Highlight of Main Points
This policy describes when we utilize Personal Data for our justifiable business purposes. For more on how to access and manage your data, please see the “Controlling your data” section.
We never sell your data.
We will, at times, transmit data across different countries including Canada, the US, and other countries. If it applies, we uphold the unmodified EU Standard Contractual Clauses for Processors (as defined in the GDPR) pursuant to the European Commission Decision of 5 February 2010.
We comply with the General Data Protection Regulation (the “GDPR”) and other applicable European Union (“EU”) privacy laws. If you are a resident of the European Economic Area (“EEA”), please see the GDPR Notice that applies to you.
We comply with the California Consumer Privacy Act (the “CCPA”). If you are a resident of California, please see the CCPA Notice that applies to you.
Who is Cube?
Cube allows businesses to seek feedback (“Tests”) on any brand, design, content, process, or current or potential offering and perons to take part in such Tests (“Participants”) to perform and record Tests. In doing so, Cube collects, records, and analyzes data about Participants, which may include individually identifiable information that would allow the Company to determine the specific identity of or contact information of a particular person, billing information, account settings, and other personal data.
Who is the data controller?
There are certain protection and privacy laws (such as the GDPR), which make a distinction between “controllers” and “processors” of personal information. A “controller” would decide how and why to process personal information. A “processor” instead processed personal information on behalf of a controller based on their instructions.
For Participants, Cube is the controller of the personal information collected from you by the Company, except for the information collected by our Clients through a Test.
For Clients, you are the controller of the data collected for us to provide you with access to our Services, except for the IP address you use for access to the service, which we control.
How data is collected and used
As a Participant or Client, we collect personal data both directly and indirectly via use of automated technology or third parties. In order to remain accurate and precise to provide most relevant data and deliverables, we can combine information that which you provide with information from third-parties, in accordance with applicable laws.
Cube uses personal data for justifiable business purposes, including the following:
To allow you access to register as a Participant
To provide deliverables to our Clients (including Participant recordings)
To improve user experience with our services
To keep proper records as required by law for financial purposes and taxation
To understand technical functionality of our systems and to develop new products or services and to critically examine your use of our service
To communicate with you
To provide client support
To spot fraud, illegal activities, or security breaches
To make or receive payments or remunerations
To provide information when necessary, to regulatory bodies
Data provided by or collected from our Participants (“Participant Data”)
A Participant taking part in a Test is recorded. Your activities, including any or all of the following: voice recordings, screen content, face recordings, screen recordings, browser content, screen interactions including mouse movement and clicking, text input, device configurations, and any background audio or video content (“Recordings”)
IP rights in the Recordings are assigned by Participant to Cube under the terms of the Participant Terms of Service in consideration for Participants use of the platform and services. Face recordings are owned by and controlled by the Client or Cube, as needed.
Cube uses Recordings to provide analysis to Clients, to market its own product/service, to protect against fraud, to improve our service, and for other justifiable business purposes.
Privacy and Minors
Cube does not accept Minors (children aged 17 and under) as Participants nor does it accept mandates for analysis of Child related products and services.
Data provided by Clients
While Clients use our service, their employees are sometimes asked to enter information such as name and contact details, including email address, address, telephone, or other personal data.
Client Data is used by Cube to identify each Client and provide them services, to bill Clients, and to meet Cube’s contractual obligations. This data is also used to improve our offerings and to provide Clients with notices about those improvements and for other justifiable business purposes.
It remains the Client’s obligation to make certain that collection and processing of Recordings from a mandated Test are handled in accordance with applicable laws.
Indirect collected Personal Data
Tracking data, IP addresses and device fingerprints
Information from 3rd parties
Cube collects personal data and other data from 3rd parties who provide databases of potential Clients which includes their contact information, if such potential Clients consent to those 3rd parties sharing their information with us. The use of this information is limited to our marketing purposes.
Cookies and other technologies are used to track the use of our website and apps.
Visitors to Cube’s website can choose to accept or decline cookies which are not strictly necessary. General practice is that web browsers automatically accept cookies however indivuals can normally modify browser settings to decline cookies.
“Do Not Track”
Cube’s site and services may not respond to Do Not Track signals.
When you communicate, we collect
If you communicate with Cube directly, we will collect any personal data contained in those communications.
Sharing Personal Data
Cube gives personal data to our 3rd party agents or service providers who are mandated to perform services on our behalf. They may support certain functions and in some cases collect information directly. Some instances of use of 3rd party service providers include:
Hosting and content delivery network services, such as AWS and Google Cloud Platform
Unless explicitly requested to the contrary, we do not directly collect your payment information and do not store it. We use a 3rd party payment processor, such as PayPal, which collects payment information on our behalf in order to complete transactions, such as to pay Participants. Cube administrators have viewing and tracking capability of actual transactions via the chosen 3rd party payment processor, with the exception of the last 4 digits of your credit card, card type, postal code, and expiry date, we do not have access to your credit card information.
Legal Obligations and Security
There are limited circumstances under which Cube will keep or share your Personal Data which may include: if you have provided consent, if it is required by law, to protect the safety of any person, to protect safety of our services, to curtail malicious activity, to protect our rights, or property of those using our services.
If in accordance with the law we become required to disclose personal data (pursuant to subpoena, warrant, or other court order) we will comply with such legal mandates.
Should Cube be made aware that there is an impending emergency including the potential death or severe physical injury to a person, we will provide information to law enforcement in an effort to prevent such peril.
Storing your Data
Cube retains your personal data as per your instructions, including those in the applicable terms of service consented to by you. We may also maintain your personal data if there is a justifiable business reason to do so. It must be maintained for the establishment or defense of legal claims (“litigation hold”). In such circumstances, it will only be maintained as long as required for this purpose.
We determine the appropriate retention period for personal data based on the amount, the nature and sensitivity, reasons for collecting, and applicable legal requirements.
If you have specific questions about this, please contact us directly.
We may delete Personal Data one year after the conclusion of our business relationship, depending on our document retention policies and practices. If no continued justifiable business purpose persists for processing your personal data, we will choose to either delete or anonymize it. Noting that if anonymized, deletion may become impossible however it will no longer be able to be combined with other data to identify you.
If you ask Cube to delete particular personal data of your own, we will comply either via deletion or anonymization unless doing so would prevent us from carrying out specific justifiable business functions.
Controlling your Data
Clients and Participants who seek access to or correction of personal data for which Cube acts as Data Controller, should contact Cube directly. If Cube acts as the data processor, then you should contact the data controller.
Keeping Data Safe
Cube does not guarantee the security of information provided to the Company. Information provided is at the risk of the provider. Cube will make reasonable efforts to ensure the security of data in our possession.
Information is kept on our servers and those of 3rd parties hired to provide storage services to us.
Cube employs the necessary services and infrastructure to safeguard the information we collect and process. By providing personal data to Cube, you agree to electronic communication between us regarding security, and privacy.
This is a Paragraph. Click on "Edit Text" or double click on the text box to start editing the content and make sure to add any relevant details or information that you want to share with your visitors.