Data Privacy Framework and GDPR Compliance Policy

Updated July 25, 2023

This Policy describes how Poll Everywhere complies with its legal obligations regarding the collection, use, and retention of personal information ("Personal Data") transferred from the European Union, the United Kingdom and Switzerland to the United States. This Policy supplements Poll Everywhere’s Privacy Policy at https://www.polleverywhere.com/privacy-policy

Poll Everywhere complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce. Poll Everywhere has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of Personal Data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Poll Everywhere has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of Personal Data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (“DPF”) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

This Policy also contains terms that reflect Poll Everywhere’s commitment to comply with the General Data Protection Regulation (Regulation (EU) 2016/679) and corresponding legislation in the UK (collectively, the “GDPR”).

Types of Personal Data Collected. Poll Everywhere’s adherence to the EU-U.S. DPF Principles (including the UK Extension to the EU-U.S. DPF) and the Swiss-U.S. DPF Principles and compliance with the GDPR applies to all Personal Data that is subject to the Poll Everywhere Privacy Policy and is received from the European Union, the United Kingdom (and Gibraltar) and Switzerland. Poll Everywhere will comply with the applicable DPF Principles and the GDPR in respect of the processing of Personal Data.

Purposes of Personal Data Collection and Use. Poll Everywhere will only process Personal Data in ways that are compatible with the purpose for which Poll Everywhere collected the Personal Data, or for purposes that the individual or entity providing the Personal Data later authorizes. Before we use your Personal Data for a purpose that is materially different than the purpose for which it was collected or that you later authorized, we will provide you with the opportunity to opt out. Poll Everywhere maintains reasonable procedures to help ensure that Personal Data is reliable for its intended use, accurate, complete, and current.

Disclosures for National Security or Law Enforcement. Under certain circumstances, we may be required to disclose your Personal Data in response to valid requests by public authorities, including to meet national security or law enforcement requirements.

Security. Poll Everywhere maintains reasonable and appropriate security measures to protect Personal Data from loss, misuse, unauthorized access, disclosure, alteration, or destruction in accordance with the DPF Principles and the GDPR.

Data Access and Portability Rights. You may have the right to access the Personal Data that we hold about you and to request that we correct, amend, or delete it if it is inaccurate or processed in violation of the DPF Principles or the GDPR. These access rights may not apply in some cases, including where providing access is unreasonably burdensome or expensive under the circumstances or where it would violate the rights of someone other than the individual requesting access. If you would like to request access to, correction, amendment, or deletion of your Personal Data, you can submit a written request to us as provided below. We may request specific information from you to confirm your identity. In the event your information is to be deleted, we will dispose of your information in a secure way. In some circumstances we may charge a reasonable fee for access to your information. You have the right to receive your Personal Data in a structured, commonly used and machine-readable format and the right to transmit your Personal Data to another data controller without hindrance from Poll Everywhere.

Data Retention. Poll Everywhere will retain the Personal Data that we collect about you for as long as necessary for the purposes set out in the Poll Everywhere Privacy Policy and in this Policy. Please be aware that we may also be required to retain your Personal Data for legal and accounting reasons.

Data Transfers to Third Parties. Poll Everywhere’s accountability for Personal Data that it receives under the DPF and subsequently transfers to a third party is described in the DPF Principles. In particular, Poll Everywhere remains responsible and liable under the DPF Principles if third-party agents that it engages to process Personal Data on its behalf do so in a manner inconsistent with the Principles, unless Poll Everywhere proves that it is not responsible for the event giving rise to the damage. Poll Everywhere will enter into data processing agreements with any such third parties consistent with the requirements of the DPF Principles and the GDPR.

Questions or Complaints. As further explained in the "How to Contact Us" section of the Poll Everywhere Privacy Policy, we encourage you to contact us should you have a DPF-related, GDPR-related, or general privacy-related question or complaint. In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Poll Everywhere commits to resolve DPF Principles-related complaints about our collection and use of your Personal Data. EU, UK and Swiss individuals with inquiries or complaints regarding our handling of Personal Data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF or the Swiss-U.S. DPF (as applicable) should first contact Poll Everywhere at security@polleverywhere.com or via mail at:

Poll Everywhere, Inc. 548 Market St PMB 17358 San Francisco CA 94104-5401 Attn: Legal Department

For any complaints concerning our handling of Personal Data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF or the Swiss-U.S. DPF (as applicable) that cannot be resolved with Poll Everywhere directly, in compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Poll Everywhere commits to refer such complaints to JAMS, an alternative dispute resolution provider based in the United States, and JAMS’s Data Privacy Framework Program. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/eu-us-data-privacy-framework for relevant JAMS contacts, for more information or to file a complaint. The services of the JAMS Privacy Shield Program are provided at no cost to you.

As further explained in the DPF Principles, a binding arbitration option will also be made available to you in order to address residual complaints not resolved by any other means. Poll Everywhere is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).