Logo

March 5th, 2026

Global Product Insights

Privacy Policy

Privacy Statement

This Privacy Policy describes how Global Product Insights (GPI) undertakes the processing of Personal Data pertaining to natural persons that interact with it as websites visitors/ users or representatives/ stakeholders of Prospective/ Existing Corporate Clients (meaning how such Personal Data is: Collected; Stored; Accessed; Processed and Shared) both online and by other means, such as by phone while ordering GPI products; as well as which are the Legal Basis towards such Processing activities applies.

 

This Privacy Policy is provided to you, in line with the following Personal Data Protection Legislation:

 

  • The Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 also known as the General Data Protection Regulation (the GDPR), which became enforceable across the EU and the EEA from May 25th, 2018 having replaced the previous Directive 95/46/EC; In Ireland, the national law, which amongst other things, gives further effect to the GDPR, is the Data Protection Act 2018 (‘the 2018 Act’).
  • The Directive 2009/136/EC of the European Parliament and of the Council of 25 November 2009 also known as the ePrivacy Directive, amending the Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks and services, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector and Regulation (EC) No 2006/2004 on cooperation between national authorities responsible for the enforcement of consumer protection laws;
  • The Swiss Federal Act on Data Protection (nFADP), where Personal Data pertaining to resident natural persons in Switzerland is under Processing.
  • The California Consumer Privacy Act 2018 (the CCPA), assembly Bill of the State of California United States of America No. 375, under CHAPTER 55, an act to add Title 1.81.5 (commencing with Section 1798.100) to Part 4 of Division 3 of the Civil Code, relating to privacy and approved by Governor June 28, 2018. Filed with Secretary of State June 28, 2018 and enforceable from January 1st, 2020 onwards.
  • Other Personal Data Protection laws from countries around the Globe as they may apply where the stipulations under those laws are more protective of the Rights and Freedoms of natural persons than what is defined under the EU GDPR.

The primary goal of Processing Personal Data is to identify and interact authorized representatives/ stakeholders at both existing and prospective Corporate Clients of GPI, to entice communication in view of enticing or maintaining the existing Business-to-Business (B2B) relationship.

The secondary context where Personal Data is processed by GPI derives from access and usage of our websites by means of Cookies and Trackers, which visitors and users are able to manage via our Cookie Management Tool.

GPI (both as an organization as each of its staff members) is perfectly aware of the fact that Personal Data may represent a risk towards you if accessed by unauthorized 3rd parties; and that is why a set of Policies, Operational Processes, and mechanisms (technological and human-based) has been developed, ensuring that the Personal Data entrusted by you to GPI will be maintained, handled and shared in a manner that warrants its Security, Accuracy, Confidentiality, and Privacy, hence assuring your Personal Data Protection.

Personal Data is exclusively Processed under the scope and purpose of managing the "relationship" with visitors/ users of the websites and those natural persons (Data Subjects) who are the contact points at Corporate Clients.

Each and every Data Subject maintains full control over the Personal Data that pertains to him/ her as well as the Personal Data Processing Activities undertaken by GPI (as defined under applicable Personal Data Protection laws with the EU GDPR as the reference point).

Applicability

GPI reserves the right to modify this Privacy Policy at all times by posting an updated time-stamp versions on its websites.

The Data Controller

Global Product Insights AG (GPI), established at 35 Zweierstrasse 8004 Zürich, Switzerland. (operating under the brand “GPI”) is the entity that acts as the Data Controller for the purpose of this Privacy Policy and all data processing practices herein contemplated. All questions or requests regarding the processing of the personal data under our control or processing may be addressed to dataprivacy@globalproductinsights.com

 

GPI DPO contacts

Mr. Rui Serrano

Country: Portugal, European Union

email: dataprivacy@globalproductinsights.com

phone: +351932579434

 

GPI Core Activity – Service Catalog and “Legal Basis”

GPI renders a set of services towards other companies, which successful completion requires “Personal Data Processing Activities”.

Under this scope, GPI’ Service Catalog comprehends the following services and applicable “Legal Basis” for processing Personal Data (respectively), meaning how is GPI permitted by law to process “Personal Data” under such services scope:

 

  • Reaching out to prospect/ existing Corporate Clients

 

GPI, will directly reach out to natural persons with whom it has no established relationship, yet are authorized representatives/ stakeholders at prospective/ existing Corporate Clients to foster its B2B activities (although it could do so under the GDPR Article 14); the way in which GPI reaches out to such prospects consists collecting identification and contact information publishing both on Companies’ websites or other communication means and/ or information on Social Media that is public in nature, under Legitimate Interest in the case of prospects and under a Contractual Obligation in the case of existing Corporate Clients.

 

WHAT “Personal Data” is subject to Processing by GPI

The following categories of Personal Data will be processed:

 

  • Contact Data (e.g. Name; Email; Phone number)
  • Location Data (e.g. Country; City; State)
  • Professional Data (e.g. Company, Role)

WHAT is the Purpose of Personal Data Processing Activities

Gathering/ Collection

 

GPI exclusively gathers the minimum amount of Personal Data that allows establishing communication with stakeholders at prospective or existing Corporate Clients.

 

The exclusion consists of information gathered by Cookies and Trackers relating to website users and visitors.

 

For detailed information about cookies in use and similar employed technologies please refer to the Cookies Policy.

Hosting

GPI is a Digital company, which means that the overwhelming amount of Data and information the company requires to operate is exclusively maintained under Digital format on its IT Systems, hosted in the EU with its Processor Hetzner.

The Principle of Data Minimization

GPI takes every reasonable step to ensure that Personal Data under its direct Processing activities (as the Controller) is absolutely limited to the amount and type that is necessary to deliver its Services towards its Customers and Corporate Clients as it has been agreed by those, either via Consent or a Contract not maintained over redundant repositories nor for any longer than required under the scope of agreed services.

 

However, Customers and Corporate Clients alike will act also as Joint Controllers and the same is not “arguable” by GPI with regards to those for it solely depends on their Personal Data Processing “scope” and “purpose”.

HOW is “Personal Data” Security, Privacy and Confidentiality assured

GPI has its “IT Landscape” configured and monitored under the strictest Security market standards and it has reviewed and adopted changes to its operational processes in a manner that ensures compliance with the requirements posed under “GDPR” towards “Personal Data” Protection. This means to assure its Confidentiality and Privacy while under “Personal Data Processing Activities” performed by itself and its Processors within the scope of GPI rendered services.

For HOW LONG is “Personal Data” maintained

Data retention is one major potential risk generator towards “Personal Data”, since having the Data available means it may be accessed if a “Personal Data Breach” occurs.

 

GPI has set the Data Retention periods according to its service relationship with its Corporate Clients’ lifecycle or until the moment a Data Subject exercises his/ her Right of Erasure.

HOW to exercise “Data Subjects’” rights

Depending on where they reside, the Data Subject have the following set of established rights under respective applicable Personal Data Protection laws.

 

Most Personal Data Protection laws around the Globe contain the same rights, we are herein using the California Privacy Law (CCPA/CPRA) merely as an example of the Rights under U.S. Privacy Laws:

 

 

[GDPR] Right of access. The right to obtain from the Controller confirmation as to whether his/ her personal data is being processed, and, where that is the case, access to such personal data as well as related information.

 

[CCPA] Right to know and access your personal information – similar to the Right of Access under the GDPR, California resident natural persons have the

right to:

  • Know the categories of personal information we collect and the categories of sources from which we got the information;
  • Know the business or commercial purposes for which we collect and share personal information;
  • Know the categories of third parties and other entities with whom we share personal information; and
  • Access the specific pieces of personal information we have collected about you.

 

[GDPR] Right to rectification. The right to obtain the rectification of inaccurate Personal Data pertaining to that Data Subject.

[GDPR] Right to erasure. The right to have Personal Data pertaining to him/ her that is under Processing by GPI erased and therefore Processing stopped, unless a legal duty or have a legitimate ground to retain certain data prevents GPI from observing such right, in which case the Data Subject shall be duly informed.

[CCPA] Right to deletion – again in a similar manner to what the GDPR rules, natural persons who reside in the state of California may, in some circumstances, ask us to delete their personal data/ information.

 

[GDPR] The right to restrict processing. Under relevant conditions set out by the law, the right to request and have in place processing restrictions (in scope and purpose) towards Personal Data that pertains to him/ her. When exercising this right, the Data Subject must be specific about which processing activities are being requested to be restricted and the Controller shall provide feedback to the Data Subject on either the completion of the request or any potential collateral impact that may derive from implementing the requested objection to Processing, asking for additional confirmation prior to implementing the request.

[GDPR] The right to object to processing. The right to object to processing activities that have been qualified under this Privacy Policy has occurred under the Legal Basis of Legitimate Interest by the side of GPI. The exercise of this right may also occur where the Data Subject wishes to opt-out from an existing Service (and not necessarily canceling the Service). When exercising this right, the Data Subject must be specific about which processing activities are being requested to stop and the Controller shall provide feedback to the Data Subject on either the completion of the request or any potential collateral impact that may derive from implementing the requested objection to Processing, asking for additional confirmation prior to implementing the request.

[CCPA] Right to opt out of sales – We do not “sell “ your data under any circumstances.

[GDPR] Right to data portability. The right to receive the Personal Data pertaining to that Data Subject, in a structured, commonly used and machine-readable format as well as the right to transmit such Personal Data to another controller without hindrance. GPI will share the Personal Data over a secure channel, and that (depending on the type of Data as well as volume) may imply the need to convey a “password” via an alternative communication channel to the Data Subject to ensure authorized secure access.

[GDPR] Right to be informed about a Personal Data Breach. The Data Subject has the right (and it is the Controller’s obligation by law to ensure it) to be informed of any unauthorized disclosure or potential disclosure of his/ her Personal Data to unauthorized 3rd parties within 72 hours of its occurrence.

[GDPR] Right to lodge a complaint with a supervisory authority. The right to lodge a complaint regarding GPI’s Processing activities over his/ her Personal Data towards any of the EU Member States data protection Supervisory Authorities. GPI is however also available to provide any clarification towards those Data Subjects who may feel that it’s Processing of the Personal Data that pertains to them has negatively impacted them or somehow breached their rights under GDPR and/ or the right to Privacy, having such Personal Data processed in a secure manner and Confidentiality assurance. Data Subject may submit a complaint via the request process as per herein defined ahead.

 

[LGPD Brazil] Right to Anonymization , Blocking, or Deletion: The LGPD explicitly grants the right to request the anonymization, blocking, or deletion of unnecessary or excessive data, or data not processed in compliance with the law.

 

[LGPD Brazil] Information on Shared Usage: The LGPD explicitly requires controllers to inform data subjects about which public and private entities their data has been shared with.

 

[CCPA] Right to be free from discrimination – You may exercise any of the above rights without fear of being discriminated against. We are, however, permitted to provide a different price or rate to you if the difference is directly related to the value provided to you by your data.

 

For any of the above-mentioned CCPA related rights, you may designate an authorized agent to make a request on your behalf. In the request, you or your authorized agent must provide including information sufficient for us to confirm the identity of an authorized agent. We are required to verify that your agent has been properly authorized to request information on your behalf and this may take additional time to fulfill your request.

We will use the information you provide to make your CCPA rights requests to verify your identity, identify the personal information we may hold about you, and act upon your request.

 

Any “Data Subject” may exercise his/ her rights under “GDPR” by reaching out to GPI’ “DPO” through the e-mail address dataprivacy@globalproductinsights.com.

 

If you have any questions, complaints or wish to exercise your rights under “GDPR”, please do make clear on your message:

 

  • Purpose: Question; Complaint; Exercise of the “Data Subject’s” rights under “GDPR”
  • WHAT triggered your need to contact us?
  • WHEN did the root cause which triggered the need to contact us took place?
  • If a Member, your Member ID, or if not a mobile phone number or alternative personal e-mail address so we may proceed with a two-factor authentication process.

 

Why the need to provide alternative personal contact?

 

Under “GDPR” only the “Data Subject” may exercise his/ her rights, hence companies must ensure and document that the “Data Subject” or his/ her legal representatives are the ones interacting with the company while acting over his/ her “Personal Data”. The way to ensure such “authentication” with regards to “Data Subjects” who do not have digital credentials on any GPI web-based platforms is to forward code to that “Data Subject” via an alternative communication channel to the standard e-mail address which served the purpose of the initial contact and has a code generated by GPI included on all messages that pertain the exercise of “Data Subjects’” rights or actions over such “Data Subject’” “Personal Data”.

 

Glossary

“Affiliate” means any entity that directly or indirectly controls, is controlled by or is under common control with each Party. Whereas “Control,” for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the Party.

 

“Controller” means the “Party” which determines the “Personal Data” which is forward to the other “Party” under the “Services” scope, and the inherent “Personal Data” Treatment” purposes, processes and/ or workflows which must be observed by the other “Party” within the mutual relationship.

 

“Data Protection Officer”/ “DPO” means the natural person within a company who bear the responsibility of ensuring corporate compliance towards “GDPR” (as per defined under this Regulation), both by means of monitoring compliance status as well as acting towards the organization and management structure informing those about existing non-conformity points and the need for the organization to act upon them in order to make them compliant with “GDPR” rules, guidelines and requirements.

 

“Data Subject” means the identified or identifiable natural person to whom “Personal Data” relates. Both Parties understand that the “Data Subject” is the sole owner of “Personal Data” which pertains to him/ her.

 

“Data Subjects’ Rights” means the rights established towards the “Data Subjects” under “GDPR”. Please check the item below under the title “HOW to exercise Data Subjects’ rights”

 

“GDPR” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regards to the “Personal Data” Treatment” and on the free movement of such data, while

 

Repealing and replacing the Directive 95/46/EC from May 25th, 2018 onwards.

 

“IT Landscape” means the set of IT assets and services of and at the disposal of each “Party” that enables their “Personal Data” Treatment” operation, meaning the communications infrastructure (LAN, WAN, Wi-Fi networks), Data Center and technical rooms, Cloud-based services, workstations, software systems and tools, mobile devices in use, peripheral IT devices, Firewalls and web-based resources.

 

“Legal Basis” means the enlisted lawful grounds that a company has to entice “Personal Data” Treatment” activities under “GDPR”, namely (but not limited to) having documented: the “Data Subject’” Explicit Consent towards “Personal Data” Treatment” activities; the company Legitimate Interest in proceeding with ““Personal Data” Treatment” activities; accessory legal obligations that the company must observe and which entitled it to proceed with “Personal Data Processing Activities” activities within the limits of such ruling and inherent obligations; other as per defined under “GDPR”.

 

“Partner” means any 3rd party entity towards which each “Party” may resort in order to ensure “Personal Data Processing Activities” under a “Legal Basis” (as established by “GDPR”) and within the scope of agreed “Services”.

 

“Personal Data” means any data which by itself or when cross-referenced with other data enables one to univocally identify one given natural person, the “Data Subject”.

 

“Personal Data Processing Activities” means any operation or set of operations which is performed upon “Personal Data”, whether or not by automated means, such as collection/ retrieval; accessing (consultation, use); processing (organization, structuring, adaptation or alteration); storage (recording, erasure or destruction); sharing (disclosure by transmission, dissemination or otherwise making available, publishing).

 

“Personal Data Breach” means any “event” or “incident” (as per ITIL definition) which enables the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to “Personal Data”.

“Processor” means the entity which proceeds with authorized “Personal Data Processing Activities” (under this DPA and the “Agreement”) on behalf of the “Controller”.

 

“Service Catalog” means the set of Services rendered by GPI that requires “Personal Data Processing Activities”.

 

“Sub-processor” means any “Processor” engaged by any of the “Parties” which performs complimentary “Personal Data Processing Activities” within the scope of the “Services”.

Contact Us

If You have any questions or complaints about this Policy, please contact Us at :

E: dataprivacy@globalproductinsights.com

P: +1 (910) 722 1560 (U.S.) or +41 79 137 2228 (outside U.S.)

GPI - Global Product Insights

Product experience insights, built for real market decisions.

Zürich Office:

35 Zweierstrasse

8004 Zürich

Switzerland

USA Office:

140 Jonathans Drive

West End, NC 27376

United States

© 2026 GPI – Global Product Insights. All Rights Reserved.

Terms & Conditions

|

Privacy Policy

Logo

March 5th, 2026

Global Product Insights

Privacy Policy

Privacy Statement

This Privacy Policy describes how Global Product Insights (GPI) undertakes the processing of Personal Data pertaining to natural persons that interact with it as websites visitors/ users or representatives/ stakeholders of Prospective/ Existing Corporate Clients (meaning how such Personal Data is: Collected; Stored; Accessed; Processed and Shared) both online and by other means, such as by phone while ordering GPI products; as well as which are the Legal Basis towards such Processing activities applies.

 

This Privacy Policy is provided to you, in line with the following Personal Data Protection Legislation:

 

  • The Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 also known as the General Data Protection Regulation (the GDPR), which became enforceable across the EU and the EEA from May 25th, 2018 having replaced the previous Directive 95/46/EC; In Ireland, the national law, which amongst other things, gives further effect to the GDPR, is the Data Protection Act 2018 (‘the 2018 Act’).
  • The Directive 2009/136/EC of the European Parliament and of the Council of 25 November 2009 also known as the ePrivacy Directive, amending the Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks and services, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector and Regulation (EC) No 2006/2004 on cooperation between national authorities responsible for the enforcement of consumer protection laws;
  • The Swiss Federal Act on Data Protection (nFADP), where Personal Data pertaining to resident natural persons in Switzerland is under Processing.
  • The California Consumer Privacy Act 2018 (the CCPA), assembly Bill of the State of California United States of America No. 375, under CHAPTER 55, an act to add Title 1.81.5 (commencing with Section 1798.100) to Part 4 of Division 3 of the Civil Code, relating to privacy and approved by Governor June 28, 2018. Filed with Secretary of State June 28, 2018 and enforceable from January 1st, 2020 onwards.
  • Other Personal Data Protection laws from countries around the Globe as they may apply where the stipulations under those laws are more protective of the Rights and Freedoms of natural persons than what is defined under the EU GDPR.

The primary goal of Processing Personal Data is to identify and interact authorized representatives/ stakeholders at both existing and prospective Corporate Clients of GPI, to entice communication in view of enticing or maintaining the existing Business-to-Business (B2B) relationship.

The secondary context where Personal Data is processed by GPI derives from access and usage of our websites by means of Cookies and Trackers, which visitors and users are able to manage via our Cookie Management Tool.

GPI (both as an organization as each of its staff members) is perfectly aware of the fact that Personal Data may represent a risk towards you if accessed by unauthorized 3rd parties; and that is why a set of Policies, Operational Processes, and mechanisms (technological and human-based) has been developed, ensuring that the Personal Data entrusted by you to GPI will be maintained, handled and shared in a manner that warrants its Security, Accuracy, Confidentiality, and Privacy, hence assuring your Personal Data Protection.

Personal Data is exclusively Processed under the scope and purpose of managing the "relationship" with visitors/ users of the websites and those natural persons (Data Subjects) who are the contact points at Corporate Clients.

Each and every Data Subject maintains full control over the Personal Data that pertains to him/ her as well as the Personal Data Processing Activities undertaken by GPI (as defined under applicable Personal Data Protection laws with the EU GDPR as the reference point).

Applicability

GPI reserves the right to modify this Privacy Policy at all times by posting an updated time-stamp versions on its websites.

The Data Controller

Global Product Insights AG (GPI), established at 35 Zweierstrasse 8004 Zürich, Switzerland. (operating under the brand “GPI”) is the entity that acts as the Data Controller for the purpose of this Privacy Policy and all data processing practices herein contemplated. All questions or requests regarding the processing of the personal data under our control or processing may be addressed to dataprivacy@globalproductinsights.com

 

GPI DPO contacts

Mr. Rui Serrano

Country: Portugal, European Union

email: dataprivacy@globalproductinsights.com

phone: +351932579434

 

GPI Core Activity – Service Catalog and “Legal Basis”

GPI renders a set of services towards other companies, which successful completion requires “Personal Data Processing Activities”.

Under this scope, GPI’ Service Catalog comprehends the following services and applicable “Legal Basis” for processing Personal Data (respectively), meaning how is GPI permitted by law to process “Personal Data” under such services scope:

 

  • Reaching out to prospect/ existing Corporate Clients

 

GPI, will directly reach out to natural persons with whom it has no established relationship, yet are authorized representatives/ stakeholders at prospective/ existing Corporate Clients to foster its B2B activities (although it could do so under the GDPR Article 14); the way in which GPI reaches out to such prospects consists collecting identification and contact information publishing both on Companies’ websites or other communication means and/ or information on Social Media that is public in nature, under Legitimate Interest in the case of prospects and under a Contractual Obligation in the case of existing Corporate Clients.

 

WHAT “Personal Data” is subject to Processing by GPI

The following categories of Personal Data will be processed:

 

  • Contact Data (e.g. Name; Email; Phone number)
  • Location Data (e.g. Country; City; State)
  • Professional Data (e.g. Company, Role)

WHAT is the Purpose of Personal Data Processing Activities

Gathering/ Collection

 

GPI exclusively gathers the minimum amount of Personal Data that allows establishing communication with stakeholders at prospective or existing Corporate Clients.

 

The exclusion consists of information gathered by Cookies and Trackers relating to website users and visitors.

 

For detailed information about cookies in use and similar employed technologies please refer to the Cookies Policy.

Hosting

GPI is a Digital company, which means that the overwhelming amount of Data and information the company requires to operate is exclusively maintained under Digital format on its IT Systems, hosted in the EU with its Processor Hetzner.

The Principle of Data Minimization

GPI takes every reasonable step to ensure that Personal Data under its direct Processing activities (as the Controller) is absolutely limited to the amount and type that is necessary to deliver its Services towards its Customers and Corporate Clients as it has been agreed by those, either via Consent or a Contract not maintained over redundant repositories nor for any longer than required under the scope of agreed services.

 

However, Customers and Corporate Clients alike will act also as Joint Controllers and the same is not “arguable” by GPI with regards to those for it solely depends on their Personal Data Processing “scope” and “purpose”.

HOW is “Personal Data” Security, Privacy and Confidentiality assured

GPI has its “IT Landscape” configured and monitored under the strictest Security market standards and it has reviewed and adopted changes to its operational processes in a manner that ensures compliance with the requirements posed under “GDPR” towards “Personal Data” Protection. This means to assure its Confidentiality and Privacy while under “Personal Data Processing Activities” performed by itself and its Processors within the scope of GPI rendered services.

For HOW LONG is “Personal Data” maintained

Data retention is one major potential risk generator towards “Personal Data”, since having the Data available means it may be accessed if a “Personal Data Breach” occurs.

 

GPI has set the Data Retention periods according to its service relationship with its Corporate Clients’ lifecycle or until the moment a Data Subject exercises his/ her Right of Erasure.

HOW to exercise “Data Subjects’” rights

Depending on where they reside, the Data Subject have the following set of established rights under respective applicable Personal Data Protection laws.

 

Most Personal Data Protection laws around the Globe contain the same rights, we are herein using the California Privacy Law (CCPA/CPRA) merely as an example of the Rights under U.S. Privacy Laws:

 

 

[GDPR] Right of access. The right to obtain from the Controller confirmation as to whether his/ her personal data is being processed, and, where that is the case, access to such personal data as well as related information.

 

[CCPA] Right to know and access your personal information – similar to the Right of Access under the GDPR, California resident natural persons have the

right to:

  • Know the categories of personal information we collect and the categories of sources from which we got the information;
  • Know the business or commercial purposes for which we collect and share personal information;
  • Know the categories of third parties and other entities with whom we share personal information; and
  • Access the specific pieces of personal information we have collected about you.

 

[GDPR] Right to rectification. The right to obtain the rectification of inaccurate Personal Data pertaining to that Data Subject.

[GDPR] Right to erasure. The right to have Personal Data pertaining to him/ her that is under Processing by GPI erased and therefore Processing stopped, unless a legal duty or have a legitimate ground to retain certain data prevents GPI from observing such right, in which case the Data Subject shall be duly informed.

[CCPA] Right to deletion – again in a similar manner to what the GDPR rules, natural persons who reside in the state of California may, in some circumstances, ask us to delete their personal data/ information.

 

[GDPR] The right to restrict processing. Under relevant conditions set out by the law, the right to request and have in place processing restrictions (in scope and purpose) towards Personal Data that pertains to him/ her. When exercising this right, the Data Subject must be specific about which processing activities are being requested to be restricted and the Controller shall provide feedback to the Data Subject on either the completion of the request or any potential collateral impact that may derive from implementing the requested objection to Processing, asking for additional confirmation prior to implementing the request.

[GDPR] The right to object to processing. The right to object to processing activities that have been qualified under this Privacy Policy has occurred under the Legal Basis of Legitimate Interest by the side of GPI. The exercise of this right may also occur where the Data Subject wishes to opt-out from an existing Service (and not necessarily canceling the Service). When exercising this right, the Data Subject must be specific about which processing activities are being requested to stop and the Controller shall provide feedback to the Data Subject on either the completion of the request or any potential collateral impact that may derive from implementing the requested objection to Processing, asking for additional confirmation prior to implementing the request.

[CCPA] Right to opt out of sales – We do not “sell “ your data under any circumstances.

[GDPR] Right to data portability. The right to receive the Personal Data pertaining to that Data Subject, in a structured, commonly used and machine-readable format as well as the right to transmit such Personal Data to another controller without hindrance. GPI will share the Personal Data over a secure channel, and that (depending on the type of Data as well as volume) may imply the need to convey a “password” via an alternative communication channel to the Data Subject to ensure authorized secure access.

[GDPR] Right to be informed about a Personal Data Breach. The Data Subject has the right (and it is the Controller’s obligation by law to ensure it) to be informed of any unauthorized disclosure or potential disclosure of his/ her Personal Data to unauthorized 3rd parties within 72 hours of its occurrence.

[GDPR] Right to lodge a complaint with a supervisory authority. The right to lodge a complaint regarding GPI’s Processing activities over his/ her Personal Data towards any of the EU Member States data protection Supervisory Authorities. GPI is however also available to provide any clarification towards those Data Subjects who may feel that it’s Processing of the Personal Data that pertains to them has negatively impacted them or somehow breached their rights under GDPR and/ or the right to Privacy, having such Personal Data processed in a secure manner and Confidentiality assurance. Data Subject may submit a complaint via the request process as per herein defined ahead.

 

[LGPD Brazil] Right to Anonymization , Blocking, or Deletion: The LGPD explicitly grants the right to request the anonymization, blocking, or deletion of unnecessary or excessive data, or data not processed in compliance with the law.

 

[LGPD Brazil] Information on Shared Usage: The LGPD explicitly requires controllers to inform data subjects about which public and private entities their data has been shared with.

 

[CCPA] Right to be free from discrimination – You may exercise any of the above rights without fear of being discriminated against. We are, however, permitted to provide a different price or rate to you if the difference is directly related to the value provided to you by your data.

 

For any of the above-mentioned CCPA related rights, you may designate an authorized agent to make a request on your behalf. In the request, you or your authorized agent must provide including information sufficient for us to confirm the identity of an authorized agent. We are required to verify that your agent has been properly authorized to request information on your behalf and this may take additional time to fulfill your request.

We will use the information you provide to make your CCPA rights requests to verify your identity, identify the personal information we may hold about you, and act upon your request.

 

Any “Data Subject” may exercise his/ her rights under “GDPR” by reaching out to GPI’ “DPO” through the e-mail address dataprivacy@globalproductinsights.com.

 

If you have any questions, complaints or wish to exercise your rights under “GDPR”, please do make clear on your message:

 

  • Purpose: Question; Complaint; Exercise of the “Data Subject’s” rights under “GDPR”
  • WHAT triggered your need to contact us?
  • WHEN did the root cause which triggered the need to contact us took place?
  • If a Member, your Member ID, or if not a mobile phone number or alternative personal e-mail address so we may proceed with a two-factor authentication process.

 

Why the need to provide alternative personal contact?

 

Under “GDPR” only the “Data Subject” may exercise his/ her rights, hence companies must ensure and document that the “Data Subject” or his/ her legal representatives are the ones interacting with the company while acting over his/ her “Personal Data”. The way to ensure such “authentication” with regards to “Data Subjects” who do not have digital credentials on any GPI web-based platforms is to forward code to that “Data Subject” via an alternative communication channel to the standard e-mail address which served the purpose of the initial contact and has a code generated by GPI included on all messages that pertain the exercise of “Data Subjects’” rights or actions over such “Data Subject’” “Personal Data”.

 

Depending on where they reside, the Data Subject have the following set of established rights under respective applicable Personal Data Protection laws.

 

Most Personal Data Protection laws around the Globe contain the same rights, we are herein using the California Privacy Law (CCPA/CPRA) merely as an example of the Rights under U.S. Privacy Laws:

 

 

[GDPR] Right of access. The right to obtain from the Controller confirmation as to whether his/ her personal data is being processed, and, where that is the case, access to such personal data as well as related information.

 

[CCPA] Right to know and access your personal information – similar to the Right of Access under the GDPR, California resident natural persons have the

right to:

  • Know the categories of personal information we collect and the categories of sources from which we got the information;
  • Know the business or commercial purposes for which we collect and share personal information;
  • Know the categories of third parties and other entities with whom we share personal information; and
  • Access the specific pieces of personal information we have collected about you.

 

[GDPR] Right to rectification. The right to obtain the rectification of inaccurate Personal Data pertaining to that Data Subject.

[GDPR] Right to erasure. The right to have Personal Data pertaining to him/ her that is under Processing by GPI erased and therefore Processing stopped, unless a legal duty or have a legitimate ground to retain certain data prevents GPI from observing such right, in which case the Data Subject shall be duly informed.

[CCPA] Right to deletion – again in a similar manner to what the GDPR rules, natural persons who reside in the state of California may, in some circumstances, ask us to delete their personal data/ information.

 

[GDPR] The right to restrict processing. Under relevant conditions set out by the law, the right to request and have in place processing restrictions (in scope and purpose) towards Personal Data that pertains to him/ her. When exercising this right, the Data Subject must be specific about which processing activities are being requested to be restricted and the Controller shall provide feedback to the Data Subject on either the completion of the request or any potential collateral impact that may derive from implementing the requested objection to Processing, asking for additional confirmation prior to implementing the request.

[GDPR] The right to object to processing. The right to object to processing activities that have been qualified under this Privacy Policy has occurred under the Legal Basis of Legitimate Interest by the side of GPI. The exercise of this right may also occur where the Data Subject wishes to opt-out from an existing Service (and not necessarily canceling the Service). When exercising this right, the Data Subject must be specific about which processing activities are being requested to stop and the Controller shall provide feedback to the Data Subject on either the completion of the request or any potential collateral impact that may derive from implementing the requested objection to Processing, asking for additional confirmation prior to implementing the request.

[CCPA] Right to opt out of sales – We do not “sell “ your data under any circumstances.

[GDPR] Right to data portability. The right to receive the Personal Data pertaining to that Data Subject, in a structured, commonly used and machine-readable format as well as the right to transmit such Personal Data to another controller without hindrance. GPI will share the Personal Data over a secure channel, and that (depending on the type of Data as well as volume) may imply the need to convey a “password” via an alternative communication channel to the Data Subject to ensure authorized secure access.

[GDPR] Right to be informed about a Personal Data Breach. The Data Subject has the right (and it is the Controller’s obligation by law to ensure it) to be informed of any unauthorized disclosure or potential disclosure of his/ her Personal Data to unauthorized 3rd parties within 72 hours of its occurrence.

[GDPR] Right to lodge a complaint with a supervisory authority. The right to lodge a complaint regarding GPI’s Processing activities over his/ her Personal Data towards any of the EU Member States data protection Supervisory Authorities. GPI is however also available to provide any clarification towards those Data Subjects who may feel that it’s Processing of the Personal Data that pertains to them has negatively impacted them or somehow breached their rights under GDPR and/ or the right to Privacy, having such Personal Data processed in a secure manner and Confidentiality assurance. Data Subject may submit a complaint via the request process as per herein defined ahead.

 

[LGPD Brazil] Right to Anonymization , Blocking, or Deletion: The LGPD explicitly grants the right to request the anonymization, blocking, or deletion of unnecessary or excessive data, or data not processed in compliance with the law.

 

[LGPD Brazil] Information on Shared Usage: The LGPD explicitly requires controllers to inform data subjects about which public and private entities their data has been shared with.

 

[CCPA] Right to be free from discrimination – You may exercise any of the above rights without fear of being discriminated against. We are, however, permitted to provide a different price or rate to you if the difference is directly related to the value provided to you by your data.

 

For any of the above-mentioned CCPA related rights, you may designate an authorized agent to make a request on your behalf. In the request, you or your authorized agent must provide including information sufficient for us to confirm the identity of an authorized agent. We are required to verify that your agent has been properly authorized to request information on your behalf and this may take additional time to fulfill your request.

We will use the information you provide to make your CCPA rights requests to verify your identity, identify the personal information we may hold about you, and act upon your request.

 

Any “Data Subject” may exercise his/ her rights under “GDPR” by reaching out to GPI’ “DPO” through the e-mail address dataprivacy@globalproductinsights.com.

 

If you have any questions, complaints or wish to exercise your rights under “GDPR”, please do make clear on your message:

 

  • Purpose: Question; Complaint; Exercise of the “Data Subject’s” rights under “GDPR”
  • WHAT triggered your need to contact us?
  • WHEN did the root cause which triggered the need to contact us took place?
  • If a Member, your Member ID, or if not a mobile phone number or alternative personal e-mail address so we may proceed with a two-factor authentication process.

 

Why the need to provide alternative personal contact?

 

Under “GDPR” only the “Data Subject” may exercise his/ her rights, hence companies must ensure and document that the “Data Subject” or his/ her legal representatives are the ones interacting with the company while acting over his/ her “Personal Data”. The way to ensure such “authentication” with regards to “Data Subjects” who do not have digital credentials on any GPI web-based platforms is to forward code to that “Data Subject” via an alternative communication channel to the standard e-mail address which served the purpose of the initial contact and has a code generated by GPI included on all messages that pertain the exercise of “Data Subjects’” rights or actions over such “Data Subject’” “Personal Data”.

 

Depending on where they reside, the Data Subject have the following set of established rights under respective applicable Personal Data Protection laws.

 

Most Personal Data Protection laws around the Globe contain the same rights, we are herein using the California Privacy Law (CCPA/CPRA) merely as an example of the Rights under U.S. Privacy Laws:

 

 

[GDPR] Right of access. The right to obtain from the Controller confirmation as to whether his/ her personal data is being processed, and, where that is the case, access to such personal data as well as related information.

 

[CCPA] Right to know and access your personal information – similar to the Right of Access under the GDPR, California resident natural persons have the

right to:

  • Know the categories of personal information we collect and the categories of sources from which we got the information;
  • Know the business or commercial purposes for which we collect and share personal information;
  • Know the categories of third parties and other entities with whom we share personal information; and
  • Access the specific pieces of personal information we have collected about you.

 

[GDPR] Right to rectification. The right to obtain the rectification of inaccurate Personal Data pertaining to that Data Subject.

[GDPR] Right to erasure. The right to have Personal Data pertaining to him/ her that is under Processing by GPI erased and therefore Processing stopped, unless a legal duty or have a legitimate ground to retain certain data prevents GPI from observing such right, in which case the Data Subject shall be duly informed.

[CCPA] Right to deletion – again in a similar manner to what the GDPR rules, natural persons who reside in the state of California may, in some circumstances, ask us to delete their personal data/ information.

 

[GDPR] The right to restrict processing. Under relevant conditions set out by the law, the right to request and have in place processing restrictions (in scope and purpose) towards Personal Data that pertains to him/ her. When exercising this right, the Data Subject must be specific about which processing activities are being requested to be restricted and the Controller shall provide feedback to the Data Subject on either the completion of the request or any potential collateral impact that may derive from implementing the requested objection to Processing, asking for additional confirmation prior to implementing the request.

[GDPR] The right to object to processing. The right to object to processing activities that have been qualified under this Privacy Policy has occurred under the Legal Basis of Legitimate Interest by the side of GPI. The exercise of this right may also occur where the Data Subject wishes to opt-out from an existing Service (and not necessarily canceling the Service). When exercising this right, the Data Subject must be specific about which processing activities are being requested to stop and the Controller shall provide feedback to the Data Subject on either the completion of the request or any potential collateral impact that may derive from implementing the requested objection to Processing, asking for additional confirmation prior to implementing the request.

[CCPA] Right to opt out of sales – We do not “sell “ your data under any circumstances.

[GDPR] Right to data portability. The right to receive the Personal Data pertaining to that Data Subject, in a structured, commonly used and machine-readable format as well as the right to transmit such Personal Data to another controller without hindrance. GPI will share the Personal Data over a secure channel, and that (depending on the type of Data as well as volume) may imply the need to convey a “password” via an alternative communication channel to the Data Subject to ensure authorized secure access.

[GDPR] Right to be informed about a Personal Data Breach. The Data Subject has the right (and it is the Controller’s obligation by law to ensure it) to be informed of any unauthorized disclosure or potential disclosure of his/ her Personal Data to unauthorized 3rd parties within 72 hours of its occurrence.

[GDPR] Right to lodge a complaint with a supervisory authority. The right to lodge a complaint regarding GPI’s Processing activities over his/ her Personal Data towards any of the EU Member States data protection Supervisory Authorities. GPI is however also available to provide any clarification towards those Data Subjects who may feel that it’s Processing of the Personal Data that pertains to them has negatively impacted them or somehow breached their rights under GDPR and/ or the right to Privacy, having such Personal Data processed in a secure manner and Confidentiality assurance. Data Subject may submit a complaint via the request process as per herein defined ahead.

 

[LGPD Brazil] Right to Anonymization , Blocking, or Deletion: The LGPD explicitly grants the right to request the anonymization, blocking, or deletion of unnecessary or excessive data, or data not processed in compliance with the law.

 

[LGPD Brazil] Information on Shared Usage: The LGPD explicitly requires controllers to inform data subjects about which public and private entities their data has been shared with.

 

[CCPA] Right to be free from discrimination – You may exercise any of the above rights without fear of being discriminated against. We are, however, permitted to provide a different price or rate to you if the difference is directly related to the value provided to you by your data.

 

For any of the above-mentioned CCPA related rights, you may designate an authorized agent to make a request on your behalf. In the request, you or your authorized agent must provide including information sufficient for us to confirm the identity of an authorized agent. We are required to verify that your agent has been properly authorized to request information on your behalf and this may take additional time to fulfill your request.

We will use the information you provide to make your CCPA rights requests to verify your identity, identify the personal information we may hold about you, and act upon your request.

 

Any “Data Subject” may exercise his/ her rights under “GDPR” by reaching out to GPI’ “DPO” through the e-mail address dataprivacy@globalproductinsights.com.

 

If you have any questions, complaints or wish to exercise your rights under “GDPR”, please do make clear on your message:

 

  • Purpose: Question; Complaint; Exercise of the “Data Subject’s” rights under “GDPR”
  • WHAT triggered your need to contact us?
  • WHEN did the root cause which triggered the need to contact us took place?
  • If a Member, your Member ID, or if not a mobile phone number or alternative personal e-mail address so we may proceed with a two-factor authentication process.

 

Why the need to provide alternative personal contact?

 

Under “GDPR” only the “Data Subject” may exercise his/ her rights, hence companies must ensure and document that the “Data Subject” or his/ her legal representatives are the ones interacting with the company while acting over his/ her “Personal Data”. The way to ensure such “authentication” with regards to “Data Subjects” who do not have digital credentials on any GPI web-based platforms is to forward code to that “Data Subject” via an alternative communication channel to the standard e-mail address which served the purpose of the initial contact and has a code generated by GPI included on all messages that pertain the exercise of “Data Subjects’” rights or actions over such “Data Subject’” “Personal Data”.

 

Depending on where they reside, the Data Subject have the following set of established rights under respective applicable Personal Data Protection laws.

 

Most Personal Data Protection laws around the Globe contain the same rights, we are herein using the California Privacy Law (CCPA/CPRA) merely as an example of the Rights under U.S. Privacy Laws:

 

 

[GDPR] Right of access. The right to obtain from the Controller confirmation as to whether his/ her personal data is being processed, and, where that is the case, access to such personal data as well as related information.

 

[CCPA] Right to know and access your personal information – similar to the Right of Access under the GDPR, California resident natural persons have the

right to:

  • Know the categories of personal information we collect and the categories of sources from which we got the information;
  • Know the business or commercial purposes for which we collect and share personal information;
  • Know the categories of third parties and other entities with whom we share personal information; and
  • Access the specific pieces of personal information we have collected about you.

 

[GDPR] Right to rectification. The right to obtain the rectification of inaccurate Personal Data pertaining to that Data Subject.

[GDPR] Right to erasure. The right to have Personal Data pertaining to him/ her that is under Processing by GPI erased and therefore Processing stopped, unless a legal duty or have a legitimate ground to retain certain data prevents GPI from observing such right, in which case the Data Subject shall be duly informed.

[CCPA] Right to deletion – again in a similar manner to what the GDPR rules, natural persons who reside in the state of California may, in some circumstances, ask us to delete their personal data/ information.

 

[GDPR] The right to restrict processing. Under relevant conditions set out by the law, the right to request and have in place processing restrictions (in scope and purpose) towards Personal Data that pertains to him/ her. When exercising this right, the Data Subject must be specific about which processing activities are being requested to be restricted and the Controller shall provide feedback to the Data Subject on either the completion of the request or any potential collateral impact that may derive from implementing the requested objection to Processing, asking for additional confirmation prior to implementing the request.

[GDPR] The right to object to processing. The right to object to processing activities that have been qualified under this Privacy Policy has occurred under the Legal Basis of Legitimate Interest by the side of GPI. The exercise of this right may also occur where the Data Subject wishes to opt-out from an existing Service (and not necessarily canceling the Service). When exercising this right, the Data Subject must be specific about which processing activities are being requested to stop and the Controller shall provide feedback to the Data Subject on either the completion of the request or any potential collateral impact that may derive from implementing the requested objection to Processing, asking for additional confirmation prior to implementing the request.

[CCPA] Right to opt out of sales – We do not “sell “ your data under any circumstances.

[GDPR] Right to data portability. The right to receive the Personal Data pertaining to that Data Subject, in a structured, commonly used and machine-readable format as well as the right to transmit such Personal Data to another controller without hindrance. GPI will share the Personal Data over a secure channel, and that (depending on the type of Data as well as volume) may imply the need to convey a “password” via an alternative communication channel to the Data Subject to ensure authorized secure access.

[GDPR] Right to be informed about a Personal Data Breach. The Data Subject has the right (and it is the Controller’s obligation by law to ensure it) to be informed of any unauthorized disclosure or potential disclosure of his/ her Personal Data to unauthorized 3rd parties within 72 hours of its occurrence.

[GDPR] Right to lodge a complaint with a supervisory authority. The right to lodge a complaint regarding GPI’s Processing activities over his/ her Personal Data towards any of the EU Member States data protection Supervisory Authorities. GPI is however also available to provide any clarification towards those Data Subjects who may feel that it’s Processing of the Personal Data that pertains to them has negatively impacted them or somehow breached their rights under GDPR and/ or the right to Privacy, having such Personal Data processed in a secure manner and Confidentiality assurance. Data Subject may submit a complaint via the request process as per herein defined ahead.

 

[LGPD Brazil] Right to Anonymization , Blocking, or Deletion: The LGPD explicitly grants the right to request the anonymization, blocking, or deletion of unnecessary or excessive data, or data not processed in compliance with the law.

 

[LGPD Brazil] Information on Shared Usage: The LGPD explicitly requires controllers to inform data subjects about which public and private entities their data has been shared with.

 

[CCPA] Right to be free from discrimination – You may exercise any of the above rights without fear of being discriminated against. We are, however, permitted to provide a different price or rate to you if the difference is directly related to the value provided to you by your data.

 

For any of the above-mentioned CCPA related rights, you may designate an authorized agent to make a request on your behalf. In the request, you or your authorized agent must provide including information sufficient for us to confirm the identity of an authorized agent. We are required to verify that your agent has been properly authorized to request information on your behalf and this may take additional time to fulfill your request.

We will use the information you provide to make your CCPA rights requests to verify your identity, identify the personal information we may hold about you, and act upon your request.

 

Any “Data Subject” may exercise his/ her rights under “GDPR” by reaching out to GPI’ “DPO” through the e-mail address dataprivacy@globalproductinsights.com.

 

If you have any questions, complaints or wish to exercise your rights under “GDPR”, please do make clear on your message:

 

  • Purpose: Question; Complaint; Exercise of the “Data Subject’s” rights under “GDPR”
  • WHAT triggered your need to contact us?
  • WHEN did the root cause which triggered the need to contact us took place?
  • If a Member, your Member ID, or if not a mobile phone number or alternative personal e-mail address so we may proceed with a two-factor authentication process.

 

Why the need to provide alternative personal contact?

 

Under “GDPR” only the “Data Subject” may exercise his/ her rights, hence companies must ensure and document that the “Data Subject” or his/ her legal representatives are the ones interacting with the company while acting over his/ her “Personal Data”. The way to ensure such “authentication” with regards to “Data Subjects” who do not have digital credentials on any GPI web-based platforms is to forward code to that “Data Subject” via an alternative communication channel to the standard e-mail address which served the purpose of the initial contact and has a code generated by GPI included on all messages that pertain the exercise of “Data Subjects’” rights or actions over such “Data Subject’” “Personal Data”.

 

Depending on where they reside, the Data Subject have the following set of established rights under respective applicable Personal Data Protection laws.

 

Most Personal Data Protection laws around the Globe contain the same rights, we are herein using the California Privacy Law (CCPA/CPRA) merely as an example of the Rights under U.S. Privacy Laws:

 

 

[GDPR] Right of access. The right to obtain from the Controller confirmation as to whether his/ her personal data is being processed, and, where that is the case, access to such personal data as well as related information.

 

[CCPA] Right to know and access your personal information – similar to the Right of Access under the GDPR, California resident natural persons have the

right to:

  • Know the categories of personal information we collect and the categories of sources from which we got the information;
  • Know the business or commercial purposes for which we collect and share personal information;
  • Know the categories of third parties and other entities with whom we share personal information; and
  • Access the specific pieces of personal information we have collected about you.

 

[GDPR] Right to rectification. The right to obtain the rectification of inaccurate Personal Data pertaining to that Data Subject.

[GDPR] Right to erasure. The right to have Personal Data pertaining to him/ her that is under Processing by GPI erased and therefore Processing stopped, unless a legal duty or have a legitimate ground to retain certain data prevents GPI from observing such right, in which case the Data Subject shall be duly informed.

[CCPA] Right to deletion – again in a similar manner to what the GDPR rules, natural persons who reside in the state of California may, in some circumstances, ask us to delete their personal data/ information.

 

[GDPR] The right to restrict processing. Under relevant conditions set out by the law, the right to request and have in place processing restrictions (in scope and purpose) towards Personal Data that pertains to him/ her. When exercising this right, the Data Subject must be specific about which processing activities are being requested to be restricted and the Controller shall provide feedback to the Data Subject on either the completion of the request or any potential collateral impact that may derive from implementing the requested objection to Processing, asking for additional confirmation prior to implementing the request.

[GDPR] The right to object to processing. The right to object to processing activities that have been qualified under this Privacy Policy has occurred under the Legal Basis of Legitimate Interest by the side of GPI. The exercise of this right may also occur where the Data Subject wishes to opt-out from an existing Service (and not necessarily canceling the Service). When exercising this right, the Data Subject must be specific about which processing activities are being requested to stop and the Controller shall provide feedback to the Data Subject on either the completion of the request or any potential collateral impact that may derive from implementing the requested objection to Processing, asking for additional confirmation prior to implementing the request.

[CCPA] Right to opt out of sales – We do not “sell “ your data under any circumstances.

[GDPR] Right to data portability. The right to receive the Personal Data pertaining to that Data Subject, in a structured, commonly used and machine-readable format as well as the right to transmit such Personal Data to another controller without hindrance. GPI will share the Personal Data over a secure channel, and that (depending on the type of Data as well as volume) may imply the need to convey a “password” via an alternative communication channel to the Data Subject to ensure authorized secure access.

[GDPR] Right to be informed about a Personal Data Breach. The Data Subject has the right (and it is the Controller’s obligation by law to ensure it) to be informed of any unauthorized disclosure or potential disclosure of his/ her Personal Data to unauthorized 3rd parties within 72 hours of its occurrence.

[GDPR] Right to lodge a complaint with a supervisory authority. The right to lodge a complaint regarding GPI’s Processing activities over his/ her Personal Data towards any of the EU Member States data protection Supervisory Authorities. GPI is however also available to provide any clarification towards those Data Subjects who may feel that it’s Processing of the Personal Data that pertains to them has negatively impacted them or somehow breached their rights under GDPR and/ or the right to Privacy, having such Personal Data processed in a secure manner and Confidentiality assurance. Data Subject may submit a complaint via the request process as per herein defined ahead.

 

[LGPD Brazil] Right to Anonymization , Blocking, or Deletion: The LGPD explicitly grants the right to request the anonymization, blocking, or deletion of unnecessary or excessive data, or data not processed in compliance with the law.

 

[LGPD Brazil] Information on Shared Usage: The LGPD explicitly requires controllers to inform data subjects about which public and private entities their data has been shared with.

 

[CCPA] Right to be free from discrimination – You may exercise any of the above rights without fear of being discriminated against. We are, however, permitted to provide a different price or rate to you if the difference is directly related to the value provided to you by your data.

 

For any of the above-mentioned CCPA related rights, you may designate an authorized agent to make a request on your behalf. In the request, you or your authorized agent must provide including information sufficient for us to confirm the identity of an authorized agent. We are required to verify that your agent has been properly authorized to request information on your behalf and this may take additional time to fulfill your request.

We will use the information you provide to make your CCPA rights requests to verify your identity, identify the personal information we may hold about you, and act upon your request.

 

Any “Data Subject” may exercise his/ her rights under “GDPR” by reaching out to GPI’ “DPO” through the e-mail address dataprivacy@globalproductinsights.com.

 

If you have any questions, complaints or wish to exercise your rights under “GDPR”, please do make clear on your message:

 

  • Purpose: Question; Complaint; Exercise of the “Data Subject’s” rights under “GDPR”
  • WHAT triggered your need to contact us?
  • WHEN did the root cause which triggered the need to contact us took place?
  • If a Member, your Member ID, or if not a mobile phone number or alternative personal e-mail address so we may proceed with a two-factor authentication process.

 

Why the need to provide alternative personal contact?

 

Under “GDPR” only the “Data Subject” may exercise his/ her rights, hence companies must ensure and document that the “Data Subject” or his/ her legal representatives are the ones interacting with the company while acting over his/ her “Personal Data”. The way to ensure such “authentication” with regards to “Data Subjects” who do not have digital credentials on any GPI web-based platforms is to forward code to that “Data Subject” via an alternative communication channel to the standard e-mail address which served the purpose of the initial contact and has a code generated by GPI included on all messages that pertain the exercise of “Data Subjects’” rights or actions over such “Data Subject’” “Personal Data”.

 

Depending on where they reside, the Data Subject have the following set of established rights under respective applicable Personal Data Protection laws.

 

Most Personal Data Protection laws around the Globe contain the same rights, we are herein using the California Privacy Law (CCPA/CPRA) merely as an example of the Rights under U.S. Privacy Laws:

 

 

[GDPR] Right of access. The right to obtain from the Controller confirmation as to whether his/ her personal data is being processed, and, where that is the case, access to such personal data as well as related information.

 

[CCPA] Right to know and access your personal information – similar to the Right of Access under the GDPR, California resident natural persons have the

right to:

  • Know the categories of personal information we collect and the categories of sources from which we got the information;
  • Know the business or commercial purposes for which we collect and share personal information;
  • Know the categories of third parties and other entities with whom we share personal information; and
  • Access the specific pieces of personal information we have collected about you.

 

[GDPR] Right to rectification. The right to obtain the rectification of inaccurate Personal Data pertaining to that Data Subject.

[GDPR] Right to erasure. The right to have Personal Data pertaining to him/ her that is under Processing by GPI erased and therefore Processing stopped, unless a legal duty or have a legitimate ground to retain certain data prevents GPI from observing such right, in which case the Data Subject shall be duly informed.

[CCPA] Right to deletion – again in a similar manner to what the GDPR rules, natural persons who reside in the state of California may, in some circumstances, ask us to delete their personal data/ information.

 

[GDPR] The right to restrict processing. Under relevant conditions set out by the law, the right to request and have in place processing restrictions (in scope and purpose) towards Personal Data that pertains to him/ her. When exercising this right, the Data Subject must be specific about which processing activities are being requested to be restricted and the Controller shall provide feedback to the Data Subject on either the completion of the request or any potential collateral impact that may derive from implementing the requested objection to Processing, asking for additional confirmation prior to implementing the request.

[GDPR] The right to object to processing. The right to object to processing activities that have been qualified under this Privacy Policy has occurred under the Legal Basis of Legitimate Interest by the side of GPI. The exercise of this right may also occur where the Data Subject wishes to opt-out from an existing Service (and not necessarily canceling the Service). When exercising this right, the Data Subject must be specific about which processing activities are being requested to stop and the Controller shall provide feedback to the Data Subject on either the completion of the request or any potential collateral impact that may derive from implementing the requested objection to Processing, asking for additional confirmation prior to implementing the request.

[CCPA] Right to opt out of sales – We do not “sell “ your data under any circumstances.

[GDPR] Right to data portability. The right to receive the Personal Data pertaining to that Data Subject, in a structured, commonly used and machine-readable format as well as the right to transmit such Personal Data to another controller without hindrance. GPI will share the Personal Data over a secure channel, and that (depending on the type of Data as well as volume) may imply the need to convey a “password” via an alternative communication channel to the Data Subject to ensure authorized secure access.

[GDPR] Right to be informed about a Personal Data Breach. The Data Subject has the right (and it is the Controller’s obligation by law to ensure it) to be informed of any unauthorized disclosure or potential disclosure of his/ her Personal Data to unauthorized 3rd parties within 72 hours of its occurrence.

[GDPR] Right to lodge a complaint with a supervisory authority. The right to lodge a complaint regarding GPI’s Processing activities over his/ her Personal Data towards any of the EU Member States data protection Supervisory Authorities. GPI is however also available to provide any clarification towards those Data Subjects who may feel that it’s Processing of the Personal Data that pertains to them has negatively impacted them or somehow breached their rights under GDPR and/ or the right to Privacy, having such Personal Data processed in a secure manner and Confidentiality assurance. Data Subject may submit a complaint via the request process as per herein defined ahead.

 

[LGPD Brazil] Right to Anonymization , Blocking, or Deletion: The LGPD explicitly grants the right to request the anonymization, blocking, or deletion of unnecessary or excessive data, or data not processed in compliance with the law.

 

[LGPD Brazil] Information on Shared Usage: The LGPD explicitly requires controllers to inform data subjects about which public and private entities their data has been shared with.

 

[CCPA] Right to be free from discrimination – You may exercise any of the above rights without fear of being discriminated against. We are, however, permitted to provide a different price or rate to you if the difference is directly related to the value provided to you by your data.

 

For any of the above-mentioned CCPA related rights, you may designate an authorized agent to make a request on your behalf. In the request, you or your authorized agent must provide including information sufficient for us to confirm the identity of an authorized agent. We are required to verify that your agent has been properly authorized to request information on your behalf and this may take additional time to fulfill your request.

We will use the information you provide to make your CCPA rights requests to verify your identity, identify the personal information we may hold about you, and act upon your request.

 

Any “Data Subject” may exercise his/ her rights under “GDPR” by reaching out to GPI’ “DPO” through the e-mail address dataprivacy@globalproductinsights.com.

 

If you have any questions, complaints or wish to exercise your rights under “GDPR”, please do make clear on your message:

 

  • Purpose: Question; Complaint; Exercise of the “Data Subject’s” rights under “GDPR”
  • WHAT triggered your need to contact us?
  • WHEN did the root cause which triggered the need to contact us took place?
  • If a Member, your Member ID, or if not a mobile phone number or alternative personal e-mail address so we may proceed with a two-factor authentication process.

 

Why the need to provide alternative personal contact?

 

Under “GDPR” only the “Data Subject” may exercise his/ her rights, hence companies must ensure and document that the “Data Subject” or his/ her legal representatives are the ones interacting with the company while acting over his/ her “Personal Data”. The way to ensure such “authentication” with regards to “Data Subjects” who do not have digital credentials on any GPI web-based platforms is to forward code to that “Data Subject” via an alternative communication channel to the standard e-mail address which served the purpose of the initial contact and has a code generated by GPI included on all messages that pertain the exercise of “Data Subjects’” rights or actions over such “Data Subject’” “Personal Data”.

 

Depending on where they reside, the Data Subject have the following set of established rights under respective applicable Personal Data Protection laws.

 

Most Personal Data Protection laws around the Globe contain the same rights, we are herein using the California Privacy Law (CCPA/CPRA) merely as an example of the Rights under U.S. Privacy Laws:

 

 

[GDPR] Right of access. The right to obtain from the Controller confirmation as to whether his/ her personal data is being processed, and, where that is the case, access to such personal data as well as related information.

 

[CCPA] Right to know and access your personal information – similar to the Right of Access under the GDPR, California resident natural persons have the

right to:

  • Know the categories of personal information we collect and the categories of sources from which we got the information;
  • Know the business or commercial purposes for which we collect and share personal information;
  • Know the categories of third parties and other entities with whom we share personal information; and
  • Access the specific pieces of personal information we have collected about you.

 

[GDPR] Right to rectification. The right to obtain the rectification of inaccurate Personal Data pertaining to that Data Subject.

[GDPR] Right to erasure. The right to have Personal Data pertaining to him/ her that is under Processing by GPI erased and therefore Processing stopped, unless a legal duty or have a legitimate ground to retain certain data prevents GPI from observing such right, in which case the Data Subject shall be duly informed.

[CCPA] Right to deletion – again in a similar manner to what the GDPR rules, natural persons who reside in the state of California may, in some circumstances, ask us to delete their personal data/ information.

 

[GDPR] The right to restrict processing. Under relevant conditions set out by the law, the right to request and have in place processing restrictions (in scope and purpose) towards Personal Data that pertains to him/ her. When exercising this right, the Data Subject must be specific about which processing activities are being requested to be restricted and the Controller shall provide feedback to the Data Subject on either the completion of the request or any potential collateral impact that may derive from implementing the requested objection to Processing, asking for additional confirmation prior to implementing the request.

[GDPR] The right to object to processing. The right to object to processing activities that have been qualified under this Privacy Policy has occurred under the Legal Basis of Legitimate Interest by the side of GPI. The exercise of this right may also occur where the Data Subject wishes to opt-out from an existing Service (and not necessarily canceling the Service). When exercising this right, the Data Subject must be specific about which processing activities are being requested to stop and the Controller shall provide feedback to the Data Subject on either the completion of the request or any potential collateral impact that may derive from implementing the requested objection to Processing, asking for additional confirmation prior to implementing the request.

[CCPA] Right to opt out of sales – We do not “sell “ your data under any circumstances.

[GDPR] Right to data portability. The right to receive the Personal Data pertaining to that Data Subject, in a structured, commonly used and machine-readable format as well as the right to transmit such Personal Data to another controller without hindrance. GPI will share the Personal Data over a secure channel, and that (depending on the type of Data as well as volume) may imply the need to convey a “password” via an alternative communication channel to the Data Subject to ensure authorized secure access.

[GDPR] Right to be informed about a Personal Data Breach. The Data Subject has the right (and it is the Controller’s obligation by law to ensure it) to be informed of any unauthorized disclosure or potential disclosure of his/ her Personal Data to unauthorized 3rd parties within 72 hours of its occurrence.

[GDPR] Right to lodge a complaint with a supervisory authority. The right to lodge a complaint regarding GPI’s Processing activities over his/ her Personal Data towards any of the EU Member States data protection Supervisory Authorities. GPI is however also available to provide any clarification towards those Data Subjects who may feel that it’s Processing of the Personal Data that pertains to them has negatively impacted them or somehow breached their rights under GDPR and/ or the right to Privacy, having such Personal Data processed in a secure manner and Confidentiality assurance. Data Subject may submit a complaint via the request process as per herein defined ahead.

 

[LGPD Brazil] Right to Anonymization , Blocking, or Deletion: The LGPD explicitly grants the right to request the anonymization, blocking, or deletion of unnecessary or excessive data, or data not processed in compliance with the law.

 

[LGPD Brazil] Information on Shared Usage: The LGPD explicitly requires controllers to inform data subjects about which public and private entities their data has been shared with.

 

[CCPA] Right to be free from discrimination – You may exercise any of the above rights without fear of being discriminated against. We are, however, permitted to provide a different price or rate to you if the difference is directly related to the value provided to you by your data.

 

For any of the above-mentioned CCPA related rights, you may designate an authorized agent to make a request on your behalf. In the request, you or your authorized agent must provide including information sufficient for us to confirm the identity of an authorized agent. We are required to verify that your agent has been properly authorized to request information on your behalf and this may take additional time to fulfill your request.

We will use the information you provide to make your CCPA rights requests to verify your identity, identify the personal information we may hold about you, and act upon your request.

 

Any “Data Subject” may exercise his/ her rights under “GDPR” by reaching out to GPI’ “DPO” through the e-mail address dataprivacy@globalproductinsights.com.

 

If you have any questions, complaints or wish to exercise your rights under “GDPR”, please do make clear on your message:

 

  • Purpose: Question; Complaint; Exercise of the “Data Subject’s” rights under “GDPR”
  • WHAT triggered your need to contact us?
  • WHEN did the root cause which triggered the need to contact us took place?
  • If a Member, your Member ID, or if not a mobile phone number or alternative personal e-mail address so we may proceed with a two-factor authentication process.

 

Why the need to provide alternative personal contact?

 

Under “GDPR” only the “Data Subject” may exercise his/ her rights, hence companies must ensure and document that the “Data Subject” or his/ her legal representatives are the ones interacting with the company while acting over his/ her “Personal Data”. The way to ensure such “authentication” with regards to “Data Subjects” who do not have digital credentials on any GPI web-based platforms is to forward code to that “Data Subject” via an alternative communication channel to the standard e-mail address which served the purpose of the initial contact and has a code generated by GPI included on all messages that pertain the exercise of “Data Subjects’” rights or actions over such “Data Subject’” “Personal Data”.

 

Depending on where they reside, the Data Subject have the following set of established rights under respective applicable Personal Data Protection laws.

 

Most Personal Data Protection laws around the Globe contain the same rights, we are herein using the California Privacy Law (CCPA/CPRA) merely as an example of the Rights under U.S. Privacy Laws:

 

 

[GDPR] Right of access. The right to obtain from the Controller confirmation as to whether his/ her personal data is being processed, and, where that is the case, access to such personal data as well as related information.

 

[CCPA] Right to know and access your personal information – similar to the Right of Access under the GDPR, California resident natural persons have the

right to:

  • Know the categories of personal information we collect and the categories of sources from which we got the information;
  • Know the business or commercial purposes for which we collect and share personal information;
  • Know the categories of third parties and other entities with whom we share personal information; and
  • Access the specific pieces of personal information we have collected about you.

 

[GDPR] Right to rectification. The right to obtain the rectification of inaccurate Personal Data pertaining to that Data Subject.

[GDPR] Right to erasure. The right to have Personal Data pertaining to him/ her that is under Processing by GPI erased and therefore Processing stopped, unless a legal duty or have a legitimate ground to retain certain data prevents GPI from observing such right, in which case the Data Subject shall be duly informed.

[CCPA] Right to deletion – again in a similar manner to what the GDPR rules, natural persons who reside in the state of California may, in some circumstances, ask us to delete their personal data/ information.

 

[GDPR] The right to restrict processing. Under relevant conditions set out by the law, the right to request and have in place processing restrictions (in scope and purpose) towards Personal Data that pertains to him/ her. When exercising this right, the Data Subject must be specific about which processing activities are being requested to be restricted and the Controller shall provide feedback to the Data Subject on either the completion of the request or any potential collateral impact that may derive from implementing the requested objection to Processing, asking for additional confirmation prior to implementing the request.

[GDPR] The right to object to processing. The right to object to processing activities that have been qualified under this Privacy Policy has occurred under the Legal Basis of Legitimate Interest by the side of GPI. The exercise of this right may also occur where the Data Subject wishes to opt-out from an existing Service (and not necessarily canceling the Service). When exercising this right, the Data Subject must be specific about which processing activities are being requested to stop and the Controller shall provide feedback to the Data Subject on either the completion of the request or any potential collateral impact that may derive from implementing the requested objection to Processing, asking for additional confirmation prior to implementing the request.

[CCPA] Right to opt out of sales – We do not “sell “ your data under any circumstances.

[GDPR] Right to data portability. The right to receive the Personal Data pertaining to that Data Subject, in a structured, commonly used and machine-readable format as well as the right to transmit such Personal Data to another controller without hindrance. GPI will share the Personal Data over a secure channel, and that (depending on the type of Data as well as volume) may imply the need to convey a “password” via an alternative communication channel to the Data Subject to ensure authorized secure access.

[GDPR] Right to be informed about a Personal Data Breach. The Data Subject has the right (and it is the Controller’s obligation by law to ensure it) to be informed of any unauthorized disclosure or potential disclosure of his/ her Personal Data to unauthorized 3rd parties within 72 hours of its occurrence.

[GDPR] Right to lodge a complaint with a supervisory authority. The right to lodge a complaint regarding GPI’s Processing activities over his/ her Personal Data towards any of the EU Member States data protection Supervisory Authorities. GPI is however also available to provide any clarification towards those Data Subjects who may feel that it’s Processing of the Personal Data that pertains to them has negatively impacted them or somehow breached their rights under GDPR and/ or the right to Privacy, having such Personal Data processed in a secure manner and Confidentiality assurance. Data Subject may submit a complaint via the request process as per herein defined ahead.

 

[LGPD Brazil] Right to Anonymization , Blocking, or Deletion: The LGPD explicitly grants the right to request the anonymization, blocking, or deletion of unnecessary or excessive data, or data not processed in compliance with the law.

 

[LGPD Brazil] Information on Shared Usage: The LGPD explicitly requires controllers to inform data subjects about which public and private entities their data has been shared with.

 

[CCPA] Right to be free from discrimination – You may exercise any of the above rights without fear of being discriminated against. We are, however, permitted to provide a different price or rate to you if the difference is directly related to the value provided to you by your data.

 

For any of the above-mentioned CCPA related rights, you may designate an authorized agent to make a request on your behalf. In the request, you or your authorized agent must provide including information sufficient for us to confirm the identity of an authorized agent. We are required to verify that your agent has been properly authorized to request information on your behalf and this may take additional time to fulfill your request.

We will use the information you provide to make your CCPA rights requests to verify your identity, identify the personal information we may hold about you, and act upon your request.

 

Any “Data Subject” may exercise his/ her rights under “GDPR” by reaching out to GPI’ “DPO” through the e-mail address dataprivacy@globalproductinsights.com.

 

If you have any questions, complaints or wish to exercise your rights under “GDPR”, please do make clear on your message:

 

  • Purpose: Question; Complaint; Exercise of the “Data Subject’s” rights under “GDPR”
  • WHAT triggered your need to contact us?
  • WHEN did the root cause which triggered the need to contact us took place?
  • If a Member, your Member ID, or if not a mobile phone number or alternative personal e-mail address so we may proceed with a two-factor authentication process.

 

Why the need to provide alternative personal contact?

 

Under “GDPR” only the “Data Subject” may exercise his/ her rights, hence companies must ensure and document that the “Data Subject” or his/ her legal representatives are the ones interacting with the company while acting over his/ her “Personal Data”. The way to ensure such “authentication” with regards to “Data Subjects” who do not have digital credentials on any GPI web-based platforms is to forward code to that “Data Subject” via an alternative communication channel to the standard e-mail address which served the purpose of the initial contact and has a code generated by GPI included on all messages that pertain the exercise of “Data Subjects’” rights or actions over such “Data Subject’” “Personal Data”.

 

Glossary

“Affiliate” means any entity that directly or indirectly controls, is controlled by or is under common control with each Party. Whereas “Control,” for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the Party.

 

“Controller” means the “Party” which determines the “Personal Data” which is forward to the other “Party” under the “Services” scope, and the inherent “Personal Data” Treatment” purposes, processes and/ or workflows which must be observed by the other “Party” within the mutual relationship.

 

“Data Protection Officer”/ “DPO” means the natural person within a company who bear the responsibility of ensuring corporate compliance towards “GDPR” (as per defined under this Regulation), both by means of monitoring compliance status as well as acting towards the organization and management structure informing those about existing non-conformity points and the need for the organization to act upon them in order to make them compliant with “GDPR” rules, guidelines and requirements.

 

“Data Subject” means the identified or identifiable natural person to whom “Personal Data” relates. Both Parties understand that the “Data Subject” is the sole owner of “Personal Data” which pertains to him/ her.

 

“Data Subjects’ Rights” means the rights established towards the “Data Subjects” under “GDPR”. Please check the item below under the title “HOW to exercise Data Subjects’ rights”

 

“GDPR” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regards to the “Personal Data” Treatment” and on the free movement of such data, while

 

Repealing and replacing the Directive 95/46/EC from May 25th, 2018 onwards.

 

“IT Landscape” means the set of IT assets and services of and at the disposal of each “Party” that enables their “Personal Data” Treatment” operation, meaning the communications infrastructure (LAN, WAN, Wi-Fi networks), Data Center and technical rooms, Cloud-based services, workstations, software systems and tools, mobile devices in use, peripheral IT devices, Firewalls and web-based resources.

 

“Legal Basis” means the enlisted lawful grounds that a company has to entice “Personal Data” Treatment” activities under “GDPR”, namely (but not limited to) having documented: the “Data Subject’” Explicit Consent towards “Personal Data” Treatment” activities; the company Legitimate Interest in proceeding with ““Personal Data” Treatment” activities; accessory legal obligations that the company must observe and which entitled it to proceed with “Personal Data Processing Activities” activities within the limits of such ruling and inherent obligations; other as per defined under “GDPR”.

 

“Partner” means any 3rd party entity towards which each “Party” may resort in order to ensure “Personal Data Processing Activities” under a “Legal Basis” (as established by “GDPR”) and within the scope of agreed “Services”.

 

“Personal Data” means any data which by itself or when cross-referenced with other data enables one to univocally identify one given natural person, the “Data Subject”.

 

“Personal Data Processing Activities” means any operation or set of operations which is performed upon “Personal Data”, whether or not by automated means, such as collection/ retrieval; accessing (consultation, use); processing (organization, structuring, adaptation or alteration); storage (recording, erasure or destruction); sharing (disclosure by transmission, dissemination or otherwise making available, publishing).

 

“Personal Data Breach” means any “event” or “incident” (as per ITIL definition) which enables the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to “Personal Data”.

“Processor” means the entity which proceeds with authorized “Personal Data Processing Activities” (under this DPA and the “Agreement”) on behalf of the “Controller”.

 

“Service Catalog” means the set of Services rendered by GPI that requires “Personal Data Processing Activities”.

 

“Sub-processor” means any “Processor” engaged by any of the “Parties” which performs complimentary “Personal Data Processing Activities” within the scope of the “Services”.

Contact Us

If You have any questions or complaints about this Policy, please contact Us at :

E: dataprivacy@globalproductinsights.com

P: +1 (910) 722 1560 (U.S.) or +41 79 137 2228 (outside U.S.)

GPI - Global Product Insights

Product experience insights, built for real market decisions.

Zürich Office:

35 Zweierstrasse

8004 Zürich

Switzerland

USA Office:

140 Jonathans Drive

West End, NC 27376

United States

© 2026 GPI – Global Product Insights. All Rights Reserved.

Terms & Conditions

|

Privacy Policy

Home

How we work

Our solutions

Pricing

Our blog

Contact us

March 5th, 2026

Global Product Insights

Privacy Policy

Privacy Statement

This Privacy Policy describes how Global Product Insights (GPI) undertakes the processing of Personal Data pertaining to natural persons that interact with it as websites visitors/ users or representatives/ stakeholders of Prospective/ Existing Corporate Clients (meaning how such Personal Data is: Collected; Stored; Accessed; Processed and Shared) both online and by other means, such as by phone while ordering GPI products; as well as which are the Legal Basis towards such Processing activities applies.

 

This Privacy Policy is provided to you, in line with the following Personal Data Protection Legislation:

 

  • The Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 also known as the General Data Protection Regulation (the GDPR), which became enforceable across the EU and the EEA from May 25th, 2018 having replaced the previous Directive 95/46/EC; In Ireland, the national law, which amongst other things, gives further effect to the GDPR, is the Data Protection Act 2018 (‘the 2018 Act’).
  • The Directive 2009/136/EC of the European Parliament and of the Council of 25 November 2009 also known as the ePrivacy Directive, amending the Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks and services, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector and Regulation (EC) No 2006/2004 on cooperation between national authorities responsible for the enforcement of consumer protection laws;
  • The Swiss Federal Act on Data Protection (nFADP), where Personal Data pertaining to resident natural persons in Switzerland is under Processing.
  • The California Consumer Privacy Act 2018 (the CCPA), assembly Bill of the State of California United States of America No. 375, under CHAPTER 55, an act to add Title 1.81.5 (commencing with Section 1798.100) to Part 4 of Division 3 of the Civil Code, relating to privacy and approved by Governor June 28, 2018. Filed with Secretary of State June 28, 2018 and enforceable from January 1st, 2020 onwards.
  • Other Personal Data Protection laws from countries around the Globe as they may apply where the stipulations under those laws are more protective of the Rights and Freedoms of natural persons than what is defined under the EU GDPR.

The primary goal of Processing Personal Data is to identify and interact authorized representatives/ stakeholders at both existing and prospective Corporate Clients of GPI, to entice communication in view of enticing or maintaining the existing Business-to-Business (B2B) relationship.

The secondary context where Personal Data is processed by GPI derives from access and usage of our websites by means of Cookies and Trackers, which visitors and users are able to manage via our Cookie Management Tool.

GPI (both as an organization as each of its staff members) is perfectly aware of the fact that Personal Data may represent a risk towards you if accessed by unauthorized 3rd parties; and that is why a set of Policies, Operational Processes, and mechanisms (technological and human-based) has been developed, ensuring that the Personal Data entrusted by you to GPI will be maintained, handled and shared in a manner that warrants its Security, Accuracy, Confidentiality, and Privacy, hence assuring your Personal Data Protection.

Personal Data is exclusively Processed under the scope and purpose of managing the "relationship" with visitors/ users of the websites and those natural persons (Data Subjects) who are the contact points at Corporate Clients.

Each and every Data Subject maintains full control over the Personal Data that pertains to him/ her as well as the Personal Data Processing Activities undertaken by GPI (as defined under applicable Personal Data Protection laws with the EU GDPR as the reference point).

Applicability

GPI reserves the right to modify this Privacy Policy at all times by posting an updated time-stamp versions on its websites.

The Data Controller

Global Product Insights AG (GPI), established at 35 Zweierstrasse 8004 Zürich, Switzerland. (operating under the brand “GPI”) is the entity that acts as the Data Controller for the purpose of this Privacy Policy and all data processing practices herein contemplated. All questions or requests regarding the processing of the personal data under our control or processing may be addressed to dataprivacy@globalproductinsights.com

 

GPI DPO contacts

Mr. Rui Serrano

Country: Portugal, European Union

email: dataprivacy@globalproductinsights.com

phone: +351932579434

 

GPI Core Activity – Service Catalog and “Legal Basis”

GPI renders a set of services towards other companies, which successful completion requires “Personal Data Processing Activities”.

Under this scope, GPI’ Service Catalog comprehends the following services and applicable “Legal Basis” for processing Personal Data (respectively), meaning how is GPI permitted by law to process “Personal Data” under such services scope:

 

  • Reaching out to prospect/ existing Corporate Clients

 

GPI, will directly reach out to natural persons with whom it has no established relationship, yet are authorized representatives/ stakeholders at prospective/ existing Corporate Clients to foster its B2B activities (although it could do so under the GDPR Article 14); the way in which GPI reaches out to such prospects consists collecting identification and contact information publishing both on Companies’ websites or other communication means and/ or information on Social Media that is public in nature, under Legitimate Interest in the case of prospects and under a Contractual Obligation in the case of existing Corporate Clients.

 

WHAT “Personal Data” is subject to Processing by GPI

The following categories of Personal Data will be processed:

 

  • Contact Data (e.g. Name; Email; Phone number)
  • Location Data (e.g. Country; City; State)
  • Professional Data (e.g. Company, Role)

WHAT is the Purpose of Personal Data Processing Activities

Gathering/ Collection

 

GPI exclusively gathers the minimum amount of Personal Data that allows establishing communication with stakeholders at prospective or existing Corporate Clients.

 

The exclusion consists of information gathered by Cookies and Trackers relating to website users and visitors.

 

For detailed information about cookies in use and similar employed technologies please refer to the Cookies Policy.

Hosting

GPI is a Digital company, which means that the overwhelming amount of Data and information the company requires to operate is exclusively maintained under Digital format on its IT Systems, hosted in the EU with its Processor Hetzner.

The Principle of Data Minimization

GPI takes every reasonable step to ensure that Personal Data under its direct Processing activities (as the Controller) is absolutely limited to the amount and type that is necessary to deliver its Services towards its Customers and Corporate Clients as it has been agreed by those, either via Consent or a Contract not maintained over redundant repositories nor for any longer than required under the scope of agreed services.

 

However, Customers and Corporate Clients alike will act also as Joint Controllers and the same is not “arguable” by GPI with regards to those for it solely depends on their Personal Data Processing “scope” and “purpose”.

HOW is “Personal Data” Security, Privacy and Confidentiality assured

GPI has its “IT Landscape” configured and monitored under the strictest Security market standards and it has reviewed and adopted changes to its operational processes in a manner that ensures compliance with the requirements posed under “GDPR” towards “Personal Data” Protection. This means to assure its Confidentiality and Privacy while under “Personal Data Processing Activities” performed by itself and its Processors within the scope of GPI rendered services.

For HOW LONG is “Personal Data” maintained

Data retention is one major potential risk generator towards “Personal Data”, since having the Data available means it may be accessed if a “Personal Data Breach” occurs.

 

GPI has set the Data Retention periods according to its service relationship with its Corporate Clients’ lifecycle or until the moment a Data Subject exercises his/ her Right of Erasure.

HOW to exercise “Data Subjects’” rights

Depending on where they reside, the Data Subject have the following set of established rights under respective applicable Personal Data Protection laws.

 

Most Personal Data Protection laws around the Globe contain the same rights, we are herein using the California Privacy Law (CCPA/CPRA) merely as an example of the Rights under U.S. Privacy Laws:

 

 

[GDPR] Right of access. The right to obtain from the Controller confirmation as to whether his/ her personal data is being processed, and, where that is the case, access to such personal data as well as related information.

 

[CCPA] Right to know and access your personal information – similar to the Right of Access under the GDPR, California resident natural persons have the

right to:

  • Know the categories of personal information we collect and the categories of sources from which we got the information;
  • Know the business or commercial purposes for which we collect and share personal information;
  • Know the categories of third parties and other entities with whom we share personal information; and
  • Access the specific pieces of personal information we have collected about you.

 

[GDPR] Right to rectification. The right to obtain the rectification of inaccurate Personal Data pertaining to that Data Subject.

[GDPR] Right to erasure. The right to have Personal Data pertaining to him/ her that is under Processing by GPI erased and therefore Processing stopped, unless a legal duty or have a legitimate ground to retain certain data prevents GPI from observing such right, in which case the Data Subject shall be duly informed.

[CCPA] Right to deletion – again in a similar manner to what the GDPR rules, natural persons who reside in the state of California may, in some circumstances, ask us to delete their personal data/ information.

 

[GDPR] The right to restrict processing. Under relevant conditions set out by the law, the right to request and have in place processing restrictions (in scope and purpose) towards Personal Data that pertains to him/ her. When exercising this right, the Data Subject must be specific about which processing activities are being requested to be restricted and the Controller shall provide feedback to the Data Subject on either the completion of the request or any potential collateral impact that may derive from implementing the requested objection to Processing, asking for additional confirmation prior to implementing the request.

[GDPR] The right to object to processing. The right to object to processing activities that have been qualified under this Privacy Policy has occurred under the Legal Basis of Legitimate Interest by the side of GPI. The exercise of this right may also occur where the Data Subject wishes to opt-out from an existing Service (and not necessarily canceling the Service). When exercising this right, the Data Subject must be specific about which processing activities are being requested to stop and the Controller shall provide feedback to the Data Subject on either the completion of the request or any potential collateral impact that may derive from implementing the requested objection to Processing, asking for additional confirmation prior to implementing the request.

[CCPA] Right to opt out of sales – We do not “sell “ your data under any circumstances.

[GDPR] Right to data portability. The right to receive the Personal Data pertaining to that Data Subject, in a structured, commonly used and machine-readable format as well as the right to transmit such Personal Data to another controller without hindrance. GPI will share the Personal Data over a secure channel, and that (depending on the type of Data as well as volume) may imply the need to convey a “password” via an alternative communication channel to the Data Subject to ensure authorized secure access.

[GDPR] Right to be informed about a Personal Data Breach. The Data Subject has the right (and it is the Controller’s obligation by law to ensure it) to be informed of any unauthorized disclosure or potential disclosure of his/ her Personal Data to unauthorized 3rd parties within 72 hours of its occurrence.

[GDPR] Right to lodge a complaint with a supervisory authority. The right to lodge a complaint regarding GPI’s Processing activities over his/ her Personal Data towards any of the EU Member States data protection Supervisory Authorities. GPI is however also available to provide any clarification towards those Data Subjects who may feel that it’s Processing of the Personal Data that pertains to them has negatively impacted them or somehow breached their rights under GDPR and/ or the right to Privacy, having such Personal Data processed in a secure manner and Confidentiality assurance. Data Subject may submit a complaint via the request process as per herein defined ahead.

 

[LGPD Brazil] Right to Anonymization , Blocking, or Deletion: The LGPD explicitly grants the right to request the anonymization, blocking, or deletion of unnecessary or excessive data, or data not processed in compliance with the law.

 

[LGPD Brazil] Information on Shared Usage: The LGPD explicitly requires controllers to inform data subjects about which public and private entities their data has been shared with.

 

[CCPA] Right to be free from discrimination – You may exercise any of the above rights without fear of being discriminated against. We are, however, permitted to provide a different price or rate to you if the difference is directly related to the value provided to you by your data.

 

For any of the above-mentioned CCPA related rights, you may designate an authorized agent to make a request on your behalf. In the request, you or your authorized agent must provide including information sufficient for us to confirm the identity of an authorized agent. We are required to verify that your agent has been properly authorized to request information on your behalf and this may take additional time to fulfill your request.

We will use the information you provide to make your CCPA rights requests to verify your identity, identify the personal information we may hold about you, and act upon your request.

 

Any “Data Subject” may exercise his/ her rights under “GDPR” by reaching out to GPI’ “DPO” through the e-mail address dataprivacy@globalproductinsights.com.

 

If you have any questions, complaints or wish to exercise your rights under “GDPR”, please do make clear on your message:

 

  • Purpose: Question; Complaint; Exercise of the “Data Subject’s” rights under “GDPR”
  • WHAT triggered your need to contact us?
  • WHEN did the root cause which triggered the need to contact us took place?
  • If a Member, your Member ID, or if not a mobile phone number or alternative personal e-mail address so we may proceed with a two-factor authentication process.

 

Why the need to provide alternative personal contact?

 

Under “GDPR” only the “Data Subject” may exercise his/ her rights, hence companies must ensure and document that the “Data Subject” or his/ her legal representatives are the ones interacting with the company while acting over his/ her “Personal Data”. The way to ensure such “authentication” with regards to “Data Subjects” who do not have digital credentials on any GPI web-based platforms is to forward code to that “Data Subject” via an alternative communication channel to the standard e-mail address which served the purpose of the initial contact and has a code generated by GPI included on all messages that pertain the exercise of “Data Subjects’” rights or actions over such “Data Subject’” “Personal Data”.

 

Glossary

“Affiliate” means any entity that directly or indirectly controls, is controlled by or is under common control with each Party. Whereas “Control,” for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the Party.

 

“Controller” means the “Party” which determines the “Personal Data” which is forward to the other “Party” under the “Services” scope, and the inherent “Personal Data” Treatment” purposes, processes and/ or workflows which must be observed by the other “Party” within the mutual relationship.

 

“Data Protection Officer”/ “DPO” means the natural person within a company who bear the responsibility of ensuring corporate compliance towards “GDPR” (as per defined under this Regulation), both by means of monitoring compliance status as well as acting towards the organization and management structure informing those about existing non-conformity points and the need for the organization to act upon them in order to make them compliant with “GDPR” rules, guidelines and requirements.

 

“Data Subject” means the identified or identifiable natural person to whom “Personal Data” relates. Both Parties understand that the “Data Subject” is the sole owner of “Personal Data” which pertains to him/ her.

 

“Data Subjects’ Rights” means the rights established towards the “Data Subjects” under “GDPR”. Please check the item below under the title “HOW to exercise Data Subjects’ rights”

 

“GDPR” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regards to the “Personal Data” Treatment” and on the free movement of such data, while

 

Repealing and replacing the Directive 95/46/EC from May 25th, 2018 onwards.

 

“IT Landscape” means the set of IT assets and services of and at the disposal of each “Party” that enables their “Personal Data” Treatment” operation, meaning the communications infrastructure (LAN, WAN, Wi-Fi networks), Data Center and technical rooms, Cloud-based services, workstations, software systems and tools, mobile devices in use, peripheral IT devices, Firewalls and web-based resources.

 

“Legal Basis” means the enlisted lawful grounds that a company has to entice “Personal Data” Treatment” activities under “GDPR”, namely (but not limited to) having documented: the “Data Subject’” Explicit Consent towards “Personal Data” Treatment” activities; the company Legitimate Interest in proceeding with ““Personal Data” Treatment” activities; accessory legal obligations that the company must observe and which entitled it to proceed with “Personal Data Processing Activities” activities within the limits of such ruling and inherent obligations; other as per defined under “GDPR”.

 

“Partner” means any 3rd party entity towards which each “Party” may resort in order to ensure “Personal Data Processing Activities” under a “Legal Basis” (as established by “GDPR”) and within the scope of agreed “Services”.

 

“Personal Data” means any data which by itself or when cross-referenced with other data enables one to univocally identify one given natural person, the “Data Subject”.

 

“Personal Data Processing Activities” means any operation or set of operations which is performed upon “Personal Data”, whether or not by automated means, such as collection/ retrieval; accessing (consultation, use); processing (organization, structuring, adaptation or alteration); storage (recording, erasure or destruction); sharing (disclosure by transmission, dissemination or otherwise making available, publishing).

 

“Personal Data Breach” means any “event” or “incident” (as per ITIL definition) which enables the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to “Personal Data”.

“Processor” means the entity which proceeds with authorized “Personal Data Processing Activities” (under this DPA and the “Agreement”) on behalf of the “Controller”.

 

“Service Catalog” means the set of Services rendered by GPI that requires “Personal Data Processing Activities”.

 

“Sub-processor” means any “Processor” engaged by any of the “Parties” which performs complimentary “Personal Data Processing Activities” within the scope of the “Services”.

Contact Us

If You have any questions or complaints about this Policy, please contact Us at :

E: dataprivacy@globalproductinsights.com

P: +1 (910) 722 1560 (U.S.) or +41 79 137 2228 (outside U.S.)

GPI - Global Product Insights

Product experience insights, built for real market decisions.

Zürich Office:

35 Zweierstrasse

8004 Zürich

Switzerland

USA Office:

140 Jonathans Drive

West End, NC 27376

United States

© 2026 GPI – Global Product Insights. All Rights Reserved.

Terms & Conditions

|

Privacy Policy

Home

How we work

Our solutions

Pricing

Our blog

Contact us

March 5th, 2026

Global Product Insights

Privacy Policy

Privacy Statement

This Privacy Policy describes how Global Product Insights (GPI) undertakes the processing of Personal Data pertaining to natural persons that interact with it as websites visitors/ users or representatives/ stakeholders of Prospective/ Existing Corporate Clients (meaning how such Personal Data is: Collected; Stored; Accessed; Processed and Shared) both online and by other means, such as by phone while ordering GPI products; as well as which are the Legal Basis towards such Processing activities applies.

 

This Privacy Policy is provided to you, in line with the following Personal Data Protection Legislation:

 

  • The Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 also known as the General Data Protection Regulation (the GDPR), which became enforceable across the EU and the EEA from May 25th, 2018 having replaced the previous Directive 95/46/EC; In Ireland, the national law, which amongst other things, gives further effect to the GDPR, is the Data Protection Act 2018 (‘the 2018 Act’).
  • The Directive 2009/136/EC of the European Parliament and of the Council of 25 November 2009 also known as the ePrivacy Directive, amending the Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks and services, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector and Regulation (EC) No 2006/2004 on cooperation between national authorities responsible for the enforcement of consumer protection laws;
  • The Swiss Federal Act on Data Protection (nFADP), where Personal Data pertaining to resident natural persons in Switzerland is under Processing.
  • The California Consumer Privacy Act 2018 (the CCPA), assembly Bill of the State of California United States of America No. 375, under CHAPTER 55, an act to add Title 1.81.5 (commencing with Section 1798.100) to Part 4 of Division 3 of the Civil Code, relating to privacy and approved by Governor June 28, 2018. Filed with Secretary of State June 28, 2018 and enforceable from January 1st, 2020 onwards.
  • Other Personal Data Protection laws from countries around the Globe as they may apply where the stipulations under those laws are more protective of the Rights and Freedoms of natural persons than what is defined under the EU GDPR.

The primary goal of Processing Personal Data is to identify and interact authorized representatives/ stakeholders at both existing and prospective Corporate Clients of GPI, to entice communication in view of enticing or maintaining the existing Business-to-Business (B2B) relationship.

The secondary context where Personal Data is processed by GPI derives from access and usage of our websites by means of Cookies and Trackers, which visitors and users are able to manage via our Cookie Management Tool.

GPI (both as an organization as each of its staff members) is perfectly aware of the fact that Personal Data may represent a risk towards you if accessed by unauthorized 3rd parties; and that is why a set of Policies, Operational Processes, and mechanisms (technological and human-based) has been developed, ensuring that the Personal Data entrusted by you to GPI will be maintained, handled and shared in a manner that warrants its Security, Accuracy, Confidentiality, and Privacy, hence assuring your Personal Data Protection.

Personal Data is exclusively Processed under the scope and purpose of managing the "relationship" with visitors/ users of the websites and those natural persons (Data Subjects) who are the contact points at Corporate Clients.

Each and every Data Subject maintains full control over the Personal Data that pertains to him/ her as well as the Personal Data Processing Activities undertaken by GPI (as defined under applicable Personal Data Protection laws with the EU GDPR as the reference point).

Applicability

GPI reserves the right to modify this Privacy Policy at all times by posting an updated time-stamp versions on its websites.

The Data Controller

Global Product Insights AG (GPI), established at 35 Zweierstrasse 8004 Zürich, Switzerland. (operating under the brand “GPI”) is the entity that acts as the Data Controller for the purpose of this Privacy Policy and all data processing practices herein contemplated. All questions or requests regarding the processing of the personal data under our control or processing may be addressed to dataprivacy@globalproductinsights.com

 

GPI DPO contacts

Mr. Rui Serrano

Country: Portugal, European Union

email: dataprivacy@globalproductinsights.com

phone: +351932579434

 

GPI Core Activity – Service Catalog and “Legal Basis”

GPI renders a set of services towards other companies, which successful completion requires “Personal Data Processing Activities”.

Under this scope, GPI’ Service Catalog comprehends the following services and applicable “Legal Basis” for processing Personal Data (respectively), meaning how is GPI permitted by law to process “Personal Data” under such services scope:

 

  • Reaching out to prospect/ existing Corporate Clients

 

GPI, will directly reach out to natural persons with whom it has no established relationship, yet are authorized representatives/ stakeholders at prospective/ existing Corporate Clients to foster its B2B activities (although it could do so under the GDPR Article 14); the way in which GPI reaches out to such prospects consists collecting identification and contact information publishing both on Companies’ websites or other communication means and/ or information on Social Media that is public in nature, under Legitimate Interest in the case of prospects and under a Contractual Obligation in the case of existing Corporate Clients.

 

WHAT “Personal Data” is subject to Processing by GPI

The following categories of Personal Data will be processed:

 

  • Contact Data (e.g. Name; Email; Phone number)
  • Location Data (e.g. Country; City; State)
  • Professional Data (e.g. Company, Role)

WHAT is the Purpose of Personal Data Processing Activities

Gathering/ Collection

 

GPI exclusively gathers the minimum amount of Personal Data that allows establishing communication with stakeholders at prospective or existing Corporate Clients.

 

The exclusion consists of information gathered by Cookies and Trackers relating to website users and visitors.

 

For detailed information about cookies in use and similar employed technologies please refer to the Cookies Policy.

Hosting

GPI is a Digital company, which means that the overwhelming amount of Data and information the company requires to operate is exclusively maintained under Digital format on its IT Systems, hosted in the EU with its Processor Hetzner.

The Principle of Data Minimization

GPI takes every reasonable step to ensure that Personal Data under its direct Processing activities (as the Controller) is absolutely limited to the amount and type that is necessary to deliver its Services towards its Customers and Corporate Clients as it has been agreed by those, either via Consent or a Contract not maintained over redundant repositories nor for any longer than required under the scope of agreed services.

 

However, Customers and Corporate Clients alike will act also as Joint Controllers and the same is not “arguable” by GPI with regards to those for it solely depends on their Personal Data Processing “scope” and “purpose”.

HOW is “Personal Data” Security, Privacy and Confidentiality assured

GPI has its “IT Landscape” configured and monitored under the strictest Security market standards and it has reviewed and adopted changes to its operational processes in a manner that ensures compliance with the requirements posed under “GDPR” towards “Personal Data” Protection. This means to assure its Confidentiality and Privacy while under “Personal Data Processing Activities” performed by itself and its Processors within the scope of GPI rendered services.

For HOW LONG is “Personal Data” maintained

Data retention is one major potential risk generator towards “Personal Data”, since having the Data available means it may be accessed if a “Personal Data Breach” occurs.

 

GPI has set the Data Retention periods according to its service relationship with its Corporate Clients’ lifecycle or until the moment a Data Subject exercises his/ her Right of Erasure.

HOW to exercise “Data Subjects’” rights

Depending on where they reside, the Data Subject have the following set of established rights under respective applicable Personal Data Protection laws.

 

Most Personal Data Protection laws around the Globe contain the same rights, we are herein using the California Privacy Law (CCPA/CPRA) merely as an example of the Rights under U.S. Privacy Laws:

 

 

[GDPR] Right of access. The right to obtain from the Controller confirmation as to whether his/ her personal data is being processed, and, where that is the case, access to such personal data as well as related information.

 

[CCPA] Right to know and access your personal information – similar to the Right of Access under the GDPR, California resident natural persons have the

right to:

  • Know the categories of personal information we collect and the categories of sources from which we got the information;
  • Know the business or commercial purposes for which we collect and share personal information;
  • Know the categories of third parties and other entities with whom we share personal information; and
  • Access the specific pieces of personal information we have collected about you.

 

[GDPR] Right to rectification. The right to obtain the rectification of inaccurate Personal Data pertaining to that Data Subject.

[GDPR] Right to erasure. The right to have Personal Data pertaining to him/ her that is under Processing by GPI erased and therefore Processing stopped, unless a legal duty or have a legitimate ground to retain certain data prevents GPI from observing such right, in which case the Data Subject shall be duly informed.

[CCPA] Right to deletion – again in a similar manner to what the GDPR rules, natural persons who reside in the state of California may, in some circumstances, ask us to delete their personal data/ information.

 

[GDPR] The right to restrict processing. Under relevant conditions set out by the law, the right to request and have in place processing restrictions (in scope and purpose) towards Personal Data that pertains to him/ her. When exercising this right, the Data Subject must be specific about which processing activities are being requested to be restricted and the Controller shall provide feedback to the Data Subject on either the completion of the request or any potential collateral impact that may derive from implementing the requested objection to Processing, asking for additional confirmation prior to implementing the request.

[GDPR] The right to object to processing. The right to object to processing activities that have been qualified under this Privacy Policy has occurred under the Legal Basis of Legitimate Interest by the side of GPI. The exercise of this right may also occur where the Data Subject wishes to opt-out from an existing Service (and not necessarily canceling the Service). When exercising this right, the Data Subject must be specific about which processing activities are being requested to stop and the Controller shall provide feedback to the Data Subject on either the completion of the request or any potential collateral impact that may derive from implementing the requested objection to Processing, asking for additional confirmation prior to implementing the request.

[CCPA] Right to opt out of sales – We do not “sell “ your data under any circumstances.

[GDPR] Right to data portability. The right to receive the Personal Data pertaining to that Data Subject, in a structured, commonly used and machine-readable format as well as the right to transmit such Personal Data to another controller without hindrance. GPI will share the Personal Data over a secure channel, and that (depending on the type of Data as well as volume) may imply the need to convey a “password” via an alternative communication channel to the Data Subject to ensure authorized secure access.

[GDPR] Right to be informed about a Personal Data Breach. The Data Subject has the right (and it is the Controller’s obligation by law to ensure it) to be informed of any unauthorized disclosure or potential disclosure of his/ her Personal Data to unauthorized 3rd parties within 72 hours of its occurrence.

[GDPR] Right to lodge a complaint with a supervisory authority. The right to lodge a complaint regarding GPI’s Processing activities over his/ her Personal Data towards any of the EU Member States data protection Supervisory Authorities. GPI is however also available to provide any clarification towards those Data Subjects who may feel that it’s Processing of the Personal Data that pertains to them has negatively impacted them or somehow breached their rights under GDPR and/ or the right to Privacy, having such Personal Data processed in a secure manner and Confidentiality assurance. Data Subject may submit a complaint via the request process as per herein defined ahead.

 

[LGPD Brazil] Right to Anonymization , Blocking, or Deletion: The LGPD explicitly grants the right to request the anonymization, blocking, or deletion of unnecessary or excessive data, or data not processed in compliance with the law.

 

[LGPD Brazil] Information on Shared Usage: The LGPD explicitly requires controllers to inform data subjects about which public and private entities their data has been shared with.

 

[CCPA] Right to be free from discrimination – You may exercise any of the above rights without fear of being discriminated against. We are, however, permitted to provide a different price or rate to you if the difference is directly related to the value provided to you by your data.

 

For any of the above-mentioned CCPA related rights, you may designate an authorized agent to make a request on your behalf. In the request, you or your authorized agent must provide including information sufficient for us to confirm the identity of an authorized agent. We are required to verify that your agent has been properly authorized to request information on your behalf and this may take additional time to fulfill your request.

We will use the information you provide to make your CCPA rights requests to verify your identity, identify the personal information we may hold about you, and act upon your request.

 

Any “Data Subject” may exercise his/ her rights under “GDPR” by reaching out to GPI’ “DPO” through the e-mail address dataprivacy@globalproductinsights.com.

 

If you have any questions, complaints or wish to exercise your rights under “GDPR”, please do make clear on your message:

 

  • Purpose: Question; Complaint; Exercise of the “Data Subject’s” rights under “GDPR”
  • WHAT triggered your need to contact us?
  • WHEN did the root cause which triggered the need to contact us took place?
  • If a Member, your Member ID, or if not a mobile phone number or alternative personal e-mail address so we may proceed with a two-factor authentication process.

 

Why the need to provide alternative personal contact?

 

Under “GDPR” only the “Data Subject” may exercise his/ her rights, hence companies must ensure and document that the “Data Subject” or his/ her legal representatives are the ones interacting with the company while acting over his/ her “Personal Data”. The way to ensure such “authentication” with regards to “Data Subjects” who do not have digital credentials on any GPI web-based platforms is to forward code to that “Data Subject” via an alternative communication channel to the standard e-mail address which served the purpose of the initial contact and has a code generated by GPI included on all messages that pertain the exercise of “Data Subjects’” rights or actions over such “Data Subject’” “Personal Data”.

 

Glossary

“Affiliate” means any entity that directly or indirectly controls, is controlled by or is under common control with each Party. Whereas “Control,” for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the Party.

 

“Controller” means the “Party” which determines the “Personal Data” which is forward to the other “Party” under the “Services” scope, and the inherent “Personal Data” Treatment” purposes, processes and/ or workflows which must be observed by the other “Party” within the mutual relationship.

 

“Data Protection Officer”/ “DPO” means the natural person within a company who bear the responsibility of ensuring corporate compliance towards “GDPR” (as per defined under this Regulation), both by means of monitoring compliance status as well as acting towards the organization and management structure informing those about existing non-conformity points and the need for the organization to act upon them in order to make them compliant with “GDPR” rules, guidelines and requirements.

 

“Data Subject” means the identified or identifiable natural person to whom “Personal Data” relates. Both Parties understand that the “Data Subject” is the sole owner of “Personal Data” which pertains to him/ her.

 

“Data Subjects’ Rights” means the rights established towards the “Data Subjects” under “GDPR”. Please check the item below under the title “HOW to exercise Data Subjects’ rights”

 

“GDPR” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regards to the “Personal Data” Treatment” and on the free movement of such data, while

 

Repealing and replacing the Directive 95/46/EC from May 25th, 2018 onwards.

 

“IT Landscape” means the set of IT assets and services of and at the disposal of each “Party” that enables their “Personal Data” Treatment” operation, meaning the communications infrastructure (LAN, WAN, Wi-Fi networks), Data Center and technical rooms, Cloud-based services, workstations, software systems and tools, mobile devices in use, peripheral IT devices, Firewalls and web-based resources.

 

“Legal Basis” means the enlisted lawful grounds that a company has to entice “Personal Data” Treatment” activities under “GDPR”, namely (but not limited to) having documented: the “Data Subject’” Explicit Consent towards “Personal Data” Treatment” activities; the company Legitimate Interest in proceeding with ““Personal Data” Treatment” activities; accessory legal obligations that the company must observe and which entitled it to proceed with “Personal Data Processing Activities” activities within the limits of such ruling and inherent obligations; other as per defined under “GDPR”.

 

“Partner” means any 3rd party entity towards which each “Party” may resort in order to ensure “Personal Data Processing Activities” under a “Legal Basis” (as established by “GDPR”) and within the scope of agreed “Services”.

 

“Personal Data” means any data which by itself or when cross-referenced with other data enables one to univocally identify one given natural person, the “Data Subject”.

 

“Personal Data Processing Activities” means any operation or set of operations which is performed upon “Personal Data”, whether or not by automated means, such as collection/ retrieval; accessing (consultation, use); processing (organization, structuring, adaptation or alteration); storage (recording, erasure or destruction); sharing (disclosure by transmission, dissemination or otherwise making available, publishing).

 

“Personal Data Breach” means any “event” or “incident” (as per ITIL definition) which enables the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to “Personal Data”.

“Processor” means the entity which proceeds with authorized “Personal Data Processing Activities” (under this DPA and the “Agreement”) on behalf of the “Controller”.

 

“Service Catalog” means the set of Services rendered by GPI that requires “Personal Data Processing Activities”.

 

“Sub-processor” means any “Processor” engaged by any of the “Parties” which performs complimentary “Personal Data Processing Activities” within the scope of the “Services”.

Contact Us

If You have any questions or complaints about this Policy, please contact Us at :

E: dataprivacy@gpiexperience.com

P: +1 (910) 722 1560 (U.S.) or +41 79 137 2228 (outside U.S.)