Updated: June 29, 2020
LifeData also complies with requirements of the General Data Privacy Regulation (GDPR), which covers data that belongs to residents of the European Union and Switzerland. Further, as a U.S-based organization, LifeData participates in the U.S.-EU and U.S.-Swiss Privacy Shield Networks. For more information, see Section V below.
- Using Our Applications to Create Content (“LifePaks”) for Mobile Users
- Interacting With and Responding Through Our Mobile Applications
- Privacy for LifePak Creators
- Privacy for Mobile App Users/Respondents
- Privacy for European Union (EU) Residents
1. USING OUR APPLICATIONS TO CREATE CONTENT (“LIFEPAKS”) FOR MOBILE USERS
- Your data is owned by you. LifeData keeps your content private. We don’t sell it to anyone and we don’t use the responses you collect for our own purposes, except in a limited set of circumstances (e.g. if we are compelled by a subpoena, or if you’ve made your responses public).
- We safeguard respondents’ email addresses. To make it easier for you to invite people to download your LifePaks via an email address, you may upload email addresses, in which case LifeData acts as a mere custodian of that data. We don’t sell these email addresses and we use them only as directed by you and in accordance with this policy. The same goes for any email addresses collected by your LifePaks.
2. INTERACTING WITH AND RESPONDING THROUGH OUR MOBILE APPLICATIONS
- Are your responses anonymous? This depends on how the LifePak creator has configured the LifePak. Contact them to find out, or contact us to know more about respondent anonymity.
- We don’t sell your responses to third parties. LifeData doesn’t sell or share your responses with third-party advertisers or marketers (although the LifePak creator might, so check with them). LifeData merely acts as a custodian on behalf of the LifePak creator who controls your data.
3. PRIVACY FOR LIFEPAK CREATORS
1. What information does LifeData collect?
When you use LifeData web applications and websites, we collect information relating to you and your use of our services from a variety of sources. These are listed below. The sections afterward describe what we do with this information.
Information we collect directly from you
- Registration information. You need a LifeData account before you can create LifePaks in the LifePak Builder & Management System. When you register for an account, we collect your username, password, email address, street address, phone number. If you choose to register by using a third party account (such as your Twitter or Facebook account), please see “Information from third parties” below.
- Billing information. If you make a payment to LifeData, we require you to provide your billing details, such as a name, address, email address and financial information corresponding to your selected method of payment (e.g. a credit card number and expiration date or a bank account number). If you provide a billing address, we will regard that as the location of the account holder.
- EMA data. We store your LifePak and EMA data (prompts and responses) for you.
- Other data you intentionally share. We may collect your personal information or data if you submit it to us in other contexts. For example, if you provide us with a testimonial, or participate in a LifeData contest.
- We safeguard your respondents’ email addresses. Rest assured, LifeData will not email your LifePak respondents except at your direction. We definitely don’t sell those email addresses to any third parties.
Information we collect about you from other sources
- Usage data. We collect usage data about you whenever you interact with our services. Like most websites today, our web servers keep log files that record data each time a device accesses those servers. The log files contain data about the nature of each access, including originating IP addresses.
- Device data. We collect data from the device and application you use to access our services, such as your IP address and browser type. We may also infer your geographic location based on your IP address.
- Referral data. If you arrive at a LifeData website from an external source (such as a link on another website or in an email), we record information about the source that referred you to us.
- Information from third parties. We may collect your personal information or data from third parties if you give permission to those third parties to share your information with us. For example, you may have the option of registering and signing into LifeData with your Facebook account details. If you do this, the authentication of your logon details is handled by Facebook and we only collect information about your Facebook account that you expressly agree to share with us at the time you give permission for your LifeData account to be linked to your Facebook account.
- Information from page tags. We may use third party tracking services that employ cookies and page tags (also known as web beacons) to collect aggregated and anonymized data about visitors to our websites. This data includes usage and user statistics.
2. How does LifeData use the information we collect?
- To provide you with our services.
- This includes providing you with customer support, which requires us to access your information to assist you (such as with LifePak design and creation or technical troubleshooting).
- If you choose to link your LifeData account to a third-party account (such as your Twitter or Facebook account), we may use the information you allow us to collect from those third parties to provide you with additional features, services, and personalized content.
- To manage our services. We internally use your information, including certain LifePak data, for the following limited purposes:
- To monitor and improve our services and features. We internally perform statistical and other analysis on information we collect (including usage data, device data, referral data, and information from page tags) to analyze and measure user behavior and trends, to understand how people use our services, and to monitor, troubleshoot and improve our services. However, we do not use the non-public content of LifePaks (i.e. the content of prompts and responses that you have not publicly shared) for these purposes.
- To prevent potentially illegal activities.
- To screen for undesirable or abusive activity. For example, we have automated systems that screen content for phishing activities, spam, and fraud.
- To create new services, features or content (public data and metadata only). We may use public LifePak data and anonymized LifePak metadata (that is, data about the characteristics of a LifePak but not its non-public content), to create and provide new services, features or content. For example, we may look at statistics like response rates, prompt and answer word counts, and the average number of prompts in a LifePak and publish interesting observations about these for informational or marketing purposes. When we do this, neither individual LifePak creators nor LifePak respondents will be identified or identifiable unless we have obtained their permission.
- To facilitate account creation and the login process. If you choose to link your LifeData account to a third-party account (such as your Twitter or Facebook account), we use the information you allowed us to collect from those third parties to facilitate the account creation and login process.
- To contact you about your service or account. We occasionally send you communications of a transactional nature (e.g. service-related announcements, billing-related matters, changes to our services or policies, a welcome email when you first register). You can’t opt-out of these communications since they are required to provide our services to you.
- To contact you for marketing purposes.
- To respond to legal requests and prevent harm. If we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond.
3. With whom do we share or disclose your information?
We don’t sell your LifePak data.
When might we disclose your LifePak data to third parties? Only for a limited number of reasons. Most commonly, we share your information with our service providers who help us to provide our services to you. For example, we use payment processors who help us to process credit card transactions. By using our services, you authorize LifeData to sub-contract in this manner on your behalf.
Rare circumstances include when we need to share information if required by law, or in a corporate restructuring or acquisition context (see below for more details).
Sharing your LifePaks with the public. You are able to control who can download and engage with your LifePak by changing LifePak distribution settings. For example, LifePaks can be made publicly available within the RealLife Exp mobile app, Semi-private (you create and distribute a code which allows download within the RealLife Exp mobile app), or private by restricting access to people based on the email address Real Life Exp mobile app users have given us for their account.
We may disclose:
- Aggregated information to third parties to improve or promote our services. No individuals can be identified or linked to any part of the information we share with third parties to improve or promote our services.
- Your information if required or permitted by law. We may disclose your information as required or permitted by law, or when we believe that disclosure is necessary to protect our rights, and/or to comply with a judicial proceeding, court order, subpoena, or other legal process served on us.
- Your information if there’s a change in business ownership or structure. If the ownership of all or substantially all of our business changes, or we undertake a corporate reorganization (including a merger or consolidation) or any other action or transfer between LifeData entities, you expressly consent to LifeData transferring your information to the new owner or successor entity so that we can continue providing our services.
- Information you expressly consent to be shared. For example, we may expressly request your permission to provide your contact details to third parties for various purposes, including to allow those third parties to contact you for marketing purposes. (You may later revoke your permission, but if you wish to stop receiving communications from a third party to which we provided your information with your permission, you will need to contact that third party directly.)
4. What are your rights to your information?
- Update your account details. You can update your registration and other account information on your Profile page. Information is updated immediately.
- Download/backup your LifePak and response data. We provide you with the ability to export your EMA data in a variety of formats. This allows you to create your own backups or conduct offline data analysis.
5. How can personal information be deleted?
- LifePak creators may cancel their account, or allow their subscription to lapse. Any data collected prior to account cancellation or subscription end date will be permanently deleted in 180 days. (Prior to that date, any data collected may be retrieved by writing to firstname.lastname@example.org.)
- You may delete your LifePaks and associated participant data at any time through the LifeData web application once you have logged into your account. Once this action is taken by you, LifeData retains a copy for no longer than 30 days after which it will be permanently deleted.
- LifePak creators may also contact LifeData directly with specific requests to delete personal data. Send requests to email@example.com.
6. Security, cookies and other important information:
- Security. We are committed to handling your personal information and data with integrity and care. However, regardless of the security protections and precautions we undertake, there is always a risk that your personal data may be viewed and used by unauthorized third parties as a result of collecting and transmitting your data through the internet.
- To make our site easier to use. If you use the “Remember me” feature when you sign in to your account, we may store your username in a cookie to make it quicker for you to sign in whenever you return to LifeData.
- To provide you with personalized content. We may store user preferences in cookies to personalize the content you see.
- Blogs and Forums. Our website may offer publicly accessible blogs and community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. We’re not responsible for any personal information you choose to submit in these areas of our site. To request removal of your personal information from our blog or community forum, contact us at firstname.lastname@example.org. In some cases, we may not be able to fulfill your request and we will let you know why.
- Online Tracking. We currently do not process or comply with any web browser’s “do not track” signal or other similar mechanisms that indicates a request to disable online tracking of individual users who visit our websites or use our services (unless otherwise stated in a service-specific privacy statement).
- Safety of Minors and COPPA. Our services are not intended for and may not be used by minors. “Minors” are individuals under the age of majority in their place of residence (or under 13 in the United States). LifeData does not knowingly collect personal data from minors or allow them to register. If it comes to our attention that we have collected personal data from a minor, we may delete this information without notice. If you have reason to believe that this has occurred, please contact us at email@example.com
4. PRIVACY FOR MOBILE APP USERS/RESPONDENTS
1. What information does LifeData collect?
Information we collect directly from you
Are your LifePak responses anonymous? This depends on how the LifePak creator has chosen to make their LifePak available to mobile users and what personally identifiable information they may ask in the LifePak they have created. We provide instructions on how a LifePak can be delivered to specific known users or available to anyone who has the RealLife mobile application installed on their device.
Information we collect about you from other sources
- Usage data. We collect usage data about you whenever you interact with our services. Like most websites today, our web servers keep log files that record data each time a device accesses those servers. The log files contain data about the nature of each access and error logs to assist in servicing our applications. LifeData does not gather originating IP addresses from the mobile device.
- Device data. We collect data from the device and application you use to access our services, such as device type and app version. We may also gather your geographic location if you opt-in when you download the mobile application.
- Information from page tags. We may use third-party tracking services that employ cookies and page tags (also known as web beacons) to collect aggregated and anonymized data about visitors to our websites. This data includes usage and user statistics.
Providing LifePak responses is voluntary. Remember, you can always choose not to provide an answer to any given LifePak question (especially those requesting your personal information or data). However, sometimes this will prevent you from completing a LifePak if the LifePak creator has marked that question as requiring an answer.
2. How does LifeData use the information we collect?
We also use the information we collect from you (including usage data, device data, referral data and information from page tags) to manage and improve our services.
3. With whom do we share or disclose your information?
4. What are my rights to my personal data?
- LifePak mobile app users/data respondents may delete a LifePak and the associated data set from their mobile devices at any time. This removes any data from the mobile device which the LifePak has collected. This will not delete data from LifeData servers.
- LifePak mobile app users/data respondents may also make a request to delete personal information from LifeData servers directly to the Data Controller who created and administers the LifePak. Data deletion requests that originate in this way are completed within 30 days after the request is made by Data Controller to LifeData.
- For requests to access, update, or delete anything in your responses, contact the LifePak creator or administrator.
- For questions about your personal information, contact the LifePak creator or administrator
5. Security, cookies and other important information
- To make our site easier to use. If you use the “Remember me” feature when you sign into your account, we may store your username in a cookie to make it quicker for you to sign in whenever you return to LifeData.
- Blogs and Forums. Our website offers publicly accessible blogs and community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. We’re not responsible for any personal information you choose to submit in these areas of our site. To request removal of your personal information from our blog or community forum, contact us at firstname.lastname@example.org. In some cases, we may not be able to fulfill your request and we will let you know why.
- Online Tracking. We currently do not process or comply with any web browser’s “do not track” signal or other similar mechanism that indicates a request to disable online tracking of individual users who visit our websites or use our services (unless otherwise stated in a service-specific privacy statement).
Geolocation information: LifeData mobile applications collect geolocation information. You will have the option of allowing or disallowing this information to be collected along with your responses. This information can be valuable for understanding by researchers and others engaged with providing your services that benefit you.
5. PRIVACY FOR EUROPEAN (EU) RESIDENTS
- PERSONAL DATA OF EUROPEAN UNION (EU) CITIZENS
- LIFEDATA and GDPR
- LIFEDATA and PRIVACY SHIELD – NOTICE
- CONSENT, ACCESS and DISCLOSURE
- DATA SECURITY and SAFEGUARDS
- COMPLAINTS, INQUIRIES, and DISPUTES
- RECOURSE FOR DISPUTE RESOLUTION
- ONWARD TRANSFERS of PERSONAL DATA
- VERIFICATION and SELF ASSESSMENT
1. Personal Data Of European Union (EU) Citizens
LifeData products and services (e.g. LifePaks) are used by organizations that may collect the personal data of citizens of the European Union (EU), including Switzerland. Personal data of EU citizens are governed by the General Data Privacy Regulation, or GDPR. Where LifeData products or services are used to collect or process personal data of EU residents, LifeData is subject to GDPR, and complies with all requirements.
2. LifeData and GDPR
Under GDPR, LifeData operates as a data Processor. In this limited role, LifeData acts under the authority and instruction of Data Controllers who define the purpose and control the use of personal data. Data Controllers, or study sponsors, are usually LifeData customers who develop LifePaks to collect, manage, and transfer personal data for research purposes.
- processes personal data only in agreement with the Controller;
- provides appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, and
- assists the Controller in responding to individuals exercising access rights
3. LifeData And Privacy Shield – Notice
To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/
Questions about LifeData’s participation in Privacy Shield may be addressed to LifeData Privacy Officer at email@example.com.
LifeData subjects all personal data received from the EU and/or Switzerland to Privacy Shield Principles.
Finally, the U.S. Federal Trade Commission (FTC) has jurisdiction over LifeData’s compliance with the Privacy Shield. LifeData recognizes the investigative and enforcement authority of the FTC.
4. Consent, Access, and Disclosure
When LifeData products and services are used to collect personal data from EU citizens, express consent is obtained by Data Controllers. Under GDPR, Controllers must provide a description of the use and specific purpose of any personal data, as well as a date or time period when the use of personal data ends. Consent is always optional and voluntary and may be withdrawn at any time. This consent forms the legal foundation for processing personal data. In addition, LifeData as a Data Processor supports additional consent mechanisms used by Controllers or Study Sponsors.
Types of data processed by LifeData include name, email, and other personal information as defined by Data Controllers. LifeData also processes technical information such as usage statistics, browser type, or referral information.
LifeData supports Data Controller obligations to respond to data access requests, including requests to
- Withdraw consent
- Correct or delete personal data
- Receive a copy of personal data in a machine-readable format
- Be informed of any transfer of personal data outside the EU
Data access requests such as these should be addressed to Data Controllers or Study Sponsors.
LifeData may disclose personal information in order to carry out lawful processing activities. Usually, this involves the disclosure of information to a web hosting service such as Microsoft. LifeData may also share your information with payment processors who help us to process credit card transactions. Users may submit requests to limit any disclosure at any time through Data Controllers. LifeData maintains contracts with these third parties restricting their access, use and disclosure of Personal Data in compliance with the Privacy Shield Principles.
5. Data Security and Safeguards
LifeData employs reasonable and appropriate security measures to safeguard all personal data under its control. These measures are based on a periodic risk assessment that LifeData conducts on all processing activities, including all software, hardware, networks, devices, security practices, and business activities.
Specific safeguards include the following technologies:
- Authentication to manage access
- Encryption to prevent unauthorized access
- Network protection technologies, such as firewalls and malware detection
- Back-up and restore procedures to protect against data corruption, loss, and other contingencies
6. COMPLAINTS, INQUIRIES, and DISPUTES
In general, individuals should contact the Study Sponsor or Data Controller for questions regarding access to personal data. The Sponsor or Data Controller determines the use and purpose of any personal data collected or retained and is in the best position to respond to specific inquiries under GDPR. LifeData supports Data Controllers responding to data access requests and supports the rights of individuals to access their data.
If you are unsure about your Study Sponsor or Data Controller, you may contact the LifeData Privacy Officer firstname.lastname@example.org
Questions, inquiries, or complaints about LifeData processing activities under GDPR may be sent to LifeData Privacy Officer at email@example.com
LifeData supports the rights of individuals to limit or restrict the use and disclosure of their personal data. Requests to restrict the use or disclosure may be sent to the LifeData Privacy Officer at firstname.lastname@example.org
LifeData will disclose personal information under its control in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
7 Recourse for Dispute Resolution
For unresolved disputes or outstanding complaints, Individuals may seek recourse free of charge with a dispute resolution provider, namely the European Data Protection Authority (DPA) for each member nation. LifeData will cooperate with DPAs in the investigation and resolution of complaints brought under the Privacy Shield, and will comply with any advice given by the DPAs where LifeData must take specific action to comply with the Privacy Shield Principles, including remedial or compensatory measures for the benefit of individuals affected by any non-compliance. LifeData will provide the DPAs with written confirmation that such action has been taken.
Individuals with complaints about LifeData’s compliance with Privacy Shield principles, may invoke binding arbitration under the Privacy Shield in some circumstances. Specific rules for this are in Section C of Annex I of the Privacy Shield principles https://www.privacyshield.gov/article?id=ANNEX-I-introduction
In compliance with the Privacy Shield Principles, LifeData commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Lifedata at: email@example.com
LifeData has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU and Switzerland in the context of the employment relationship.
8. Onward Transfers of Personal Data
LifeData may transfer personal data to a third party outside the European Union, for example, a secure data hosting company such as Microsoft Azure. In such cases of an onward transfer, LifeData has responsibility for the processing of personal data it receives and subsequently transfers to a third party acting as an agent on its behalf. LifeData remains liable under the Privacy Shield if its agent processes such personal data in a manner inconsistent with the Principles, unless LifeData proves that it is not responsible for the event giving rise to the damage.
9. Verification and Self-Assessment
LifeData verifies through self-assessment that Privacy Shield privacy practices have been implemented in accordance with the Privacy Shield principles.
LifeData also has in place procedures for training employees in the implementation of Privacy Shield principles, and disciplining them for failure to follow it. LifeData also follows internal procedures for periodically conducting objective reviews of compliance with the above.
LifeData completes a Statement verifying self-assessment annually, it is signed by a LifeData officer and is available upon request by individuals, or in the context of an investigation or a complaint about non-compliance.
Contact firstname.lastname@example.org if you have any questions about this privacy statement.