Security & Compliance

Compliance

HIPAA-square-logo     SOC2-Logo-e1478540222468

PeopleMetrics places a top priority on the security of customer data.

PeopleMetrics’ platform is SOC 2 compliant and certified by third party audit. Our processes and controls are reviewed on a regular basis by both internal and external parties including independent third-party auditors.

PeopleMetrics is also HIPAA compliant and constantly monitors all systems for ongoing compliance.

GDPR Policy Notice

PeopleMetrics' works to ensure compliance with the European Union’s General Data Protection Regulation (GDPR). For additional details on how PeopleMetrics interacts with GDPR, please refer to:

https://www.peoplemetrics.com/gdpr-policy-notice-20190101

For any specific questions related to GDPR, please contact GDPR@peoplemetrics.com.

CCPA Policy Notice

PeopleMetrics' works to ensure compliance with the California Consumer Privacy Act (CCPA). For additional details on how PeopleMetrics interacts with CCPA, please refer to:

https://www.peoplemetrics.com/-policy-notice-20190101_ccpa 

For any specific questions related to CCPA, please contact CCPA@peoplemetrics.com


Customer Data Security

PeopleMetrics™ takes customer data security seriously. Depending on the implementation, data is stored either in a secure data center or AWS cloud hosting.

Our offsite data storage vendor complies with the following standards:

ITAR, EU-US Privacy, SOC 1, SOC 2, HIPAA, GLBA, and PCI Colo

Additionally, AWS is compliant with all standards detailed here including SOC 1, SOC 2, and HIPPA:

https://aws.amazon.com/compliance/

All PeopleMetrics employees are required as a condition of employment to sign an NDA and store customer data only on encrypted devices as needed in the course of business. 

Please contact your Customer Experience Manager if you need to request a copy of PeopleMetric's SOC-2.

Information Gathered from Visitors

PeopleMetrics works hard to protect your privacy, and your personal information. In common with other websites, log files are stored on the web server saving details such as the visitor's IP address, browser type, referring page and time of visit. Also, cookies may be used to remember visitor preferences when interacting with our website.

How PeopleMetrics Uses This Information

Any information gathered is used to enhance the visitor experience when using our website. E-mail addresses will not be sold, rented, or leased to 3rd parties.

Cookies

Cookies are small digital signature files that are stored by your web browser that allow your preferences to be recorded when visiting the website. Cookies may may also be used to track your return visits to our website.

Copyright Policy and Notice Information

All Materials on this Site, whether separate or compiled, including, but not limited to, text, graphics, audio clips, logos, buttons, images, digital downloads, data compilations, software, icons, html code and xml code, as well as all copyright, patent, trademark, trade dress, and other rights therein, are owned by respective parties and/or licensed by PeopleMetrics, and are protected by United States and international intellectual property laws.


Privacy Policy 


Overview


PeopleMetrics, Inc. (“we”, “our” or “us”) is an independent market research technology company that offers intelligent and data-driven market research services and solutions to help companies to understand their patient, customer and employee experiences to accelerate their growth (“Services” or “services”).

We recognize and respect your right to privacy and prepared this Privacy Policy to describe the types of data we collect from you, and explain how, why and when we collect this data in order to provide our services to our Clients (“customer“ in this policy refers to any business who uses PeopleMetrics Services). If you have any questions, please contact us as set forth in Contact Us section of this Privacy Policy.


Customer Data


PeopleMetrics' clients may electronically submit their customer’s data or information for hosting and processing purposes (“Customer Data”). We do not collect, review, share, distribute or reference any such Customer Data except as provided in the customer’s contract, and if applicable, in the Data Processing Agreement (“DPA”) between PeopleMetrics and our customer. We may access Customer Data only for the purpose of providing services, preventing or addressing service or technical problems at our customer’s request in connection with customer support matters, or as may be required by law. If you have questions about personal data you have entered into our service used by one of our customers, or if you want to exercise any of your rights regarding your personal data, please contact us as set forth in Contact Us section of this Privacy Policy.

We may transfer Customer Data to partners that help us provide our services. Transfers to third parties are covered by the provisions of our customer and partner agreements.

We may retain Customer Data collected on behalf of our customers for as long as that customer's account is active or as needed to provide services, and as necessary to comply with our legal obligations, resolve disputes, enforce our agreements, or as otherwise reasonably necessary for our business purposes.


What Data We Collect


We collect the following categories of data, which we also referred as “Personal Information” throughout this Privacy Policy, in the provision of our Services for the purposes explained below.


Data You or Our Customers Provide to Us


PeopleMetrics acts as a data controller with respect to website, visitor, and applicant data. You may give us information about yourself by using the online forms provided on the website or by contacting us by e-mail, phone or other means. The information you give us may include name, email address, phone number, mailing address, company name and address, geolocation data, job title, resume (including employment and education history), and any updates to information provided to us. Please note that we need certain types of information to provide services to you. If you do not provide us with such information, or if you ask us to delete it, you may no longer be able to access our services.

Our clients may provide their customer relationship data or instruct us to collect on their behalf as part of our services. We use our Customer Data only as a data processor for the purpose of assisting our clients with their own market research efforts.


Data We May Collect About You


Unless you have opted-out or have otherwise refused to provide consent, we may automatically collect technical information, including the Internet Protocol (IP) address used to connect to the Internet, domain name and geolocation data, browser type, device, and version, browser plug-in types and versions, operating system and platform along with information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from the website (including date and time), length of visits to certain pages, page interaction information and methods used to browse away from the page. Some of the data we collect is anonymous information sent by your browser when you visit our websites or utilize our services which will be connected to your personal information.

All of this data is collected to help make sure you get the best and most relevant experience when engaging with our Services.


No Minor Data Collection Intended


PeopleMetrics' website, Services, and recruiting efforts are directed to people who are at least 16 years of age or older. In the event that we have mistakenly collected data of an individual who is younger than 16, we will remove this data from our system within a reasonable time period. To make such a request, please contact us as set forth in Contact Us section of this Privacy Policy.


How We Use the Data We Collect


Our goal is to leverage this data to deliver contracted services to Clients, in order to comply with applicable laws, where we have obtained your consent, or where it is in the legitimate interests of PeopleMetrics to handle your personal information.

Specifically, we use this data for following purposes:
  • To improve user experience on the website.
  • For recruiting, hiring, and event registration process.
  • For marketing, advertising and promotional purposes.
  • To fulfill responsibility arising from any agreements.
  • To improve functionality, quality, and accuracy of the Services.
  • To conduct our business operations and communications.
  • To satisfy in good faith any applicable law, legal process or proper government request.
  • To investigate wrongdoing, protecting ourselves, and our customers.

 Data Retention


We are a data processor and act as a service provider to our Clients where the Client instructs us to collect or otherwise provides us with data in order for us to perform our Services. We retain the data as long as needed to carry out our legitimate business interests, and then as required to comply with applicable laws.


Disclosure of Information


PeopleMetrics' will not sell, hire, lease or rent Customer Data that we collect from our clients or any third party without notifying you and/or obtaining your consent.


Data Security


We apply administrative, technical, and operational security measures to protect the data we collect against such risk as accidental or unlawful destruction, loss, alteration, copying, use, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against other unlawful forms of processing. Only PeopleMetrics' employees with a business need-to-know, or whose duties reasonably so require, are granted access to the data. All PeopleMetrics' employees with access to the data shall be required to respect the confidentiality of the data.

PeopleMetrics has also completed the SOC 2 Type 2 Audit (Security) with no exceptions. This report is only available to Customers by a request.


International Transfers


We may transfer the data we collect about you to countries other than the country where we originally collected it for the purposes of performing our Services. In general, the transferring countries will be the countries in which we, our customers, or our or their service providers operate.
Those countries may not have the same data protection laws as your country. However, when we transfer your data to other countries, we will protect that data as described in this Privacy Policy and take steps, where necessary, to ensure that international transfers comply with applicable laws.


Your Rights


PeopleMetrics would like to make sure that you are fully aware of all of your data protection rights. Every user is entitled to the following:

The right to be informed – We are publishing this Privacy Policy to keep you informed regarding the collection and use of your personal information.

The right to access – You have the right to request us for copies of your personal data. We may charge you a small fee for this service.

The right to rectification – You have the right to request that we correct any information you believe is inaccurate. You also have the right to request us to complete the information you believe is incomplete.

The right to erasure – You have the right to request that we erase your personal data, under certain conditions.

The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.

The right to object to processing – You have the right to object to us for processing of your personal data, under certain conditions.

The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

The right to complain to a Supervisory Authority – You have the right to complain to the competent Data Protection Authority if You feel that PeopleMetrics has not responded to your requests to solve a problem.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us as set forth in Contact Us section of this Privacy Policy.


Cookies


Cookies are small blocks of data sent from a website and placed on a user’s computer or other device by the user’s web browser. Cookies are placed on the device used to access a website, and more than one cookie may be placed on a user’s device during a session.

Our website may use cookies to automatically collect certain types of usage information when you visit or interact with it. We may collect analytics data or use third-party analytics tools such as Google Analytics to help us measure usage and activity trends for our website.

We use or may use the data collected through cookies to improve your experience while visiting our website and monitor the effectiveness of our website. If you would prefer not to accept cookies, most browsers will allow you to change your settings which also depends on your device and operating system.


Changes to the Policy


We may update or modify this Privacy Policy to make sure that it is relevant and remain current with changing industry standards, technologies and laws. When we make changes to this Privacy Policy, we will post the updated policy online. Please review this Privacy Policy periodically.
This privacy policy was last updated on January 13th, 2022.


Contact Us


Please contact us if you have any questions about our privacy policy, information we hold about you, or if you wish to exercise your individual rights, or to contact our Data Protection Officer:

By Email: dpo@peoplemetrics.com
By Mail: PeopleMetrics, Inc.
             500 Office Center Drive, Suite 400
             Fort Washington, PA 19034
             ATTN: Data Protection Officer