Last updated: 2022-07-15
Heavy Metal (“Heavy Metal,” “MHM,” “we,” “us,” or “our”) deeply believes in the importance of earning and maintaining your trust. As such, we are strongly committed to protecting your privacy rights. Whether you are a Participant (“Participant”) or a Customer (“Customer”, or in either case, “You”, “User”, or “Users”), we created this Privacy Statement to give you confidence in interacting with Heavy Metal’s Website and Services. You should. carefully read this Privacy Statement (“Statement”) to inform yourself on how MHM collects, uses, shares, or otherwise processes information relating to individuals (“Personal Information”), and to learn about your applicable rights regarding such processing.
I. About the Statement – Processing Activities
This Statement applies Personal Data processed by MHM when you:
- visit this website (www.makeheavymetal.com) and/or any other MHM website(s) which reference or link to this Statement (collectively, “Website”);
- use, download, access, as applicable, any of our various internet-based offerings, including any paid or non-paid subscriptions, newsletters, mobile platforms, webinars, briefings, programs, software, or applications (collectively, “Services”);
- receive compensation from us for participating in one of our research studies via survey, interview, or some other method of data collection that you consent to;
- visit MHM’s branded social media sites;
- receive communications from us, including emails, phone calls, or other electronic messages;
- attend or register for any of our events, conferences, networking/community offerings, etc.
It applies whether you have provided the information directly to us or if we have obtained such information from a different source, such as a third party. This Statement may be supplemented by additional privacy notices provided to you.
Notwithstanding the foregoing, if you or your organization has previously entered into a separate, written agreement with Heavy Metal governing your existing use of the Services (“Subscriber Agreement”), any conflicting privacy terms of the Subscriber Agreement shall control as set forth therein.
It is important to understand that the Website and the Services may contain links to sites or offerings operated by individuals or entities other than Heavy Metal. Such links, where applicable, are provided for your reference and convenience only. Heavy Metal is not responsible for the content or operation of such sites or offerings, nor the security or privacy of any information collected by such third parties. You are solely responsible for determining the extent to which you may use any such content, and you should review the corresponding privacy policies applicable to these third party sites or offerings.
II. Information We Collect
We collect Personal Information and Other Information about You in connection with the Services. For the purposes of this Policy, “Personal Data” is information that does or can be used to identify you, such as your email address or phone number. “Other Data” is any information we collect that is not Personal Data.
We may combine Personal Data with Other Data, in which case we will treat the combined information as Personal Data. We also may combine information that we have about you with additional information that we or other third parties collect in other contexts—such as our communications with you via email or phone, your responses to project screening questions, your customer service records, or any feedback provided during a research interview. In those circumstances, we will treat the combined information as Personal Information.
Information about Customers
We collect some information directly from you (for example, via forms you complete or products or Services you access, download, or otherwise obtain). Such information is generally limited to:
- Name, job title, contact details, and company or organization;
- Your communications with MHM personnel;
- Content you post on our social media sites;
- Information you provide on the Website, such as online questionnaires, or feedback forms;
- Information you provide when you subscribe to email newsletters such as your interest in specific MHM research areas;
- Responses to surveys, study screener forms, interviews, or other such best-practices studies;
- Information you provide when registering for a free trial account, log-in credentials and information about your use of and preferences for the Services; and
- Limited billing information, collected and used strictly for billing purposes only, is not shared or used for any other purposes, and is and will be processed in accordance with all applicable laws. When required, we will collect your credit card or other payment information. We use third-party payment service providers to process payments on our behalf, and as a result we do not ourselves store your credit card number or other payment information.
Information about Participants
If you are are Participant, we may collect the following Personal Information about you:
- First Name
- Last Name
- Phone number
- Email address
- Date of Birth
- Other Personal Information we are required to collect from you in order to provide you with compensation for your participation in research studies including but not limited to: street address, postal code. Such information is collected and used strictly for payment purposes and will be processed in accordance with all applicable laws.
We may also collect Other Data about you, including but not limited to
- Job title, employment status, and company or organization
- City, State, and Country
- Household income
- Marital Status
- Level of Education
Information about all Users
Other information is received indirectly from you via use of the Services or from your organization on your behalf (for example, from observing your actions on the Website or to provision you with account access).
Such information is generally limited to:
- Information regarding usage of the Services or Website via web logs collected automatically and passively using various technologies, which generally will not specifically identify you or other individuals. Examples may include IP addresses, browser types, domain names, and other anonymous statistical data regarding aggregate usage;
- Download restrictions or other such consumption limits, where applicable, attributed to your MHM account, username, email address, registration, etc. Additionally, if you elect to download and use any optional third-party applications with the Services (for example, the MHM Chrome plugin), we will detect and store information necessary for you to effectively use the third-party application; and
- Information provided by your employer or organization, such as name, email, other contact information, job title, etc., in order to activate and manage your access to and use of the organization’s subscription to the Service.
If you register for, or attend one of our events, conferences, networking/community offerings, we may:
- With your further consent, scan an attendee badge or QR code, which will provide contact information such as your name, title, company name, and email address;
- Record or otherwise broadcast conference presentations or locations; and
- Collect information regarding dietary requirements or any reasonable accommodations needed to attend and enjoy the event.
For participants who receive a virtual payment card as compensation for participating in a research study or studies, we may:
- Anonymize and aggregate purchase data gathered through your provisioned virtual payment card for the purposes of market research
Lastly, we also collect Personal Data via other sources such as public records, publicly available sources or internet sites, vendors, data suppliers and service providers, commercially available marketing lists or registries, telephone directories, social networks (such as LinkedIn), news outlets and related media. Such Personal Data collected via these sources is typically limited to business contact information, such as names, contact information, job titles, IP addresses, and LinkedIn and other social media profiles.
A “cookie” is a small text file with a unique identifier placed on a browser or online device, used to collect limited information about your online preferences and increase website efficiency. When you visit the Website, MHM or one of our authorized third parties may place a cookie on your browser and/or device. We also use web beacons in some email communications. MHM uses such cookies and other tracking technologies to manage your preferences, customize and deliver content and advertising, provide social media features, and examine usage information pertaining to Website visits.
We may use both “session cookies” (which disappear once the browser is closed or computer is turned off) and “persistent cookies” (which remain in operation until deleted). You can manage website cookies in your relevant browser settings, and you always have the choice to change these settings by accepting, rejecting, or deleting cookies. If you choose to change your settings, you may find that certain Website or Services functions and features will not work as intended.
The following describes how we use or may choose to use different categories of cookies and similar technologies:
- Required or essential cookies. These cookies are necessary for the Website’s basic operations and there are no options to disable. For example, session cookies needed to transmit the Website, authentication cookies, and security cookies.
- Social media cookies. These cookies allow users to share our Website or materials on social media sites. Because these cookies are not within our control, you should refer to their respective privacy policies to understand how they work.
- Advertising cookies. Advertising cookies track activity across websites in order to understand a viewer’s interests, and to direct specific marketing to them. Heavy Metal may now or in the future elect to contract with third-party advertising networks that collect IP addresses and other information from web beacons on our websites, from emails and on third-party websites.
- Functionality cookies. These cookies help us customize our website content based on a user’s preferences. They remember the user’s choices, their language, the country pages visited and any changes the user makes to text size or other parts of our website pages. The information these cookies collect may be anonymized and they cannot track browsing activity on other websites.
At any time, you can prevent cookies from being set on your browser. For instructions on how to block, delete or disable any cookies, please consult your browser’s “Help” or “Support” section.
By using the Services, Licensee may also receive certain third-party Cookies on your computer or device. Third party Cookies are those placed by websites, services, and/or parties other than Heavy metal. Third party Cookies may be used within the Services.
IV. Use of Personal Data
MHM uses your Personal Data when: it is necessary to perform our obligations or exercise our contractual rights; we have a legitimate business interest to process such Personal Data; it is necessary to comply with applicable laws or regulations; we have your consent (where required under applicable law) to use your information (where we rely on your consent, you have the right to withdraw consent by contacting us as set forth below). Such legal reasons are identified for the following common instances:
- Administering our Website and Providing Services: Personal Data is processed to perform our contractual obligations, where applicable. In instances where we have not entered into a contract with you, such processing is based on our legitimate interest to manage and promote our business, operate and administer the Website, provide and improve the Services, and to provide requested content or materials (for example, when you request to download one of our reports from the Website).
- User Registration: In accordance with our contractual obligations or legitimate interest to provide Services, when you register for an account with MHM (whether as a paying client or on a complimentary basis), we process your Personal Data as needed to register and administer your account, provide technical and client support and training, verify your identity, and send important account, subscription, and Services information.
- Support Requests: If you request that MHM contacts you (for example, for free trial access or to learn about our offerings), or if you contact us by other means, we process your Personal Data to the extent it is necessary for our legitimate interest in fulfilling your requests and communicating with you, or as is required by contractual obligations.
- Compliance; Security and Functionality of Website and Services: For our legitimate interests in ensuring adherence to relevant terms, we process your Personal Data to review compliance with the applicable usage. Personal Data is also processed by tracking use of the Website and Services, to perform our contractual obligations, where applicable, to provide a secure and functional experience. In instances where we have not entered into a contract with you, such processing is based on our legitimate interest in promoting the safety and security of the Website, Services, systems and applications and in protecting our rights and the rights of others, whereby we reserve the right to monitor, investigate and report any attempts to breach the security of the Website or Services, verify accounts and activity, and enforce our terms and policies.
- Event Registration and Attendance: We process your Personal Data to plan and host events, conferences, networking/community offerings for which you have registered or attend, including sending related communications to you, to perform of our contract with you, or as part of our legitimate interest to operate and improve our events business, enable peer networking opportunities, promote our brand, and collect relevant information for hospitality and health and safety purposes.
- Developing Website and Services; Developing Offerings: We process your Personal Data to analyze trends, usage, and interactions with the Website and Services to the extent it is necessary for our legitimate interest in improving the Website and Services, developing new offerings, and providing individuals with tailored content and to personalize your experience with our Services. In certain instances, we will process your Personal Data for such development by directly seeking your input (for example, through surveys or interviews).
- Improving Services and Offerings: It is our legitimate business interest to improve our Services and Offerings through an increase in data provided to our clients to meet their demands, as such, we may process limited Personal Data of business professionals (more specifically, names, professional titles, professional experience, investment details, contact information and educational history).
- Identifying Client Interests and Opportunities: Because it is in our legitimate business interest to meet our client demands and ensure positive user experiences, we may process your Personal Data to assess new potential customer opportunities as relevant.
- Marketing Communications; Advertisement. It is our legitimate business interest to promote our Website and Services, grow our company, and advertise our offerings (whether via direct marketing or providing personalized content advertisements), and as such we will process your Personal Data by sending certain marketing information, product recommendations, custom research, and other communications (for example, newsletters, sales calls, or other electronic communications) solely as necessary to reflect such legitimate interests, or, if applicable, to the extent you have provided your prior consent.
- Payments: In the rare instances where you have provided financial information to us, MHM will process your Personal Data to verify such information and to collect payments solely as needed to complete a transaction and perform our contractual obligations.
- Legal Obligations: We may be required to process Personal Data for legal and compliance reasons we believe to be necessary or appropriate under applicable law (which may include laws outside your country of residence). Such processing may be required to: respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities; enforce our terms of service or other terms and conditions; or protect our rights, privacy, safety, or property, or those of other persons.
V. Sharing Information
Heavy Metal may share Personal Data as follows:
Contracted Service Providers. As necessary to provide the Services, conduct our business operations, or when we believe that applicable law permits or requires disclosure, we may share Personal Data with contracted service providers, including entities which provide for hosting and system administration, payment processing, analytics, marketing, data enrichment, or client support, to the extent necessary and in accordance with the legal bases set forth above. These service providers only receive Personal Data necessary to fulfill the services they provide to MHM. Under no circumstances are such service providers permitted to use obtained Personal Data for any purpose other than to provide MHM with the designated services.
Your Employer. To the extent you are an authorized user of the Services or have otherwise registered for MHM offerings using your corporate email address, we may share Personal Data with your employer to the extent this is necessary to provide you with access, to verify accounts and activity, investigate suspicious activity, or enforce our terms and policies.
Event Sponsors. If you attend a Heavy Metal event, conferences, networking/community offerings, we may share limited Personal Data with certain event sponsors. If you do not wish for your information to be shared, you may choose not to participate in the event, may contact our events team as described in registration communications, or you may write to us as described below.
Mergers or Acquisitions. In the event of a merger, acquisition, consolidation, change of control, corporate divestiture or dissolution where we sell all or a portion of our business or assets, we will disclose necessary Personal Data and such information will be governed by the privacy policies of acquiring entities. In accordance with applicable laws, we will use reasonable efforts to notify you of any transfer of Personal Data to an unaffiliated third party.
Data Analytics. Occasionally, we may share non-personal, anonymized, and statistical data with third-parties for the purpose of helping MHM with such analysis and improvements. MHM may also use anonymous, aggregated utilization data for typical business operations (for example, demonstrating the audience size of our newsletter).
Public Forums: If any part of the Website or MHM branded social media sites permit public forum posting, the Personal Data you choose to post, share, upload, or make publicly available may be visible to others. You should never post or share any information that is confidential or about others unless you have permission to do so. We may use information you provide to personalize your experience and to make content recommendations.
Published Information: We may provide limited personal data of leadership teams and key personnel to other business professionals through the use of our Services. MHM may also use anonymous, aggregated Personal Data for typical business operations (for example, publishing a report about how participants choose to spend their participant compensation).
VI. Location of Processing
Heavy Metal is solely located in, and operates from, the United States. Additionally, we host our Services and process your Personal Data solely in the United States. However, it is possible that some of the service providers referenced above may process Personal Data outside your jurisdiction, and in countries that are not subject to an adequacy decision by the European Commission or your local legislature and/or regulator, and that may not provide for the same level of data protection as your jurisdiction. We ensure that the information continues to be protected wherever it is located in a manner consistent with the standards of protection required under applicable law, for instance by entering into the appropriate back-to-back agreements and, if required, standard contractual clauses for the transfer of data as approved by the European Commission (Art. 46 GDPR).
Heavy Metal’s Services are solely intended for business clients and are not directed at minors. We do not knowingly collect Personal Data from children under the age of 16 without the consent of a parent or guardian to participate in a research study. If you are a parent or guardian and believe your child has provided us with Personal Data without your consent, please contact us as set forth below in Section XI, and we will take steps to delete such Personal Data from our systems.
VIII. Retention Periods
MHM shall typically retain Personal Data for the amount of time needed for the original purpose of collecting or obtaining such data. Appropriate retention periods are generally further determined by the nature and sensitivity of such Personal Data, including any potential risk of harm which could arise out of unauthorized use or disclosure, as well as whether additional legal/regulatory obligations require us to retain it. In most instances this means we shall only retain Personal Data during our relationship, where needed for tax or regulatory periods, or any statutory limitation periods under applicable laws.
IX. Accessing and Controlling Your Information
Depending on applicable laws, you have certain rights regarding your Personal Data. These rights may include:
Right to access and/or rectify inaccuracies. You have the right to access Personal Data we hold about you and, in most circumstances, to be provided with a copy of this information. You also have the right to correct any inaccuracies relating to your Personal Data which we hold.
Right to restrict use. To the extent permitted by law, you have the right to restrict use of such processing.
Right to request deletion. You have the right to request that we delete your Personal Data from our systems. Please note, if you prefer to opt-out of marketing communications, it is preferable that we retain your basic contact information with a strict “do not contact” mark applied, to ensure we do not contact you in the future.
Right to object to processing. Where we process your Personal Data on a legitimate interest basis (for example, direct marketing purposes), you can exercise your right to object at any time to such processing without having to provide any specific reason for such objection. In such cases, we will stop processing your Personal Data until we verify that we have compelling legitimate grounds for processing that outweigh your interests, rights, and freedoms in asking us to stop processing the data, or in limited cases where we need to continue processing the data for the establishment, exercise, or defense of legal claims.
Right to withdraw consent. To the extent we base the processing of your Personal Data on your consent, you have the right to withdraw consent at any time, without affecting the lawfulness of the processing based on such consent before its withdrawal.
Right to data portability. In most instances, you have the right to receive all Personal Data you have provided to us in a structured, commonly used, and machine-readable format and to transmit this data to another data controller, to the extent such transfer is technically feasible.
Right to lodge a complaint with a supervisory authority. Provided you are in the EEA, you have the right to file a complaint regarding the processing of your Personal Data with the data protection authority (“DPA”) in the country where you reside, where you work, or where the alleged infringement of data protection laws has taken place. For a list of DPAs within the EU and EEA, please see this link. Other regulatory authorities may be relevant for individuals outside the EEA
How to exercise your rights
To exercise your rights, please contact us as set forth below in Section XI. Any requests should include information to allow us to verify your identity (e.g., your name, address, email address, or other information reasonably required). If you are a California resident, please refer to Section X below for more detailed information on your rights under California law.
We use all efforts to respond to any legitimate requests within one month. In the event we require additional information, we will contact you and specify what is needed. In certain circumstances, it may take longer than one month, for example if we receive overly complex or numerous requests or in the event we do not receive the required additional information.
Occasionally it may take us longer than a month, taking into account the complexity and number of requests we receive. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Marketing Communication Preferences
Regarding electronic marketing communications, you may manage your receipt of the same by clicking on the “unsubscribe” or other equivalent link located on the bottom of any marketing or sales emails, visit the applicable email preference center, or contact us as described below in Section XI. As pertaining to sales calls, if you want your phone number to be added to our internal Do-Not-Call list, please contact us as described below in Section XI (please include your first name, last name, company and the phone number you wish to add to our Do-Not-Call list).
X. California Privacy Notice
This Privacy Notice for California Residents supplements the information contained in the Statement applies solely to all visitors, users, and others who reside in the State of California. We adopt this notice to comply with the California Consumer Privacy Act of 2018 (CCPA). This Notice does not apply to employment-related personal information collected from California-based employees, job applicants, contractors, or similar individuals.
As pertaining to California residents, we have collected the following categories of personal information within the last twelve (12) months:
- Identifiers. A real name, postal address, Internet Protocol address, email address, account name. To be clear, we do NOT collect identifiers such as a Social Security number, driver’s license number, passport number, or other similar identifiers.
- Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). A name, address, telephone number, education, employment, employment history. To be clear, we do NOT collect personal information such as a Social Security number, passport number, driver’s license or state identification card number, insurance policy number, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information
- Commercial information. Records of Heavy Metal’s products or services purchased, obtained, or considered.
- Internet or other similar network activity. Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement
- Geolocation data. Physical location, as related to IP address.
- Professional or employment-related information. Current or past job history.
- Protected classification characteristics under California or federal law.
- Biometric information.
- Sensory data.
- Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).
- Inferences drawn from other personal information.
Sales of Personal Information
The following activity may fall under the CCPA’s definition of “sell”:
- We publish limited personal data of company leadership teams and key personnel as part of our Services (as described above)
- We publish limited, anonymized personal data collected in conjunction with our market research studies as part of our Services (as described above)
- For clarification, we do not “sell” the personal information of minors under 16 years of age without the consent of a parent or guardian to participate in a research study where such information may be gathered.
Your Rights and Choices
The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
Access to Specific Information and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose the same to you.
Deletion Request Rights
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete your personal information from our records, unless an exception applies.
Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:
- Contacting us as described below.
- Completing this web form.
Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
XI. Questions Regarding this Statement and Your Information
If you have any questions or comments regarding this Statement or your information, you can email us at firstname.lastname@example.org
XII. Security; Modifications to this Statement
We implement technical and organizational measures to seek to ensure a level of security appropriate to the risk to the Personal Data we process. These measures are aimed at ensuring the integrity, confidentiality, and availability of Personal Data.
Heavy Metal reserves the right to change this Statement at any time by posting revisions on the Website. Such changes will be effective upon posting and will modify the “Last Updated” date above. We encourage you to periodically review this Statement to stay informed about our processing of your Personal Data.