Database &
IP Security

Securing the Personal Information of our Research Database Members And the Intellectual Property of our Clients

Screen Engine/ASI goes above and beyond all regulations to safeguard the information of those in our research databases. This includes storing information on secure servers in a controlled environment and using encryption when sensitive information is transmitted to other websites or third parties. In addition to our dedicated commitment to ensure the integrity and security of our network and systems, we also implement a layered security approach in cloud environments and follow all guidelines of the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR).

Further, we also understand the value and importance of protection of the intellectual property of our clients. We have multi-level safety practices in place for the security of IP used during the research we conduct.

We invite you to read further about the extent of our Security & Compliance as well as our Content Security efforts:

SECURITY AND COMPLIANCE

Use of Personal Identifying Information

In the course of conducting our marketing research activities and services, Screen Engine/ASI collects data from individuals who have agreed to participate in research after being informed about the nature and general objectives of the research. The purpose of our research is to provide answers and guidance to our clients as they relate to marketing and consumer science-related questions. Data is often collected using marketing research surveys and interviews involving consumers, medical professionals and business professionals. In most cases, prior to being shared with a research client, the survey data is combined into aggregate form without any personally identifiable information. Similarly, in most cases, information from research interviews or focus groups is combined and summarized without any personally identifiable information being provided to our clients. In the event that personally identifiable information is to be shared with a research client or its affiliates, the participant will be notified prior and provided an opportunity to opt-out of participation or discontinue the research, and no personally identifiable information will be shared.

Screen Engine/ASI may disclose personal information, including personally identifiable information, collected during research activities to data controllers or data processors contracted by Screen Engine/ASI to perform or assist in the performance of marketing research surveys or other marketing research activities as specified by Screen Engine/ASI (research suppliers). Any research supplier engaged by Screen Engine/ASI is contractually obligated to comply with the principles set forth in this policy.

Personal information is used for research purposes only and will not be used to market any products or services unless that possibility has been clearly disclosed in advance to research participants and explicit, opt-in consent has been given by the research participant.

The data types collected and purpose for collection:

  • Contact information: Some or all of the following – name, email address, telephone number, birth date, zip code, location information, interests, and other demographic information. We may also automatically collect computer data such as IP addresses, browser type, domain names, access times and referring website addresses. Such actively submitted, personally identifiable information is used to reply to any information request or comment; to respond to survey technical support needs, or other communication that you, the survey participant, may direct to Screen Engine/ASI or affiliated websites; and to process survey incentive payment
  • Self-reported survey research responses: Such information, usually collected via online surveys is reported in aggregate and reported without contact information for the purpose of providing marketing research guidance to our research clients.
  • Audio and video recordings: This data is most often collected in the qualitative research context during interviews or focus groups and used by research moderators and interviewers as a reference for research report writing and is not shared with research clients without explicit consent of research participant. In some types of marketing research, we use recordings for behavioral coding. The purpose of the behavioral coding information is to quantify and operationalize the activities that participants do when interacting with a product or environment.
  • Online survey application passive electronic information: Our online survey application uses “transient cookies” also known as session cookies for the purposes of holding a session key that will enable an online survey participant to log back into a survey if for any reason the participant must stop, or their internet connection is interrupted. Once the browser is closed, the cookie is removed. IP addresses are stored for the duration of a research study to avoid responder duplication and for data security purposes. Web browser user agent data is collected to indicate web browser client and version so that we can deliver the optimal survey experience to the user and debug any technical survey issues.
  • Psychophysiological and sensorimotor data: For certain research projects, we collect physiological data (e.g. electrodermal activity, heart rate, electromyography, electroencephalography and eye movement and gaze information) in response to stimuli. This information is used in aggregate form to provide additional insights to marketing research.

For purposes of this disclosure, Personal Information does not include: publicly-available information from government records; de-identified or aggregated consumer information; health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) or the California Confidentiality of Medical Information Act; information covered by certain sector-specific privacy laws including the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act, or the California Financial Information Privacy Act.

Choice in Participation

Screen Engine/ASI ensures that participation is voluntary, and the nature and purpose of the research is disclosed to research participants in advance of research.

Screen Engine/ASI will respect the right of anyone to refuse requests to participate in research and the right of those already engaged in research to terminate their participation.

Personal information is used for research purposes only. If personal information is to be disclosed to a third party other than agents performing research tasks on behalf of Screen Engine/ASI or to be used for a purpose that is materially different from that originally disclosed to or authorized by individuals, research participants will be provided with clear and explicit, choices regarding the use of their information.

Sensitive information such as health or medical information, race, ethnicity, political opinions, religious beliefs, trade union membership, sex life of an individual, or criminal history, will require affirmative, express, opt-in consent from individuals if that information is to be disclosed to a third party other than agents performing research tasks on behalf of Screen Engine/ASI or used for a purpose other than that for which it was originally collected or authorized for use by individuals via an opt-in choice.

Accountability for Third-Party Data Transfers

We may share information with our clients, select partners, and third service party providers if such sharing will help us perform a business or technical support function. Third party service providers may assist us with conducting screenings, focus groups, and/or surveys, as well as helping us to maintain and manage our data and information, communicate with our users and clients, and service our Sites and technology infrastructure. Before disclosing Personal Information to third parties, we enter into a contract that describes the purpose and requires the recipient to both keep the Personal Information confidential and not use it for any purpose other than that described in the contract. Any personal data transferred to a third party acting as an agent or controller may only be used for limited and specific purposes required by the market research.

Personal information transferred to a third party acting as a data controller must provide the same level of protection as the Privacy Shield Principles require.

Personal information transferred to a third party acting as an agent are required to provide at least the same level of privacy protection as the Privacy Shield Principles require.

Third party agents working for Screen Engine/ASI or in partnership with Screen Engine/ASI are required by contract to comply with Screen Engine/ASI data privacy policies and the code of standards and ethics for marketing research and data analytics of either the Insights Association or ESOMAR.

Screen Engine/ASI understands that it may be liable for violations which occur during the onward transfer of data to third parties. Screen Engine/ASI also understands that the individual may invoke binding arbitration, under certain conditions.

Please be advised that Screen Engine/ASI We reserves the right to disclose personal identifying data if required to do so by law or in the good faith belief that such action is necessary to, among other things: (a) comply with legal process served on us; (b) protect and defend our rights or property; and (c) act under exigent circumstances to protect the personal safety of our users, employees, or the public.

In the event that we or some of our assets are sold or transferred or used as security, or to the extent we engage in business negotiations with our business partners, the information collected via the Services may be transferred or shared with third parties as part of that transaction or negotiation. We may also provide information or provide access to information to any of our affiliated businesses or to our business partners.

Data Security

Screen Engine/ASI will maintain the security of personal information, and protect the integrity of such information, with a commercially reasonable and appropriate degree of care.

We take specific steps to safeguard any sensitive data, such as storing information on secure servers in a controlled environment and using encryption when sensitive information is transmitted electronically to other websites or third parties. We make reasonable efforts to help ensure the integrity and security of our network and systems and follow CCPA and GDPR protocells as well as layered security approach in our cloud environments.

Data Integrity and Access

Screen Engine/ASI limits the personal information that it processes to that which is relevant for the purposes of the specific data processing needs. Personal information is not processed in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the individual. To the extent necessary for these purposes, reasonable steps are taken to ensure that personal information is reliable for its intended use, accurate, complete and current.

Screen Engine/ASI retains personally identifiable information only for as long as it serves a purpose for processing that is compatible with the purposes for which the information was collected or subsequently authorized by the individual.

Individuals have the right to access their personal information provided as a part of our marketing research and be able to correct, amend or delete that information where it is inaccurate or processed in violation of the Privacy Shield Principles except where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy or where the rights of persons other than the individual would be violated. Upon request, Screen Engine/ASI will permit individuals to access their personal information as indicated in this paragraph, however, for security purposes, adequate identification and verification will be required.

Recourse, Enforcement, and Liability

Screen Engine/ASI has mechanisms in place to ensure compliance with the Privacy Shield Principles. Screen Engine/ASI conducts an annual self-assessment of its data privacy practices in order to verify that the attestations and assertions Screen Engine/ASI makes about its Privacy Shield practices are true and that privacy practices have been implemented as represented and are consistent with the Privacy Shield Principles.

In compliance with the EU-US and Swiss-US Privacy Shield Principles, Screen Engine/ASI commits to resolve complaints about the privacy and our collection or use of personal information.

Screen Engine/ASI has further committed to refer unresolved privacy complaints under the EU-US and Swiss-US Privacy Shield Principles to the INSIGHTS ASSOCIATION PRIVACY SHIELD PROGRAM, a non-profit alternative dispute resolution provider located in the United States and operated by the Insights Association.

Data Privacy for Children and Minors

Screen Engine/ASI maintains procedures to assure that information about children or other categories of sensitive information is only collected with explicit consent and is protected against improper use, consistent with applicable law. Prior to conducting a research project with children or young people, Screen Engine/ASI will identify and comply with any applicable laws including the Children’s Online Privacy Protection Act (COPPA) which requires verifiable parental or legal guardian’s consent for interviewing children below the age of 13 years.

Screen Engine/ASI complies with the EU-US Privacy Shield Framework and Swiss-U.S. Privacy Shield Frameworks (Privacy Shield) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the United Kingdom and Switzerland to the United States in reliance on Privacy Shield.

Screen Engine/ASI has certified to the Department of Commerce that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement, and Liability with respect to such information. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

CONTENT SECURITY

Screen Engine/ASI has established an information security framework and policies based on the System & Organization Control (SOC) framework.

All copyrighted video content provided digitally to Screen Engine/ASI by our clients are securely stored on our servers and promptly and securely removed once they are no longer needed to conduct research. All digital video content is streamed using AES 128-bit encryption and is further secured using Digital Rights Management (DRM), user-level dynamic watermarking, and domain origin restriction, to restrict access and prevent piracy attempts. Access to these systems is tightly controlled and limited, the systems secured using Access Control Lists, Identity Access Management roles, and Security Groups, and all activity recorded and logged.

All copyrighted video content provided physically to Screen Engine/ASI by our clients are securely stored in our screening facility. Physical access is controlled both at the perimeter and at building ingress points using video surveillance, intrusion detection systems and other electronic means.