TRC GLOBAL PRIVACY & DATA PROTECTION POLICY
We at TRC are committed to maintaining the privacy and security of the Personal Information of all the visitors to this web site as well as all respondents participating in our hosted surveys. As a part of that commitment, TRC is in the process of implementing our updated Global Privacy and Data Protection Policy. These policies will address the current needs of our visitors and survey respondents to know what information about them we collect, why we collect it, and where it goes. We encourage you to read this Global Privacy and Data Protection Policy. In addition, as a member of the Insights Association, the professional trade association of survey research companies, TRC adheres to the mandated Insights Association Code of Standards and Ethics for Survey Research. You may visit them at www.insightsassociation.org. TRC is committed to maintaining the privacy and security of the Personal Information of all the visitors to this web site as well as all respondents participating in our hosted surveys.
If you e-mail us, you are voluntarily releasing information to us. Your e-mail address will be used by TRC to respond to you. We will not use the information that can identify you, such as your e-mail address, for direct marketing purposes.
DATA PROTECTION POLICY
TRC depends on the collection and analysis of information about individuals ("Survey Respondents") to carry out its market research and consulting business. This information may be collected from any kind of individual or organization.
Survey Respondent data is the most common data that is collected by TRC. As a Market Research and consulting firm we may collect personal data from survey respondents during the survey process. A survey may be web or telephone based.
The types of personal data we may collect could include but not be limited to the following, Name, Address, Email Address, Phone number or IP address. The data we collect will be used for Market Research purposes only. Your responses to Survey Questions are kept confidential and reporting is aggregated across all survey respondents.
The data we collect will be stored on servers located in the United States managed in accordance to high industry security standards. The data may be accessed, subject to strict confidentiality obligations. by recipients who are employees of
TRC Insights, LLC and it's affiliated entities. The data will be retained as long as needed to fulfill our obligations to firms that we provide services to. At that time data will be remove and erased from our systems.
Client provided data is also commonly processed by TRC. Clients usually provide us with sample or to enhance the existing sample for a project. In respect of any personal data that is received, TRC will process these personal data in accordance with the instructions received from the client and in accordance with TRC principles for processing personal data.
Cookies on the survey environment
Cookies may be used during the survey you are participating in to assist in the functioning of the survey and well as to protect from fraudulent behavior.
PRINCIPLES FOR PROCESSING PERSONAL DATA
TRC adheres to the following principles for processing personal data.
- Processed in line with Data Subjects' rights.
- Processed fairly and lawfully.
- Processed for limited purposes and in an appropriate way.
- Adequate, relevant and not excessive for the purpose.
- Not kept longer than necessary for the purpose.
- Not transferred to people or organizations situated in other countries without adequate protection
TRC operates under a strong security and privacy regime. TRC has successfully undergone third party Service Organization Control auditing ( SOC reports) and in the process of obtaining HiTrust certification. The SOC report provides assurance that we have designed and implemented effective security controls as defined in the SOC standards. During the examination, the independent auditors evaluated and tested controls over the following domains:
- Organization and management
- Risk management, design, and implementation of controls
- Monitoring of controls
- Logical and physical access controls
- Systems operation
- Change Management
YOUR SPECIFIC RIGHTS AND CHOICES
The California Consumer Privacy Act of 2018 (CCPA) provides you with specific rights regarding our personal information. This section describes your rights and explains how you can exercise those rights.
Right of Access
You have the right to request access to your personal information. You can make this request for free, twice per year.
Right to Opt Out
You have the right to know if your personal data is being sold or shared, and to whom.
You have the right to object to the sale of personal data.
If TRC has actual knowledge that an individual is less than 16 years of age, TRC will prohibit the sale of their personal information. If TRC has actual knowledge that an individual consumer is between 13 and 16 years of age, TRC will collect an affirmative opt-in consent “right to opt-in” from parent or guardian before the sale of personal information.
Right to Deletion
You have the right to request that TRC delete any personal information about you which TRC has collected from you.
Once TRC receives a verifiable request to delete personal information:
• Your personal information will be deleted from TRC’s records and we will direct any service provider to delete your personal information from their records
However, this right does not apply where TRC has a need to retain the following personal information:
• Provide goods or services to you
• Detect or resolve security issues or functionality-related issues
• Comply with applicable laws
• Conduct research in the public interest
• Safeguard the right to free speech
• Carry out actions for internal purposes that you might reasonably expect
Right to Non-Discrimination
TRC will never discriminate against you for exercising any of the CCPA rights. Unless permitted by CCPA, we will not:
• Deny you goods or services
• Charge different prices for goods or services, whether through denying benefits or imposing penalties
• Suggest you receive a different level or quality of goods or services
Access Requests to TRC
On receiving a verifiable access request, TRC will provide the necessary information in a portable and easily accessible format within 45 days of the request.
Your request should include:
• Sufficient information that will allow us to reasonably verify you are the person about whom we collected personal information.
• Detail that allows us to properly understand, evaluate and respond
Once TRC receives and verifies confirmation of your request, we will disclose the following to you:
• The category of personal information that we have collected about you
• The categories of sources from which the personal information was collected about you
• Our business or commercial purposes for collecting or selling the personal information
• The categories of third parties with whom we shared your personal information
• The specific pieces of personal information we collected about you
If TRC sold or disclosed your personal information for a business purpose, we will provide:
• Sales, identifying the personal information categories that each category of recipient purchased; and
• Disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained
PRIVACY QUESTIONS, ACCESS RIGHTS, INCIDENT REPORTING
Before TRC is able to assist you, provide you with any information, or correct any inaccuracies, we may ask you to verify your identity and to provide other details to help us to respond to your request. We will endeavor to respond within an appropriate timeframe.
In this privacy notice, the term “personal data” includes:
• Under the laws of the United States, personal data shall include any “non-public personal information” as that term is defined in the Gramm-Leach-Bliley Act found at 15 USC Subchapter 1 §6809(4), and "protected health information" as defined in the Health Insurance Portability and Accountability Act found at 45 CFR §160.103.
• Under the laws of the countries in the European Economic Area (“EEA”), personal data shall have the meaning given to it in Directive 95/46/EC (the “EU Directive”) and in the General Data Protection Regulation (“GDPR”).
• Under the laws of Australia, personal data shall include information or an opinion about an identified individual or an individual who is reasonably identifiable: (a) whether the information is true or not; and (b) whether the information or opinion is recorded in a material form or not.