Privacy policy of SS Holdings Group, LLC D/B/A Sago, branded as “Sago”, for people who are engaging with us or our digital platforms as research or prospective clients, as research partners or participants (e.g., consumers, healthcare professionals, patients, or business individuals).
Your privacy is important to us.
It is Sago’s policy to respect your privacy and comply with any applicable law and regulation regarding any personal information we may collect about you, including across our website, and other sites we own and operate.
In the event our site contains links to third-party sites and services, please be aware that we have no control over the content and policies of those sites and cannot accept responsibility or liability for their respective privacy practices.
Our privacy policy aims to bring you all the necessary transparency for a positive and confident experience with our services. Additional information may be provided to you as necessary when you sign up for a particular product or service.
Our privacy policy complies with global research industry Codes and Standards, as well as all pertinent laws governing privacy.
Information we collect falls into one of two categories: “voluntarily provided” information and “automatically collected” information.
“Voluntarily provided” information refers to any information you knowingly and actively provide us when using or participating in any of our services and promotions.
“Automatically collected” information refers to any information automatically sent by your devices while accessing our products and services.
We only collect and use your personal information lawfully, fairly, and in a transparent manner. We systematically respect the principle of minimization, which implies collecting and processing only what is strictly necessary to achieve our legitimate objective. We do not aim any of our products or services directly at children under the national child age consent, and we do not knowingly collect personal information about children under the national child age consent.
We process personal data that we need in order to carry out our business. We only process personal information in a way that is compatible with the purposes for which we collected it or subsequently authorized by the data subject. We take reasonable steps to ensure that personal data is reliable for its intended use, accurate, complete, and current.
The information notice that is sent to you before any collection or processing details the applicable legal basis, which depends on the services you use and how you use them. This means we only collect and use your information on the following grounds:
In order to respect your choice when we request consent from you:
“Personal information” only includes information relating to natural persons who can be identified or who are identifiable, directly from the information in question. Or who can be indirectly identified from that information in combination with other information. For example, name, contact details, location, consumer options/preferences, video/audio recordings… We may ask your consent for processing such information — for example, when you register an account or when you contact us via email, social media, or any similar technologies — which may include your name, your email, your phone/mobile number… When you contact us, you shall consent to your name and email address being used so we can respond to your inquiry.
Participation in all market research projects is voluntary and based on consent. Respondents may opt out of any market research project, at any time.
Personal information may also include “Sensitive information” or “Special categories of data” which is a subset of personal information that is given a higher level of protection. The types of sensitive information that we may collect about you include:
We will obtain your affirmative express consent (opt-in) if such information is to be (i) disclosed to a third party or (ii) used for a purpose other than those for which it was originally collected or subsequently authorized by the individuals through the exercise of your opt-in choice. We will also treat as sensitive any personal information received from a third party where the third party identifies and treats it as sensitive.
In addition, we ensure that strengthened security measures are applied to these data, in order to avoid any breach of confidentiality, integrity, and availability.
A “Cookie” is a small piece of data that our website stores on your computer and accesses each time you visit. We use cookies to collect information about you and your activity across our site to understand how you use our site and to enable you to access and use our website. At all times, you may decline cookies from our site.
Please refer to our Cookie Policy for more information.
You may withdraw your consent at any time using the facilities we provide; however, this will not affect any use of your information that has already taken place.
While you may request that we delete your contact details at any time, we cannot recall any email we have already sent. If you have any further inquiries about how to withdraw your consent, please feel free to enquire using the details provided in the Contact Us section of this privacy policy.
In order to allow the performance of a contract or transaction at your request:
For example, if you purchase a product, service, or subscription from us, we may need to use your personal and payment information in order to process and deliver your order.
In order to follow our legitimate interests:
Where we assess whether it is necessary for our legitimate interests, such as for us to provide, operate, improve, and communicate our services, we consider our legitimate interests to include:
When you visit our website, our servers may automatically log the standard data provided by your web browser. It may include your device’s Internet Protocol (IP) address, your browser type and version, the pages you visit, the time and date of your visit, the time spent on each page, and other details about your visit. The data we collect can depend on the individual settings of your device and software. We recommend checking the policies of your device manufacturer or software provider to learn what information they make available to us.
Additionally, if you encounter certain errors while using the site, we may automatically collect data about the error and the circumstances surrounding its occurrence. This data may include technical details about your device, what you were trying to do when the error happened, and other technical information relating to the problem. You may or may not receive notice of such errors, even at the moment they occur, that they have occurred, or what the nature of the error is.
Please be aware that while this information may not be personally identifying by itself, it may be possible to combine it with other data to personally identify individual persons.
“Transaction data” refers to data that accumulates over the normal course of operation on our platform. This may include transaction records, stored files, user profiles, analytics data, and other metrics, as well as other types of information, created or generated, as users interact with our services.
We consider “User-generated content” to be materials (text, image and/or video content) voluntarily supplied to us by our users for the purpose of publication, processing, or usage on our platform. All user-generated content is associated with the account or email address used to submit the materials.
Please be aware that any content you submit for the purpose of publication will be property of the client after posting (and subsequent review or vetting process). User-generated content cannot be used for purposes beyond market research (i.e., advertisements and customer testimonials) without express written permission. Once published, it may be accessible to third parties not covered under this privacy policy.
In order to comply with the law:
In some cases, we may have a legal obligation to use or keep your personal information. Such cases may include (but are not limited to) court orders, criminal investigations, government requests, and regulatory obligations. If you have any further inquiries about how we retain personal information in order to comply with the law, please feel free to enquire using the details provided in the Contact Us section of this privacy policy.
Because we are ISO 27001 certified, we comply with high international standards for computer security and the protection of personal information.
When we collect and process personal information, and while we retain this information, we will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorized access, disclosure, copying, use, or modification.
You are responsible for selecting any password and its overall security strength, ensuring the security of your own information within the bounds of our services. For example, ensuring any passwords associated with accessing your personal information and accounts are secure and confidential.
We comply with laws applicable to us in respect of any data breach.
We keep your personal information only for as long as we need to. This time period may depend on what we are using your information for, in accordance with this privacy policy.
For example, if you have provided us with personal information as part of creating an account with us, we may retain this information for the duration your account exists on our system. If your personal information is no longer required for this purpose, we will delete it or make it anonymous by removing all details that identify you.
However, if necessary, we may retain your personal information for our compliance with a legal, accounting, or reporting obligation (i) such as reporting of Incentive payments on a yearly basis to federal and/or state regulatory authorities pursuant to legal requirements or (ii) for archiving purposes in the public interest, scientific, or historical research purposes or statistical purposes.
Except as otherwise permitted by law, regulation, or EU-U.S. Data Privacy Framework Principles, we destroy or anonymize personal data after it no longer serves a purpose of processing as contemplated above and/or once a lawful basis for processing it ceases to exist.
We may disclose personal information to:
Third parties we currently use include:
If we or our assets are acquired, or in the unlikely event that we go out of business or enter bankruptcy, we would include data, including your personal information, among the assets transferred to any parties who acquire us. You acknowledge that such transfers may occur and that any parties who acquire us may, to the extent permitted by applicable law, continue to use your personal information according to this policy, which they will be required to assume as it is the basis for any ownership or use rights we have over such information.
The personal information we collect is stored and/or processed in the United States, or where we or our partners, affiliates, and third-party providers maintain facilities.
The countries to which we store, process, or transfer your personal information may not have the same data protection laws as the country in which you initially provided the information. If we transfer your personal information to third parties in other countries: (i) we will perform those transfers in accordance with the requirements of applicable law; and (ii) we will protect the transferred personal information in accordance with this privacy policy.
Access to private, sensitive, and confidential information, including your personal information, is restricted to authorized employees with legitimate business reasons.
All employees are expected to always maintain the confidentiality of personal information, and failure to do so will result in appropriate disciplinary measures.
We follow reasonable technical and management practices to help protect the confidentiality, security, and integrity of data stored on our system. While no computer system is completely secure, the measures implemented by our website reduce the likelihood of security problems to a level appropriate to the type of data involved. We employ physical, electronic, and procedural safeguards in connection with the collection, storage, and disclosure of any personal contact information. We encrypt the transmission of sensitive information using secure socket layer technology (SSL).
You have the right to choose (opt-out) whether your personal data is (i) to be disclosed to a third party or (ii) to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by you. If you wish to opt out, all you need to do is contact us at compliance@sago.com. If you contact us to opt out, we will explain the options available and comply with your request as required by the Principles and the applicable law. Please note that applicable laws allow certain exceptions to your ability to opt-out, such as where we are parties to a contract that is still being performed, where the law requires us to maintain information tow claims or tax reports, or otherwise. In such cases, we will retain and continue to use your information only to the extent permitted or required by law. The above opt-out right doesn’t apply where the sharing of your personal data is with a third party who is acting as our agent (such as our service providers who perform services that help us to run our business). We won’t provide your personal data to a third party under these circumstances unless we have a contract in place with that third party that requires the third party to comply with the DPF Principles.
Under European, Australian, and Canadian data protection laws, you also have the following rights:
We would respond to your requests without undue delay and at the latest within one month of receipt of your request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests.
The purpose of this privacy policy is to inform you about the processing of your personal data by Sago and its entities in accordance with research industry Codes and Standards relating to the USA and additionally the country in which each Sago company is based.
Sago companies comply with all pertinent Federal and State laws governing privacy, including but not limited to the enacted California Consumer Privacy Act (CCPA) and recently amended California Privacy Rights Act (CPRA).
For questions or concerns relating to privacy, you may contact us by email at help@focusgroup.com.
All requests to exercise your rights must be accompanied by the details necessary to process your request. A copy of proof of identity may be requested if necessary.
The purpose of this privacy policy is to inform you about the processing of your personal data by Sago and its entities in accordance with the European Data Protection Regulation (the GDPR) and the UK GDPR, the amended French Data Protection Act, the new Spanish Fundamental Law on Data Protection (the NLOPD), the new German Federal Data Protection Act (the BDSG), and the UK Data Protection Act (the DPA).
Sago has signed internal EU Commission Standard Contractual Clauses and UK Addendum to safeguard its international transfers of personal data.
You have the right to lodge a complaint with your national data protection authority. You can find more information about your data protection rights on your authority’s website.
Sago has appointed a Data Privacy Officer in each European country to be your privileged interlocutor regarding the processing of your personal data. If you wish to contact a DPO, you can write to them at the following addresses:
All requests to exercise your rights must be accompanied by the details necessary to process your request. A copy of proof of identity may be requested if necessary.
The purpose of this privacy policy is to inform you about the processing of your personal data by the Sago and its entities in accordance with the laws of Ontario and the applicable federal laws of Canada.
If you have any questions or comments about this Privacy Policy, you may contact us at methodify.support@sago.com or via postal mail at:
370 King St. West, 5th Floor, Box 4
Toronto, ON, Canada, M5V1J9
The purpose of this privacy policy is to inform you about the processing of your personal data by Sago and its entities in accordance with the federal Privacy Act, the Australian Privacy Principles, and States and Territories’ legislations.
The Central Server is located in an Australian data centre with a fully redundant network with No Single Point of Failure, contains Multiple Layers of Network Security and is also secured with Windows Firewall and IPsec Policy.
You can change your information at any time, through the profile tab in your member portal. We are obliged by law to ensure that your information is accurate and up to date at all times.
If you have any queries or complaints in relation to your personal information, please don’t hesitate to get in touch: help@focusgroup.com
You will need to outline what information you would like access to or identify your concerns. We will endeavour to respond to you within 3 business days.
We comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce. We have certified to the U.S. Department of Commerce that we adhere to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the DPF Program, and to view our certification, please visit https://www.dataprivacyframework.gov/ We commit to subject to the DPF Principles all the personal data received from the EU in reliance on the EU-U.S. for as long as we retain the personal data.
Sago receives personal data from EU and UK employees, respondents, panel members, clients, and websites visitors. Sago will process their personal data for the following purposes:
Categories of Data Subjects | Purposes of the processing of their Data | Categories of Third parties involved |
---|---|---|
EU and UK employees |
|
|
EU and UK respondents |
|
|
EU and UK panel members |
|
|
EU and UK clients |
|
|
EU and UK websites’ visitors |
|
|
For complaints concerning Human Resources (HR) Personal Data and Personal Data other than HR, at no cost, you may file a complaint concerning how we process your Personal Data. We will take steps to remedy issues arising out of our alleged failure to comply with the DPF Principles. All you need to do is contact us at compliance@sago.com. If your complaint cannot be resolved through our internal processes, we cooperate with the panel established by the Data Protection Authorities (DPAs).
Under certain circumstances and following the procedures and subject to conditions set forth in the DPF Annex I, you may also be able to invoke binding arbitration to address complaints about Sago's compliance with the DPF Principles.
We are subject to the investigatory and enforcement powers of the FTC, the DOT or any other U.S. authorized statutory body.
We will disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
When we transfer personal data to a third party acting as a controller, we comply with the DPF Principles. We also enter into a contract with the third-party controller that provides that such data may only be processed for limited and specified purposes consistent with your consent and that the recipient will provide the same level of protection as the DPF Principles and will notify us if it makes a determination that it can no longer meet this obligation. Those contracts provide that, when such a determination is made, the third-party controller ceases processing or takes other reasonable and appropriate steps to remediate.
When we transfer personal data to a third party acting as an agent, (i) we transfer such data only for limited and specified purposes; (ii) we require (usually by contract) at least the same level of privacy protection as is required by the DPF Principles; (iii) we take reasonable and appropriate steps to ensure that the agent effectively processes the personal data transferred in a manner consistent with the organization’s obligations under the Principles; (iv) we require the agent to notify us if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Principles; (v) upon notice, including under (iv), we take reasonable and appropriate steps to stop and remediate unauthorized processing; and (vi) we will provide a summary or a representative copy of the relevant privacy provisions of our contract with that agent to the Department of Commerce upon request.
If we transfer personal data to a third party acting as an agent on our behalf who processes such data in a manner inconsistent with the DPF Principles, we remain liable under the DPF Principles, unless we prove that we are not responsible for the event giving rise to the damage.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, we commit to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.
When we become subject to a court order that is based on non-compliance or an order from a U.S. statutory body (e.g., FTC or DOT) listed in the DPF Principles or in a future annex to the Principles that is based on non-compliance, we will make public any relevant EU-U.S. DPF-related sections of any compliance or assessment report submitted to the court or U.S. statutory body to the extent consistent with confidentiality requirements.
At our discretion, we may change our privacy policy to reflect updates to our business processes, current acceptable practices, or legislative or regulatory changes. If we decide to change this privacy policy, we will post the changes here at the same link by which you are accessing this privacy policy.
If the changes are significant, or if required by applicable law, we will contact you (based on your selected preferences for communications from us) and all our registered users with the new details and links to the updated or changed policy.
If required by law, we will get your permission or give you the opportunity to opt in to or opt out of, as applicable, any new uses of your personal information.
For any general questions regarding your privacy, you may contact us using the following details:
US | |
EU |
|
Canada | |
Australia |