We are committed to ensuring your user’s privacy

February 8th, 2023
4 min

Guidelines and policies

We are a fully GDPR-compliant company, recently assessed in 2022. Our key areas of strength were found to be:

  • Implementation of standards: We are certified on various standards like ISO 27001:2013 Information security management system (ISMS) and SOC 2 Type 2 controls in terms of Service Organization controls w.r.t. Security, Availability and Confidentiality Trust service criteria.
  • Security in processing: We have deployed a network management system on internal as well as external networks to monitor its traffic. The process initiates with Network Management System triggering an alert basis defined thresholds. All relevant teams are engaged to troubleshoot, monitor and track the issues to closure.

How do we collect data?

We follow strict guidelines the collect and process data. Here’s a look at the information we collect and how we use it:

  • Contact information: You might provide us with your contact information, whether through the use of our service, a form on our website, an interaction with our sales or customer support team, or a response to an Entropik Technologies study.
  • Usage information: We collect usage information about you including the webpages you visit, what you click on, and the actions you perform, via tools such as Google Analytics or other tools whenever you interact with our website and/or service.
  • Device and browser data: We collect information from the device and application you use to access our services. Device data mainly means your IP address, operating system version, device type, system and performance information, and browser type.
  • Log Data: Like most websites today, our web servers store log files that record data each time a device accesses those servers. The log files contain data about the nature of each access, including originating IP addresses, internet service providers, the resources viewed on our site (such as the HTML pages, images, etc.), operating system versions, device type and timestamps.
  • Referral information: If you arrive at the Entropik Technologies website from an external source (such as a link on another website or in an email), we record information about the source that referred you to us.
  • Information from third parties and integration partners: No personal information or data from third parties will be collected and stored in our database at any time. Basic information such as Country, City, Age, and Gender will be referenced as data points in metrics.
For registered users, we also collect:
  • Account information: Account registration is required before you can use the Entropik Technologies service (“Entropik Technologies Registered User”). When you register for an account, we collect your first and last name (together called as full name), username, password and email address.
  • Billing information: If you make a payment to Entropik Technologies, we require you to provide your billing details, a name, address, email address and financial information corresponding to your selected method of payment (e.g. a credit card number and expiration date or a bank account number and the required information to process billing).

Additionally, we collect Facial Coding and/or Eye Tracking and/or Electroencephalogram (EEG) data for participants. You may be required to provide access to webcam and consent to your face for inferencing data points. Consent may be retracted at any time during the session by cancelling the session. No Face videos will be stored/processed in our Entropik database or servers anytime and are analysed by our computers to calculate eye-gaze tracks (a series of x,y coordinates) and facial coding algorithms to determine emotion. The videos are not associated with you except via the information you enter to participate in the study (such as answers to survey questions). By participating in the AffectLab EEG study, we will collect your raw brainwaves using AffectLab or its associated partner(s) headsets to determine cognitive and affective parameters.

How we protect your privacy and rights

We follow strict guidelines the collect and process data. Here’s a look at the information we collect and how we use it:

So how do we manage your data?
  • Storage of personal information: No personal information will be stored for any of our research or for business purposes.
  • Facial images will not be associated with any personally identifiable information and are processed only for improving the accuracy of the AffectLab or Entropik Technologies models.
  • GDPR (Participant Rights Identification Key): Even though Entropik Technologies is processing data at the request of the data controller being the Entropik Technologies Registered User, we want to ensure that you can execute your rights under GDPR.
  • At the start and end of a session, we provide all Participants with a key tied to your face video or brainwave data (even after deletion). If you contact us and provide this key we can check the status of the face video data collected. Entropik Technologies has also provided Entropik Technologies Registered Users with a range of tools to help them manage your rights as a Participant.
  • Use of cookies: Entropik Technologies may use first-party cookies (small text files that the Entropik Technologies website(s) stores locally on your computer) on our websites, for one or more of the following purposes: to help identify unique and returning visitors and/or devices; conduct A/B testing; and diagnose problems with our servers. Browsers do not share first-party cookies across domains. Entropik Technologies does not use methods such as browser cache, Flash cookies, or eTags, for acquiring or storing information about end users’ web browsing activity. You can set your browser preferences to refuse all cookies should you wish to prevent them from being used.
Sharing data with third parties

We do not disclose your personal information with third parties other than as follows:

  • Service Providers: Information, including Entropik Technologies User Information, and any Personally Identifiable Information contained therein, may be shared with certain third-party companies and individuals that help facilitate technical and administrative aspects of the Entropik Technologies Service (e.g. email communications), or perform functions related to the administration of Entropik Technologies (e.g. hosting services). These third parties perform tasks on our behalf and are contractually obligated not to disclose or use Entropik Technologies User Information for any other purpose, and to employ adequate security measures to prevent unauthorized access to such data. However, Entropik Technologies is not responsible in the event that Personally Identifiable Information is disclosed as a result of a breach or security lapse by any such third party.
  • Law Enforcement and Legal Process: Entropik Technologies also reserves the right to disclose any Client User Information (including Personally Identifiable Information) to:
  • GDPR (Participant Rights Identification Key): Even though Entropik Technologies is processing data at the request of the data controller being the Entropik Technologies Registered User, we want to ensure that you can execute your rights under GDPR.
  • At the start and end of a session, we provide all Participants with a key tied to your face video or brainwave data (even after deletion). If you contact us and provide this key we can check the status of the face video data collected. Entropik Technologies has also provided Entropik Technologies Registered Users with a range of tools to help them manage your rights as a Participant.
  • Business Sale: If Entropik Technologies, or substantially all of its assets, is acquired by another company or successor entity, Entropik Technologies Client Information will be one of the assets transferred or acquired by the purchaser or successor. You acknowledge that such transfers may occur, and that any purchaser of or successor to Entropik Technologies or its assets may continue to collect, use and disclose your information acquired prior to such transfer or acquisition as set forth in this policy.
Provisions Specific to EU Citizens - Rights of EU Citizens Under the GDPR

If you are a citizen of the European Union, you have certain rights relating to how others handle your personal information. These rights are:

  • The right to be informed how your personal information is being used
  • The right of access your personal information and how it is processed.
  • The right to rectify inaccurate or incomplete personal information.
  • The right to deletion of all or any personal data.
  • The right to restrict processing, that is, the right to block or suppress processing of your personal data.
  • The right to data portability – this allows individuals to retain and reuse their personal data for their own purpose.
  • The right to object, in certain circumstances, to use of your personal data in a manner different from the purpose for which it was provided.
  • Right to prevent automated decision making or profiling based on your data without human intervention.

If you wish to exercise these rights, please contact us at privacy@entropiktech.com

Maximize Your Research Potential

Experience why teams worldwide trust our Consumer & User Research solutions.

Book a Demo

Thank You!

We will contact you soon.