EU-U.S. Data Privacy Framework (DPF), U.K. Extension to the EU-U.S. DPF & Swiss-U.S. DPF Clarion Research Policies for EU, U.K., and Swiss Data Collection Effective October 16, 2023 Clarion Research Inc. ("Clarion Research," "we," or "us") is a full-service marketing research company located in the United States, with headquarters in New York, NY. As a marketing research company, we collect data from study participants in order to help our clients understand the needs of their customers or members, as well as the general marketplace. This data is often collected through online surveys, though it can also be collected through phone interviews, focus groups and other research methodologies. Clarion Research Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the U.K. Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the United Kingdom, and Switzerland to the United States. Clarion Research has certified to the Department of Commerce that it adheres to the Dats Privacy Framework Principles. If there is any conflict between the terms in this privacy policy and the Data Privacy Framework Principles, the Data Privacy Framework Principles shall govern. To learn more about the Data Privacy Framework program, and to view our certification, please visit https://www.dataprivacyframework.gov/s/. The information we gather The nature of any research conducted by Clarion Research will be communicated to research participants upfront and with full transparency. As part of our research studies, we receive the information that you voluntarily provide, which generally includes information regarding your attitudes and preferences, your purchase behaviors and/or hobbies, as well as certain demographic information to be used in analyzing the data (such as your age, gender or income level). Please note that any information we ask for is always strictly for research purposes and Clarion Research never asks for your financial account numbers or passwords. If you participate in one of our online studies that permit respondents to chat interactively, please be aware that your posts and chats may be visible to other members of the board, so anything you choose to reveal there may become publicly known. These types of studies include “bulletin board” online research studies, online focus groups and MROC’s (Market Research Online Communities) and similar studies where forums of people are brought together for research purposes. The same is true for offline studies where groups of respondents are brought together, such as in person or on the phone focus groups and ideation sessions. We may also receive personally-identifiable information from a third-party (e.g., our client) who may request that we contact you to participate in a research project and from third-party providers of address and phone lists. In those instances, we may receive basic personal information (such as name, age, etc.), your connection with the third-party, your interests and/or product ownership, and your contact information (e.g., email address, phone number) from such third-party. We or our third-party sample provider(s) may use digital fingerprinting technologies to assign a unique identifier or “Machine-ID” to a user’s computer to identify and track the computer. We work principally with a third-party provider to deploy this technology (the “Technology”) and do not use it to collect personally identifiable information, or track the online activities, of the user of a computer; and the Technology will not disrupt or interfere with the use or control of a computer or alter, modify or change the settings or functionality of a computer. We use the unique identifier to assist our clients in ensuring the integrity of survey results (to ensure that one person does not complete a survey multiple times). The third-party provider may use and analyze publicly available information and data obtained from the computer’s web browser and from other publicly available data points, including, without limitation, the technical settings of the computer, the characteristics of the computer, and the computer’s IP Address, to create a unique identifier assigned to the computer. The Technology may employ both cookies as well as locally shared objects (also known as “flash cookies”). The unique identifier is an alpha-numeric ID. Additionally, to assist our clients in protecting and ensuring the integrity of survey results, we (a) may link or associate your unique identifier to you and any of your personally identifiable information; (b) may share your unique identifier with sample or panel providers; and (c) may receive or obtain a unique identifier linked to you from a third-party, including, without limitation, a sample or panel provider or a client of Clarion Research. Any unique identifier(s) received or obtained by Clarion Research and linked to a specific individual will be protected in accordance with this Privacy Policy. How we use your information Research project respondent information is used solely for research purposes. We will never try to sell our respondents anything; we are only interested in opinions. When you complete a research project, your responses are generally analyzed in aggregate with all other respondents' information and reported not individually, but in the aggregate. We support the rights of our survey respondents by limiting the use of their information for legitimate marketing research purposes and are active in supporting industry organizations created to uphold ethical survey research (this support includes making every effort to conform to the organizations’ ethical standards), such as the Insights Association. We will never share our survey respondents’ email addresses or personally identifiable information with anyone except our clients and agents (vendors). Agents collect or use the personal information under the instructions of, and solely for, Clarion Research and have access to this data strictly for purposes related to carrying out the research, such as hosting a survey or processing data. Clarion Research will obtain assurances from our agents that they will safeguard personal information consistently with this policy. All agents and sub-contractors must sign an NDA, confidentiality or "chain of trust" agreement. Clients who hire Clarion Research to conduct their market research are usually not provided with respondent level survey data that includes personally identifiable information, other than demographic information needed for data analysis (e.g., gender, income level). However, occasionally our Clients request contact information or customer IDs of survey participants for record keeping, validation or other business purposes. When a client requests such information for an EU, UK, or Swiss citizen, Clarion will only comply if the research participant grants permission to share this information and said Client agrees in writing that it will not use the respondent level survey data for targeted marketing to specific study participants. We may also disclose your personal information to a third-party when required to do so by law (including to meet national security or law enforcement requirements), or to protect someone’s safety, or our rights or property. Choice Research participants in the EU, the UK, and Switzerland will be given the opportunity to choose (opt out) whether the personal information they share is to be disclosed to a third party (e.g., our client), other than when a third party is acting as an agent to perform a specific task on behalf of and under the instructions of Clarion Research (e.g., survey hosting or tabulating data). If there is ever a need for us to collect more sensitive information than the information described previously, such as your name or contact information, or other information that may be considered sensitive per the regulations in your country, we will inform you at the beginning of the study that we will be asking for this type of information and we will provide the option for you to opt-out, either from participating in the study and/or providing that information. Research participants will also be given the opportunity to choose (opt out) whether the personal information they provided can be used for a materially different purpose for which it was originally collected or subsequently authorized by the individual. Compliance with Law; Children’s privacy protection We strive to conform with the federal Children’s Online Privacy Protection Act (COPPA), the CAN-SPAM Act, and other privacy regulations and guidelines in the US and other countries. Occasionally, we conduct research with children under the age of 13, but only with parental or legal guardian consent, as required by COPPA. Depending on the sensitivity of the topic and, for international studies, the prevailing national laws where the research respondents reside, we may also seek parental or legal guardian consent for interviewing children 13 and older. If a parent or guardian learns that a child of theirs who is under the age required by the national laws where they reside has provided us with personal information without their permission, such parent or guardian may contact us at the email address or mailing address listed at the bottom of this Privacy Policy if he or she would like this information deleted from our records. We will use reasonable efforts to delete the child's information from our databases. Data Security We take the security of your information seriously. Access to your personal information is restricted and limited to Clarion Research staff members and third parties who have an explicit need to access such information for a legitimate business purpose, such as sending email invitations, hosting an online survey or processing data. We take reasonable precautions to protect personal information in our possession from loss, misuse and unauthorized access, disclosure, alteration and destruction. Accountability for Onward Transfer Third party agents who work with Clarion on studies involving personal data of EU, UK, and Swiss citizens are contractually obligated to provide at least the same level of privacy protection as required by the Principles. Clarion has potential liability in cases of onward transfer to 3rd party agents in accordance with the accountability for onward transfer principle. Access to and Correction of Your Information We will make available to you your personal information in our custody or control that we have collected, upon your written request, to the extent required and/or permitted by applicable law so that you can correct, amend, or delete information where it is inaccurate, or has been processed in violation of the Principles, except where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated. In order to request access to your information, contact us in writing at the physical or email addresses provided below, and we will attempt to fulfill your request within 30 days. Recourse, Enforcement and Liability In compliance with the EU-U.S. DPF, the U.K. Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF Principles, Clarion Research commits to resolve complaints about your privacy and our collection or use of your personal information. European Union, UK, and Swiss individuals with inquiries or complaints regarding this privacy policy should first contact Clarion Research at: 212-664-1100 survey@clarionresearch.com Research participants can file a complaint directly with Clarion Research at no cost to the participant and can expect a response within 45 days of the filing date. Clarion Research has further committed to refer unresolved privacy complaints under the EU-US DPF Principles, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF Principles to the The Insights Association Data Privacy Framework Services Program, a non-profit alternative dispute resolution provider located in the United States and operated by the Insights Association. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.insightsassociation.org/Resources/Data-Privacy-Framework/Information-for-EU-Swiss-Citizens-to-file-a-complaint for more information and to file a complaint. Finally, as a last resort and in certain limited situations, EU, UK, and Swiss research participants may invoke binding arbitration before the EU-U.S. Data Privacy Framework Panel or the Swiss-U.S. Data Privacy Framework Panel, as applicable. Clarion Research is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).