As a respondent-oriented platform, FlashField prioritizes delivering a safe, profitable, and pleasant experience to the respondents who take paid surveys with us. We are also very particular about legal compliances and your privacy.
To help you understand your rights and feel confident about participating in paid online surveys with us, we've broken down some what exactly a Privacy Policy is and how it can help you.

You may have heard the joke about accepting terms and conditions without reading them. Some companies have even included silly clauses or hidden offers in their T&Cs just to see if anyone will read them. At FlashField, we believe you shouldn't need a law degree to understand your agreement with us. We want you to feel informed and in control of your data when you work with us to earn rewards through incentivized paid surveys.

What is a privacy policy and how does it protect you?

A privacy policy is a document that outlines how a company or organization collects, uses, and protects your personal information. It typically includes details about what type of personal information is collected, why it's collected, how it's used, and how it's protected. For example, a privacy policy might explain that a website collects your email address in order to send newsletters and promotional materials, or that it uses cookies to track your browsing behavior in order to improve your user experience. Additionally, the privacy policy should include information about the security measures in place to protect your personal information from unauthorized access. Overall, a privacy policy is meant to give you transparency and control over your personal information and inform you of your rights regarding that information.

What does a Privacy Policy cover?

A privacy policy is a legal document that outlines how a company or organization collects, uses, and protects the personal information of its users. To be compliant with regulations such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), privacy policies must be written in clear and easy-to-understand language. A strong privacy policy should include the following elements:

• A list of the types of information that the company collects and how it is collected. This may include information that is explicitly provided by the user through an online form, as well as data collected through the user's cell phone location or web browser with permission. The company may also partner with social media platforms to collect additional customer data, which should be clearly outlined in the privacy policy.
• The reasons for collecting the data. The privacy policy should explain the purposes for collecting customer data, such as marketing products, improving the customer experience, or understanding the target audience.
• The plans for using and protecting customer data. The privacy policy should detail how the company plans to use the data, as well as any third parties that may receive the data and how they will use it. It should also include information about where the data is stored and how it will be kept secure from potential threats. The policy should specify how long the data will be retained and how it will be securely wiped after a certain period of time or upon the customer's request.
• The opt-out policy. The CCPA requires companies to give customers the option to delete data that has been collected from them and to opt-out of the sale of their personal information. The privacy policy should provide details on how customers can exercise these rights.

It's important for users to read and understand a website's privacy policy before providing their personal information. A privacy policy helps to give users transparency and control over their personal information and inform them of their rights regarding that information.

What is GDPR?

‍The General Data Protection Regulation (GDPR) is a regulation of the European Union (EU) that became effective on May 25, 2018. It strengthens and builds on the EU's current data protection framework and replaces the 1995 Data Protection Directive. GDPR is a set of rules designed to give EU citizens more control over their personal data and to simplify the regulatory environment for businesses so that both citizens and businesses in the EU can fully benefit from the digital economy.

What does GDPR stand for?

‍GDPR stands for General Data Protection Regulation.

How did GDPR come about?

‍In January 2012, the European Commission set out plans for data protection reform across the EU in order to make Europe "fit for the digital age." After almost four years of negotiations, agreement was reached on the details of the reform and how it would be enforced.

What is GDPR compliance?

‍GDPR compliance refers to the measures that organizations must take to ensure that they are following the rules and regulations outlined in the GDPR. This includes protecting personal data from misuse and exploitation, respecting the rights of data owners, and ensuring that personal data is gathered legally and under strict conditions. Organizations that fail to comply with GDPR may face penalties.

Who does GDPR apply to?

‍GDPR applies to any organization operating within the EU, as well as any organizations outside of the EU that offer goods or services to customers or businesses in the EU.

What Does CCPA Mean?

CCPA stands for the California Consumer Privacy Act of 2018. It has been effective from January 1, 2020 and is the first law of its kind in the United States.

What does the CCPA Protect?

The CCPA protects the residents of California against third-party sales or disclosure of their personal information. The CCPA provides these privacy rights to California consumers:

• The right to know what personal information a business is collecting about them and how it is being used and shared
• The right to delete the personal information collected from them
• The right to opt out of sale of their personal information to third parties
• The right to nondiscrimination for exercising their CCPA rights

What Constitutes Personal Information

According to the CCPA, personal information is defined as any information that can identify, describe, relate to or be linked with a consumer or their household in a way that a profile about their preferences and characteristics can be built.

Examples of personal information include:

• Name
• Address
• Email address
• Social Security number
• Geolocation data
• Fingerprints
• Internet browsing history
• Record of products purchased

CCPA Requirements

Non-profit organizations are exempt from the CCPA. The CCPA applies to businesses that collect consumers’ personal data, does business in the state of California and meets one of the following criteria:

• Has annual gross revenues of twenty-five million dollars or more
• Buys, receives, sells, or shares personal information of 50,000 or more devices, consumers, or households for commercial purposes
• Takes 50% or more of annual revenues from selling consumers’ personal information

What is the difference between GDPR and CCPA?

Who they affect

The GDPR applies to all businesses and their websites that deal with personal data from the EU, while the CCPA's protections are limited to individual data subjects that legally reside in California. The CCPA only affects for-profit entities whose business meets certain criteria (annual gross revenue >$25 million, data of >50,000 California consumers/devices/households, or 50% annual revenue from selling data) and collects personal information from California consumers and determines the purposes and means of processing that information, and operates in California.

The types of data protected

The GDPR covers the processing of all personal data, while the CCPA requires businesses to supply an option to "opt-out" when user information is going to be actively sold or shared. The CCPA also doesn't provide protection for certain types of data, such as public information, medical information protected by California or federal laws, and other similar data sets.

What actions constitute data collecting, selling, and processing

Under both laws, "personal data" refers to any information that can directly or indirectly represent an identifiable person. However, the GDPR considers the "processing" of personal data to be any action performed on the information, while the CCPA divides its data-related terminology into separate definitions (collecting, selling, and processing).

How businesses must handle consumer data requests

Both the GDPR and CCPA give consumers the right to request access to their personal data, as well as request corrections or deletions. However, the GDPR requires businesses to respond to such requests within a month, while the CCPA gives businesses 45 days to respond.

Penalties for non-compliance

Both the GDPR and CCPA have significant fines for non-compliance, but the GDPR's fines can be much higher (up to 4% of annual global revenue or €20 million, whichever is greater). The CCPA also allows for private rights of action, allowing consumers to sue businesses for data breaches.

We hope this information helps you feel informed and confident about participating in paid online surveys with FlashField. If you have any further questions or concerns, don't hesitate to reach out to us. We're here to help!

‍