[Updated: May 2018]
To see the previous version, please click here.
Crimson Hexagon is committed to protecting the privacy of our users (“user”, “you” or “your”).
Who does this policy apply to?
This policy applies to:
For the purposes of this Policy, the term, “Site(s)”, shall refer collectively to www.crimsonhexagon.com as well as the other websites that we operate and that link to this Policy.
as well as to set out the rights you have to control the use of your information, and thereby assist you in making informed decisions when using our Site and Services.
This Policy (and where it relates to our Services; together with our Terms and Conditions) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.
Important Note for European Users
Information submitted by you will be stored, processed, and used by us and our third party service providers who help us to deliver our services and operate our business.
Crimson Hexagon is a global company that provides a social media analytics and consumer insights platform. Powered by AI technology, our platform helps customers mine the largest consumer focus group in the world for insights that drive informed business decisions.
We have headquarters in Boston, MA in the United States and London, England with remote offices in the United States. Our headquarters information is listed below in the Contact Us section.
We may collect and process the following information about you:
Information we collect about you
It is always your choice whether or not to provide personal information. However, if you should choose to withhold requested information, you may not be able to use certain features of the Site or we may not be able to provide you with certain services.
Information we receive from other sources
We will only process personal data in a way that is compatible with and relevant to the purpose for which it has been collected. To the extent necessary for those purposes, we will take reasonable steps to ensure that the Information is accurate, complete, current and reliable for its intended use.
EU Users & Data Subjects: Our Lawful Basis for Using Personal Data
The data protection law in Europe only permits processing under certain prescribed lawful bases. For our EU users and data subjects we have been careful to ensure we have a lawful basis for all the personal data we process. Our lawful bases include:
We may communicate with you by phone, in writing, via email, or other means available on or through the Site and Services (for example, via pop-up messaging or push notifications). We may communicate transactional or service messages to you, such as welcoming you to our Services or informing you of scheduled downtime. We may also send you marketing communications, as described below.
We use information held about you for a wide range of purposes, including:
We may combine the information you give to us with the information we collect about you. We will use this information and the combined information for the purposes set out above (depending on the types of information we receive). We may also use data to conduct research and development.
We do not sell or trade personally identifiable information about our Site visitors or our Customers or their Authorized Users.
We may share your personal data with:
We may also share your personal data under the following circumstances:
Please keep in mind however, that regardless of these preferences regarding promotional contacts,, we may contact you for other reasons connected to the service you request or receive, such as those related to:
We may also retain a record of any stated objection by you to receiving Crimson Hexagon updates for the purpose of ensuring we can continue to respect your wishes and not contact you further.
This Site may contain links to third-party websites. These links are provided solely as a convenience to you and not as an endorsement by Crimson Hexagon of the contents on such third-party websites. Crimson Hexagon is not responsible for the privacy practices or content of linked third-party sites and does not make any warranty or representation regarding the content or accuracy of materials on such sites. If you decide to access linked third-party websites, you do so at your own risk. Please review the privacy policies of these websites before submitting any personal data to these sites.
If you use a blog, bulletin board or chat room on our Sites (“Interactive Area”), you should be aware that any personal data you submit there can be read, collected, or used by other users of these forums, and could be used to send you unsolicited messages. We are not responsible for the personal data you choose to submit in these forums. To request removal of your personal information from an Interactive Area, you may contact us through the Contact Us options noted below. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.
We place great importance on the security of all personal data associated with our users. We have security measures in place to attempt to protect against the loss, misuse, unauthorized access, disclosure, alteration, or destruction of personal data under our control. For example, our security and privacy policies are periodically reviewed and enhanced as necessary, and only authorized personnel have access to personal data. While we cannot ensure or guarantee that loss, misuse, unauthorized access, disclosure, alteration, or destruction of information will never occur, we use all reasonable efforts to prevent it.
You should bear in mind that submission of information over the Internet is never entirely secure. We cannot guarantee the security of information you submit via the Site, or Services, while it is in transit over the Internet and any such submission is at your own risk.
You are responsible for maintaining the confidentiality of any user name or password that you use. It is advisable to logoff the Site or Service and close your browser when you have finished your user session to help ensure others do not access your personal data.
Your personal data which we collect is sent to and stored on secure servers located in the United States. Such storage is necessary in order to process the information. Personal data submitted may be transferred by us to our other offices and/or to the third parties mentioned in the circumstances described above (see Information Sharing), which may be situated outside the European Union (EU) and may be processed by staff operating outside the EU. Where we transfer your personal data, we will take all reasonable steps to ensure that your privacy rights continue to be protected.
We will only keep your personal data as long as necessary to fulfill the purposes we collected it for, including the purposes of satisfying any legal, accounting, or reporting requirements. We may need to retain certain personal data even once the purpose of using data under this Policy has been completed to enforce our terms, for fraud prevention, to identify, issue, or resolve legal claims, for proper record keeping purposes and/or as required for our business operations, or by applicable laws. We may retain certain information beyond this time for historical or statistical research purposes. We may also retain a record of any stated objection by you to receiving our updates for the purpose of ensuring we can continue to respect your wishes and not contact you further.
Under the General Data Protection Regulation (GDPR), individuals located in the EU have the right under certain circumstances:
You will not have to pay a fee to access your data or to exercise any other rights. We may, however, charge a fee if we believe your request is unfounded or excessive.
We may need to request specific information from you to enable us to confirm your identity and to ensure that you have the right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that your personal data is not disclosed to any person who does not have the right to receive it. We may also contact you to ask you for further information in relation to your request, in order to process your request.
We aim to respond to all legitimate requests within 30 days. Occasionally, it may take us longer than 30 days to process your request pending the extent and complexity of your request. In this case, we will notify you and keep you updated.
If your request or concern is not satisfactorily resolved by us, you may approach your local data protection authority (see http://ec.europa.eu/justice/dataprotection/internationaltransfers/transfer/index_en.html) that can provide further information about your rights and our obligations in relation to your personal data. In the UK, this is the Information Commissioner (https://ico.org.uk/).
Crimson Hexagon receives personal data from third parties, such as Facebook, Twitter, Instagram, and other online public blogs and forums. We are required to comply with our contract with them or their public terms and conditions.
Information we collect about you
The data we collect varies depending on the source of the data, what the source or platform chooses to make available to us, and what you choose to make publicly available. It could include the following:
In addition to the data you make available about yourself, we may also use that information to infer other data about you in the context of a wider conversation. For example, based on your name, we may infer your gender and use it in an aggregated display as part of our Services. Equally, based on the content of one of your posts, we may infer some of your interests, your profession, your location, etc.
We may also analyze the content of the data you publish and provide our analysis to our customers. For example, if you publish a Tweet stating that you like a certain brand’s ice cream, we may mark that Tweet as having a positive sentiment toward that brand.
Uses of the Information We Collect about You
The legal basis for the data that we process is pursuant to our legitimate interests. Our legitimate interests are in providing our Services to our customers, which includes providing technology that empowers our customers to act with more certainty in a way that is easy-to-access and use.
Additionally, your information is used in the following ways:
Although it is the responsibility of our customers to use our Services properly, we do put in place safeguards to protect your data. We require our customers to comply with applicable law, including data privacy law, when using our Services. We also prohibit our customers from using our Services, including your data, in a way that is outside of your reasonable expectations.
When we infer data about you, we do so automatically. The inferences are based on algorithms that analyze the data that you have posted. We do not make any decisions about you based on the data that we process about you (inferred or not). In other words, we only make the data available to our customers. It is up to our customers what (if anything) to do with the data and any inferences about the data.
We will only process data about you which may be deemed sensitive or part of a special category under data protection law which has been made public and available to us by virtue of it being public.
Sharing your data
In addition to sharing your data with our Customers, we may share your data as described in the Information Sharing section (with the exclusion of Site testimonials and prospect or customer references) of this Policy.
We will store and transfer your data as described in Storage and Transfers of Your Information.
Retention of your data
In relation to our legitimate interests as it relates to historical and statistical research, we retain your data for as long as it is made publicly available.
Privacy practices of third parties
This Policy only addresses our collection, processing, and use (including disclosure) of your data. Our customers and other third parties that may have access to your data can use it in other ways in accordance with their own privacy practices and applicable law. We encourage you to familiarize yourself with the privacy statements provided by any platform you use to publish any information.
As a Social Media Author, you are the source of the data. You have control over that data within the platform or forums that you choose to publish it on (e.g. Twitter, Facebook, Instagram and other blogs, forums, etc.), including through using the privacy settings made available to you by that platform or forum. In addition to whatever rights you have via your relationship with any publishing platform, you also have certain rights relating to your data that we process, as set out in this Policy.
If you believe we have information from you that you do not want us to have, please Contact Us as described below and contact the social media provider to whom you initially gave that information. We will delete your content upon your request, if we are able to do so.
If you reside in the European Union (EU) or other jurisdictions that provide access rights under law, you may access your information or have it corrected or updated in accordance with applicable law by contacting us through the Contact Us options described in this Policy (See Your Rights (EU Users) above).
We are committed to protecting the online privacy of children. In accordance with the Children’s Online Privacy Protection Act in the United States and the GDPR in the EU, we will not knowingly collect or solicit any personally identifiable information from or provide any services to children under the age of 16. Our Site and its content are not directed at children under the age of 16. If we learn that we have collected personal data from a child under the age of 16 without parental consent, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 16, please contact us at email@example.com.
Users who reside in California and have provided personal data to us have the right to receive: (a) information identifying any third party to whom Crimson Hexagon may have disclosed, within the past year, personal information pertaining to you and your family for that party’s direct marketing purposes; and (b) a description of the categories of personal information disclosed. To obtain such information, please email your request to firstname.lastname@example.org. This request may be made no more than once per calendar year. We reserve our right not to respond to requests submitted other than to the address specified in this paragraph.
Email questions about our privacy and security practices to: email@example.com
Online request through: our contact options
Mailing Address or Phone: