Effective Date: May 8, 2023
Last Updated: May 8, 2023
 

NOTE: This policy is directed to U.S. residents and other non-European Economic Area (“EEA”) residents. If you are in the EEA, please refer to NORC’s Privacy Policy for European Economic Area Residents.

This Privacy Statement outlines the information NORC collects on NORC.org and how we will use that information. We’ve developed our privacy policy from industry guidelines and standards, and local, national, and international laws and requirements. All privacy practices and methods described in this policy apply only as far as permitted by the applicable standards, laws, and requirements.

Our Privacy Policy applies to all of the Services offered by NORC and its affiliates, including some NORC partners, and Services offered on other sites, but excludes services that have separate privacy policies that do not incorporate this Privacy Policy.

Our Privacy Policy does not apply to services offered by other companies or individuals, including products or sites that may be displayed to you, or other sites linked from our Services. Our Privacy Policy does not cover the information practices of other companies and organizations who advertise our Services, and who may use cookies, pixel tags and other technologies to serve and offer relevant ads.

We collect information, including personal data, to provide better services to all our Users. We use the term “Personal Data” to refer to any information that identifies or can be used to identify you. Common examples of Personal Data include: full name, email address, digital identity, such as a login name or handle, information about your device, and certain metadata.

“Sensitive Personal Data” refers to a smaller subset of Personal Data which is considered more sensitive to the individual, such as race and ethnic origin,
political opinions, religious or philosophical beliefs, trade-union membership, genetic or biometric information, physical or mental health information, medical insurance data, or sexual orientation. 

When you use our Services, we collect Personal Data in the following ways:

1. Information You Give to Us

You may choose to provide us with Personal Data about yourself, including your name, company name, phone number, address, job title, industry, country of residence, and email address by completing forms on our website, such as when you agree to participate in a survey conducted by NORC. You may also choose to provide us with employment and education information when you apply for a job at NORC via our Site.

In some instances, you may elect to provide us with location and address information. You may also provide us with Personal Data about yourself when you report a problem or have a question about our services.

The Sites offer interactive and social features that permit you to submit content and communicate with us. You may provide Personal Data to us when you post information in these interactive and social features. Please note that your postings in some areas of the Sites may be publicly accessible or accessible to other Users.

2. Information We Obtain from Your Use of Our Services

We collect certain information automatically, such as your operating system version, browser type, and internet service provider. We also collect information about your interaction with the Services, such as creating or logging into your account, or opening or interacting with the Services on Your mobile device. When you use our Site, we automatically collect and store this information in service logs. This includes: details of how you used our Site; Internet protocol address; cookies that uniquely identify your browser, the referring web page and pages visited.  We may also collect and process information about your actual location. The information we collect automatically is statistical data and may or may not include Personal Data, but we may maintain it or associate it with Personal Data we collect in other ways or receive from third parties.

3. Cookies and Similar Technologies

NORC may use third parties to provide services and certain functionality to NORC. NORC may use contracts with such third parties to control their use of cookies and to limit their use of cookies to the limited purposes set forth in the contracts. 

We and our partners use various technologies to collect and store information when you visit one of our services, and this may include using cookies or similar technologies to identify your browser or device. We also use these technologies to collect and store information when you interact with services from our partner. Our third-party advertising and analytics partners include Google Analytics and similar partners.

The technologies we use for this automatic data collection may include:

Cookies. A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of our services. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our services.  For more information about our use of cookies, including details on how to opt-out of certain cookies, please see our Cookie Policy.

Web Beacons. Pages of our services or our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags and single-pixel gifs) that permit us, for example, to count Users who have visited those pages or opened an e-mail and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).

Clickstream Data. Clickstream data is information collected by our computers when you request Web pages from the Sites. Clickstream data may include information such as the page served, the time spent viewing the page, source of the request, type of browser making the request, the preceding page viewed and similar information. Clickstream data permits us to analyze how visitors arrive at the Sites, what type of content is popular, what type of visitors in the aggregate are interested in particular kinds of content on the Sites.

Watermarking.  Generally, watermarking involves placing a technology or file on your device or computer to identify that it has previously been used to register with or access NORC’s website. Watermarking is used for quality control and validation purposes and fraud detection and/or prevention purposes. NORC may engage in watermarking activities directly or through a third party vendor. 

Log Files. NORC may automatically gather and store certain information in log files, including, without limitation, data available from your web browser, including, without limitation, IP Address, browser type, internet service provider, referring/exiting pages, operating system, date/time stamp and click stream data. 

4. NORC research participant

If you have been contacted by NORC or invited to participate in our research, you may be asked to provide personal information. To learn more about NORC’s privacy policy for information supplied to NORC by research participants, please see the research participant policy listed below. 

We use your Personal Data in ways that are compatible with the purposes for which it was collected or authorized by you, including for the following purposes:

1. To present, operate or improve the Site and Services, including analysis of Site activity;
   
   
2. To inform you about Services and products available from NORC;
   
   
3. To authorize access to our Sites and Services;
   
   
4. To provide, maintain, administer or expand the Services, performing business analyses, or for other internal purposes to support, improve or enhance our business, the Services, and other products and services we offer;
   
   
5. To customize or tailor your experience of the Services;
   
   
6. To improve our Site and Services;
   
   
7. To secure our Services, including to authenticate Users;
   
   
8. To use statistical information that we collect in any way permitted by law, including from third parties in connection with their commercial and marketing efforts;
   
   
9. To respond to and support Users regarding their use of the Sites and Services;
   
   
10. To comply with all applicable legal requirements;
    
    
11. To perform data analysis and testing;
    
    
12. To investigate possible fraud or other violations of this Privacy Policy and/or attempts to harm our Users;
    
    
13. To resolve disputes;
    
    
14. To otherwise fulfill the purpose for which the information was provided.
    
    

We use the information we collect from our Sites to provide, maintain, and improve them, to develop new services, and to protect NORC and our Users.

We use information collected from cookies and other technologies, to improve your User experience and the overall quality of our services. We may use your Personal Data to see which web pages you visit at our Site, which web site you visited before coming to our Site, and where you go after you leave our Site. We can then develop statistics that help us understand how our visitors use our Site and how to improve it.  We may also use the information we obtain about you in other ways for which we provide specific notice at the time of collection.

We will ask for your consent before using information for a purpose other than those set out in this Privacy Policy.

In the preceding twelve (12) months, we have not sold any Personal Information.

Whenever we collect Personal Data from you, we may do so on the following legal bases:

1. Your consent to such collection and use;
   
   
2. Out of necessity for the performance of an agreement between us and you, such as your agreement to use our Services or your request for Services;
   
   
3. Our legitimate business interest, including but not limited to the following circumstances where collecting or using Personal Data is necessary for:
   
   

• Intra-organization transfers for administrative purposes;
  
  
• Service development and enhancement, where the processing enables NORC to enhance, modify, personalize, or otherwise improve our services and communications for the benefit of our Users, and to better understand how people interact with our Sites;
  
  
• Fraud detection and prevention;
  
  
• Enhancement of our cybersecurity, including improving the security of our network and information systems; and
  
  
• General business operations and diligence;
  
  

Provided that, in each circumstance, we will weigh the necessity of our processing for the purpose against your privacy and confidentiality interests, including taking into account your reasonable expectations, the impact of processing, and any safeguards which are or could be put in place. In all circumstances, we will limit such processing for our legitimate business interest to what is necessary for its purposes.

We do not share personal data with companies, organizations and individuals outside of NORC unless one of the following circumstances applies:

●      With your consent. We will share Personal Data with companies, organizations or individuals outside of NORC when we have your consent to do so.

●      For Legal Reasons. We will share Personal Data with companies, organizations or individuals outside of NORC if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:        

• meet any applicable law, regulation, legal process or enforceable governmental request.
  
  
• detect, prevent, or otherwise address fraud, security or technical issues.
  
  
• protect against harm to the rights, property or safety of NORC, our Users or  the public as required or permitted by law.
  
  

We attempt to notify Users about legal demands for their Personal Data when appropriate in our judgment, unless prohibited by law or court order or when the request is an emergency. We may dispute such demands when we believe, in our discretion, that the requests are overbroad, vague or lack proper authority, but we do not promise to challenge every demand.

●      Non-Personal and Aggregate Site Use Information. NORC may compile and share your information in aggregated form (i.e., in a manner that would not personally identify you) or in de-identified form so that it cannot reasonably be used to identify an individual (“De-Identified Information”).  We may disclose such de-identified information publicly and to third parties, or to NORC Partners under agreement with us.

We may disclose your Personal Information for legal reasons. Specifically, we will share Personal Information with companies, organizations or individuals outside of NORC if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:

• Fufill any purpose for which you provide it;
  
  
• Meet any applicable law, regulation, legal process or enforceable governmental request;
  
  
• Detect, prevent, or otherwise address fraud, security or technical issues;
  
  
• Protect against harm to the rights, property, assets or safety of NORC, our customers or the public,  content found on the Services, or to protect the Services from unauthorized use or misuse, as required or permitted by law;
  
  
• For any other purpose disclosed when you provide the information; and,
  
  
• When we obtain your consent to do so.
  
  

We attempt to notify you about legal demands for your Personal Information when appropriate in our judgment, unless prohibited by law or court order or when the request is an emergency. We may dispute such demands when we believe, in our discretion, that the requests are overbroad, vague or lack proper authority, but we do not promise to challenge every demand.

Your provision of Personal Data is required in order to use certain parts of our services and our programs.  If you fail to provide such Personal Data, you may not be able to access and use our Services and/or our programs, or parts of our Services and/or our programs. 

We may retain your Personal Data for a period of time consistent with the original purpose for collection.  For example, we keep your Personal Data for no longer than reasonably necessary for your use of our programs and Services and for a reasonable period of time afterward. We also may retain your Personal Data during the period of time needed for us to pursue our legitimate business interests, conduct audits, comply with our legal obligations, resolve disputes and enforce our agreements.

We retain your Personal Data even after your relationship with us ends if reasonably necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse, or fulfill your request to “unsubscribe” from further messages from us.

You may have certain rights relating to your Personal Information, subject to local data protection law. Whenever you use our Services, we aim to provide you with choices about how we use your Personal Data. We also aim to provide you with access to your Personal Data. If that information is wrong, we strive to give you ways to update it quickly or to delete it – unless we have to keep that information for legitimate business or legal purposes. Subject to applicable law, you may obtain a copy of personal information we maintain about you or you may update or correct inaccuracies in that information by contacting us. To help protect your privacy and maintain security, we will take steps to verify your identity before granting you access to the information. In addition, if you believe that personal information we maintain about you is inaccurate, subject to applicable law, you may have the right to request that we correct or amend the information by contacting us as indicated in the How to Contact Us section below.

Exercising Your Rights

If you choose to exercise your rights, you can:

1.     Submit a request via email to privacy@NORC.org or

2.     Send your request to Privacy Compliance Office, 55 East Monroe Street, 20th Floor Chicago, IL 60603

You may also designate an agent to exercise your privacy rights on your behalf. In order to designate an authorized agent to make a request on your behalf, you must provide a valid power of attorney, the requester’s valid government-issued identification, and the authorized agent’s valid government issued identification.

Our Response to Your Request

Upon receiving your request, we will confirm receipt of your request by sending you an email/confirming receipt. To help protect your privacy and maintain security, we may take steps to verify your identity before granting you access to the information. In some instances, such as a request to delete personal information, we may first separately confirm that you would like for us to in fact delete your personal information before acting on your request.

We will respond to your request within thirty (30) days. If we require more time, we will inform you of the reason and extension period in writing.  We will deliver our written response by mail or electronically, at your option.

In some cases our ability to uphold these rights for you may depend upon our obligations to process Personal Information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, listed below, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request.

We may deny your deletion request if retaining the information is necessary for us or our service providers to:

1.     Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;

2.     Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;

3.     Debug products to identify and repair errors that impair existing intended functionality;

4.     Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law;

5.     Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent;

6.     Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;

7.     Comply with a legal obligation; or

8.     Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

By providing an email address on the NORC Sites or Services, you agree that we may contact you in the event of a change in this Privacy Policy, to provide you with any Service related notices, or to provide you with information about our events, invitations, or related educational information.

For purposes of this Privacy Policy, “opt-in” is generally defined as any affirmative action by a User to submit or receive information, as the case may be.

We currently provide the following opt-out opportunities:

1. At any time, you can contact us through privacy@NORC.org or the address or telephone number provided below to unsubscribe from the service and opt-out of our right per your consent under the terms of this Privacy Policy to share your Personal Data.

2. At any time, you can reply “STOP” to the message in order to opt-out of receiving SMS texts.

Notwithstanding anything else in this Privacy Policy, please note that we always reserve the right to contact you in the event of a change in this Privacy Policy, or to provide you with any service related notices.

The Site is not intended for use by children.  We do not intentionally gather Personal Data about visitors who are under the age of 16.  If a child has provided us with Personal Data, a parent or guardian of that child may contact us to have the information deleted from our records. If you believe that we might have any information from a child under age 16 in the applicable jurisdiction, please contact us at privacy@NORC.org.  If we learn that we have inadvertently collected the personal information of a child under 16, or equivalent minimum age depending on jurisdiction, we will take steps to delete the information as soon as possible. 

Our Privacy Policy may change from time to time. We will not reduce your rights under this Privacy Policy without your explicit consent. We will post any privacy policy changes on this page and, if the changes are significant, we will provide a more prominent notice (including, for certain services or programs, email notification or privacy policy changes). We will also keep prior versions of this Privacy Policy in an archive for your review.

1. INFORMATION YOU SUBMIT
   
   The type of information NORC may collect from research participants varies depending the specifics of each research project, but will often times include the collection of PII as defined above. In addition to the collection of PII, you may be asked to voluntarily provide or disclose Sensitive Data. “Sensitive Data” means PII that discloses or reveals health and medical conditions, sexual orientation or sexual life, political opinions/views, race/ethnic origin, religious and philosophical beliefs and trade-union membership.
   
   
   
2. INFORMATION COLLECTED ABOUT RESEARCH PARTICIPANTS THROUGH AUTOMATED MEANS
   
   The Some NORC research involves collecting information that research participants submit via their computers. In these circumstances, NORC may also collect certain information automatically, such as information about: (i) your device or computer and its capabilities, including, without limitation, the operating system, the applications or programs on your device or computer, IP address, device carrier, device type, time zone, network status, browser type, browser identifier, unique device identification number, carrier user ID (a number uniquely allocated to you by your network provider), media access control address, international mobile equipment identity, locale and other information that alone or in combination may be used to uniquely identify your device or computer; and (ii) your activities in connection with NORC’s research. Specific examples of this information, and the technology that collects it, are below:
   
   
   COOKIES: NORC’s Use of Cookies Generally.
   
   Cookies are small files that store certain data on a device or computer. NORC may use session and persistent cookies for several purposes including, without limitation, to provide a better survey experience, quality control, validation, to enable or facilitate survey participation, tracking of completed surveys or other completed actions, and for fraud detection and/or prevention. Session cookies expire when you close your browser. Persistent cookies remain on your device or computer indefinitely until deleted.
   
   Use of Cookies by Subcontractors Generally.
   
   NORC may use third parties to provide services and certain functionality to NORC, including, without limitation, panelist fraud detection services. NORC may use contracts with such third parties to control their use of cookies and to limit their use of cookies to the limited purposes set forth in the contracts.
   
   Log Files
   
   For some research projects, NORC may automatically gather and store certain information in log files, including, without limitation, data available from your web browser, including, without limitation, IP Address, browser type, internet service provider, referring/exiting pages, operating system, date/time stamp and click stream data.
   
   Watermarking
   
   Generally, watermarking involves placing a technology or file on your device or computer to identify that it has previously been used to register with or access NORC’s research. Watermarking is used for quality control and validation purposes and fraud detection and/or prevention purposes. NORC may engage in watermarking activities directly or through a third party vendor.
   
   

3. INFORMATION COLLECTED FROM THIRD PARTIES
   
   NORC may obtain PII and demographic information from third parties, including, without limitation, information services bureaus, other sample suppliers and/or social media platforms. NORC may use the PII for various purposes, including, without limitation, data validation, data append, fraud detection purposes, and/or sending you a one-time email to invite you to participate in our research.
    

4. NORC’S USE OF INFORMATION
   
   In addition to other purposes set forth in this Privacy Policy, and in accordance with any specific research project requirements that will be made known to you as a research participant, NORC may use information as follows: (i) to communicate with you regarding your participation in our research; (ii) to communicate with you regarding your participation in our research; (iii); to comply with any and all legal obligations, including, without limitation, tax obligations; (iv) to update NORC’s records; (v) to comply with any data suppression obligations or requirements; (vi) for fraud detection and/or prevention purposes; and (vii) as otherwise permitted pursuant to this Privacy Policy or as otherwise authorized by you.

In most instances, NORC only provides non-PII data to third parties. PII is typically de-identified, anonymized, and aggregated before it is shared with any third parties. However, depending on the specific research project, there may be exceptions.

Generally, disclosures of PII by NORC to a third party are made pursuant to a written agreement between NORC and the third party, which, among other things, limits use of the PII. NORC can provide an accounting of disclosures available to the person named in the record upon request. Any accounting of PII disclosures should be made through NORC’s Privacy Compliance Office through one of the contact methods provided below.

1. With your consent, other than your consent to the processing and sharing described in this Privacy Policy and specifically this section.
   
2. Pursuant to applicable law or in response to a subpoena or an order of a court or government agency.
   
3. To establish, exercise, or defend legal claims of an individual or NORC, including in order to protect the safety of an individual or to protect NORC’s rights and/or property.
   
4. To a parent, subsidiary, or affiliate of NORC: (i) in the event of a reorganization or restructuring, or (ii) for use and processing in accordance with this Privacy Policy or as authorized by you.
   
5. To authorized agents and/or subcontractors of NORC and/or of NORC’s clients, who are providing services, including, without limitation, data append services, data validation services, fraud detection and/or prevention services, database-matching services, coding services, data segmentation services, and reward, incentive, and sweepstakes related services.
   
6. In connection with a change of ownership or control, including, without limitation, a merger or an acquisition of any or all of NORC’s business assets, provided that the party receiving or acquiring the PII agrees to use, protect, and maintain the security, integrity, and confidentiality of PII in accordance with this Privacy Policy.
   
7. As otherwise permitted pursuant to this Privacy Policy.
   

Participation in all NORC research is voluntary, and you may choose not to answer any questions you don’t wish to answer.

Generally, there are multiple opt-out options for NORC research participants. Specifics of how to opt-out of NORC research are specific to each project and will be made available to research participants in accordance with their consent to participate in a specific research project.

NORC may retain PII and other information relating to your research participation to the extent required or permitted by law.

You may request access to review, correct, delete or to object to the processing of your PII by contacting us as set forth below.

NORC maintains appropriate technical, administrative and physical safeguards to protect PII and other information disclosed or collected by NORC. NORC reviews, monitors and evaluates its privacy practices and protection systems on a regular basis. Notwithstanding the foregoing, transmissions over the Internet and/or a mobile network are not one hundred percent (100%) secure and NORC does not guarantee the security of transmissions. Please be apprised all Internet-based communication is subject to the remote likelihood of tampering from an outside source. NORC is not responsible for any errors by individuals in submitting PII to NORC.

Questions or Concerns Generally. 
If you have any questions or concerns regarding NORC’s privacy practices and/or this Privacy Policy or want to communicate an opt-out request to NORC, or want to exercise your rights to access, review, correct, delete or object to the processing of PII, please contact us via email at privacy@norc.org. You may also send a letter by U.S. Mail to:

Chief Privacy Officer 
Privacy Compliance Office 
55 East Monroe Street, 20th Floor Chicago, IL 60603

We value the opinions and feedback of our research participants to help improve our service.