about

Privacy policy

Great Question Privacy Policy

Your privacy is important to us. It is Great Question, Inc's policy to respect your privacy regarding any information we may collect from you across our website, https://greatquestion.co, and other sites we own and operate. This policy is effective as of August 6, 2024.

Information we collect

Log data

When you visit our website, our servers may automatically log the standard data provided by your web browser. It may include your computer’s Internet Protocol (IP) address, your browser type and version, the pages you visit, the time and date of your visit, the time spent on each page, and other details.

Device data

We may also collect data about the device you’re using to access our website. This data may include the device type, operating system, unique device identifiers, device settings, and geo-location data. What we collect can depend on the individual settings of your device and software. We recommend checking the policies of your device manufacturer or software provider to learn what information they make available to us.

Personal information

We may ask for personal information, such as your:

  • Name
  • Email
  • Social media profiles
  • Date of birth
  • Phone/mobile number
  • Home/Mailing address
  • Work address
  • Website address
  • Payment information
  • Tax/SSN/Medicare/etc. number

Business data

Business data refers to data that accumulates over the normal course of operation on our platform. This may include transaction records, stored files, user profiles, analytics data and other metrics, as well as other types of information, created or generated, as users interact with our services.

Legal bases for processing

We will process your personal information lawfully, fairly and in a transparent manner. We collect and process information about you only where we have legal bases for doing so.

These legal bases depend on the services you use and how you use them, meaning we collect and use your information only where:

  • it’s necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract (for example, when we provide a service you request from us);
  • it satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote our services, and to protect our legal rights and interests;
  • you give us consent to do so for a specific purpose (for example, you might consent to us sending you our newsletter); or
  • we need to process your data to comply with a legal obligation.

Where you consent to our use of information about you for a specific purpose, you have the right to change your mind at any time (but this will not affect any processing that has already taken place).

We don’t keep personal information for longer than is necessary. While we retain this information, we will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorized access, disclosure, copying, use or modification. That said, we advise that no method of electronic transmission or storage is 100% secure and cannot guarantee absolute data security. If necessary, we may retain your personal information for our compliance with a legal obligation or in order to protect your vital interests or the vital interests of another natural person.

3. EU-US Data Privacy Framework

  • Great Question complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) as set forth by the U.S. Department of Commerce.  Great Question has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/

 

  • In compliance with the EU-U.S. DPF, Great Question commits to cooperate and comply with the advice of the panel established by the EU data protection authorities (DPAs)) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF.
  • In compliance with the EU-U.S. DPF, Great Question commits to resolve DPF Principles-related complaints about our collection and use of your personal information.  EU individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF should first contact Great Question at: [email protected]
  • Great Question is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). The FTC has the authority to investigate our business practices and take enforcement action if it determines we have engaged in unfair or deceptive acts or practices affecting commerce. This includes the FTC's ability to issue civil investigative demands, conduct hearings, seek injunctive relief, and impose monetary penalties for violations of FTC regulations or orders. We are committed to complying with all applicable FTC rules and regulations.
  • Under certain conditions, individuals have the right to invoke binding arbitration under the EU-US Data Privacy Framework (DPF). This arbitration option is available as a last resort mechanism for addressing unresolved complaints regarding an organization's compliance with the DPF Principles.

To be eligible for arbitration:

  1. The individual must have first raised the issue directly with the organization and allowed the organization to resolve the issue.
  2. The individual must have submitted the complaint to the relevant Data Protection Authority (DPA) in the EU or to the Department of Commerce in the US, and the complaint process must have been completed without resolution.
  3. The complaint must not have already been resolved by other mechanisms or previously been subject to arbitration.

If these conditions are met, an individual may initiate binding arbitration by providing notice to the organization. The arbitration will be conducted by a panel of one or three neutral arbitrators, as agreed by the parties. The arbitration panel has the authority to impose individual-specific, non-monetary equitable relief to ensure compliance with the DPF Principles.

It's important to note that while arbitration decisions are binding on all parties involved, they do not set any precedent for other cases.

For more detailed information on the arbitration process and requirements, individuals should consult the official EU-US DPF documentation or seek legal advice.

  • Great Question recognizes its responsibility and potential liability when transferring personal data to third parties. We are committed to ensuring that any onward transfers of personal data comply with applicable data protection laws and regulations.

In cases where we transfer personal data to third parties:

  1. We remain liable for the proper handling and protection of the personal data we've collected, even after transferring it to a third party.
  2. We take reasonable and appropriate steps to ensure that the third party recipient acts in a manner consistent with our privacy obligations. This includes conducting due diligence on the third party's data protection practices and entering into appropriate contractual agreements.
  3. If a third party processes personal data in a manner inconsistent with our privacy obligations, we remain fully liable for any damages or non-compliance, unless we can prove that we are not responsible for the event giving rise to the damage.
  4. In the event of unauthorized access, use, or disclosure of personal data by a third party recipient, we will take appropriate measures to address the incident, including notifying affected individuals as required by law.
  5. We will cooperate with data protection authorities and affected individuals to address any issues arising from onward transfers to third parties.

Great Question is committed to transparency in our data handling practices. If you have any questions about our onward transfer policies or our liability in such transfers, please contact our data protection officer.

4. Collection and use of information

We may collect, hold, use and disclose information for the following purposes and personal information will not be further processed in a manner that is incompatible with these purposes:

  • to provide you with our platform's core features;
  • to process any transactional or ongoing payments;
  • to enable you to access and use our website, associated applications and associated social media platforms;
  • to contact and communicate with you;
  • for internal record keeping and administrative purposes;
  • for analytics, market research and business development, including to operate and improve our website, associated applications and associated social media platforms;
  • to comply with our legal obligations and resolve any disputes that we may have; and
  • to consider your employment application.

Additional Limits on Use of Your Google User Data

Notwithstanding anything else in this Privacy Policy, if you provide the App access to the following types of your Google data, the App's use of that data will be subject to these additional restrictions:

  • The App will only use access to read, write, modify or control Google calendar data to provide a client that allows users to schedule and book customer interviews, and will not transfer this Calendar data to others unless doing so is necessary to provide and improve these features, comply with applicable law, or as part of a merger, acquisition, or sale of assets.
  • The App will not use this data for serving advertisements.
  • The App will not allow humans to read this data unless we have your affirmative agreement for specific content, doing so is necessary for security purposes such as investigating abuse, to comply with applicable law, or for the App's internal operations and even then only when the data have been aggregated and anonymized.

5. Retention and Security

Except as otherwise specified herein, we don’t keep personal information for longer than is necessary to enable our business relationship with you. While we retain this information, we will protect it within commercially acceptable means to prevent loss and theft, unauthorized access, disclosure, copying, use or modification. We may retain your personal information for our compliance with a legal obligation or in order to protect your vital interests or the vital interests of another natural person.

 

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to access such data. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality. As required under the General Data Protection Regulation (GDPR), we will report any applicable breaches to you or any appropriate authorities. That said, we advise that no method of electronic transmission or storage is 100% secure and cannot guarantee absolute data security. If you have any questions or concerns about your data usage, please contact us. Our website may include links to third party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy practices. When you leave our website, we encourage you to read the privacy notice of every website you visit.

6. Disclosure of personal information to third parties

We may disclose personal information to:

  • third party service providers for the purpose of enabling them to provide their services, including (without limitation) IT service providers, data storage, hosting and server providers, ad networks, analytics, error loggers, debt collectors, maintenance or problem-solving providers, marketing or advertising providers, professional advisors and payment systems operators;
  • our employees, contractors and/or related entities; and
  • courts, tribunals, regulatory authorities and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights.

7. GDPR Compliance and International transfers of personal information

The personal information we collect is stored and processed in United States and Australia, or where we or our partners, affiliates and third-party providers maintain facilities. By providing us with your personal information, you consent to the disclosure to these overseas third parties.

We will ensure that any transfer of personal information from countries in the European Economic Area (EEA) to countries outside the EEA will be protected by appropriate safeguards, for example by using standard data protection clauses approved by the European Commission, or the use of binding corporate rules or other legally accepted means.

Where we transfer personal information from a non-EEA country to another country, you acknowledge that third parties in other jurisdictions may not be subject to similar data protection laws to the ones in our jurisdiction. There are risks if any such third party engages in any act or practice that would contravene the data privacy laws in our jurisdiction and this might mean that you will not be able to seek redress under our jurisdiction’s privacy laws.

In relation to the information that you provide to us, we are legally responsible for how that information is handled. We will comply with the GDPR in the way we use and share your personal data. Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include the right to: Request access to your personal data; Request correction of your personal data; Request erasure of your personal data; Object to processing of your personal data; Request restriction of processing your personal data; Request transfer of your personal data; and the Right to withdraw consent. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. We aim to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Great Question, Inc Data Controller
Peter John Murray, [email protected]

EU/UK Representative’s Contact Information

Our EU Representative: 

Under Article 27 of the GDPR, we have appointed an EU Representative to act as our data protection agent. 

Our nominated EU Representative is: 

Instant EU GDPR Representative Ltd.

Adam Brogden [email protected]

Tel +35315549700

INSTANT EU GDPR REPRESENTATIVE LTD

Office 2,

12A Lower Main Street, Lucan Co. Dublin

K78 X5P8

Ireland

Our UK Representative:

Under Article 27 of the UK Data Privacy Act, we have appointed a UK Representative to act as our data protection agent. 

Our nominated UK Representative is: 

GDPR Local Ltd.

Adam Brogden [email protected]

Tel +44 1772 217800

1st Floor Front Suite

27-29 North Street, Brighton

England

8. Your rights and controlling your personal information

Choice and consent: By providing personal information to us, you consent to us collecting, holding, using and disclosing your personal information in accordance with this privacy policy. If you are under 16 years of age, you must have, and warrant to the extent permitted by law to us, that you have your parent or legal guardian’s permission to access and use the website and they (your parents or guardian) have consented to you providing us with your personal information. You do not have to provide personal information to us, however, if you do not, it may affect your use of this website or the products and/or services offered on or through it.

Information from third parties: If we receive personal information about you from a third party, we will protect it as set out in this privacy policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us.

Restrict: You may choose to restrict the collection or use of your personal information. If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by contacting us using the details below. If you ask us to restrict or limit how we process your personal information, we will let you know how the restriction affects your use of our website or products and services.

Access and data portability: You may request details of the personal information that we hold about you. You may request a copy of the personal information we hold about you. Where possible, we will provide this information in CSV format or other easily readable machine format. You may also request that we transfer this personal information to another third party.

Right to Erasure: You may request that we erase the personal information we hold about you at any time. 

Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details below. We will take reasonable steps to correct any information found to be inaccurate, incomplete, misleading or out of date.

Notification of data breaches: We will comply laws applicable to us in respect of any data breach.

Complaints: If you believe that we have breached a relevant data protection law and wish to make a complaint, please contact us using the details below and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint. You also have the right to contact a regulatory body or data protection authority in relation to your complaint.

Unsubscribe: To unsubscribe from our e-mail database or opt-out of communications (including marketing communications), please contact us using the details below or opt-out using the opt-out facilities provided in the communication.

9. Cookies

We use “cookies” to collect information about you and your activity across our site. A cookie is a small piece of data that our website stores on your computer, and accesses each time you visit, so we can understand how you use our site. This helps us serve you content based on preferences you have specified. Please refer to our Cookie Policy for more information. You can find our Cookie Policy here.

10. Business transfers

If we or our assets are acquired, or in the unlikely event that we go out of business or enter bankruptcy, we would include data among the assets transferred to any parties who acquire us. You acknowledge that such transfers may occur, and that any parties who acquire us may continue to use your personal information according to this policy.

11. Limits of our policy

Our website may link to external sites that are not operated by us. Please be aware that we have no control over the content and policies of those sites, and cannot accept responsibility or liability for their respective privacy practices.

12. Changes to this policy

At our discretion, we may change our privacy policy to reflect current acceptable practices. We will take reasonable steps to let users know about changes via our website. Your continued use of this site after any changes to this policy will be regarded as acceptance of our practices around privacy and personal information.

If we make a significant change to this privacy policy, for example changing a lawful basis on which we process your personal information, we will ask you to re-consent to the amended privacy policy.

 

‍This policy is effective as of August 6, 2024.

See the all-in-one UX research platform in action

Book a demoStart for free
Company
AboutCareersChangelogHelp centerPrivacyTerms
Customers
AppFolioBlinkistCanvaExperianNutrisenseOpalProcare Solutions
Features
User InterviewsPrototype TestingParticipant recruitmentExternal panelResearch calendarResearch incentivesRepositoryGreat Question AIHighlight reelsHIPAA compliance
Templates
Chatbot feedback surveyCustomer discovery interviewCustomer exit interviewCustomer journey interviewCustomer churn surveyCustomer satisfaction surveyFeature desirability surveyNet Promoter Score (NPS) surveyStakeholder interviewSystem Usability Scale (SUS) survey
Guides
User interviewsUX research methodsUX research toolsUX research repositoryCard sorting guideFocus groups guidePrototype testingResearch operationsSurvey researchTree testing

Subscribe to our newsletter

Get great UX research reads & resources every other Friday.
Thank you! Your submission has been received.
Oops! Something went wrong while submitting the form.
© 2024 Great Question, Inc. All rights reserved.
LinkedIn IconX (Twitter) iconYouTube icon