Last updated on October 26th, 2020
In this Privacy Notice we would like to inform you about how we process your personal data when (a) accessing and navigating our company website (the Imperium website at https://www.imperium.com), (b) contacting us via our customer portal, online contact form, contact email addresses or regular postal mail and (c) with regard to our Imperium products and services. Furthermore, we inform you about your data subject rights according to the General Data Protection Regulation (GDPR).
This Privacy Notice is for your information. Should we need your consent for the collection and processing of your personal data, we will obtain it separately.
1. General information
The data controller of your personal data is Imperium LLC, 4 Research Drive Suite 600, Shelton, CT 06484 “Imperium”, “us”, “we”).
Imperium’s EU Representative is Chris Watson and can be contacted at firstname.lastname@example.org.
2. How to contact us
In the event that you have any issues, concerns, or complaints, or would like additional information about Imperium’s privacy practices, please contact Imperium by sending an e-mail to email@example.com.
Imperium’s Data Protection Officer can be reached at firstname.lastname@example.org.
3. What kind of personal data does Imperium collect and why?
3.1 Data collection when accessing the Imperium website
When you access the Imperium website, the browser used on your device automatically sends data to the server of our website, which is temporarily stored in a log file. This log file data includes IP address of the requesting browser, date and time of access, website from which the access occurs, browser type and version, operating system of the accessing device, access provider, country and language settings.
We process this personal data to ensure a stable and secure connection to the Imperium website as well as for technical administration reasons. In doing so, we rely on our legitimate interest in providing you with a functioning website service according to Art. 6 (1) lit. f) GDPR. In addition, we process this data for analysis and product development purposes (e.g. to identify possible technical errors on the website or to determine when the website is used to a particularly high degree) based on our legitimate interests (Art. 6 (1) lit. f) GDPR) in troubleshooting and optimizing the website. You may at any time object to the above processing based on our legitimate interests by sending us a short message using the contact details provided above.
3.2 Data collection when directly interacting with us
In connection with our customer portals that we offer for some of our products, for instance for Real Mail or Real Answer, we collect a user name, the email address, password and IP address for each customer.
When you contact us via our contact forms, for instance https://www.imperium.com/contact/, by mail (e.g. at privacy@Imperium.com or sales@Imperium.com) or at our postal mail address, we will process the personal data provided by you (e.g. name, address, telephone number, e-mail address) in our customer relationship management system. We will use such personal data
- to respond to your inquiry or request;
- in anonymized form to support our internal business objectives, namely data analyses, revisions, the development of new products, improvement of this internet presence, improvement of our services, detection of usage trends and determination of the effectiveness of our advertising campaigns);
- in order to prevent and identify abuse or fraud.
Imperium’s legal basis for processing your personal data related to direct interactions with you is our legitimate interest (according to Art. 6 (1) lit. f) GDPR) in responding to you and engaging with you, understanding your concerns and improving our services as well as mitigating or preventing fraud. To the extent you are our customer or contacting us or engaging with us through one of our customer portals, we may also base the processing of your personal data on Art. 6 (1) lit. b) GDPR.
3.3 Data collection through Imperium products and services
Imperium provides a suite of technology services and customized solutions to verify personal information and restrict fraudulent online activities. That involves, inter alia, geolocation lookup or the verification whether a user is coming from a data center, proxy, and/or a region that does not match their device settings.
Imperium’s core products (RelevantID and Registration Guard) collect different data points from respondents’ devices, such as profile data, browser details and device information in order to create a so called “Respondent ID”. Respondents may be clients, employees, panelists, suppliers, customers etc. of Imperium’s customers. Data is collected through a first party cookie that is set by Imperium’s customers, respectively. For specific products, such as Real Answer and Registration Guard, open-end responses to certain questions are collected. Imperium requires that its customers using Imperium’s services inform about Imperium’s processing and use of data, the purposes of verification and fraud prevention and the collection through the Imperium cookie, if applicable (i.e. for RelevantID and Registration Guard).
In general, the data is collected for data quality and fraud prevention purposes pursued by Imperium’s customers on our customers’ behalf. To the extent that we use collected data to improve our products and to further develop Imperium’s technologies, we base our processing of respondent data on our legitimate interest (according to Art. 6 (1) lit. f) GDPR) to provide for reliable fraud prevention and verification services and enhance the precision of fraud detection and data quality of Imperium’s services.
3.3.1 More information on RelevantID
Imperium’s core product RelevantID is a technology that prevents a user from getting into an online survey more than once by flagging known bad behavior such as coming from a proxy server. It is used by our customers for de-duping purposes, to perform respondent quality assessments, validate that a respondent’s IP has recently exhibited suspicious behaviors and represents a risk of fraud and to redirect detection and prevention services.
The Relevant ID technology collects data points from the web browser of a respondent’s computer and uses machine learning technology to identify patterns of fraud originating from an IP address. These data points include
- Browser details, such as browser name (Safari, Firefox, Chrome, etc.), mode, version, date and time, installation of certain software plug-ins, cookie settings, connection type)
- Display settings (such as screen resolution, width and height)
- Country and language information (such as country code, language settings, system language)
- Device information, such as platform (Windows, IOS, Android), IP address, mobile device information)
- Behavioural attributes (such as high number of survey starts, high number of dedupes, high number of devices or client systems)
This information will be processed through RelevantID’s proprietary algorithm to create a unique identifier, i.e. a digital fingerprint that is assigned to a respondent’s computer. Relevant ID places a first party cookie on the respondent’s device that is used as a watermark. It returns back whether a respondent has already been in a particular survey along with fraud flags that define an overall fraud score. More details on the service can be found here.
3.3.2 Real Answer
Real Answer is a web-based market research service and measures the degree to which a respondent’s response to an open-end question is suspicious of fraud or bot behavior in order to improve survey quality. Imperium’s technology enables our customers to analyze open-end responses from survey respondents for data quality and fraud prevention. The personal data collected includes respondents’ first name, last name, date of birth, street, postal code, email address in addition to open-end answers to open-end questions determined by Imperium’s customers, respectively. This means that Real Answer data may include all sort of personal data as respondents can provide for any information they want. More details on the service is available here.
3.3.3 Address Correction
Address Correction helps to ensure the accuracy of self-reported information obtained from website users or customers of Imperium’s customers. Using a proprietary database-driven technology, it cleans Imperium’s customers’ databases from undeliverable addresses. The personal data collected includes respondents’ first name, last name, date of birth, street, postal code and email address. More details on the service are available here.
3.3.4 Real Mail
Real Mail is an automated solution designed to help companies clean email lists and maintain the ability to send emails when and how they choose and is processing individuals’ names and email addresses Real Mail verifies email addresses to determine if they are valid and if email is deliverable. More information on Real Mail is available here.
3.3.5 Registration Guard
Registration Guard combines the attributes of RelevantID, RealAnswer Address Correction and Real Mail to create the most complete solution for stopping bad data at the point of entry where the source is self-reporting data in a web form. This service is used to flag invalid names entered, bad email or bot type activity. Registration Guard collects data from the web browser as specified above at 3.4.1. for RelevantID (i.e. browser details, display setting, device information and behavioural attributes), open-end answers to open-end questions determined by Imperium’s customers and also profile data (usually including respondents’ first name, last name, date of birth, street, postal code, email address). More details on the service are available here.
Verity is data validation service that provides our customers with the possibility to verify the accuracy of individuals’ data supplied by the users themselves. Verity verifies certain information (names, email or postal addresses, demographic data such as language) that individuals submit (e.g. in an online form) against databases specializing in the validation of consumer demographics. The Verity service is only available to our customers in the US. More details on the service are available here.
3.3.7 Child Guard Online
ChildGuardOnline is a parental consent validation and verification service to permit or prevent children from logging on to a website or joining a panel. ChildGuardOnline verifies the accuracy of personal information (including individual names, addresses, demographic data and social security numbers) provided by parents and guardians against a variety of databases. The Child Guard Online service is only available to our customers in the US. More information on Child Guard Online is available here.
4. Recipients of your personal data
Imperium shares personal data with other Imperium companies as follows:
- We share personal data with Imperium affiliates for data processing purposes, such as storage and maintenance.
- We share personal data with external data vendors entrusted by Imperium with data processing services. This includes name, email or other data validation and matching services, translation of open-end responses, hosting, support or other similar IT services.
- We share personal data with law enforcement agencies, regulatory organizations, courts or other public authorities to comply with applicable law or regulation or in connection with proposed or actual legal proceedings or regulatory actions.
Imperium has appropriate technical and organisational security measures in place to protect your personal data against unauthorised or unlawful use and against accidental loss, damage or destruction. We put in place strict confidentiality agreements (including data protection obligations) with our third party service providers.
6. Retention of your personal data
Imperium retains personal data collected from you where we have an ongoing legitimate business need to do so, e.g. to respond to your inquiry, provide you with a service you have requested or to comply with statutory retention obligations e.g. under tax or accounting law. When Imperium does not have any legal basis to process your personal data, we delete it. In particular, if for example a specific survey is inactive, Imperium will delete or anonymize related personal data.
7. International data transfer
Imperium is headquartered in the United States of America (USA) and therefore processes your personal data in territories outside of the European Economic Area (EEA). The personal data that you provide to us or that we collect as a result of your interaction with the Imperium website or Imperium products is transferred to the USA. However, if we process your personal data outside the EEA, we have in place appropriate measures in place providing for an adequate level of protection. In particular, we rely on the Standard Contractual Clauses by the EU Commission and supplementary technical measures such as encryption to secure international data transfers.
8.0 Your data protection rights under the GDPR
You have certain rights granted by EU data protection law. In general, you have the right to access, correct, update or request deletion of your personal data at any time. You can object to processing of your personal data, ask us to restrict processing of your personal data or request portability of your personal data. You can exercise these rights by contacting us at email@example.com.
Similarly, if we have collected and process your personal data with your consent, you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent.
You have the right not to be subject to a decision based solely on automated processing. In connection with contact requests or the use of our website, your personal data will not be subject to any decision based solely on automated processing that has a legal effect or otherwise affects you (including profiling within the meaning of Art. 22 GDPR). However, our verification and fraud prevention products automatically analyse respondent data as described for the individual products above and in a way that may have a consequences for individuals. In particular, an individual attempting to take part in a survey more than once might be hindered or a self-reported address detected as incorrect might prevent the conclusion of a contract.
You have the right to complain to a data protection authority about our collection and use of your personal data. For more information, please contact us at firstname.lastname@example.org.