Privacy Policy for Residents of the European Economic Area

Our Privacy Commitment

Effective Date: May 25, 2018

NOTE: This policy is directed to residents of the European Economic Area (“EEA”), if you are located outside of the EEA, please refer to NORC’s Privacy Policy for U.S. Residents and other non-EEA residents.

Protection and proper use of your personal information is very important to us and we are committed to having proper processes for the collection, use and protection of it. The purpose of this section is to explain what information we collect from you; how the personal information that you are asked to submit or have submitted will be used by NORC; how your personal information is protected and transferred and to provide the information that you need to provide your consent to this use.

If You are Under 16 Years Old

NORC’s website www.norc.org is not aimed at children under 16 years old and we will not collect, use, provide or process in any other form any personal information of children under the age of 16 deliberately.

We therefore also ask you, if you are under 16 years old, please do not send us your personal information (for example, your name and email address). If you are under 16 years old and you nevertheless wish to contact us or use this website in anyway which requires you to submit your personal information please get your parent or guardian to do so on your behalf.

1. Purpose of Collecting Personal Information

Your personal information is collected by NORC when you provide it to us for participation in research conducted by NORC. Your participation in NORC’s research is voluntary and your express consent to participate will be required before you can participate in our research.

NORC does not resell your personal information.

We will not otherwise use or disclose your personal information without your consent except (i) as described in this privacy policy or at the time you provide your consent to participate in our research, (ii) as required by court order or other government or law enforcement authorities in order to comply with legal process or law, (iii) in the event of a legitimate interest of NORC (iv) in order to protect and defend our rights and property, or (v) or as consented by you as a participant in research performed by NORC.

2. Types of Personal Information Collected

The type of information NORC may collect from you varies depending on the specifics of each research project, but will often times include the collection of personal information. In addition to the collection of personal information, you may be asked to voluntarily provide or disclose Sensitive Data. “Sensitive Data” may include personal information that discloses or reveals health and medical conditions, sexual orientation or sexual life, political opinions/views, race/ethnic origin, religious and philosophical beliefs and trade-union membership.

We may also create de-identified information from such information (as defined in Item 3 below) that you provide to us and used per the paragraph below described as ‘Creation of De-Identified Data’. If it is reasonably necessary, we may disclose all or part of this information to a third-party (such as a service provider) and/or relevant NORC personnel, for NORC to meet any of its legal and regulatory obligations to you including but not limited to the assessment of your inquiry and the implementation of a response arising out of the assessment.

3. Creation of De-Identified Data.

We may create De-Identified Data records from personal data by excluding information (such as your name) that makes the data personally identifiable to you. Once we create De-Identified Data, this De-Identified Data is NORC’s property. We use this De-Identified Data for research purposes and other purposes consistent with NORC’s stated mission. NORC reserves the right to use and disclose De-Identified Data to third parties in its absolute discretion.

4. Career Information

If you apply for a career with us we will collect the information you provide to us in any forms you fill in plus your resume (or for example your LinkedIn profile) if you provide that to us. We may also carry out background and other checks, but will only do so with your permission which will be separately requested. If you become an employee then your data will no-longer be subject to this privacy policy but will be subject to certain other policies applicable to our employees. Personal information that you provide to us when applying for a career will be used for the purpose of proceeding with such application and it may be provided to third parties who may carry out recruitment, testing and other recruitment related services for us. These third parties may be based overseas. We may also create anonymous information from such information that you provide to us and used per the paragraph below described as ‘creation of anonymous data’.

5. Recipients of Personal Information

NORC will take all reasonable steps to ensure that your personal information is only received by third parties that are either subject to this Privacy Policy or follow practices at least as protective as those described in this Privacy Policy. Access will be limited to only those authorized individuals within NORC whose role is essential to accomplishing the stated purpose for collecting your personal information.

6. Retention and Storage of Personal Information

Collected personal information shall be stored for as long as NORC has your consent to do so, or is required to do so in accordance with all applicable data privacy laws and regulations. We will not retain your personal information for longer than is necessary for our business purposes or for legal requirements.

7. Security of Personal Information

NORC is required to meet all applicable regulatory compliance standards for data protection and to take appropriate organizational and technical measures to protect your personal information from:

  • misuse;
  • theft;
  • unauthorized disclosure or access; and
  • loss.

We maintain physical, electronic and procedural safeguards for the collection, storage and disclosure of personal information and NORC’s security procedures mean that we may request proof of identity before we disclose your personal information to you. Wherever online portals and/or third-party service providers are used, NORC ensures that these require the same level of security and data protection standards

However, due to the design of the Internet, ever-changing technology and other factors outside of our control, NORC cannot guarantee that communications between you and our servers will be free from unauthorized access by third parties or that we will not be subject to security breaches.

8. Transfer to USA and other Jurisdictions & EU-US Privacy Shield

NORC data is managed from multiple offices within the United States and your personal information may be transferred there. Whenever NORC transfers personal information to countries outside of the European Economic Area in the course of sharing information as set out herein, we will ensure that the information is transferred in accordance with this Privacy Policy and as permitted by the applicable laws on data protection.

If we send your personal information overseas, the recipients are required to store and use it only in accordance with NORC’s data policies. NORC may make your personal information available to government authorities when required by law.

9. Rights

With respect to your personal information collected and held by NORC, you have the right to:

  • access the personal information we process on you;
  • request restriction of our use;
  • rectify inaccuracies in the personal information;
  • deny or withdraw your consent to all or some of our use of your personal information collected by us;
  • lodge a complaint with a supervisory authority
  • subject to paragraph 4 above, request deletion of your personal information from our system of records. However, in such event we may not be able respond to or engage further with you; and review, change or delete details you have supplied us with or wish to exercise any of your other rights, please contact us as set out below. NORC aims to keep its records as accurate as possible.

10. Cookies and Similar Technologies

Some NORC research involves collecting information that research participants submit via their computers. In these circumstances, NORC may also collect certain information automatically, such as information about: (i) your device or computer and its capabilities, including, without limitation, the operating system, the applications or programs on your device or computer, IP address, device carrier, device type, time zone, network status, browser type, browser identifier, unique device identification number, carrier user ID (a number uniquely allocated to you by your network provider), media access control address, international mobile equipment identity, locale and other information that alone or in combination may be used to uniquely identify your device or computer; and (ii) your activities in connection with NORC’s research. Specific examples of this information, and the technology that collects it, are below:

  • Cookies
    Cookies are small files that store certain data on a device or computer. NORC may use session and persistent cookies for several purposes including, without limitation, to provide a better survey experience, quality control, validation, to enable or facilitate survey participation, tracking of completed surveys or other completed actions, and for fraud detection and/or prevention. Session cookies expire when you close your browser. Persistent cookies remain on your device or computer indefinitely until deleted. NORC may use third parties to provide services and certain functionality to NORC, including, without limitation, panelist fraud detection services. NORC may use contracts with such third parties to control their use of cookies and to limit their use of cookies to the limited purposes set forth in the contracts.
  • Log Files
    For some research projects, NORC may automatically gather and store certain information in log files, including, without limitation, data available from your web browser, including, without limitation, IP Address, browser type, internet service provider, referring/exiting pages, operating system, date/time stamp and click stream data.
  • Watermarking
    Generally, watermarking involves placing a technology or file on your device or computer to identify that it has previously been used to register with or access NORC’s research. Watermarking is used for quality control and validation purposes and fraud detection and/or prevention purposes. NORC may engage in watermarking activities directly or through a third party vendor.

11. Data Protection Officer

NORC 55 East Monroe Street, Chicago, IL 60603, United States is the data controller for your personal information. Any questions that you have concerning this Privacy Policy or NORC’s collection and use of personal information should be addressed to NORC’s data protection officer for the EEA region, who can be contacted at privacy@norc.org.

NORC’s business changes constantly and our Privacy Policy will change also. Please check our website frequently and regularly to see recent changes. Unless stated otherwise, our current Privacy Policy applies to all information that we have about you.

How To Contact Us


​Should you have other questions or concerns please contact NORC at commhelp@norc.org. ​​