Real-Time Delphi in Practice

This Privacy Statement was updated on June 11, 2024.

This privacy statement explains how Calibrum handles personal data collected during the normal course of business (sales, marketing, and support), as well as how data are processed in its software and services. 

Calibrum complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.  Calibrum has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.  

Calibrum has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  

To learn more about the Data Privacy Framework (DPF) program,  please visit Data privacy framework website: https://www.dataprivacyframework.gov

To view our DPF certification, please visit the following URL and search for "Calibrum":

https://www.dataprivacyframework.gov/list

1. CALIBRUM SOFTWARE AND SERVICES

Calibrum creates online collaborative survey software for corporations, research companies, and universities.  The software is accessed using a modern browser via the Internet. Calibrum products are self-service; Customers determine and are solely responsible for what and how Customer Data is collected. Customer Data may include data collected from respondents (“Respondents”). Customer Data may be collected via email or a web link. 

Calibrum acts as a data processor with respect to Customer Data and processes this data as instructed by Customers, who are the data controllers. 

2. DATA COLLECTED DURING NORMAL BUSINESS TRANSACTIONS (UNRELATED TO THE SOFTWARE)

For the www.calibrum.com site: Calibrum collects and analyzes aggregate information of visitors, including the domain name, visited surveys, referring URLs, and other publicly available information. We use this information to help improve our website and services, and to customize the content of our pages for each individual customer. Cookies may be used to deliver customized content to website visitors.  

Calibrum does not sell or make available specific information about our customers or their clients except as requested by a valid court order or otherwise required by law. We maintain a database of user information which is used only for internal purposes such as technical support, marketing-related activities, and to notify customers of changes or enhancements to the services. Calibrum uses secure services for online credit card payment transactions, and does not record or store credit card information on its site or servers.

Your personal data will be passed on to the following categories of third parties for processing: services providers (for the provision of the website); state agencies and bodies if required by law. We engage Google to help us understand and improve our site. Google may collect certain technical or other information from you (e.g., clickstream information, browser type, time and date, hardware/software information, cookie ID, IP address, etc.) when you visit our website.

3. DATA COLLECTED BY CUSTOMERS

For this section, customers are end-users with valid Calibrum accounts. Customers own and control all information input into the Calibrum software or generated on behalf of customers in connection with the Services (“Data”). Depending on how the Customer chooses to use the software, Data may include personal information. Customers manage all Data, as well as the users who create, manage, distribute, or report the Data.

Calibrum treats all Data as highly confidential and does not classify or represent the Data because only the Customer itself knows what data it’s collecting. In other words, Calibrum provides the services, and Customers use the services as they wish. All Data are safeguarded using industry best security practices that prevent unlawful disclosure. More information is at our security statement https://calibrum.com/security

Calibrum will process Data for the purpose of providing the software and services to customers. Calibrum may also anonymize and aggregate the Data and use such anonymized and aggregated data for its business purposes. Customers must ensure that they follow applicable laws when distributing surveys. This includes following applicable law when collecting personal and health information, preventing unsolicited emails from being sent, and deleting personal information when no longer required.

Unless required by law, Calibrum will never transfer Data to a third-party without the written permission of the customer. In other words, there is no onward transfer.

In the context of an onward transfer, Calibrum has responsibility for the processing of personal information it receives under the Data Privacy  Framework and subsequently transfers to a third party acting as an agent on its behalf. Calibrum shall remain liable under the Principles if its agent processes such personal information in a manner inconsistent with the Principles, unless Calibrum proves that it is not responsible for the event giving rise to the damage.

Calibrum enables Customers to be compliant with various privacy-related regulations and laws. Features within the products may be used to modify and delete data, create anonymous surveys, and more. 

Calibrum employees do not actively view Data. Any access to Customer accounts requires consent by the end-user, and any exposure to personal information is incidental to providing the services. Customers have the ability to disable Calibrum support from accessing their accounts, but doing so may hinder timely responses and the quality of support.

4. COMPLAINTS AND INQUIRIES

Calibrum is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC), and individuals have a right to contact the FTC regarding services provided by Calibrum.

If you are an EU or Swiss or U.K. citizen, and have questions about your personal information that may have been collected in a Calibrum survey, please contact the entity that created or sent you the survey. Data collected and only processes Data as controlled by the customer. If the survey creator is unresponsive to your inquiry, please contact Calibrum Support.

General inquiries regarding this policy, or any complaints regarding surveys that are unresolved by the survey creator, may be sent to Calibrum Support by visiting https://www.calibrum.com and clicking on “Contact Us”. There is no charge for this inquiry.

Calibrum has a team of legal and technical staff to maintain compliance with this policy. For legal inquiries, please contact: privacy@calibrum.com

Independent Recourse Mechanism: Any disputes are handled by the International Centre for Dispute Resolution (details below). Inquiries are free of charge.

5. INFORMATION RELATED TO DATA PRIVACY FRAMEWORK

For details about the Data Privacy Framework (DPF) program: https://www.dataprivacyframework.gov/

The key goals of DPF are to inform both EU, Swiss and U.K. individuals about:

- the right of individuals to access their personal data

- the choices and means an organization offers individuals for limiting the use and disclosure of their personal data

- the requirement for an organization to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements

Calibrum’ DPF self-certification does not cover human resources data.

DPF may provide individuals the right to (i) access the data that we hold about them, (ii) request that we correct, amend, or delete it if it is inaccurate or processed in violation of the DPF, or (iii) limit the use and disclosure of their personal information. In compliance with the DPF Principles, Calibrum commits to resolve complaints about our collection or use of personal information. EU, Swiss and U.K. individuals with inquiries or complaints regarding our DPF policy should first contact Calibrum at: privacy@calibrum.com.

Calibrum has further committed to refer unresolved DPF complaints to the American Arbitration Association (AAA), an alternative dispute resolution provider located in the United States. If an individual does not receive timely acknowledgment of its complaint from us, or if we have not addressed an individual’s complaint satisfactorily, such individual should contact the AAA for more information or to file a complaint at the following website https://go.adr.org/dpf_irm.html. The services of the AAA are provided at no cost.  

Calibrum implements appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access.

Because adequate protection is provided by DPF participants, contracts with DPF participants for mere processing do not require prior authorization (or such authorization will be granted automatically by the EU Member States), as would be required for contracts with recipients not participating in the DPF or otherwise not providing adequate protection.

Calibrum self-certifies with DPF. A self-assessment is signed by a company officer or other authorized representative of the organization at least once a year and made available upon request by individuals or in the context of an investigation or a complaint about non-compliance. Calibrum is required to respond promptly to EU or Swiss or U.K. individual inquiries, and other requests for information from the Department of Commerce relating to its adherence to the DPF Principles.

Under DPF, an individual has the right, under certain conditions, to invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the other DPF mechanisms. Under DPF, Calibrum must respond to individual complaints within 45 days. For additional information, visit: 

https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2

Calibrum’ Independent Dispute Resolution (IDR) Provider is:

American Arbitration Association

International Centre for Dispute Resolution

New York City, New York, USA

https://www.dataprivacyframework.gov/s/article/11-Dispute-Resolution-and-Enforcement-d-e-dpf

6. LIST OF SUB-PROCESSORS

Presently, Calibrum uses the following sub-processors for optional services to process personal data in the Subscription Services. There is no requirement to use these optional services when using the Calibrum Services.

Subprocessor: Google, LLC

Function: Translation service (manually controlled by user)