Effective Date: May 25, 2018
NOTE: This policy is directed to residents of the European Economic Area (“EEA”), if you are located outside of the EEA, please refer to NORC’s
Protection and proper use of your personal information is very important to us and we are committed to having proper processes for the collection, use and protection of it. The purpose of this section is to explain what information we collect from you; how the personal information that you are asked to submit or have submitted will be used by NORC; how your personal information is protected and transferred and to provide the information that you need to provide your consent to this use.
If You are Under 16 Years Old
www.norc.org is not aimed at children under 16 years old and we will not collect, use, provide or process in any other form any personal information of children under the age of 16 deliberately.
We therefore also ask you, if you are under 16 years old, please do not send us your personal information (for example, your name and email address). If you are under 16 years old and you nevertheless wish to contact us or use this website in anyway which requires you to submit your personal information please get your parent or guardian to do so on your behalf.
1. Purpose of Collecting Personal Information
Your personal information is collected by NORC when you provide it to us for participation in research conducted by NORC. Your participation in NORC’s research is voluntary and your express consent to participate will be required before you can participate in our research.
NORC does not resell your personal information.
2. Types of Personal Information Collected
The type of information NORC may collect from you varies depending on the specifics of each research project, but will often times include the collection of personal information. In addition to the collection of personal information, you may be asked to voluntarily provide or disclose Sensitive Data. “Sensitive Data” may include personal information that discloses or reveals health and medical conditions, sexual orientation or sexual life, political opinions/views, race/ethnic origin, religious and philosophical beliefs and trade-union membership.
We may also create de-identified information from such information (as defined in Item 3 below) that you provide to us and used per the paragraph below described as ‘Creation of De-Identified Data’. If it is reasonably necessary, we may disclose all or part of this information to a third-party (such as a service provider) and/or relevant NORC personnel, for NORC to meet any of its legal and regulatory obligations to you including but not limited to the assessment of your inquiry and the implementation of a response arising out of the assessment.
3. Creation of De-Identified Data.
We may create De-Identified Data records from personal data by excluding information (such as your name) that makes the data personally identifiable to you. Once we create De-Identified Data, this De-Identified Data is NORC’s property. We use this De-Identified Data for research purposes and other purposes consistent with NORC’s stated mission. NORC reserves the right to use and disclose De-Identified Data to third parties in its absolute discretion.
4. Career Information
5. Recipients of Personal Information
6. Retention and Storage of Personal Information
Collected personal information shall be stored for as long as NORC has your consent to do so, or is required to do so in accordance with all applicable data privacy laws and regulations. We will not retain your personal information for longer than is necessary for our business purposes or for legal requirements.
7. Security of Personal Information
NORC is required to meet all applicable regulatory compliance standards for data protection and to take appropriate organizational and technical measures to protect your personal information from:
- unauthorized disclosure or access; and
We maintain physical, electronic and procedural safeguards for the collection, storage and disclosure of personal information and NORC’s security procedures mean that we may request proof of identity before we disclose your personal information to you. Wherever online portals and/or third-party service providers are used, NORC ensures that these require the same level of security and data protection standards
However, due to the design of the Internet, ever-changing technology and other factors outside of our control, NORC cannot guarantee that communications between you and our servers will be free from unauthorized access by third parties or that we will not be subject to security breaches.
8. Transfer to USA and other Jurisdictions & EU-US Privacy Shield
If we send your personal information overseas, the recipients are required to store and use it only in accordance with NORC’s data policies. NORC may make your personal information available to government authorities when required by law.
With respect to your personal information collected and held by NORC, you have the right to:
- access the personal information we process on you;
- request restriction of our use;
- rectify inaccuracies in the personal information;
- deny or withdraw your consent to all or some of our use of your personal information collected by us;
- lodge a complaint with a supervisory authority
- subject to paragraph 4 above, request deletion of your personal information from our system of records. However, in such event we may not be able respond to or engage further with you; and review, change or delete details you have supplied us with or wish to exercise any of your other rights, please contact us as set out below. NORC aims to keep its records as accurate as possible.
10. Cookies and Similar Technologies
Some NORC research involves collecting information that research participants submit via their computers. In these circumstances, NORC may also collect certain information automatically, such as information about: (i) your device or computer and its capabilities, including, without limitation, the operating system, the applications or programs on your device or computer, IP address, device carrier, device type, time zone, network status, browser type, browser identifier, unique device identification number, carrier user ID (a number uniquely allocated to you by your network provider), media access control address, international mobile equipment identity, locale and other information that alone or in combination may be used to uniquely identify your device or computer; and (ii) your activities in connection with NORC’s research. Specific examples of this information, and the technology that collects it, are below:
- Log Files
For some research projects, NORC may automatically gather and store certain information in log files, including, without limitation, data available from your web browser, including, without limitation, IP Address, browser type, internet service provider, referring/exiting pages, operating system, date/time stamp and click stream data.
Generally, watermarking involves placing a technology or file on your device or computer to identify that it has previously been used to register with or access NORC’s research. Watermarking is used for quality control and validation purposes and fraud detection and/or prevention purposes. NORC may engage in watermarking activities directly or through a third party vendor.
11. Data Protection Officer