Effective as of January 15, 2019
WorldBrainWave is an online research platform that offers tools for cognitive and behavioural research, and allows data acquisition and research collaboration. Our mission is to make research tools accessible and affordable for everyone. For more information about WorldBrainWave, please see the About Us section of our website(s). WorldBrainWave provides users with access to use or platform to help account holders (customers) create, design, conduct and analyse research experiments by providing tools to host and conduct tasks in a self-service capacity (our services) directly and through the website(s).
Information collection and use
The user data we collect:
Data collected from a user / customer - For the personal data we collect about you as a user of our services, including your personal information if you are an account holder using our services, WorldBrainWave is the data controller for the purpose of the General Data Protection Regulation EU 2016/679 ( ‘GDPR’).
Data collected from a Participant / Respondent (or Data Study Subject) - WorldBrainWave collects study data on behalf of our customers and the data controller of the study data is our customer who invites respondents to participate in studies. When respondents are invited to participate in a study you should contact our customer if you have any questions about their survey, or to exercise your rights in relation to the study data. Our customers determine how they design their studies, what information they will collect and what they will use it for, information you can find in study information and informed consent. Before attending a study, please review their study and (possible) privacy information, and informed consent to understand how your information will be used. All responses should be kept strictly confidential and anonymous.
Participants have the right, under the General Data Protection Regulation (Regulation (EU) 2016/679) ( ‘GDPR’), to view and delete their own data provided by our services. To grand access to the data of the participant an email address is required. The provided email address will be solely used for this purpose, and the address cannot be traced back to identifiable personal information.
We collect very limited information about you and we are only the data processor of this information. We will only use it for limited purposes including protecting the security of our services and to respond to you if you contact us directly. We will not use your contact information only for providing you access to your data. We apply high standards of security to the information that we hold, our security policies and procedures follow industry best practice.
Types of data collected
The personal information we collect from you, including where you choose to provide personal details to us, and where we obtain information about you, will include the following data which we require in order to provide our services and to communicate with you:
Personal data - If you create an account with us, we will collect your name, email address and WorldBrainWave password; if you purchase services from us, we will collect contact details, and credit or debit card details, such as full name, payment card number, expiration date, CVV, and billing address. Where you fail to provide this data, or other data requested that we need to collect by law, or under the terms of another contract we have with you, we may not be able to provide you with our services.
Usage data - We will collect information that you provide to us through our services. For example which features you use of our services, when you use them, and how long you use them. We will develop information based on your use of our services to improve our services and to provide to other users of our services, such as the aggregated contents of surveys, tests, experiments, questions or notes. We also collect usage data about you through your use of our services, and technical data, including your IP address, location, browser type, the dates and times you access our services, referral data, and the links you click and other activities within the services. Collection of information necessary for legal compliance - To comply with applicable legal or regulatory obligations, including as part of a judicial proceeding; to respond to a subpoena, warrant, court order, or other legal processes; or as part of an investigation or request, whether formal or informal, from law enforcement or a governmental authority.
We may also use your information where we need to comply with a legal obligation; to protect the safety, rights, property, or security of WorldBrainWave, the services, any third party, or the general public; to detect, prevent, or otherwise address fraud, security, or technical issues; to prevent or stop activity which WorldBrainWave, may consider to be, or to pose a risk of being, an illegal, unethical, or legally actionable activity; to use as evidence in litigation.
Use of data
WorldBrainWave uses the collected data for various purposes:
- To provide, operate, improve and maintain the service;
- To detect, prevent and address technical issues;
- To monitor the usage of the service;
- To notify you about changes to our service and to provide you with information about services;
- To allow you to participate in features of our service;
- To respond and/or deal with requests or enquiries;
- To convert information into anonymous data and use it (normally on an aggregated statistical basis) for research and analysis to monitor and improve site performance and/or other purposes;
- To generate raw and aggregated results in our services;
- To provide analysis or valuable information so that we can improve the service;
- To administer the site, and to provide customer support;
- To administer the site, our services; subscription usage (for billing); financial transactions (for tax and accounting purposes);
- Data ownership (to denote which account holder is the owner of which project)
- Feature usage and server load (to denote which features are popular or need changing, and to ensure adequate server provision);
- To contact you by e-mail or phone for any of the above reasons;
- For compliance with legal, regulatory and other good governance obligations.
This list is not intended as complete and will be updated as legal requirements dictate. Your personal information will only be made available for the purposes mentioned above and to our staff who properly need to know these details for their functions.
Study Data - You are in control of the management of your study data and can delete it from our online systems or download it to your own systems at any time. Please refer to our policy for the specific period for which we retain your survey data when we cease providing you with our products and services and for how long your survey data remains in our backups before being permanently deleted.
If you would like to close your registered account, you can do so via the site. When you close your account, subscription usage and financial records are kept as part of our usage records, but personal identifying information will be deleted from your account, and your account data is pseudonymised/anonymised to form part of our aggregated statistics.
Research data will be stored for as long you have a registered account. All data processed by our services is stored anonymized and aggregated for 5 years. When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
Transfer and use of data
Your information, including personal data, may be transferred to - and maintained on - computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.
If you are located outside Netherlands and choose to provide information to us, please note that we transfer the data, including personal data, to the Netherlands and process it there.
- Processing it in a territory which the European Commission has determined provides an adequate level of protection for personal information; or
- Otherwise implementing appropriate safeguards to protect your personal information, including through the use of standard contractual clauses or another lawful transfer mechanism approved by the European Commission.
As we hold the data on secure servers within the European Economic Area ('EEA'), for now based in The Netherlands, certain transfers of personal information to third party recipients take place, as explained above.
Please be aware that such recipients of your personal information (as set out in this notice), may not be located within the EEA but instead located in countries which do not have equivalent protection for personal information to that within the EEA.
Where we transfer your information outside the EEA we will either undertake an assessment of the level of protection in light of the circumstances surrounding the transfer or:
- Only transfer it to a non-EEA country with privacy laws that give the same protection as the EEA; or
- Ensure we have an agreement in place with the recipient under which they are under a duty to protect your data to the same standards as those in place in the EEA; or
- Transfer it to US organizations that are signed up to the EU-US Privacy Shield scheme; or
- We will make sure that any transfers are not repetitive and only limited to the minimum amount of information possible. In certain circumstances we may need to seek your consent unless there is an overriding legal need to transfer the information; and
- In all cases where your information is transferred outside the EEA, you have a right to contact us for information on the measures we have put in place.
WorldBrainWave can never be held responsible and/or liable for any damages caused by using our services. Once data is copied or downloaded from the site, the user is responsible for the data.
Disclosure of data
- WorldBrainWave may disclose your personal data if such action is necessary to:
- To comply with a legal obligation;
- To protect and defend the rights or property of WorldBrainWave;
- To prevent or investigate possible wrongdoing in connection with the service;
- To protect the personal safety of users of the service or the public;
- To protect against legal liability.
Security of data
The security of your data is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security. While we take efforts to safeguard your personal information which are consistent with relevant laws, the nature of the internet is such that we cannot guarantee absolutely the security of any personal information you disclose online.
WorldBrainWave personnel and service providers with access to personal information collected through our website are required to keep such information confidential and secure.
Access of data
You can request WorldBrainWave for the personal information we hold, normally free of charge, under data protection legislation. If we do hold information about you we will let you have a copy of that information unless a legal exception applies, in which case we will inform you of this at the time. You also have the right to request that information we hold about you which may be incorrect, incomplete, or which has been changed since you first told us, is updated or removed. To make a request to exercise either of these rights, please email your request to firstname.lastname@example.org.
Participants have the right, under the General Data Protection Regulation (Regulation (EU) 2016/679) ( ‘GDPR’), to view and delete their own shared research data when participating in a study provided by our services. The provided participant email will be only used for granting access to the data, and cannot be traced back to identifiable personal information.
Data erasure requests
You can ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Participants have the right, under the General Data Protection Regulation (Regulation (EU) 2016/679) ( ‘GDPR’), to delete their own shared research data when participating in a study provided by our services. The provided participant email will be only used for granting access to the data, and cannot be traced back to identifiable personal information.
Withdraw your consent
You have the right at any time to withdraw any consent you have given us to process your personal data. If you withdraw your consent it will not affect the lawfulness of any processing of your personal data we have carried out before you withdrew your consent. Should you wish to do so you can change your consent preferences at any time on your account profile page or email your request to email@example.com. Please note that if you want us to restrict or stop processing your data this may impact on our ability to provide our services. Depending on the extent of your request we may be unable to continue providing you with our service.
When participants have agreed to take part in a study their participation is entirely voluntary. They have the option to withdraw from a study at any time, without penalty, and also have the right to request that their responses not be used.
We may employ third party companies and individuals to facilitate our service, to provide the service on our behalf, to perform service-related services or to assist us in analysing how our service is used. These third parties have access to your personal data, only to perform these tasks on your or our behalf, and are obligated not to disclose or use it for any other purpose.
Analitics - We may use third-party service providers to monitor and analyse the use of our service, such as Google Analytics, which is one of the most widespread and trusted analytics solution on the web for helping us to understand how you use the site and ways that we can improve your experience. Please visit our Cookies Policy section for more information.
Links to other sites
General Data Protection Regulation
If you are located in the European Union, you have certain additional rights with respect to your personal information under the General Data Protection Regulation (Regulation (EU) 2016/679) ( ‘GDPR’), including the following:
- The right of access to your personal information or provided information as a user/customer or as a participant, respondent or data study subject.
- The right of erasure of personal data as a user/customer or as a participant/respondent.
- The right to rectify your personal information if it is incorrect or incomplete.
- The right to withdraw your consent to our processing of your personal information at any time (if our processing is based on consent).
- The right to object to our processing of your personal information (if processing is based on legitimate interests).
- The right to object to our processing of your personal information for direct marketing purposes.
- The right to receive your personal information from us in a structured, commonly used and machine-readable format, and the right to transmit your personal information to another controller without hindrance from us (data portability).
You may contact us at firstname.lastname@example.org to exercise any of the above rights. We may request specific information from you to confirm your identity, and in some circumstances, we may charge a reasonable fee for access to your personal information. Furthermore, if you believe that our processing of your personal information is inconsistent with your data protection rights under the GDPR and we have not adequately addressed your concerns, you have the right to lodge a complaint with the data protection supervisory authority of your country. For purposes of the GDPR, we are a ‘controller’ and you are a ‘data study subject.’
Our service is available for the age of 16. We do not knowingly collect personal information from anyone under the age of 16. If you are under 16, please do not attempt to attend studies or send any personal information about yourself to us. If we learn that we have collected personal information from a child under age 16, we will delete that information promptly. We do advice supervision (such a tutor or parental guidance) for anyone under the age of 18 (‘minors’). If you are a tutor, parent or guardian and you are aware that a pupil, student or (your) child has provided us with personal data, please contact us. If we become aware that we have collected personal data from minors without verification of tutor of parental consent, we take steps to remove that information from our servers.