Washington State Consumer Health Privacy Policy

1.1. Purpose

The Washington State Consumer Health Privacy Policy (“Wash State Priv Policy”) of SS Holdings Group, LLC D/B/A Sago, branded as “Sago”, for people who are engaging with us or our digital platforms as “consumers” performing research for our clients in accordance with the Washington My Health My Data law (“the Law”).

1.2. Policy

Your privacy is important to us.

It is Sago’s policy to respect your privacy and comply with the Law and any regulation enacted by Washington regarding any “consumer health data” information we may collect about you, including across our website and other sites we own and operate.

In the event our site contains links to third-party sites and services, please be aware that we have no control over the content and policies of those sites and cannot accept responsibility or liability for their respective privacy practices.

Our privacy policy aims to bring you all the necessary transparency for a positive and confident experience with our services. Additional information may be provided to you as necessary when you sign up for a particular product or service. You also should review Sago’s general privacy policy – Sago Privacy Policy Global.

1.2.1 What Information Do We Collect

Information we collect falls into one of two categories: “voluntarily provided” information and “automatically collected” information.

“Voluntarily provided” information refers to any information you knowingly and actively provide us when using or participating in any of our services and promotions.

“Automatically collected” information refers to any information automatically sent by your devices while accessing our products and services.

We only collect and use your personal health data information lawfully, fairly, and in a transparent manner. We systematically respect the principle of minimization, which implies collecting and processing only what is strictly necessary to achieve our legitimate objective. We do not aim any of our products or services directly at children under the national child age consent, and we do not knowingly collect personal health data information about children under the national child age consent.

We process personal health data that we need in order to carry out our business. We only process such information in a way that is compatible with the purposes for which we collected it or subsequently authorized by the consumer data subject. We take reasonable steps to ensure that personal health data is reliable for its intended use, accurate, complete, and current.

The information notice that is sent to you before any collection or processing details the applicable legal basis, which depends on the services you use and how you use them. This means we only collect and use your information on the following grounds:

In order to respect your choice when we request consent from you:

“Personal information” means information that identifies or is reasonably capable of being associated or linked, directly or indirectly, with a particular consumer. It includes but is not limited to, data associated with a persistent unique identifier, such as a cookie ID, an IP address, a device identifier, or any other form of persistent unique identifier. Personal information does not include publicly available information and does not include de-identified data. For example, name, contact details, location, consumer options/preferences, video/audio recording. We may ask your consent for processing such information — for example, when you register an account or when you contact us via email, social media, or any similar technologies — which may include your name, your email, your phone/mobile number. When you contact us, you shall consent to your name and email address being used so we can respond to your inquiry.

Participation in all market research projects is voluntary and based on consent. Respondents may opt out of any market research project, at any time.

Personal information may also include “Sensitive information” or “Special categories of data” which is a subset of personal information that is given a higher level of protection. The types of sensitive information that we may collect about you include:

Racial or ethnic origin
Political opinions
Religious or Philosophical beliefs
Sexual orientation
Sexual practices or sex life
Medical or Health conditions
Trade union membership

We will obtain your affirmative express consent (opt-in) if such information is to be (i) disclosed to a third party or (ii) used for a purpose other than those for which it was originally collected or subsequently authorized by the individuals through the exercise of your opt-in choice. We will also treat as sensitive any personal information received from a third party where the third party identifies and treats it as sensitive.

In addition, we ensure that strengthened security measures are applied to these data, in order to avoid any breach of confidentiality, integrity, and availability.

A “Cookie” is a small piece of data that our website stores on your computer and accesses each time you visit. We use cookies to collect information about you and your activity across our site to understand how you use our site and to enable you to access and use our website. At all times, you may decline cookies from our site.

Please refer to our Cookie Policy for more information.

You may withdraw your consent at any time using the platforms or facilities we provide; however, this will not affect any use of your information that has already taken place.

While you may request that we delete your contact details at any time, we cannot recall any email we have already sent. If you have any further inquiries about how to withdraw your consent, please feel free to enquire using the details provided in the Contact Us section of this privacy policy.

In order to comply with the law:

In some cases, we may have a legal obligation to use or keep your personal information. Such cases may include (but are not limited to) court orders, criminal investigations, government requests, and regulatory obligations. If you have any further inquiries about how we retain personal information in order to comply with the law, please feel free to enquire using the details provided in the Contact Us section of this privacy policy.

1.2.2 How Do We Ensure the Security of Your Personal Information

Because we are ISO 27001 certified, we comply with high international standards for computer security and the protection of personal information.

When we collect and process personal information, and while we retain this information, we will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorized access, disclosure, copying, use, or modification.

You are responsible for selecting any password and its overall security strength, ensuring the security of your own information within the bounds of our services. For example, ensuring any passwords associated with accessing your personal information and accounts are secure and confidential.

We comply with the Law that is applicable to us in respect of any data breach.

1.2.3 How Long Do We Keep Your Personal Information

We keep your personal information only for as long as we need to. This time period may depend on what we are using your information for, in accordance with this privacy policy.

For example, if you have provided us with personal information as part of creating an account with us, we may retain this information for the duration your account exists on our system. If your personal information is no longer required for this purpose, we will delete it or make it anonymous by removing all details that identify you.

However, if necessary, we may retain your personal information for our compliance with a legal, accounting, or reporting obligation (i) such as reporting of Incentive payments on a yearly basis to federal and/or state regulatory authorities pursuant to legal requirements or (ii) for archiving purposes in the public interest, scientific, or historical research purposes or statistical purposes.

Except as otherwise permitted by law or regulation, we destroy or anonymize personal data after it no longer serves a purpose of processing as contemplated above and/or once a lawful basis for processing it ceases to exist.

1.2.4 Who Are the Recipients of Your Personal Information and Where Are They Located

We may disclose personal information to:

a parent, subsidiary, or affiliate of our company in order to provide product support
third-party service providers for the purpose of enabling them to provide their services, including (without limitation) IT service providers, data storage, hosting and server providers, analytics, error loggers, debt collectors, maintenance or problem-solving providers, professional advisors, and payment systems operators
our employees, contractors, and/or related entities in order to support the product
our existing or potential agents or business partners in order to support the product
credit reporting agencies, courts, tribunals, and regulatory authorities, in the event you fail to pay for goods or services we have provided to you
courts, tribunals, regulatory authorities, and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise, or defend our legal rights
third parties, including agents or sub-contractors, who assist us in providing information, products, services, or direct marketing to you
an entity that buys, or to which we transfer all or substantially all of our assets and business

Third parties we currently use include:

Google Analytics for product usage metrics (unless prohibited by national data protection authorities); Google Ads and LinkedIn Insights Tag to measure our marketing campaigns
Google Cloud Natural Language for text sentiment and for image analytics (brand/logo recognition) Azure Application Insights for logging and troubleshooting user issues
Azure Cognitive Services for image analytics and machine text translation
Amazon web services for data storage, compute, and image processing
Help Scout for managing and responding to customer support requests
Twilio for video interview capabilities
Rev for video transcription services
Hotjar for product usage metrics
Drift Chatbot to help site visitors to navigate and make decisions
Marketo (our Automation tool) to record and process user-submitted information
Sense to get account insights
Research Defender, Imperium, IPQualityScore, RelevantID, and MaxMind to identify suspicious respondents, eliminate fraudsters and bad actors, and ensure accurate and high-value datasets

If we or our assets are acquired, or in the unlikely event that we go out of business or enter bankruptcy, we would include data, including your personal information, among the assets transferred to any parties who acquire us. You acknowledge that such transfers may occur and that any parties who acquire us may, to the extent permitted by applicable law, continue to use your personal information according to this policy, which they will be required to assume as it is the basis for any ownership or use rights we have over such information.

The personal information we collect is stored and/or processed in the United States, or where we or our partners, affiliates, and third-party providers maintain facilities. We do not store nor maintain a facility in the State of Washington.

1.2.5 Which Are the Security Measures in Place?

Access to private, sensitive, and confidential information, including your personal information, is restricted to authorized employees with legitimate business reasons.

All employees are expected to always maintain the confidentiality of personal information, and failure to do so will result in appropriate disciplinary measures.

We follow reasonable technical and management practices to help protect the confidentiality, security, and integrity of data stored on our system. While no computer system is completely secure, the measures implemented by our website reduce the likelihood of security problems to a level appropriate to the type of data involved. We employ physical, electronic, and procedural safeguards in connection with the collection, storage, and disclosure of any personal contact information. We encrypt the transmission of sensitive information using secure socket layer technology (SSL).

1.2.6 What Are Your Rights

Access: You may request details of the personal information that we hold about you. We reserve the right to limit such access where the burden or expense of providing access would be disproportionate to the risks to your privacy in the case in question, or where the rights of persons other than you would be violated.
Your choice: By providing personal information to us, you understand we will collect, hold, use, and disclose your personal information in accordance with this privacy policy. You do not have to provide personal information to us, however, if you do not, it may affect your use of our website or the products and/or services offered on or through it.
Information from third parties: If we receive personal information about you from a third party, we will protect it as set out in this privacy policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such a person’s consent to provide the personal information to us.
Marketing permission: If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by contacting us using the details below.
Correction: If you believe that any information, we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, please contact us using the details provided in this privacy policy. We will take reasonable steps to correct any information found to be inaccurate, incomplete, misleading, or out of date.
Non-discrimination: We will not discriminate against you for exercising any of your rights over your personal information. Unless your personal information is required to provide you with a particular service or offer (for example processing transaction data), we will not deny you goods or services and/or charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties, or provide you with a different level or quality of goods or services. Respondents are not discriminated against for their answers. Selection for participating in a study relies on research project objectives. Participation in studies is not related to any fees, and membership in our panel will also have no costs.
Complaints: If you believe that we have breached a relevant data protection law and wish to make a complaint, please contact us using the details below and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint. You also have the right to contact a regulatory body or data protection authority in relation to your complaint.

You have the right to choose (opt-out) whether your personal data is (i) to be disclosed to a third party or (ii) to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by you. If you wish to opt out, all you need to do is contact us at [email protected]. If you contact us to opt out, we will explain the options available and comply with your request as required by the Principles and the applicable law. Please note that applicable laws allow certain exceptions to your ability to opt-out, such as where we are parties to a contract that is still being performed, where the law requires us to maintain information to claims or tax reports, or otherwise. In such cases, we will retain and continue to use your information only to the extent permitted or required by law. The above opt-out right doesn’t apply where the sharing of your personal data is with a third party who is acting as our agent (such as our service providers who perform services that help us to run our business). We won’t provide your personal data to a third party under these circumstances unless we have a contract in place with that third party that requires the third party to comply with the DPF Principles.

Under applicable law, you also have the following rights:

Downloading of Personal Information: We provide a means for you to be provided with the personal information you have shared through our site. Please contact us for more information.
Restrict: You have the right to request that we restrict the processing of your personal information if (i) you are concerned about the accuracy of your personal information; (ii) you believe your personal information has been unlawfully processed; (iii) you need us to maintain the personal information solely for the purpose of a legal claim; or (iv) we are in the process of considering your objection in relation to processing on the basis of legitimate interests.
Objecting to processing: You have the right to object to the processing of your personal information that is based on our legitimate interests or public interest. If this is done, we must provide compelling legitimate grounds for the processing which overrides your interests, rights, and freedoms, in order to proceed with the processing of your personal information.
Data portability: You may have the right to request a copy of the personal information we hold about you. Where possible, we will provide this information in CSV format or another easily readable machine format. You may also have the right to request that we transfer this personal information to a third party.
Deletion: The data controller of a project may have a right to request that we delete the personal information we hold at any time, and we will take reasonable steps to delete personal information from our current records. If you ask us to delete your personal information, we will let you know how the deletion affects your use of our website or products and services. There may be exceptions to this right for specific legal reasons which, if applicable, we will set out for you in response to your request. If you terminate or delete your account, we will delete your personal information without undue delay. Please be aware that search engines and similar third parties may still retain copies of your personal information that has been made public at least once, like certain profile information and public comments, even after you have deleted the information from our services or deactivated your account.

We would respond to your requests without undue delay and at the latest within one month of receipt of your request.

1.3 Contact Us

For any general questions regarding your privacy, you may contact us at [email protected]

What We Offer

Who We Serve

Who We Are

News

Sago Announces Launch of Sago Health to Elevate Healthcare Research

Sago Launches AI Video Summaries on QualBoard to Streamline Data Synthesis

Sago Executive Chairman Steve Schlesinger to Receive Quirk’s Lifetime Achievement Award

Resources

Featured

Insights

The Swing Voter Project Pennsylvania: April 2024

Blog

Revolutionizing Healthcare Research: A Q&A With Industry Experts

Insights

The Deciders April 2024: Michigan Voters in Union Households

The Swing Voter Project Pennsylvania: April 2024

Revolutionizing Healthcare Research: A Q&A With Industry Experts

The Deciders April 2024: Michigan Voters in Union Households