This Privacy Policy explains how Dig Insights collects, uses, discloses, and otherwise processes any information, including any information that identifies, relates to, describes or is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to a specific individual, that is protected under applicable Privacy Legislation (“Personal Information”) concerning their use of our website and services. The policy defines the rights of individuals who engage with us through our services or our digital tools and platforms as prospective Customers, research partners, or Respondents regarding their personal information.
When we use the terms "Dig Insights", “DIG”, "we", "us", or "our" in this Privacy Policy, we are referring to Dig Insights Inc.
When we use the term "Services," we refer to our interactions with Customer representatives, participation in our market research studies, and use of our Platform.
When we use the term "Website", we refer to https://www.diginsights.com/, any subsites, and any other website that links to this Privacy Notice.
We may need to change this Privacy Policy from time to time as our processing activities and applicable laws change. If we modify our Privacy Policy, we will post the revised version here, with an updated revision date. You agree to visit this page periodically to be aware of and review any such revision. If we make significant changes to our Privacy Policy, or if required by applicable law, we may also notify you by other means before the changes take effect, such as by posting a notice on our Website or sending you a notification based on your selected preferences for communication. By continuing to use our Website and services after such revisions are in effect, you accept and agree to them and abide by them.
Due to the nature of our business operations, Dig Insights operates as both a Data Controller and Data Processor under the definitions of the General Data Protection Regulation (GDPR) and other relevant privacy legislation. The sections below describe when and how Dig Insights falls into those roles.
Where Dig Insights is the collector and identified controller of Personal Information, as defined by the GDPR, the organization is thus generally responsible for the security and integrity of an individual’s data throughout its processing.
For this policy, Dig Insights is the Data Controller for data collected when you use our Website, become a Customer, or provide your information directly to the organization for job opportunities, marketing information, or other communications.
If you have any questions regarding your privacy or wish to exercise your data subject rights, as described in Section 7, “Your Rights & Responsibilities,” of this policy, please use the contact details provided in Section 11, “Contact Information.”
When providing our Services to our Customers, either through contracted consultative work or self-service subscription to our Platform (collectively "Customers"), we process information on their behalf (defined in our Master Services Agreement as "Customer Data" and/or "Platform Data"). In such instances, Dig Insights acts as a "Data Processor" (or similar term under applicable laws) and only processes such Customer Data or Platform Data on behalf and under the instruction of the Customer, who is the Data Controller.
Our Services are integrated with third-party services, and these Services and our Website may contain links to third-party websites, including those of our business partners. By interacting with these third parties, you provide information directly to them and not to Dig Insights. This Privacy Policy does not apply to those third-party services.
Please note that Dig Insights is not responsible for the privacy practices of these third parties or any entity it does not own or control. We encourage you to review those third parties' privacy notices and online terms to learn more about how they handle your personal information.
WHEN we collect
We may ask you to provide personal information when:
If you provide us with a third party’s personal information (the person’s name, email and company), you represent that you have the third party’s permission to do so.
WHAT we collect
Depending on the interaction, we collect a variety of information from you that meets the classifications for Personal Information, as defined by the GDPR and other applicable privacy laws and frameworks. The information you provide is done so freely and voluntarily when using or participating in any of the services offered by Dig Insights. As with all personal information, you are granted the standard data subject rights defined in section 7, “Your Rights & Responsibilities,” of this policy.
Examples of the types of information which Dig Insights may collect are as follows:
For Customers:
We collect personal information that may include first and last name, business email address, phone number, and company name. This information will be used to establish a relationship between Dig Insights and your organization, create a Platform account for you, and provide you with shared information.
For Respondents:
We collect any information provided by our research panel providers in the form of pseudonymized responses or aggregate data, which may include answers to screening questions, such as demographic information (e.g., gender, location, industry of employment), as well as other relevant questions. We also collect your responses to questions in focus groups, interviews, surveys, or through the Platform, which may include your name if it appears on the screen or chat of a virtual event. We may also collect photographs, audio recordings, and video recordings that capture your reactions and responses to questions as part of our qualitative research studies, which include collecting data on your physical characteristics.
Additional notes:
As job applicants, we collect personal information that may include your first and last name, personal email address, phone number, and address. The specific information we collect here will depend on the details you provide in your resume and cover letter.
WHEN we collect
When you land on any of our web pages, we automatically collect information about your visits to the Website and the Platform through cookies and similar tracking technology.
WHAT we collect
The information we collect automatically includes:
We may also collect information when you open our email messages or click on links within them.
WHEN we collect
Dig Insights will collect personal information directly from Customers or research panel providers as part of our research activities in a project workflow.
WHAT we collect
When Customers provide Dig Insights with information, we will receive participant lists that include contact details for individuals that the Customer would like to include in the research study. These details typically include the data subjects' first and last names and email addresses.
When collecting information from research panel providers, Dig Insights will receive general, pseudonymized demographic information and opinion data of respondents. We may also obtain contact information if we need to conduct additional screening or follow up, such as for incentives.
Dig Insights will only retain any collected Personal Information for as long as necessary to complete our objective, as defined or described at the point of collection, or as required or permitted by law. Dig Insights will responsibly and securely dispose of the data once the information is no longer required or has reached its defined retention date. Personal Information provided to Dig Insights will never be sold to any third party or used to train artificial intelligence (AI) or large language models (LLM).
If Dig Insights is required to process your Personal Information for a new, unrelated, or secondary purpose, we will notify you or your guardian/representative to obtain consent for the new purpose or rely upon another prescribed exception under which applicable privacy legislation applies for the use or disclosure. Where your consent is used as the basis for the secondary use or disclosure, you can withdraw your consent at any time. Where the secondary use or disclosure includes sensitive information (i.e., physical characteristics), Dig Insights will take reasonable steps to ensure the information is de-identified before it is disclosed or used.
The following provides specific and additional guidance on how we use Personal Information depending on your relationship with Dig Insights:
For Website Users:
For Customers:
For Respondents:
Your opinion data is used to create insights and market research for our business Customers. Dig Insights uses your demographics to categorize and aggregate data into specific groups in these reports. Respondents who consent to the collection of their sensitive personal data, specifically their physical characteristics captured during video interviews, can rest assured that this data is only used internally to help us identify insights from their opinions.
Our Platform and Services
Personal information provided to Dig Insights through our research tools and Platform or as part of our consulting studies will only ever be shared with our Customers associated with that project, and only in a limited or aggregate format whenever possible. Photographs and video interviews collected as part of these projects may also be shared with our Customers and their associates for market research purposes, as consented to at the point of collection. Dig Insights will never share your Personal Information with any third parties that were not identified when you provided your consent.
Legal Disclosures
Occasionally, Dig Insights may be required to disclose personal information in response to a lawful request, such as a subpoena or other legal process, as specified in the applicable legislation.
We cooperate with government and law enforcement officials, as well as private parties, to the extent required by law, subpoena, or other legal processes as defined within applicable legislation. This may include the disclosure of your personal information in response to any lawful requests where we believe or are compelled to share data to comply with any legal obligations, enforce or apply our terms and conditions, respond to claims and legal process, protect our services, members, dealers, our rights and/or the safety of the public or any person, or prevent or stop any illegal, unethical or legally actionable activity.
We attempt to notify individuals about legal demands for their personal data when appropriate in our judgment, unless prohibited by law or court order, or when the request is an emergency.
Change in Control
We may share some or all of your personal information in connection with or during the negotiation of any merger, financing, acquisition or dissolution transaction, or proceeding involving the sale, transfer, divestiture, or disclosure of all or a portion of our business or assets. In the event of an insolvency, bankruptcy, or receivership, personal information may also be transferred as a business asset. If another company or individual acquires our business or assets, that company or individual will possess the personal information collected by us and will assume the rights and obligations regarding your personal information as described in this Privacy Policy, unless you agree otherwise.
As an organization committed to protecting and preserving the quality of the data it collects and processes, Dig Insights has implemented security and privacy-by-design controls throughout its operations. These controls have been developed to align with the requirements of the ISO 20252 standard for data quality in market, opinion, and social research to prioritize the protection of our participants’ data. Likewise, our research tools and Platform have been built in alignment with the requirements of the SOC 2 standard, and Dig Insights has received validation and attestation of its SOC 2 compliance by accredited external auditors to confirm our security practices.
Due to our commitment to delivering world-class service to our Customers, we securely store your Personal Information on isolated servers operated by our cloud service providers using data centers in Canada. To provide our services, Dig Insights uses cloud solutions from Microsoft and Amazon Web Services (AWS).
When we collect and process personal information, and while we retain it, we will protect it using commercially acceptable means to prevent loss, theft, unauthorized access, disclosure, copying, use, or modification.
When using our research tools and Platform, you are responsible for selecting any password and its overall security strength, ensuring the security of your information within the bounds of our services.
Access to private, sensitive, and confidential information, including your personal information, is restricted to authorized personnel with legitimate business reasons.
All Dig Insights personnel are required to maintain the confidentiality of personal information at all times, and failure to do so will result in appropriate disciplinary measures.
We follow reasonable technical and management practices to help protect the confidentiality, security, and integrity of data stored on our system. While no computer system is completely secure, the measures implemented by our Website reduce the likelihood of security problems to a level appropriate to the type of data involved. We employ physical, electronic, and procedural safeguards concerning the collection, storage, and disclosure of any personal contact information. We encrypt the transmission of sensitive information using Secure Sockets Layer technology (SSL).
Dig Insights complies with all applicable privacy legislation in the regions where it operates and has aligned its privacy program with the requirements of the General Data Protection Regulation (GDPR). Where another privacy law enforces more restrictive controls, Dig Insights will implement those requirements to protect the security and integrity of your Personal Information.
Dig Insights extends the same privacy rights and services to all its Customers and end users globally, regardless of their jurisdiction. If you live in a region that provides additional privacy rights not described here, those rights are also available as required by the applicable privacy law.
The available privacy rights for individuals who have provided Dig Insights with their personal information include the following:
Where Dig Insights uses automation or AI systems with personal information, we limit its usage to preserve the integrity and original context of the data. Dig Insights will never use these solutions to make decisions about an individual, modify or utilize the content in a way that could harm the individual, and will never allow AI systems to learn or train using personal information. Please refer to section 9, “Your Privacy & AI at Dig Insights”, for further details.
If you want to exercise any of the rights described above, please utilize our Data Subject Rights portal or contact our team at privacy[at]diginsights.com.
You also have the right to submit a complaint to your local organizations responsible for enforcing the privacy legislation applicable in your territory.
By utilizing Dig Insights' tools, Platform, Services, and Website, you understand and agree that you are solely responsible for correcting, updating, or modifying all of your Personal Information as it appears in, and as otherwise stored or contained in Dig Insights' systems. Unless otherwise directed, Dig Insights will not correct, update, modify, or prematurely delete any Personal Information provided by you without your explicit direction as defined by your Data Subject Rights, as described and provided above.
We retain information as long as it is necessary to provide our services to you and our Customers, subject to any applicable legal obligations to retain such information for an extended period.
We may also retain information to comply with applicable laws, prevent fraud, collect fees, resolve disputes, troubleshoot problems, assist with investigations, enforce our Terms of Service, and take other actions permitted by law.
The information we retain will be handled in accordance with the requirements of this Privacy Policy and applicable privacy laws.
Information connected to you that is no longer necessary and relevant to providing our services may be de-identified or aggregated with other non-personal data. This information may provide Dig Insights with commercially valuable insights, such as statistics on the use of our services.
In your interactions with Dig Insights, your information may be subject to AI Systems as a part of our process and workflow. Our organization prioritizes the security of your data and makes every effort to ensure that your information and your privacy are not affected by our actions to preserve your rights. The AI systems used by Dig Insights have been chosen because they are isolated, ensuring that your information is only accessible to our personnel, and have been configured never to train their underlying models using your data.
As a Customer, your business contact information may be used with AI systems to help identify potential opportunities for improvement in our sales and services. We may also use AI systems to analyze meetings to record meeting notes, identify key topics and information, and schedule future meetings. Customers who are concerned with which services and subcontractors we utilize can find a complete list on our Trust Center at https://trust.diginsights.com. For further information, including the specific obligations of Dig Insights, please refer to our Service and/or Data Processing Agreements, available at https://diginsights.com/legal-trust-hub/.
As a job applicant, your resume may be analyzed by an AI system to help our team develop our interview questions. Likewise, interview notes may be created or summarized by an AI system to support our hiring teams with records and key discussion points. At no point are decisions made by autonomous systems; all opinions and decisions are made by human personnel, including the hiring manager, with support from our Human Resources team.
As a research participant, your pseudonymized data may be processed by AI systems to assist with the aggregation and analysis of survey responses. These use cases are limited in scope to segmentation or identifying patterns and insights by demographic. As with job applicants, all AI system outputs are closely reviewed by our personnel and not used as the final product. Dig Insights will always prioritize the use of aggregate or fully anonymized data where possible. When pseudonymized data is used, we will ensure that measures are taken to prevent any re-identification. We also enforce our security and privacy requirements on all AI system providers to ensure that your data is appropriately processed and deleted when it is no longer necessary.
We process data in various locations and rely on legally provided mechanisms to lawfully transfer data across borders, such as contracts incorporating data protection and sharing obligations. We also offer the capability of securely returning, transferring, and/or disposing of personal information.
We will only collect and process your personal information with your consent and where we have a lawful reason to do so.
When you visit our Website and provide us with your personal information, we collect and use it with your consent.
When you become a Customer, your agreement with our terms and conditions establishes your consent to our collection of your personal information.
As a respondent, you are provided with our privacy notice and consent agreement at the point of collection. You must provide your informed consent before providing us with your opinion data for market research.
As an end user of our Upsiide platform, you consent to our collecting your personal information when you create an account through our self-service portal or as an extension of your contractual agreement with Dig Insights.
You can review the terms and conditions of use for our research tools and Platform in the legal section of our Website, located at https://diginsights.com/legal-trust-hub/.
Where we rely on your consent to process personal data, you have the right to withdraw or decline your consent at any time. If you have any questions about the lawful bases upon which we collect and use your personal information, please get in touch with us at privacy[at]diginsights.com.
How to select your communications preferences
You may choose to receive or not receive marketing communications from us. If you no longer wish to receive these messages, please click our email’s “Unsubscribe” link to stop receiving marketing communications. Even if you opt out of receiving marketing communications, we may still communicate with you regarding security and privacy issues, servicing your account, fulfilling your requests, or administering any promotion or program you may have elected to participate in.
You may choose which information we collect automatically from your device by controlling cookie settings on your browser or through our Cookie Preferences.
You may contact us to exercise any of your rights or ask for more information about your personal information and our privacy practices by contacting us at:
Dig Insights, Inc.
Attn: Privacy Officer
390 Bay Street, Suite 2901
Toronto, Ontario, Canada M5H 2Y2
privacy@diginsights.com
If you are living in the European Union (EU) or the United Kingdom (UK) and would like to contact a GDPR representative in your jurisdiction, please utilize the following contacts.
| EU Representative | UK Representative |
|---|---|
| Osano International Compliance Services Limited ATTN: Z7FC 25 North Wall Quay Dublin 1 D01 H104 | Osano UK Compliance LTD ATTN: Z7FC 42-46 Fountain Street Belfast Antrim BT1 - 5EF |
The following appendices provide more detailed guidance on Dig Insights' commitments under specific privacy legislation in its operating regions. These sections prioritize and identify the legislation our organization has aligned with in developing this policy and our privacy program.
Dig Insights follows the Personal Information Protection and Electronic Documents Act (PIPEDA), which obligates them to comply in the following areas: accountability, identifying purposes, consent, limiting collection, limiting use, disclosure, and retention, accuracy, safeguards, openness, individual access, and challenging compliance. These principles are supported in this policy and in internal policies and procedures. If you have any questions, please get in touch with us at privacy[at]diginsights.com.
If you are based in one of these jurisdictions, Dig Insights is the controller of your personal data collected in the following instances:
Dig Insights is a processor of your personal data when it is provided to us by trusted third parties, such as market research panels or our Customers. This data is processed on behalf of our Customers and only for the purpose for which it was originally collected.
We only process personal data if we have a lawful basis for doing so. The lawful basis applicable to our processing as a controller are as follows:
You have the following rights under the GDPR:
We process personal data in various locations and jurisdictions and share anonymized versions of this data with our service providers. We use standard contractual clauses, approved by the European Commission or the competent UK authority (as applicable), as the data transfer mechanism for transferring personal data from the EEA or the UK to other countries subject to data transfer requirements.
For any questions or concerns, you may contact us at privacy[at]diginsights.com.
You may also lodge a complaint with your local supervisory authority, EU Data Protection Authorities (DPAs) or Swiss Federal Data Protection and Information Commissioner (FDPIC). See their contact details here National Data Protection Authorities.
Under the California Privacy Rights Act (CPRA) - which amended and expanded on CCPA - Connecticut Data Privacy Act (CTDPA), Virginia Commonwealth Data Protection Act (CDPA), Utah Consumer Privacy Act (UCPA), and the Colorado Privacy Act (CPA), consumers may be able to exercise the following rights concerning the personal information we have collected about them (subject to certain limitations at law):
Please note that if exercising these rights limits our ability to process personal information (such as a deletion request), we may no longer be able to provide you with our products and services or engage with you in the same manner. Additionally, Dig Insights has established processes (including reviewing business processes, systems, and resources periodically) to ensure consumers who exercise any of the above rights under US state privacy laws are not discriminated against.
To exercise any of your rights mentions above, please submit a request by contacting us at privacy[at]diginsights.com or by visiting our Data Subject Access Request portal.
We will need to verify your identify before processing your request.
In order to verify your identity, we will generally require sufficient information from you to match it to the information we maintain about you in our systems. Sometimes, we may need additional personal information from you to be able to identify you. We will notify you.
We may decline a request where we cannot verify your identity or locate your information in our systems or as permitted by law. In this case, we may request that you provide additional information reasonably necessary to authenticate you and your request.
You may choose to designate an authorized agent to make a request under the CCPA on your behalf. No information will be disclosed until the authorized agent's authority has been reviewed and verified. Once an authorized agent has submitted a request, we may require additional information (i.e., written authorization from you) to confirm the authorized agent's authority.
If you are an employee or former employee of a Dig Insights Customer that uses our Platform and Services, please direct your requests and/or questions directly to your employer or former employer.
If you are a third party (auditory, business associate, etc.) who was given access to the Platform by one of our Customers, please direct your requests and/or questions directly to the Customer who gave you access.
If Dig Insights does not take action on your Consumer Rights Request within the 45 days, or in the event of an extension, within the maximum 90-day response period, we will inform you in writing of the reasons for not taking action, as well as provide an explanation of any rights you have to appeal the decision. For opt-out or limit use and disclosure requests submitted under the CCPA, Dig Insights will respond as soon as feasibly possible, with up to a maximum of 15 days.
For consumers residing in Virginia, within 60 days of an appeal, and for consumers residing in Colorado, within 45 days of receipt of an appeal, Dig Insights will inform the consumer, in writing, of any action taken/not taken in response to the appeal, including an explanation of the reasons for the decisions. If the appeal is denied, Dig Insights will provide consumers with an online mechanism, if available, or another method which allows the consumer to contact the Attorney General to submit a complaint.
Minors Under Age 16
Our Platform and Services are intended for business use, and we do not expect them to be of any interest to minors. We do not intentionally collect any personal information of consumers below the age of 13. If you believe that a child under 13 may have provided us their Personal Information, please get in touch with us at privacy[at]diginsights.com. Following contact, Dig Insights will request the age of the data subject who is a minor and get the consent of the holder of parental responsibility for the minor, where Dig Insights needs to process that personal information.