Your data, handled with care
This policy explains what personal data globainsight collects, how we use it, who we share it with, and the rights you have over it. It applies to visitors to globainsight.com, panellists in our research panel, and clients of the globainsight platform.
1. Data we collect
We collect account information you provide (name, work email, company), platform usage telemetry (page views, feature interactions), and - for panellists - profile attributes and survey responses you choose to share. We do not collect sensitive categories of data unless explicitly required by a study and consented to separately.
2. How we use your data
Account data is used to deliver and improve the platform, authenticate users, send service communications, and meet legal obligations. Panellist data is used to match respondents to relevant studies, calculate incentives, and maintain panel quality. We never sell personal data.
3. Legal basis (GDPR)
We process personal data on the basis of contract (delivering the service you signed up for), legitimate interest (product analytics, security), legal obligation (tax, fraud), or explicit consent (marketing, sensitive categories). You can withdraw consent at any time.
4. Data sharing
We share data with sub-processors strictly required to deliver the service: cloud hosting (AWS, EU and US regions), payment processing (Stripe), email delivery (Postmark), and customer support tooling (Zendesk). A current sub-processor list is available on request.
5. International transfers
Data may be transferred outside the EEA / UK under EU Standard Contractual Clauses and the UK International Data Transfer Addendum. Panellist data is stored regionally where possible (EU panellists in EU regions).
6. Your rights
You have rights of access, rectification, erasure, restriction, portability, and objection. Email privacy@globainsight.com to exercise any right. We respond within 30 days.
7. Retention
Account data is retained for the duration of the contract plus 7 years (tax and audit obligations). Panellist data is retained while panel membership is active, plus 12 months after closure for fraud-prevention purposes.
8. Security measures
We implement appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These include: encryption at rest (AES-256) and in transit (TLS 1.3), multi-factor authentication for all production systems, annual SOC 2 Type II audits, continuous vulnerability scanning, and mandatory security awareness training for all staff. Our full security whitepaper is available to enterprise clients under NDA.
9. Children's privacy
Our services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, contact us immediately at privacy@globainsight.com and we will delete it within 48 hours. For research studies targeting children, we require verified parental consent mechanisms audited as part of our SOC 2 controls.
10. Changes to this policy
We review this policy at least annually and update it when necessary to reflect changes in our practices, technology, or legal requirements. Material changes are communicated via email to account holders and with a prominent notice on the platform at least 30 days before they take effect. Continued use of the service after changes become effective constitutes acceptance of the updated policy.
11. California privacy rights
Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have the right to: know what personal data we collect, use, and disclose; request deletion of personal data; opt out of the sale or sharing of personal data (globainsight does not sell personal data); and not be discriminated against for exercising these rights. To submit a CCPA request, email privacy@globainsight.com or call +1 212 555 0199. We verify all requests and respond within 45 days as required by law.
12. Automated decision-making
globainsight uses AI and machine learning to score response quality, detect potential fraud, and generate insight summaries. These systems do not produce legal or similarly significant effects on individuals without human review. Panellists flagged by automated quality systems are reviewed by our Trust & Safety team before any account action is taken. AI-generated insight summaries are validated by a human researcher before delivery to clients. You have the right to request human review of any automated decision affecting you.
13. Contact
Data Protection Officer: dpo@globainsight.com. globainsight Intelligence Ltd, 14 Rivington Street, London EC2A 3DU, United Kingdom.