Effective January 19, 2018

This policy demonstrates our firm commitment to your privacy and the protection of your personal information. Information obtained from website visitors and customers of our products and services will only be used for internal purposes. Except as specified in this privacy policy, at no time will we sell, rent, or otherwise provide your personal information or survey data to a non-agent third party.

When you register with us, we require that you provide correct contact information, which may include your name, email address, phone number, and other similar types of information. The information you provide allows us to send you periodic reminders about your account status and contact you regarding technical issues. If you register with Checkbox in error, please contact us as specified in the Contact Information clause of this privacy policy and we will delete your record from our database.

Use of Our Website and Services

Newsletters and Marketing Emails

When you register with us and provide us your email address, we may periodically send marketing notices and/or newsletters to that email address. You may opt-out of receiving these emails at any time by following the Unsubscribe link located in the footer of these emails or by contacting us via email at sales@checkbox.com. We will process your request as soon as possible.

Order Forms

When you purchase our products or services online, we collect your contact and payment information (such as name, postal address, email address, and credit card number). We use this information to create/update your account, verify your identity, authorize payments, and to send you a confirmation of your payment. We will share your credit card information via a secure Internet connection with our third party credit card processing vendor for the sole purpose of processing your order or refund.

Requesting/Updating Your Information

We do not sell, share, distribute, or otherwise provide any information that we collect from you on the trial registration or any other contact form. If you have questions or concerns about this registration process, or to request a copy of your information on file as a registered user, please contact us as specified in the Contact Information clause of this privacy policy.

Log Files

As is true of most websites, we gather certain information automatically and store it in log files. This information includes internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp and clickstream data.

We use this information, which does not identify individual users, to analyze trends, to administer the site, to track users’ movements around the site and to gather demographic information about our user base as a whole.

We do not link this automatically-collected data to personally identifiable information.

Cookies

A cookie is a small text file that is stored on a user’s computer for record-keeping purposes. We use cookies on this site. We do not link the information we store in cookies to any personally identifiable information you submit while on our site.

We use persistent cookies. A persistent cookie remains on your hard drive for an extended period of time. You can remove persistent cookies by following directions provided in your Internet browser’s “help” file. More information about cookie technology can be found on the Microsoft® website at: http://www.microsoft.com/info/cookies.mspx.

We set cookies when you visit the Checkbox website, use our Checkbox Online application, and take a Checkbox Online survey. Cookies are used to:

  • Identify whether a user is logged in, for security purposes, and to allow the use of software features
  • Allow us to see how visitors use our site (these may be third party cookies like Google Analytics)
  • Identify a unique survey response when you are a respondent taking a survey

If you reject cookies, you may still use our site, but your ability to use some areas of our site, such as online surveys, will be limited.

Security Measures

We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

If you have questions about security on our website, you can contact as specified in the Contact Information clause of this privacy policy. 

Checkbox Online Survey & Data Security

Survey Security Overview

Except as specified in this privacy policy, at no time will we sell, rent, or otherwise distribute your personal information or survey data to a non-agent third party.

When you publish your survey on our Checkbox Online servers, we will provide you with a unique URL to display your survey. We will not provide this URL to any other person or entity, but we will provide your survey to any web browser requesting your unique URL. We may review your survey contents for violations of our acceptable use policy (AUP). If we determine your survey is in violation of our AUP, we will attempt to contact you and reserve the right to delete your survey and results from our systems.

We reserve the right to disclose your personally identifiable information as required by law and when we believe that disclosure is necessary to protect our rights and/or comply with a judicial proceeding, court order, or legal process served on our website.

There may also be instances where Checkbox Survey may be required to share your information with third parties who have not been retained by Checkbox, during inspections or audits, in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, or as ordered or directed by courts or other governmental agencies. Many entities receiving your information under these conditions have privacy requirements that apply to their handling of your information.

If we decide to change our privacy practices, we will post those changes to this privacy policy and other places we deem appropriate so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. We reserve the right to modify this privacy policy at any time, so please review it frequently.

Tracking Technology

Cookies: A cookie is a small text file that is stored on a user’s computer for record-keeping purposes. Like most other websites, we use cookies to collect data about visitors. We do not link the information we store in cookies to any personally identifiable information you submit while on our site. We use persistent cookies. A persistent cookie remains on your hard drive for an extended period of time. You can remove persistent cookies by following directions provided in your Internet browser’s “help” file. More information about cookie technology can be found on the Microsoft® website at: http://www.microsoft.com/info/cookies.mspx.We set cookies when you visit the Checkbox web site, use our Checkbox Online application, and take a Checkbox Online survey. Cookies are used to:

  • Identify whether a user is logged in, for security purposes, and to allow the use of software features
  • Allow us to see how visitors use our site (these may be third party cookies like Google Analytics)
  • Identify a unique survey response when you are a respondent taking a survey

If you reject cookies, you may still use our website and services, but your ability to use some areas of our website or features of our services, such as online surveys, will be limited.

Application Security

  • Development Testing:  Prior to each upgrade or update release of the Checkbox Survey application, all inputs within the administrative interface and within surveys are checked for vulnerabilities to JavaScript and SQL injection attacks. Encryption algorithms are consistently examined for possible security vulnerabilities and are updated as needed to remain in line with current technologies and current known security concerns. In the event of a customer detecting and reporting a security hole or issue, Checkbox will use industry-acceptable and reasonable methods to reproduce and identify said issue. Once identified, Checkbox will use commercially available and reasonable methods to develop and test a fix for the issue, and will release the fix with the next subsequent upgrade or update release. If Checkbox deems the issue to be a critical security vulnerability, a security “hotfix” may be released to resolve the issue in advance of the next full software release.
  • Hosting Infrastructure: Checkbox utilizes Amazon Web Services (AWS) cloud based virtual web servers in the United States, Ireland, and Singapore to host its Checkbox Online application. The Amazon hosting infrastructure is scaled in quantity based on anticipated demand using a series of load balancers and Amazon’s Auto Scaling feature. Hosting infrastructure and hosted customer data is protected by a firewall, which limits public access to these instances to only the ports needed to use the service (80/443). Our Amazon customer support includes a monitoring system that detects the presence of a compromised hosting instance. Checkbox support is notified of issues in real time. Amazon’s elastic cloud computing allows Checkbox support to move customer databases to separate cloud computing instances within minutes in the event of a compromised instance or other issue that threatens customer data. Data is backed up on a daily basis, with backups stored on redundant Amazon S3 storage. AWS’s security policies can be found here: http://aws.amazon.com/security/
  • Customer Responsibilities for Application Security:  Customers of Checkbox, including any users granted access to Checkbox by and on behalf of customers, are expected to maintain the security of their accounts and account data. This includes, but is not limited to, using sound and reasonable judgment when choosing and storing Checkbox passwords. Checkbox offers password encryption and password lockout features, but it is the responsibility of customers to enable and properly configure these features. Customers are also expected to maintain sufficient security and protection of their own servers and systems, and to protect sensitive and confidential survey and user data in their possession. Checkbox offers SSL support to secure the transmission of survey responses, but it is the responsibility of customers to ensure that surveys are configured to use that feature where appropriate, and that SSL has been configured properly in Checkbox.
  • Notification of Application Security Issues:  Despite best efforts, no software is bug-free and no method of transmission over the Internet or method of electronic storage is perfectly secure. Should Checkbox learn of a security issue within the application, Checkbox will immediately notify all customers potentially affected by the issue.  Customers will be notified individually by email and/or messages will be posted in the customer announcement section of the Checkbox customer support site and in the news section of the Checkbox website, as deemed appropriate.

Information Security

  • Employee Confidentiality:  All Checkbox employees are required to sign a proprietary and confidential information agreement upon hiring. This agreement is in full force during and following the employee’s term of employment. Terminated employees are given a copy of the signed agreement upon termination. Protection of company and customer information is also covered in the Checkbox Employee Handbook, which all employees are required to review and sign upon hiring. Current security policies are reviewed upon hiring and regularly thereafter at company-wide meetings.
  • System-Level Password Security:  All system-level passwords or passwords that are used to gain access to servers and systems containing sensitive internal and customer data are changed upon termination of any employee that had access to the password(s). We use industry-accepted standards for password generation. In addition, access to servers and systems containing sensitive internal and customer data are restricted to the IP addresses of those employees needing access for support and maintenance purposes.
  • Customer Data: All employees are bound by the terms of their confidentiality agreement to protect the integrity of customer data at all times. There is a zero tolerance policy for negligence or misconduct with regard to customer data. Such negligence or misconduct is grounds for immediate termination. Any modifications to or testing of Checkbox customer databases are done on an in-house server and never on any employee’s personal computer. Customer databases used for testing purposes are immediately deleted from Checkbox servers once testing is complete and data is no longer needed. Non-disclosure agreements (NDAs) required by customers prior to release of customer data to Checkbox are reviewed by our Chief Operating Officer and the employee(s) who will be accessing the data, and are signed by our Chief Operating Officer. NDAs are filed with customer records.
  • Customer Notification: In the event of an unexpected software outage, hardware, software, or infrastructure failure that leads to service downtime or data loss, or a security breach that compromises customer data, Checkbox will immediately notify all customers potentially affected by the failure.  Customers will be notified individually by email and messages will also be posted in the customer announcement section of the Checkbox customer support site and in the news section of the Checkbox website.

EU-US and Swiss-US Privacy Shield

We comply with the EU-US and Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. We have certified that we adhere to the Privacy Shield principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement, and Liability. If there is any conflict between this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/

In addition to self-assessment, as a participant in the EU-US and Swiss-US Privacy Shield program, we are subject to the investigatory and enforcement powers and authority of the U.S. Federal Trade Commission with respect to maintenance of, and adherence to, this Privacy Policy.

In compliance with the EU-US and Swiss-US Privacy Shield Principles, we commit to resolve complaints about your privacy and our collection or use of your personal information. European Union and Swiss individuals with inquiries or complaints regarding this privacy policy should first contact us as directed in the Contact Information clause of this privacy policy.

We have further committed to refer unresolved privacy complaints under the EU-US and Swiss-US Privacy Shield Principles BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.

As a last resort and under certain limited and prescribed circumstances and conditions, you have the right to invoke a “last resort” binding arbitration process between you and us to resolve a dispute related to our collection, use or disclosure of your personal information.

In particular, we will maintain compliance with the Privacy Shield principles by adhering to the following practices:

Notice

When we collect your personal information, we’ll give you timely and appropriate notice describing what personal information we’re collecting, how we’ll use it, and the types of third parties with whom we may share it. This privacy policy serves as such notice, and any changes to our collection, use or disclosure of your personal information will be reflected in revisions to the privacy policy posted on our website.

Choice

As established and described in this privacy policy, we’ll give you choices about the ways we use and share your personal information, and we’ll respect the choices you make.

Accountability for Onward Transfer

If we transfer your personal information to another country, we may remain liable and will take appropriate measures to protect your privacy and the personal information we transfer.

Security

We’ll take appropriate physical, technical, and organizational measures to protect your personal information from loss, misuse, unauthorized access or disclosure, alteration, and destruction, as further-specified in the Checkbox Online Survey & Data Security section of this privacy policy.

Data Integrity and Purpose Limitation

We’ll collect only as much personal information as we need for specific and identified purposes, and we won’t use it for other purposes without obtaining your consent. We’ll take appropriate steps to make sure the personal information in our records is accurate.

Access

You have the right to confirm the accuracy of your personal information or have it removed from our systems and records, you may contact us at the email address, telephone number or postal address provided in the Contact Information clause of this privacy policy.

Recourse, Enforcement, and Liability

We’ll regularly review our continued adherence to our privacy obligations, and we’ll provide and maintain the independent mechanism specified in this privacy policy as a way of resolving complaints or concerns about our privacy practices. Further, we acknowledge our potential liability for misuse of your personal information by us or our third-party service providers, as further set forth in this privacy policy.

HIPAA Compliance

We strive to maintain data security and confidentiality policies in compliance with HIPAA regulations for all of our Checkbox Online customers. However, certain HIPAA-required security measures are only available with our dedicated Enterprise plan. If you are transmitting or storing personal health information (PHI), you must notify us and follow certain HIPAA compliance procedures, including signing a business associate agreement (BAA) with us and ensuring that certain features such as password lockout restrictions and SSL are available on your account and enabled.

For more information on HIPAA compliance, please contact our sales team at sales@checkbox.com.

Children’s Privacy

Only persons who are age 18 or older have permission to access our services or use our products. We do not knowingly collect personally identifiable information from children under 13. If you are a parent or guardian and you learn that your minor children have provided us with such information, please contact us. If we become aware that we have collected personally identifiable information from a child under age 13 without verification of parental consent, we will take steps to remove that information from our service and records.

Contact Information

You may contact Checkbox concerning this privacy policy, our privacy practices, and any questions or concerns you may have at the following: 

 

Mailing Address:

Checkbox Survey, Inc.
44 Pleasant St., Ste. 110
Watertown, MA 02472 USA

Phone Number: 1-617-231-8890
Email Address: info@checkbox.com