Data Privacy Framework and GDPR Compliance Policy
Updated July 25, 2023
Poll Everywhere complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce. Poll Everywhere has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of Personal Data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Poll Everywhere has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of Personal Data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (“DPF”) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
This Policy also contains terms that reflect Poll Everywhere’s commitment to comply with the General Data Protection Regulation (Regulation (EU) 2016/679) and corresponding legislation in the UK (collectively, the “GDPR”).
Purposes of Personal Data Collection and Use. Poll Everywhere will only process Personal Data in ways that are compatible with the purpose for which Poll Everywhere collected the Personal Data, or for purposes that the individual or entity providing the Personal Data later authorizes. Before we use your Personal Data for a purpose that is materially different than the purpose for which it was collected or that you later authorized, we will provide you with the opportunity to opt out. Poll Everywhere maintains reasonable procedures to help ensure that Personal Data is reliable for its intended use, accurate, complete, and current.
Disclosures for National Security or Law Enforcement. Under certain circumstances, we may be required to disclose your Personal Data in response to valid requests by public authorities, including to meet national security or law enforcement requirements.
Security. Poll Everywhere maintains reasonable and appropriate security measures to protect Personal Data from loss, misuse, unauthorized access, disclosure, alteration, or destruction in accordance with the DPF Principles and the GDPR.
Data Access and Portability Rights. You may have the right to access the Personal Data that we hold about you and to request that we correct, amend, or delete it if it is inaccurate or processed in violation of the DPF Principles or the GDPR. These access rights may not apply in some cases, including where providing access is unreasonably burdensome or expensive under the circumstances or where it would violate the rights of someone other than the individual requesting access. If you would like to request access to, correction, amendment, or deletion of your Personal Data, you can submit a written request to us as provided below. We may request specific information from you to confirm your identity. In the event your information is to be deleted, we will dispose of your information in a secure way. In some circumstances we may charge a reasonable fee for access to your information. You have the right to receive your Personal Data in a structured, commonly used and machine-readable format and the right to transmit your Personal Data to another data controller without hindrance from Poll Everywhere.
Data Transfers to Third Parties. Poll Everywhere’s accountability for Personal Data that it receives under the DPF and subsequently transfers to a third party is described in the DPF Principles. In particular, Poll Everywhere remains responsible and liable under the DPF Principles if third-party agents that it engages to process Personal Data on its behalf do so in a manner inconsistent with the Principles, unless Poll Everywhere proves that it is not responsible for the event giving rise to the damage. Poll Everywhere will enter into data processing agreements with any such third parties consistent with the requirements of the DPF Principles and the GDPR.
Poll Everywhere, Inc. 548 Market St PMB 17358 San Francisco CA 94104-5401 Attn: Legal Department
For any complaints concerning our handling of Personal Data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF or the Swiss-U.S. DPF (as applicable) that cannot be resolved with Poll Everywhere directly, in compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Poll Everywhere commits to refer such complaints to JAMS, an alternative dispute resolution provider based in the United States, and JAMS’s Data Privacy Framework Program. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/eu-us-data-privacy-framework for relevant JAMS contacts, for more information or to file a complaint. The services of the JAMS Privacy Shield Program are provided at no cost to you.
As further explained in the DPF Principles, a binding arbitration option will also be made available to you in order to address residual complaints not resolved by any other means. Poll Everywhere is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).