Data Protection and Privacy Policy

Last Updated: December 2025

1. Introduction and Scope

Eiger Insights ("we," "us," or "our") is a market research consultancy committed to the highest standards of data protection and privacy. This policy outlines our practices regarding the collection, use, and safeguarding of personal data for our clients, website visitors, and research participants. We strictly adhere to the Insights Association Code of Standards and comply with applicable regulations, including GDPR, CCPA, and CAN-SPAM.

2. Definitions

  • Personal Data: Information used to distinguish or trace the identity of an individual, such as name, geolocation data, and employment or educational information.

  • Sensitive Data: Specific categories of personal data requiring the highest protection, including financial data, health records, or religious beliefs.

  • Consent: A voluntary, informed agreement provided by a research subject through an explicit "opt-in" after being informed of the nature and purpose of data collection.

3. Principles of Research Participation

  • Transparency and Notice: We promptly identify ourselves and state the general purpose of the research at the start of every engagement.

  • Voluntary Participation: Participation is always voluntary. Subjects have the right to refuse to participate, terminate their participation at any time, or withdraw consent.

  • Data Minimization: We limit the collection of personal data to only what is strictly necessary for the specific research requirements.

  • International Transfers: Data may be processed in the United States or other jurisdictions where our service providers operate. We ensure all transfers comply with applicable data protection laws.

4. Data Sharing and Third Parties

  • The "No Sale" Rule: We do not sell, rent, or trade your personal information to third parties.

  • Service Providers: We utilize third-party tools (e.g., survey platforms, incentive fulfillment services). All service providers are contractually bound to implement appropriate security measures and protect data to our standards.

  • Incentive Fulfillment: Personally Identifiable Information (PII) used solely for incentive delivery is stored separately from research responses and is destroyed immediately following verified delivery.

5. Children’s Privacy

Eiger Insights does not knowingly collect personal data from children under the age of 13 (or the applicable age in your jurisdiction) without verifiable parental or guardian consent. If we become aware that we have inadvertently collected such data, we will take immediate steps to delete it securely.

6. Data Security and Storage

  • Encryption Standards: Eiger Insights complies with Google Cloud Security Standards, utilizing file encryption for storage – both when data is in-transit and at-rest.

  • Access Control: Access to personal data is restricted to authorized personnel who are contractually bound to maintain confidentiality.

  • PII Destruction: PII is destroyed on a strict cadence of 24 months post-project close.

  • Anonymization: Research results are delivered to clients in aggregate, non-PII formats to maintain respondent anonymity.

  • Breach Notification: We maintain a response plan and will notify affected parties and relevant authorities of any significant data breach as required by law.

7. Website Practices & Cookies

Our website may use cookies to enhance functionality and analyze traffic. We do not use tracking cookies for the purpose of serving advertisements or selling data. You can choose to disable cookies through your browser settings, though some site features may be affected.

8. Data Subject Rights

Upon request, individuals have the right to access, correct, or update any personal data being retained about them. We also allow research subjects to withdraw their consent or request data deletion at any time.

9. Changes to this Policy

We reserve the right to update this policy to reflect changes in our practices or legal obligations. Significant changes will be noted on this page with an updated "Last Updated" date.

10. Contact Information

For questions regarding this policy or to exercise your data rights, please contact:

Charles Framularo, Founder & Principal, Eiger Insights, charles@eiger-insights.com, Boulder, CO