QUADRANT STRATEGIES

PRIVACY POLICY

Last Updated 7 November 2023

INTRODUCTION

Quadrant Strategies, LLC and its subsidiaries (collectively, “Quadrant”, “us” or “we”) understand that your privacy is important to you. We are committed to respecting your privacy and protecting your personal data, which includes any information that is capable of identifying you as an individual person (collectively, “Personal Data”). Please read this Privacy Policy carefully as it contains important information on who we are, and how and why we collect, store, use or share your Personal Data. It also explains your rights in relation to your Personal Data and how to contact us or supervisory authorities in the event you have a complaint. All privacy practices and methods described in this Privacy Policy apply only insofar as permitted by applicable standards, laws and requirements. Capitalized terms used in this Privacy Policy have the meanings ascribed to them herein.

SCOPE

Except as otherwise noted below, this Privacy Policy applies to the Personal Data that Quadrant processes as a controller in connection with Quadrant’s research activities and client services, that is collected from either individuals that register for or participate in our research activities, current, former and prospective clients, vendors and partners, or via our websites, applications, and communications that post a link to this Privacy Policy (collectively, the “Sites”).

Not In Scope. This Privacy Policy does not apply to Personal Data that we collect and process relating to employees, job applicants, and contractors. Please contact us using the details found below under “Contact Us” if you require these notices.

In addition, except where expressly stated otherwise, this Privacy Policy does not apply to the extent we process Personal Data on behalf of our clients or vendors as a “processor” or “service provider” under applicable privacy laws (“Third-Party Data”). Our processing of Third-Party Data is subject to the terms of our contracts with each vendor or client, who is the “controller” or “business” under applicable privacy laws for the data that we process on their behalf. In such cases, Quadrant’s vendors or clients are responsible for ensuring that there is an appropriate legal basis for the processing of Third-Party Data by Quadrant, and that appropriate notice has been provided, and any necessary consent has been obtained, for the processing of such data.

Additional Notices. In some cases, additional or supplemental privacy notices (each an “additional notice”) may be provided and will apply to certain Personal Data collected and processed by us in connection with specific services that we provide. The additional notice will control to the extent there is a conflict with this Privacy Policy, with respect to your Personal Data that is subject to that additional notice.

WHAT WE COLLECT

We collect, use and are responsible for certain Personal Data about you, as well as Research Information, as described below.

Recruitment. In order to conduct research, we directly contact or collect contact information for individuals who may participate in our research activities (“Research Participants”). We often recruit Research Participants by direct contact via public sources such as LinkedIn, Facebook or other social media profiles. We may also collect information from other publicly accessible sources, such as third-party websites or public databases. For some research, we engage third-party vendors to provide lists of potential respondents. Occasionally, the client sponsoring the research (a “Research Sponsor”) may provide Quadrant with lists of respondents they would like us to contact for research purposes. Quadrant processes such Third-Party Data we receive from vendors and Research Sponsors in accordance with the agreements between Quadrant and the party providing such data.

Research Activities. Quadrant collects Personal Data directly from Research Participants in the following ways:

Research Studies – Quadrant Recruited Participants. We collect Personal Data directly from Research Participants who take part in research activities that we administer like online polls, focus groups, online forums, panels, surveys and personal interviews. Personal Data may be collected in person, by telephone, text, email, via our website and/or a third-party video communication service. All Personal Data gathered during our research studies is collected with the Research Participant’s active and informed consent. Your Personal Data for these projects will be deleted as soon as it is no longer needed or legally required to be retained, which is typically ninety (90) days after project completion.
Quadrant Proprietary Panels. When Research Participants register to become a member of one of our market research panels, we collect and store the Personal Data required for contacting those Research Participants and determining eligibility for a particular project. We keep that Personal Data securely stored for as long as needed for recruitment to projects. However, each panelist’s Personal Data for individual projects will be deleted as soon as it is no longer needed or legally required to be retained, which is typically ninety (90) days after project completion.
Collaborative Research Activities. Quadrant often engages third-party research vendors who may recruit Research Participants with whom they have a pre-existing relationship directly into a research study and conduct the research activities with minimal participation by Quadrant or the Research Sponsor. In these cases, Quadrant may provide materials, such as interview questions or conversation guides, for the research, but will act only as an observer and collect minimal Personal Data (which could include data such as a LinkedIn link or videos from participation in a focus group). Your Personal Data for these projects will be deleted as soon as it is no longer needed or legally required to be retained, which is typically ninety (90) days after project completion.
Research Information. Quadrant may, while administering a research study, gather responses from Research Participants that do not fall within the definition of Personal Data (“Research Information”). For example, as a Research Participant, you may receive surveys from Quadrant. These surveys will ask questions about your interests, needs, and attitudes. Quadrant will receive your responses to these surveys, but your individual responses will typically be anonymized into an aggregate set of data as part of our presentation to the Research Sponsor. Another Research Information example would be redacted and blurred video recordings of a focus group or interview that are shared with the Research Sponsor. The primary exception to this is that on occasion, when requested in advance and with appropriate consent, we may provide unblurred video recordings of a focus group to a Research Sponsor. This form of Personal Data would only be used for research purposes and would be deleted as soon as it is no longer needed or legally required to be retained, which is typically within ninety (90) days after project completion. In cases where there is an exception, the specific conditions of that exception will be disclosed to Research Participants at the outset of the engagement, consent from those Research Participants will be collected, and the Research Participant will have the option to withdraw his/her consent.

Types of Personal Data Collected. We may collect the following information directly from you:

Your full name and contact information, including email address, telephone number and company details, including company name and job title
Social Security Number or other information to enable us to check and verify your identity, with your express consent
Your date of birth
Your gender information, with your express consent
National identity and race/ethnicity, with your express consent
Full address and postcode, IP address or other location data, if you choose to give this to us
Client/customer identification numbers
Your face/picture/video and voice recordings, with your express consent
Your personal or professional interests, including income, political opinions or affiliation, sexual preferences, medical ailments (not records), religious or philosophical beliefs, trade union membership, and nicknames, with your express consent
Your professional online presence, e.g., Facebook/LinkedIn/Twitter/Social media ID/handle or profiles

We collect this Personal Data as required to execute our research and other business activities. Of the information listed above, social security number, national, racial or ethnic origin, political opinions or affiliation, sexual preferences, medical ailments, religious or philosophical beliefs and/or trade union membership are also sensitive or “special category” Personal Data. In some cases, you may need to provide additional Personal Data (including sensitive Personal Data) to fully participate in a research study, such as a focus group or in-depth interview. If you do not provide Personal Data or sensitive Personal Data we ask for, it may delay or prevent us from providing services to you and to our clients. If you are offered an incentive for your participation, you must provide Personal Data (including sensitive Personal Data), such as a completed W-9 or W-8BEN form and your email address, to Quadrant or a third-party service provider with whom we have contracted to provide payments to Research Participants. If you do not provide the requested Personal Data, Quadrant will not be able to pay you any incentive payments associated with your participation in our research.

There are no other statutory or contractual requirements for you to provide us with your Personal Data.

USE OF INFORMATION

Quadrant collects and processes Personal Data and Research Information in the conduct of its research business. For example, Quadrant asks Research Participants for demographic information in order to pre-qualify members or households for surveys that target specific groups. Quadrant also uses this information to ensure that our research projects accurately represent the audience’s population as a whole. Quadrant may also use your Personal Data or Research Information in order to comply with all applicable laws and corporate reporting obligations.

Personal Data and Research Information may be combined with information collected about you by Quadrant from public records. These sources of information help us conduct our research activities, such as online surveys, in-depth interviews, and focus groups.

Research Participants always have the opportunity to decline involvement or to “opt out” of the research project after agreeing to participate. Please refer to the “How to Exercise Your Rights” section of this Privacy Policy.

Our processing of your Personal Data for the purposes mentioned above may be wholly or in part based on:

Our legitimate interests. We may process your Personal Data in furtherance of our legitimate business interests, such as, providing access to the services that we have contracted to Research Sponsors, protecting, maintaining and improving our market research services, and generally operating or improving our business;
Your consent. Where required by applicable law, Quadrant will obtain your consent to this Privacy Policy and our collection, use and disclosure of your Personal Data;
Performance of our contract with you. You will be required to share your Personal Data (full name and contact information) with Quadrant in order to enter into a contract with us, such as our panel agreement or any other consent to participate in a research study; and/or
Compliance with laws. Processing certain information may be necessary to satisfy our legal and regulatory obligations.

DISCLOSURE OF PERSONAL DATA; DATA RECIPIENTS AND INTERNATIONAL DATA TRANSFERS

Quadrant will not intentionally disclose or transfer (and will take reasonable steps to prevent the unauthorized or accidental disclosure of) your Personal Data to third parties without a legal basis or as otherwise permitted by law, whether for such third parties’ own marketing purposes or otherwise, except as described in this section.

We may disclose your Personal Data to third-party service providers engaged by Quadrant to provide services related to the Sites as well as related to Quadrant’s business activities, including in connection with some client services, in the manner agreed upon in our client services agreements and any agreements with you. When conducting research, we may share your Personal Data with third-party service providers who perform services and functions on our behalf to support our interactions with you, including, for example, processing recruitment materials, administering surveys, hosting surveys, designing and/or operating the survey’s features, analyzing users’ interactions with a survey, conducting focus groups or interviews, or generally communicating with you. Audio recordings of interviews, focus group sessions and other research activities, which may contain Personal Data if you have shared this during the research activity, may be shared with a commercially available transcription service for the purpose of transcribing the information you provided during the research activity. Video recordings may be shared with a vendor who provides redaction and/or blurring of faces to remove Personal Data from such recordings.

We maintain processes designed to ensure that any processing of Personal Data by third-party service providers is consistent with this Privacy Policy and protects the confidentiality, security and integrity of your Personal Data. If we engage a third-party vendor to process your Personal Data, the vendor will be subject to binding contractual obligations to: (i) only process the Personal Data in accordance with our prior written instructions; and (ii) use measures to protect the confidentiality and security of the Personal Data; together with any additional requirements under applicable law.

In addition, we may disclose information about you:

To you, and, where appropriate, your appointed representative;
To our affiliates and wholly-owned subsidiaries;
For legitimate business purposes (including operating our Sites and providing services to you or our Research Sponsors);
In response to lawful requests by law enforcement authorities or other government officials,
As required by law or legal process;
When we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity;
If disclosure is necessary to protect the vital interests of a person;
To protect our property, services and legal rights;
To prevent fraud against Quadrant, our subsidiaries, affiliates and/or business partners;
To support auditing, compliance and corporate governance functions; or
To comply with any and all applicable laws.

We may also disclose or transfer your Personal Data in the event of a reorganization, merger, sale, joint venture, assignment, or other transfer or disposition of all or any portion of our business.

We collect Personal Data and Research Information globally and primarily store that information in the United States. Additionally, the Sites may be viewed and hosted by Quadrant and our third-party service providers anywhere in the world. We may transfer, process, and store your information outside of your country of residence, to wherever we, Quadrant, or our third-party service providers operate for our business purposes. Occasionally, Personal Data may be transferred by our third-party service providers from one country to another. Any such transfer of your Personal Data and Research Information will be carried out in compliance with applicable laws and covered by appropriate contractual requirements.

We have put in place legal mechanisms designed to ensure adequate data protection of your Personal Data that is processed by Quadrant and any third-party service providers, including the transfer of your Personal Data to countries other than the one in which you reside or a country that has not received an ‘adequacy decision’ or similar from the relevant regulatory body. Where required by law, we ensure such transfers are subject to an adequate transfer mechanism as described by the relevant data privacy law. If you would like more information about these legal mechanisms, which may include the European Union (“EU”)’s Standard Contractual Clauses, please contact us using the details found below under “Contact Us.” By using any of the Sites, providing information on any of them, or participating in our research, you voluntarily consent to the trans-border transfer and hosting of such information.

Your Personal Data may be stored by Quadrant on a server based in the United States. U.S. government authorities may have access to your Personal Data stored on U.S. servers pursuant to U.S. surveillance laws but there currently are no effective redress mechanisms for those who object to this access.

DATA SECURITY

Quadrant is committed to keeping the data you provide us secure and has implemented generally accepted standards of technology and operational security to protect your Personal Data from loss, misuse, alteration or destruction. Vendors, contractors, or partners of Quadrant who have access to your Personal Data in connection with providing services to Quadrant are contractually required to keep the information confidential and are not permitted to use this information for any other purpose than to carry out the services they are performing for us.

Quadrant also safeguards Personal Data from unauthorized access. Only authorized Quadrant employees or agents and third-party service providers carrying out permitted business functions are allowed to access these databases, and these employees, agents and service providers are required to treat this information as confidential. Despite these reasonable precautions, Quadrant cannot guarantee that unauthorized persons will not obtain access to your Personal Data.

DATA ACCURACY

Quadrant takes reasonable steps to ensure that:

your Personal Data that we process is accurate and, where necessary, kept up to date; and
any of your Personal Data that we process that is inaccurate (having regard to the purposes for which it is Processed) is erased or rectified without delay.

From time to time we may ask you to confirm the accuracy of your Personal Data.

RETENTION

We retain information about you, your participation in our research, and your use of our Sites for as long as is needed to fulfill our legitimate business purposes outlined in this Privacy Policy. The specific periods for which we keep information about you vary depending on the nature of the information, why we need it, and whether the Personal Data is de-identified. We also consider the minimum and maximum necessary retention periods prescribed by applicable laws, recommended by industry standards, stated in contracts with our Research Sponsors and vendors, and other legal obligations.

COOKIES

We use cookies and similar tracking technologies, including pixel tags or web beacons (collectively “cookies”), to collect certain information on our Sites. We also permit certain third parties to use cookies and similar tracking technologies to collect information about your use of our Sites. The information collected by these tracking technologies may include (a) your internet protocol (IP) address, unique device identifiers, location, browser type, and Internet service provider information; (b) information about when and how you access and use our Sites, such as the domains you visit, what features you used and for how long, the website that referred you to us, and date/time stamps associated with your usage; (c) information about the device you use to access the Sites, such as device type, device ID, and device/browser settings; and (d) location of the device used to access the Sites derived from GPS or Wi-Fi use.

We differentiate between cookies that are essential for the technical features of the services and optional analytics cookies.

Cookie Type	Description
Essential Cookies	These are cookies that are required to enable the basic features of the Sites, such as adjusting your consent preferences and other troubleshooting and security functions. Without these essential cookies, the Sites will not perform as smoothly for you as we would like them to.
Analytics Cookies	Analytics cookies allow us to understand more about how many visitors we have to our Sites, how many times they visit us, and how many times a user viewed specific pages within our Sites. Although analytics cookies allow us to gather specific information about the pages that you visit and whether you have visited our Sites multiple times, we cannot use them to find out details such as your name or address. We use Google Analytics. For more information about Google Analytics, please refer to “How Google Uses Information From Sites or Apps that Use Our Services,” which can be found at www.google.com/policies/privacy/partners/, or any other URL Google may provide from time to time.

Cookie Type

Description

Essential Cookies

These are cookies that are required to enable the basic features of the Sites, such as adjusting your consent preferences and other troubleshooting and security functions. Without these essential cookies, the Sites will not perform as smoothly for you as we would like them to.

Analytics Cookies

Analytics cookies allow us to understand more about how many visitors we have to our Sites, how many times they visit us, and how many times a user viewed specific pages within our Sites. Although analytics cookies allow us to gather specific information about the pages that you visit and whether you have visited our Sites multiple times, we cannot use them to find out details such as your name or address. We use Google Analytics. For more information about Google Analytics, please refer to “How Google Uses Information From Sites or Apps that Use Our Services,” which can be found at www.google.com/policies/privacy/partners/, or any other URL Google may provide from time to time.

MINORS

Quadrant will never process the Personal Data of anyone under the age of 16 years old without their parent or guardian’s permission. In the event that we have inadvertently collected Personal Data from a person under the age of 16 without a parent or guardian’s permission, we will promptly delete such Personal Data once made aware.

YOUR RIGHTS

Depending on where you live and the types of Personal Data at issue, you may have certain rights with respect to your Personal Data. For example, under local applicable laws, including those in the EU/EEA/UK, Brazil, India and/or certain states in the United States (e.g., California) you may have the rights listed below. Please note that many of these rights are subject to exceptions and limitations.

Right of access. You have the right to know whether your Personal Data is being processed, and, where that is the case, to request access to, including a copy of, the Personal Data undergoing processing.
Right to rectification. You have the right to request that we correct or supplement any inaccurate or incomplete Personal Data we process about you.
Right to erasure/deletion (i.e., right to be forgotten). You have the right to request that we delete your Personal Data or as applicable anonymize your Personal Data.
The right to know that data processing exists. You have the right to request confirmation on how Personal Data is stored, in what way, and for what purpose.
The right to anonymization. You have the right to request that we anonymize unnecessary or excessive Personal Data.
Right to data portability. You have the right to request that we provide the Personal Data which you provided to us in a structured, commonly used, and machine-readable format; and you have the right to transmit such Personal Data to another entity.
Right to withdraw your consent. Where our processing is based on your consent, you have the right to withdraw such consent at any time. Withdrawing your consent will not affect the lawfulness of the processing we conducted prior to your withdrawal.
Right to restriction of processing. You have the right to request that we restrict the processing of your Personal Data.
Right to object. You have the right to object to our processing of your Personal Data.
Right to prohibit the selling or sharing of Personal Data. Under California law, you have the right to opt out of the sale or sharing of your Personal Data. “Share” is defined broadly and includes communicating a consumer’s personal information to a third party for valuable consideration. Currently we do not “share” or sell your Personal Data.
The right to request further information. You have the right to request more information about the public and private entities with which we have shared Personal Data and information about the possibility of withholding consent and the consequences of such decision.
The right to opt out of the use of automated decision making technology. You have the right to opt out and, if applicable, request a review of automated decisions that affect your interests. We do not use automated decision making technology at this time.
Right to opt out of our use of your sensitive Personal Data (in certain instances and if permissible under applicable law). You have the right to request the restriction of processing of your sensitive Personal Data. At the current time, however, we do not use or disclose sensitive Personal Data for purposes other than those expressed in this Privacy Policy or as otherwise permitted by applicable law, and these uses cannot be limited under California law.

You have the right to complain to a data protection authority about our collection and use of your Personal Data. If you are located in India, you also have the right to file a complaint with a grievance officer. For more information, please contact your local data protection authority or grievance officer.

If you choose to assert any of these rights under applicable laws, we will respond within the time period prescribed by applicable law. Please note that many of the above rights are subject to exceptions and limitations. If we are not able to provide the requested information or make the change you requested, then you will be provided with the reasons for such decisions.

Your rights and our responses will vary based on your state or country of residency. Please note that you may be located in a jurisdiction where we are not obligated, or are unable, to fulfill a request. In such a case, your request may not be fulfilled.

We do not discriminate against individuals who exercise any of their rights described in this Privacy Policy. However, Quadrant may require use of your Personal Data to provide access to our services or participation in our research.

HOW TO EXERCISE YOUR RIGHTS

Only you, or a person registered with the applicable government entity, where required (e.g., California), and that you authorize to act on your behalf, may make a verifiable consumer request related to your Personal Data.

The verifiable consumer request must:

Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Data or an authorized representative.
Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

Our verification process may also include a request for additional information to confirm your identity or your authorized agent’s identity (such as your name, email address, and date of birth) or to obtain proof that you have given your authorized agent permission to act on your behalf.

If our verification process is successful, then we will respond to your request within the time and in the manner required by applicable law. If we cannot validate the identity of you and/or your authorized agent or obtain proof that you have given your authorized agent permission to act on your behalf, then we will attempt to contact you to inform you.

You can contact Quadrant in the following ways:

Email: dataprotection@quadstrat.com
Phone: +1 (844) 707-1507
Postal Mail: 4301 Connecticut Ave | Suite ML1, Washington, DC 20008

In certain instances, you may also designate an authorized agent to submit a request on your behalf. To do so, you must (1) provide that authorized agent written and signed permission to submit such request, and (2) verify your own identity directly with us. Please note, we may deny a request from an authorized agent that does not submit proof that they have been authorized to submit such request.

UNSUBSCRIBE

If you have submitted an inquiry through our Sites, or if you receive invitations to surveys or events from Quadrant and you prefer not to receive future electronic communications from us, please follow the instructions on the page of the Site where you have provided such information, subscribed or registered or write to dataprotection@quadstrat.com to unsubscribe from all Quadrant communications.

COMMERCIALLY RECOGNIZED OPT OUT SIGNAL

Quadrant generally recognizes commercially recognized opt-out preference signals (e.g., Global Privacy Controls). Recognition of this signal applies only to the specific device and/or browser that communicates the signal and does not cross over to all devices/browsers you use to access the Quadrant services.

CHANGES

We may update this Privacy Policy from time to time to reflect changes to our practices, technology, legal requirements, and other factors. When changes are made to this Privacy Policy, they will become effective immediately upon posting. You can check the date at the top of this page to see when this Privacy Policy was last revised. We encourage you to review this Privacy Policy periodically for the latest information on our information processing practices.

CONTACT US

If you have any questions about our Privacy Policy or if you would like to communicate with our Data Protection Officer, please contact us at:

Quadrant Strategies, LLC

dataprotection@quadstrat.com

Phone: +1 (844) 707-1507

Mail: 4301 Connecticut Ave | Suite ML1 Washington, DC 20008