Researcher Privacy Policy

Version 2.0 Active as of 18th April 2019

Owner and Data Controller

PingPong (PINGPONG UX LIMITED) of Belmont Place, Belmont Road, Maidenhead, United Kingdom, SL6 6TB

Contact email: legal@hellopingpong.com

About this Policy

This Privacy Policy governs your use as a paying client or moderator (“You”) of the PingPong website and service ("Services") and your participation in research. Our Services enable You to contact users to hold Interviews, market research and product feedback sessions with them.

When You use the Services to connect with other users, Your profile information will be revealed to PingPong and users who have registered a tester account with PingPong (“Testers”), who You may invite to take part in Your usability study interviews ("Research"). We won't disclose Your full name, but Testers will be able to view some of Your personal information when You consent to this.

If You have any questions about PingPong's approach to privacy, please email us at legal@hellopingpong.com.

Please note that this Privacy Policy does not apply to any data that is collected by PingPong on Your behalf and at Your request in relation to You using our chargeable services, for example when sending Research invitations to Testers, taking part in Research with Testers via the Services. Such personal data is collected and processed on Your behalf by PingPong acting as Your data processor and such personal data is processed subject to the PingPong Terms and Conditions and the provisions of the Data Processing Agreement that You agreed to with us, when ordering the Services.

When You send an invitation to a Tester to take part in Research, You give Your consent for PingPong to create an audio and video recording and text transcription of the Research (a "Video"). This will be used to backup Your notes and will allow individuals within Your company or business group to watch the Video, either live or at a later date. This allows You to use Tester feedback to improve Your products or services.

By sending an invitation to a Tester, You accept that You are voluntarily taking part in a study being facilitated by PingPong for the purpose of product and process improvement within Your business group ("Purpose"). You understand that Your participation will be recorded and that any personal information You provide and which is used by PingPong as a data controller will be collected and used in accordance with this Privacy Policy.

Further collection of Personal Data

Your Personal Data is collected to allow PingPong to provide its Services to You, as well as for user database management, managing contacts and sending messages, analytics, managing our hosting and backend infrastructure, handling payments, registration and authentication and displaying content from external platforms.

  • IP Address Data
    • Why: Several of our suppliers (Heroku, CloudFlare, Netlify, TokBox, Amazon Web Services, Google Cloud, Postmark, Mailchimp and Stripe) automatically collect Your IP address. This is a common practice for security, fraud prevention and performance purposes. In some situations PingPong may also convert Your IP address into a rough geolocation to help us improve and personalize the Services (for example, to display time data in Your local time).
    • Retention: Your IP address is required in order for You to use the Services. Each of the suppliers mentioned here retains Your IP address for different lengths of time, depending on their own published privacy policies. If You delete your account, PingPong will not store Your IP address in its own database, unless it is related to necessary legal & billing data (see below).
  • Usage Data: including Your timezone, broad location (town or district), web browser, operating system and the device You use, referral sources, email engagement data, data on how You use the Services (including last login date and frequency), account signup date.
    • Why: This information allows PingPong to personalise the Services to Your needs and to improve its Services. PingPong does not collect precise, real-time information about the location of Your device.
    • Retention: This data will be deleted or anonymised when You cancel Your account.
  • Profile Data: including Your first name, surname, your email address and your profile image.
    • Why: This information allows PingPong to offer the best user experience. You may also optionally upload an avatar, but can remove this at any time.
    • Retention: If You delete Your account, Your profile data will be removed too. Please keep in mind that data You share with a Tester before or during an interview may be stored for longer (see below).
  • Login Data: email address and password.
    • Why: This allows PingPong to create a unique login account for You and for You to securely access the Services.
    • Retention: PingPong stores this data until You delete Your account or for 2 years in any Video you participated in. Your password will always be encrypted and stored securely.
  • Calendar Integration Data: Microsoft Exchange or Google Calendar account.
    • Why: You may optionally choose to connect Your calendar account with the Services so that we can display Your real-time availability to others and book Interviews into Your calendar when You're available. We know Your calendar data can be very sensitive and we access it only for this purpose. We will never share details of any specific events inside Your calendar with other users, and we'll never store a copy of Your calendar on our servers.
    • Retention: You can remove this integration at any time, which will prevent us from accessing Your calendar.
  • Sales and Support Communications and Notification History (including email and message interaction metadata)
    • Why: We use a number of services, including IM chat platforms and CRMs (such as Intercom and HubSpot) to communicate with our current and prospective users for sales and support purposes. If You delete Your account, we may retain this information so that we can understand Your case history and answer any concerns You have in the future. However, we won't use this information to send You unsolicited marketing communications.
    • Retention: We typically store support and sales conversations for up to 2 years from the last date of communication. You may contact us to request manual deletion of this data sooner, if You choose. We may store a record of any SMS notifications for interviews that we send to Testers for up to 3 months.
  • Legal & Billing data (company name, country, billing address, billing details, VAT number, accounting email, transaction history and invoice history)
    • Why: We need to collect certain information in order to invoice You for using the Services. We use a third party payment processor (Stripe) for all invoice payments. We don't store any personally identifiable information or financial information such as credit card numbers ourselves. Instead, all such information is provided directly to Stripe when You buy credits via the Services.
    • Retention: Up to 7 years so that we can comply with legal and accounting requirements.
  • Payout Data (PayPal email address, payout history, UK residential address)
    • Why: To comply with accounting and legal rules, we also keep a record of payouts we make to Testers. As we're a UK company, we also store the residential address of any UK Testers in case this is legally required from us in the future.
    • Retention: Up to 7 years.
  • Research Data (interview video, interview audio, interview instant messaging, Social Account Data, user ratings).
    • Why: Testers will receive invitations to participate in Research with You. To participate in an interview, the Tester must consent to sharing their profile data and email address with You. The Tester must enable video, audio and screen sharing. PingPong will make a recording of the Research.
    • Retention: You will have access to the corresponding Research data for 2 years.

Special category data

PingPong does not collect any "special category data" (as defined by Article 9(2) of the GDPR) from You when using our Services.

Automatic profiling

The Services have been built to connect You with the best matched Testers for Your interviews. Better matches means You are happier and more payouts are made to Testers. We analyse the data You provide us, along with Your Usage Data, to automatically profile Your account and match You to appropriate Testers.

Cookies

PingPong use cookies in the Services to distinguish You from other users. This helps us to provide You with a good experience when You use our Services and also allows us to improve the Services.

What are cookies

Cookies are small text files that are placed on Your devices by websites that You visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the websites. Cookies can be “persistent” or “session” cookies.

PingPong uses persistent cookies and session cookies in the Services.

Persistent Cookies

A persistent cookie is stored on a user’s device in between browser sessions which allows the preferences or actions of a user across the website (or in some cases across different websites) to be remembered. We use persistent cookies to save Your login information for future logins on our website.

Session Cookies

A session cookie allows our website to link Your actions during a browser session. We use session cookies to enable certain features of the Services, to better understand how You interact with the Services and to monitor aggregate usage by users and web traffic routing on our website. Unlike persistent cookies, session cookies are deleted from Your computer when You log off from our website and then close your browser.

Which cookies we use and why

The table below explains the cookies Pingpong usees and why we use each of them.

Cookie Type Purpose
Google Analytics Tracking cookies These cookies are used to collect information about how visitors use our website. We use the information to compile reports and to help us improve our website. The cookies collect information in an anonymous form, including the number of visitors to our website, where visitors have come to our website from and the pages they visited. If You do not allow these cookies we will not be able to include Your visit in our statistics. You can read the full Google Analytics privacy policy at: http://www.google.com/policies/privacy/.
Anonymous Analytics Analytics cookies PingPong uses analytics cookies to tell us whether You have visited our website previously, and to gather statistics about visits to a page.
Geotargeting Location cookies These cookies are used by software which tries to work out what country You are in from information supplied by Your browser when it requests a web page. This cookie is completely anonymous, and is only used to help target content.
Registration Signin cookies When You sign in, PingPong generates cookies that let us know whether You are signed in or not. Our servers use these cookies to work out which account You are signed in with.
Site Performance Performance cookies PingPong uses site performance cookies to remember preferences You may have set on our website.
YouTube Embedded cookies PingPong embeds videos from our official YouTube channel using YouTube’s privacy-enhanced mode. This mode may set cookies on Your computer once You click on the YouTube video player, but YouTube will not store personally-identifiable cookie information for playbacks of embedded videos using the privacy-enhanced mode.
Google Tag Manager (Google LLC) Tag Management This type of service helps us to manage the tags or scripts needed on PingPong in a centralized fashion. This results in the Your data flowing through these services, potentially resulting in the retention of this data. Google Tag Manager (Google LLC) is a tag management service provided by Google LLC which collects usage data.
Intercom User database management This type of service allows us to build user profiles by starting from an email address, a personal name, or other information that the You provide to PingPong, as well as to track Your activities through analytics features. This Personal Data may also be matched with publicly available information about the You (such as social networks' profiles) and used to build private profiles that the We can display and use for improving the Services. Some of these services may also enable the sending of timed messages to You such as emails based on specific actions performed in the Services. Intercom is a user database management service provided by Intercom Inc. Intercom can also be used as a medium for communications, either through email, or through messages within the Services. Personal Data collected: Cookies, email address, usage data and various types of data as specified in the privacy policy of the service.
Calendly Calendar Booking The PingPong “schedule a demo” feature is powered by Calendly LLC and sets a simple cookie to help improve the functionality of the tool if You click through Our demo booking calendar.

You can set up your browser options, to stop Your computer accepting cookies or to prompt You before accepting a cookie from the websites You visit. If You do not accept cookies, however, You may not be able to use the whole of our website or all functionality of the Services.

To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org. To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.

System logs and maintenance

For operation and maintenance purposes, PingPong and any third-party services may collect files that record interaction with PingPong (System logs) use other Personal Data (such as the IP Address) for this purpose.

How "Do Not Track" requests are handled

PingPong does not support "Do Not Track" requests on our main product. You can however opt out of Google Analytics cookies on our marketing website by enabling Do Not Track. To determine whether any other third-party services we use honour "Do Not Track" requests, please read their privacy policies.

How we contact You

PingPong may use the information You provide us to contact You from time to time to provide You with important information, required notices and marketing promotions for similar goods and products to the Services.

You can unsubscribe from this messaging at any time by following the 'unsubscribe' option in the message.

How we process and use Your Data

Methods of processing

PingPong cares about keeping Your information confidential. We take appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of Your Personal Data. Please be aware that, although we endeavor provide reasonable security for information we process and maintain, no security system can prevent all potential security breaches.

Processing of Your Data is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated.

PingPong uses others to help us provide our Services (for example, maintenance, analysis, audit, payments, fraud detection, marketing and development). These organisations and individuals will have access to Your information as is reasonably necessary to perform their individual tasks on our behalf, and will not disclose or use Your information for other purposes.

PingPong may process Your Personal Data if one of the following applies:

  • You have given Your consent for one or more specific purposes. Note: Under some legislation we may be allowed to process Personal Data until You object to such processing ("opt-out"), without having to rely on consent or any other of the following legal bases. This, however, does not apply, whenever the processing of Personal Data is subject to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, (“GDPR”), the Data Protection Act 2018 and any applicable national implementing laws, regulations and secondary legislation relating to the processing of personal data (together “Data Protection Law”);
  • Provision of Personal Data is necessary for the performance of an agreement with You and/or for any pre-contractual obligations thereof;
  • Processing is necessary for compliance with a legal obligation to which we are subject;
  • Processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in us;
  • Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party.
  • PingPong is involved in a merger, acquisition, or sale of all or a portion of its assets. In such a situation You will be notified via email and/or a prominent notice on our website of any change in ownership or uses of this information, as well as any choices You may have regarding this information.

In any case, PingPong will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

Where we store Your Personal Data

Our Services are global and Your information (including Personal Data) may be stored and processed in any country where we have operations or where we engage service providers, and we may transfer Your information to countries outside of your country of residence, which may have data protection rules that are different from those of Your country of residence.

The personal data that we collect from You may therefore be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers or partners. Such staff or subcontractors may be engaged in, among other things, the fulfilment of Your order, the processing of Your payment details or the provision of support services. By submitting Your Personal Data, You agree to this transfer, storing or processing outside of the EEA.

We will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy. In particular, this means that Your Personal Data will only be transferred to a country that provides an adequate level of protection (for example, where the European Commission has determined that a country provides an adequate level of protection) or where the recipient is bound by standard contractual clauses according to conditions provided by the European Commission (“Standard Contractual Clauses”).

The Services are accessible via the internet and may potentially be accessed by anyone around the world. Other users may access our Services from outside the EEA. This means that where You chose to post Your data within the Services, it could be accessed from anywhere around the world and therefore a transfer of Your data outside of the EEA may be deemed to have occurred. You consent to such transfer of Your data for and by way of this purpose.

Security

All information You provide to us is stored on our secure servers. Any credit card information or payment transactions will be encrypted using SSL technology. Where we have given You (or where you have chosen) a password which enables You to access certain parts of the Services, You are responsible for keeping this password confidential. We ask You not to share any password with anyone.

Unfortunately, the transmission of information via the Internet is not completely secure. Although we will endeavour to protect Your Personal Data, we cannot guarantee the security of Your data transmitted to the Services. Any transmission is at Your own risk. Once we have received Your information, we will use strict procedures and security features to try to prevent unauthorised access.

Retention time

Personal Data shall be processed and stored for as long as required by the purpose they have been collected for. Therefore:

  • Personal Data collected for purposes related to the performance of a contract between us and You shall be retained until such contract has been fully performed.
  • Personal Data collected for the purposes of our legitimate interests shall be retained as long as needed to fulfill such purposes. Users may find specific information regarding the legitimate interests pursued by us within the relevant sections of this Privacy Policy or by contacting us.

We may be allowed to retain Personal Data for a longer period whenever You have given consent to such processing, as long as such consent is not withdrawn. Furthermore, we may be obliged to retain Personal Data for a longer period whenever required to do so for the performance of a legal obligation (including law enforcement requests), meet regulatory requirements, maintain security, prevent fraud and abuse, resolve disputes, enforce our contracts with you, or fulfil your request to “unsubscribe” from further messages from us.

Once the retention period expires, Personal Data shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.

Your rights

You can stop all ongoing collection of information via the Services easily by deleting Your account via Your account settings page. Please note that if You have participated in interviews, we may not be able to erase all Your data immediately.

You have the right under Data Protection Law, free of charge to:

  • Withdraw Your consent at any time. You have the right to withdraw consent where You have previously given Your consent to the processing of your Personal Data.
  • Object to processing of your Personal Data. You have the right to object to the processing of Your Personal Data if the processing is carried out on a legal basis other than consent. Further details are provided in the dedicated section below.
  • Access your Personal Data. You have the right to learn if Your Personal Data is being processed by PingPong, obtain disclosure regarding certain aspects of the processing and obtain a copy of the Personal Data undergoing processing.
  • Verify and seek rectification. You have the right to verify the accuracy of Your Personal Data and ask for it to be updated or corrected.
  • Restrict the processing of Your Data. You have the right, under certain circumstances, to restrict the processing of Your Personal Data. In this case, PingPong will not process Your Personal Data for any purpose other than storing it.
  • Have Your Personal Data deleted or otherwise removed. You have the right, under certain circumstances, to obtain the erasure of Your Personal Data from PingPong.
  • Receive Your Personal Data and have it transferred to another controller. You have the right to receive Your Personal Data in a structured, commonly used and machine readable format.
  • Lodge a complaint. You have a right to complain if you think there is a problem with the way we are handling Your Personal Data.

Details about your right to object to processing

Where Personal Data is processed for a public interest, in the exercise of an official authority vested in PingPong or for the purposes of the legitimate interests pursued by PingPong, You may object to such processing by providing a ground related to their particular situation to justify the objection.

Objecting to Marketing Communications

Please note that where we process Your Personal Data for marketing purposes, if You change Your mind about being contacted in the future, You can also “opt out” at any time by clicking the “unsubscribe” link at the bottom of any email. Once You “opt out”, You will no longer receive any marketing emails from us. We will continue to communicate with You regarding Your service billing and support via email

How to exercise these rights

Any requests to exercise Your rights can be directed to PingPong through the contact details provided at the beginning of this Privacy Policy. We will respond to such queries within 30 days and deal with requests we receive from You, in accordance with the provisions of Data Protection Law.

Children

Children under the age of 18 are strictly prohibited from using the Services. If You suspect or become aware that a child has used the Services, please contact us immediately so that we can delete their account and information.

By using the Services, you are consenting to our processing of Your information as set forth in this Privacy Policy now and as amended by us. "Processing," means using cookies on a computer/hand held device or using or touching information in any way, including, but not limited to, collecting, storing, deleting, using, combining and disclosing information.

Complaints

If you have any complaints about our use of Your Personal Data in addition to contacting us, You may contact the following applicable data protection supervisory authority: Individuals located in the EU should contact our lead supervisory authority: the Hungarian National Authority for Data Protection H-1125 Budapest, Szilágyi Erzsébet fasor 22/C or https://www.naih.hu/general-information.html

Changes to this privacy policy

We reserve the right to make changes to this Privacy Policy at any time by giving notice to You on this page and where appropriate within the Services –by sending an email notice to You via Your login email. Please check back frequently to see any updates or changes to our Privacy Policy. If You object to any of the changes to the Privacy Policy, You must cease using the Services. Unless stated otherwise, the then-current Privacy Policy applies to all Personal Data PingPong holds about You from the date of the change.