Notice

This Privacy Notice may be amended from time to time consistent with the requirements of the EU-US and Swiss-US Privacy Shield and GDPR. We will post any revised policy on our website.