June 27, 2022
In principle, ARInsights:
- Collects, uses and stores the minimum amount of personal data that is necessary for one or more legitimate business purposes and to comply with legal obligations, as detailed below in this Policy.
- Limits who has access to the personal data in our possession to only those who need it for a legitimate business purpose.
- Protects personal data through physical and technical security measures tailored to the sensitivity of the personal data we hold.
- Communicates with our employees, customers, suppliers, business partners and others about how we intend to use personal data in our day-to-day operations.
- Takes reasonable steps to ensure the personal data we handle is accurate and up-to-date.
- Integrates privacy in the design of our products that involve the use of personal data.
We collect and otherwise process personal data under the applicable data protection and privacy laws. If you are in the European Union and if we process your personal data in the context of providing you services or goods or monitoring your behavior, the General Data Protection Regulation is the applicable law on how we handle your data.
Who We Are
We are ARInsights, LLC, and our corporate address is 163 Highland Ave. #1038, Needham, MA 02494, USA.
For EU data protection law purposes, we are “controller” of your personal data, meaning that we are the entity which establishes the purposes and means of collecting and otherwise processing your data, as well as the entity responsible to protect your data according to the applicable laws. If you have any questions about how we handle your personal data or any concerns related to privacy, contact email@example.com.
Types of Personal Data we collect, and for what purposes
We understand that the definition of personal data includes any information related to an identified or identifiable individual.
Depending on the context in which we process your personal data, we collect and otherwise process the following personal data for the following purposes:
If you are an analyst featured in our Platform
- Name, photograph, professional affiliation, contact information, professional background information, professional activity limited to articles, opinions or research published, media quotes, blogs and public tweets. We process this personal data for the purpose of providing our service, which allows our clients to build successful analyst relations programs. The data we hold about you is constantly enriched from publicly available sources, information we receive from our users, information we receive directly from you and information we receive from your employers. We may also create profiles of relevant analysts based on publicly available information, as well as based on information submitted by their employers and without the analysts contacting us first. If you want to know whether your work is featured in our platform and we process personal data about you, contact firstname.lastname@example.org
If you are a registered user
- Name, contact information, job title and e-mail address, which are necessary for creating your user account; without this information we cannot create a user account for you. The contact information is also used to determine whether you are a subscriber or the authorized employee of a subscriber and to contact you regarding a Web site problem or other customer service-related issues.
- Username and password, which allows you to log into your account;
- Information about your active sessions and your account, collected through cookies. A cookie is a small piece of computer code that enables our Web servers to “identify” visitors. Each time you initiate a session on ARInsights Web sites, including ARchitect, a cookie is set in order to identify you and determine your access privileges. Cookies do not store any of the information that you have provided to the site. They are simply identifiers. You have the ability to delete cookie files from your hard drive at any time. However, you should know that cookies are necessary to provide you with access to much of the content and many of the features of ARInsights Web sites. We use cookie technology to enable registered users to move quickly and securely through access-controlled areas of the sites. Cookie technology also enables registered users to take advantage of certain useful features on the sites, including “remember my password.”
- Information about your usage of our websites, collected through cookies. We monitor how you use our Websites including search terms you enter and pages visited. This information is stored with your registration information. It is unique-number identifiable, and is used for enabling us to provide you with a personalized Web site experience. Aggregated data (not personally identifiable) will also be used in order to help us understand areas for future research and to identify future features and functions to develop for the Web sites.
- Information about your usage of our website is also used for the purpose of providing our clients an overview of how their subscriptions are being used by their employees and in this case, is personally identifiable to the specific client.
If you are a website visitor:
- Information about your usage of our websites. We monitor how you use our Websites including search terms you enter and pages visited. It is unique-number identifiable, and is used for enabling us to provide you with a personalized Web site experience. Aggregated data (not personally identifiable) will also be used in order to help us understand areas for future research and to identify future features and functions to develop for the Web sites.
If you are an ARchitect Interactions for Outlook or Google Workspace user:
- Email subject, body, sender, recipient, time and date. We capture information related to interactions you have added to ARchitect via the Add-in and continue to add associated information for new messages on message threads that have been added to ARchitect.
- Calendar appointment description, body, time, location, creator, attendees, time and date. We capture information related to interactions you have added to ARchitect via the Add-in and continue to add this information when appointments added to ARchitect have been updated.
Our policy towards children:
ARInsights does not market to children and does not knowingly collect personal information from children on ARInsights Web sites.
For those processing activities that fall under EU data protection law, the legitimate grounds for processing we rely on are:
- For the processing of personal data of analysts featured in our platform: the legitimate interest of our clients (Analyst Relations Professionals) to know who the influential analysts are, to know their contact information and to develop deep understanding of the body of their professional work. This coincides with the legitimate interest of the analysts themselves (the data subjects) to have their work featured and made available to the relevant companies in their field of activity and our legitimate business interests. We have conducted a Legitimate Interests Assessment, for which we took into account the fact that we collect data from publicly available sources and only related to the professional activity of the data subjects, and also the fact that the processing is beneficial to the data subjects themselves, and we concluded that a fair balance is struck between the legitimate interests of our clients and the rights and interests of individuals concerned.
- Consent, for the processing of personal data related to website usage and any information shared by users on our platform;
- Necessity to enter or for the performance of a contract, for the information required to create a user account with our platform for registered users;
- Consent, for the processing of personal data of non-users that visit our website.
Who Has Access to Your Data
ARInsights does not sell, share or rent personal information about you collected on Company Web sites. ARInsights uses Amazon Web Services (AWS) as a cloud service provider for the purposes of processing and storing data, including personal information, on ARInsights’ behalf. For EU data protection law purposes, AWS is our processor. We have instructed AWS to solely process personal data for no other purpose than providing cloud computing and storage services to us.
According to our retention policy, we only keep personal data in our records as long as they are necessary for the purposes they have been processed for. ARInsights adheres to our Records Management Policy to determine how long we retain data, including personal data. The retention periods are established considering our legitimate business purposes. The retention period depends on the context in which we process data:
- We keep data related to users as long as the user’s employer keeps it in our database.
- We retain analyst data as long as the analyst is employed by his/her employer and is professionally active.
- We keep data related to visitors on our website for 1 year
In limited situations, ARInsights transfers personal data from the European Union to the United States, to the extent that some information related to the profiles of the featured analysts are uploaded to our platform from online sources located in the European Union and to the extent some of our users are located in the European Union and they upload data to our Platform or we collect data generated about how they use our platform.
ARInsights engages in a relatively small number of international data transfers, provided that less than a quarter of the analysts in our database are based in the European Union and that the information we collect about them may be available on websites located outside the EU as well as on websites located inside the EU.
For all these transfers we rely on the derogations provided for by Article 49 of the General Data Protection Regulation, and in particular that the transfer is necessary for the performance of a contract between the data subject (our individual users) and ARInsights or between the employer of the data subject and us, in the interest of the data subject. ARInsights provides EU-based data subjects with the rights and safeguards ensured by the direct application of the GDPR to this processing.
The United States has not been declared as ensuring an adequate level of protection of personal data by the European Commission, except for the EU-US Privacy Shield self-certification program. ARInsights adheres to the principals of Privacy Shield Framework, this policy is consistent with the Privacy Shield Framework and we participate in the program.
In compliance with the Privacy Shield Principles, ARInsights commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact ARInsights at:
ARInsights has further committed to refer unresolved Privacy Shield complaints to American Arbitration Association, International Centre for Dispute Resolution (AAA-ICDR), an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit www.icdr.org for more information or to file a complaint. The services of AAA-ICDR are provided at no cost to you.
The Federal Trade Commission has jurisdiction over ARInsights’ compliance with the Privacy Shield.
An individual has the possibility, under certain conditions, to invoke binding arbitration for complaints regarding Privacy Shield compliance not resolved by any of the other Privacy Shield mechanisms. For additional information, please see: https://www.privacyshield.gov/article?id=ANNEX-I-introduction
ARInsights is required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In the context of an onward transfer, ARInsights has responsibility for the processing of personal information it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. ARInsights shall remain liable under the Principles if its agent processes such personal information in a manner inconsistent with the Principles, unless the organization proves that it is not responsible for the event giving rise to the damage.
How do You Control Your Data?
If you are based in the EU, you can ask us for confirmation that we process your personal data, you can ask for a copy of the personal data we process about you, you can ask for erasure of personal data under certain circumstances, you can update, complete or correct your personal data either directly in the platform or asking us for support and you can obtain portability of data for the personal data processed on the basis of consent.
For all the processing operations that are based on your consent, as described above, you can withdraw consent at any time and we will stop those processing operations. All processing of your personal data based on your consent before withdrawal remain lawful.
For any requests or concerns, contact us at email@example.com
Right to object to processing
You have the right to object at any time to receiving marketing materials from us by following the opt-out instructions in our commercial emails (you may unsubscribe by clicking the “Manage My Preferences” or “Unsubscribe” link within the ARInsights electronic communications). If you are based in the EU, you also have the right to object to any processing of your personal data based on your specific situation, if we process that data on the grounds of “legitimate interests” as described above. In the latter case, we will assess your request and provide a reply in a timely manner, according to our legal obligations. You can contact us at firstname.lastname@example.org
We do not make any decisions based on automated processing including profiling.
ARInsights provides its users with a secure online experience. To do this, we use a variety of security measures to maintain the safety and confidentiality of personal information about you. All user registration information is contained behind a firewall and only accessible by a limited number of employees who have special access rights to our production systems. Confidential personal information sent to us is transmitted using Secure Socket Layer technology. This information is then encrypted in our secure database. The database is further protected behind a firewall. If you have any questions about the security at our Web sites, please send an e-mail to email@example.com
If you have any concerns or questions about how your personal data is used, please contact us at firstname.lastname@example.org. We will promptly respond and make everything possible to address your concern. However, if you will consider we have not been able to deal with your complaint or concern, you have a right to complain to your local data protection authority (if one exists in your country).
Changes to This Notice