This agreement was written in English (US). To the extent any translated version of this agreement conflicts
with the English version, the English version controls.
Last updated: February 1, 2017
Before you begin: your personal data at Empato
Your data does not belong to any company. It belongs to you. Therefore, you have the right to know what
data we will ask you for and why. At Empato, you are in charge. You'll know what data you send us and what
data you don't.
Thanks to the data from everyone who takes part in Empato surveys, we create statistics on surveys and
consumption. These statistics help other companies improve their services. And since this information has
a certain value, you deserve to receive something in exchange. Selling anonymous statistics is our only
business model. At Empato, we're not in the market of selling personal data. Or advertising.
Empato is an initiative of Empato Research SRL, a company based in Romania, Registered in the
Commercial Registry of Brasov under Series B, Number 3343981, Registration Number J8/2235/31.10.2016
and holder of Taxpayer VAT ID RO-36687801. We're committed to every individual's right to data protection.
Empato is governed by the data protection rules of the European Union, which represent the world's highest
standard on privacy. We believe in transparency, and next we'll tell you how we use the personal information
you provide us.
Privacy and Security is in our DNA
From day one, we built Empato to understand the world’s intelligence. Our mission is to understand how
humans think, to help brands understand consumers, and eventually humans better understand each other.
We start by asking questions, otherwise known as surveying. We believe that, if millions of consumers, just
like you, answer even more millions of questions, we can eventually reach a massive understanding of the
human mind. And on this journey, we will be asking all you all kinds of questions. From basic ones, like age
or gender, to knowing your email address so we can contact to redeem survey rewards.
We will never ask more sensitive questions such as whether you suffer of specific ailments, things you like,
places you go or even religious belief.
We know we can only get to that point if we build trust with everyone we interact with. This is why we have
designed our systems to be encrypted from day one. When encrypted, any information you share with us is
secured from falling into wrong hands.
Privacy by Default
Empato encrypts your data from the first moment you interact with our surveys. This means we never store
the real data we collect from you, but only the result of our encryption algorithms. Think of this like securing
your data with a lock, the key thrown away and never made visible to anyone outside of Empato. Every
question you answer, every information you provide us with, is always encrypted in this way. Further to this,
we encrypt your data throughout its entire journey in our records - from collection to storage. This is often
referred to as encryption both in-transit and at-rest. In-transit means that data you provide us with is
encrypted continuously throughout an active session you have open with our systems. Usually, this means
throughout your engagement in one of our surveys. At-rest means the data is always being encrypted before
being stored in any database we own or operate. In short, these safeguards ensure you are protected from
Our team is committed to and trained in security and privacy. Your data is hosted on secure servers. We
apply technical and physical measures to responsibly protect your information. If we fall prey to a cyber
attack and your information is compromised, we'll communicate this to both yourself and the relevant local
authorities within 72 hours.
Privacy by Design
From day one of designing our technology infrastructure, we designed with your privacy in mind. This means
every step of the process is carefully designed so that any data collected is processed according to the
highest security standards. First, we never store your real information in our databases. We use an approach
called pseudonymisation which, in essence, replaces any personally identifiable information, such as your
name or email address with information generated by software algorithms designed for this purpose. For
example, if your name is Alex, our systems will anonymize that in something that resembles b654f1fe-3340-473c-8457-c915fcd2b0d7.
We do this with every single data point we collect from you. The benefit of this extra precautionary measure
is that, in the event of an attack on our databases, the attacker would only retrieve information they cannot
understand or process without decryption algorithms and keys. These algorithms and keys are stored
separately from any data we collect from you, as another layer of security for your information.
Empato’s policies and procedures on the collection, use, disclosure, and sharing of your information when
you use the Empato Service, via the Empato website, Empato content embedded on another site (such as an
Empato survey frame embedded into a partner website), your mobile phone, or through one of Empato’s
applications for mobile devices (e.g., the Empato iPhone application). We will not use or share your
information we collect by other means (including offline) or from other sources. Capitalized terms that are
Information Collection and Use
Empato uses information we collect to analyze how the Service is used, diagnose service or technical
problems, maintain security, personalize content, remember information to help you efficiently access
surveys we may have available for you, monitor aggregate metrics such as total number of visitors, traffic,
and demographic patterns.
User-Provided Information, or “personal information”
All information that you give us is personal, insofar as it is information related to you as a person. However,
what we call "personal information" is data that allows us to identify you unambiguously. For example, it
includes your email address, mailing address and your first and last names.
We need this so we can communicate with you, so you can be a part of our community or so we can send
you rewards you may be eligible to after participating in our surveys.
You provide us information about yourself, such as your name, e-mail address and interests, if you register
for a member account with the Service. An account is automatically created for you on the first survey you
take with Empato. Your name and other information you choose to share with Empato will be stored in our
databases. We may use your email address to send you Service-related notices (including any notices
required by law, in lieu of communication by postal mail) survey invitations if you opt in to be contacted this way or for general
matters related to some of the rewards you qualify for participating in our surveys. We may also use your contact information to send you marketing email messages. If
you do not want to receive such messages, you may opt out by following the instructions in the message. If
you correspond with us by email, we may retain the content of your email messages, your email address and
If you use your Facebook, Twitter, or other social networking site (“SNS”) account information to sign in to
Empato, we will collect and store your SNS user ID. If you connect your Empato account with your SNS
account (such as to enable creating an Empato respondent account for you), we ask for your permission to
collect certain information from your SNS account (such as information from your SNS profile).
You also provide us information in User Content you post to the Service. Your questions, answers, and other
contributions on the Service, and metadata about them (such as when you posted them), are encrypted and
stored in databases we use to operate the Service, along with your name (unless the Service permits you to
post anonymously). We never share this information with third parties, and it is encrypted with the highest
level of security at all times. Simply put, in the event our databases may suffer a hacking attack, the
information stored there is useless to an attacker, as encryption technology renders it illegible.
Information Collected Automatically
We automatically assign a unique personal identifier to you when you take the first survey at Empato. It
consists of a sequence of letters and numbers. The unique identifier is unlike anything else in your personal
information. Its purpose is specifically to identify you inside Empato, all the while protecting your identity
from third parties. It's useful in the internal organization of information and in the coordination with clients
to whom we send the information that you provide us. We always use your unique identifier to share your
opinions on surveys with our clients. In this way we avoid revealing your personal data. By accepting this
We’ll never link your responses to surveys with your real identity. We'll keep your responses to surveys linked
to your unique identifier, but never to your identification data. This rule is known as "information
disassociation": We and our clients are interested in your opinions and your behavior, which we
anonymously add to that of many other members and in this way create general statistics. It is not in our
interest or that of our clients to link your opinion to your real identity.
When you use the Service, we use persistent and session cookies (for information on cookies, please see below)
and other tracking technologies such as log files, clear GIFs, and Flash technologies to: (a) store the personal
identifier we assign to you when you take Empato surveys; (b) analyze the usage of the Service; and (c) customize
the Service to your preferences. We also may include clear GIFs in HTML-based emails sent to our users to determine
whether the message has been opened. As we adopt additional technology, we may also gather additional information
through other methods.
We use these automated technologies to collect and analyze certain types of information, including: (a)
information related to the devices or browsers you use to access or interact with the Service, such as: IP
addresses, unique device identifiers and other information about your mobile phone or other mobile
device(s), browser types, browser language, and unique numbers or codes in cookies; and (b) information
related to the ways in which you interact with the Service, such as: referring and exit pages and URLs,
platform type, the number of clicks, domain names, landing pages, pages viewed and the order of those
pages, the amount of time spent on particular pages, the date and time you used the Service, and other
Empato never discloses any of this automatically collected information publicly.
A cookie is a small text file stored by a website in a user’s web browser (e.g. Internet Explorer, Safari, Firefox
or Chrome) that helps us in many ways to make your visit to our website more enjoyable and meaningful to
you. Among other things, cookies avoid you having to log in every time you come back to our website. They
also allow us to connect you to survey opportunities that better match your interests and preferences.
A session cookie is stored only in your computer’s working memory (RAM) and only lasts for your browsing
session. When you close all your browser’s windows, or when you shut down your computer, the session
cookie disappears forever.
A persistent cookie remains on your computer after you close your browser so that it can be used by your
browser on subsequent visits to the Service. Persistent cookies stay on your computer until either they
expire or are overwritten with newer cookies, or you manually remove them. Most browsers can be
configured not to accept cookies, however, this may prevent you from having access to some site functions
While specific names of the cookies and similar technologies that we use may change from time to time as
we improve and update our services, they generally fall into the below categories of use:
Authentication and security cookies. We use these cookies to enable you to remain logged into Empato, and
verify that it is you as you use Empato. This helps keep your account safe and secure from unauthorized
use, and helps combat spam and other abuse which violates our policies.
Analytics and research cookies. We use these cookies to better understand how people use Empato. For
example, how often particular features are used, or which content leads towards user activity.
Product features and setting cookies. We use these cookies to enable the functionality of some features
within the Empato product, in particular to personalize the experience towards you. We also use these
cookies to store certain of your preferences and settings.
For additional information on how to block cookies, please refer to the privacy or security settings of your
Third Party Analytics
Empato may allow third parties to help us collect and analyze information about your use of the service,
and generate aggregate site usage statistics. These
the Service. Empato does not control the third parties’ use of such technologies and their use is governed by
those parties’ privacy policies.
Empato itself does not respond to “do not track” signals, and we do not control whether third parties do. For
above, and to opt-out of their tailoring of ads on third-party sites based on this information, see
How We Share Your Information
No other Empato respondents can see your data. Empato is not a social network.
Empato may share your information with third party service providers for the purpose of providing the
Service to you, such as payment processors, email service providers, and providers of technical
infrastructure (such as servers or databases co-located with hosting providers, or payment processors that
help us deliver the Service to you), engineering, or other support.
As we develop our business, we may buy or sell assets or business offerings. Customer, email, and visitor
information are generally among the transferred business assets in these types of transactions. We may
also transfer or assign such information in the course of corporate divestitures, mergers, or dissolution.
We may disclose your information if we are required to do so by law, or if we believe in good faith that it is
reasonably necessary to (i) respond to claims asserted against us or to comply with legal process (for
example, subpoenas or warrants), (ii) enforce or administer our agreements with users, such as the Terms
of Service; (iii) for fraud prevention, risk assessment, investigation, customer support, product development
and de-bugging purposes, or (iv) protect the rights, property or safety of Empato, its respondents, clients, or
members of the public.
By using the Service you consent to the transfer of your information to the United States and/or to other
global network. We're located in Brasov (Romania), but our clients and suppliers are international companies
identifying data internationally to other countries. We guarantee that we'll only collaborate with companies
that have an adequate level of security. For example, our clients located in the US have been certified in the
framework of the Privacy Shield program and are committed to protecting your data. While we take every
precautionary measure at our disposal to vet all partners that we work with for data protection and security,
the internet being a public network you may be exposing yourself to risks of breaches in this transfer
process, not limited to unauthorized parties gaining access to your personal data. By consenting to the
possible transfer of your information you acknowledge such risks and will not hold Empato liable in the
event of a breach.
We may aggregate and/or anonymize information collected through the Service so that the information does
not identify you. We may use aggregated, anonymized, and other de-identified information for any purpose,
including for research and marketing purposes, and our use and disclosure of such information is not
Empato will never disclose your personal information to any third party prior to asking for your explicit
consent, with the sole exception of using third party fulfillment services to distribute any rewards you may earn
as a result of your participation in our surveys.
Empato may share your personal information and/or social-demographic information, including, without limitation, a
unique identification number (“UID”), postal code, region, province, gender, marital status, education, ethnicity/race
(where permitted by applicable law), employment related information, non-personally identifiable information on household
members, consumer product and service usage and ownership (e.g., computers, cars, mobile devices, video games, etc.), home
ownership, pet ownership, employment information (e.g., title, role, travel, industry, etc.), and social grade, with third
party sample/market research companies (individually each a “Third Party MR Company” and collectively the “Third Party MR Companies”)
for the following purposes:
1. Identifying client survey opportunities that you may be eligible for through the Third Party MR Companies; and
2. Disclosing such data elements to clients of the Third Party MR Companies for audience measurement services; and
3. Appending such data elements to completed client surveys and delivering the appended survey data to clients of the Third Party MR
Company(ies) for analytical or research purposes; and
If you are eligible for a client survey opportunity offered through a Third Party MR Company, the Third Party MR Company will
provide your unique identification number and a survey link to us and we will invite you to participate in the client survey through
invitations you receive via email, text message or presented to you in online advertising we may run from time to time. We will not share your
name, email address, or phone number with the Third Party MR Companies. In connection with the sharing of your information with a Third Party MR
Company, your information may be transferred and stored outside of your country of residence, including, without limitation, in the United States,
If you have any questions about this data sharing please contact Empato at email@example.com
, or you can opt-out
by either clicking on the “Unsubscribe” link present in every email message we send you, or sending an email with the subject line “Unsubscribe” to
. If you opt-out, it is the responsibility of us to inform the Third Party MR Companies. Please note that Empato is solely liable and
responsible for managing all opt-out requests. Your participation in such survey opportunities does not entitle you to any benefits offered by, or
membership with, the Third Party MR Companies.
Intimate or Sensitive Data
Empato will never ask you for information related to your racial or ethnic origin, political opinions, religious
or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or
data concerning your sex life or sexual orientation.
How We Protect Your Information
Empato uses a variety of physical, managerial, and technical safeguards to preserve the integrity and
security of your information, based on the sensitivity of the information. We cannot, however, ensure or
warrant the security of any information you transmit to Empato or guarantee that your information on the
Service may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or
Your Choices About Your Information
You have the right to decline to submit information through the Service, in which case Empato may not be
able to provide certain services to you. You also have the right to withdraw your consent to submitting
information through the Service after having initially provided it. You can do so at any time by contacting us
You also have the right to have your data portable. To that end, Empato will provide, upon your request, all
data we have on record since the beginning of your relationship with Empato, in a universally transferable
file format, such as *.csv files. You own your data and are free to use it in any way you see fit. You may gain
access to this data by contacting us via email at firstname.lastname@example.org
You may update or correct the information we collect from you by contacting us via email at
Given the nature of the internet, data may never be guaranteed to be always up to date. We take all steps
available to us to ensure this, and regularly back up all data we collect, in many cases as often as every 24
hours. This means data Empato will provide to you upon request will represent the latest information
available in our records, but may not be an up to date reflection of all your information.
You may also delete your account if you chose to by contacting us via email at email@example.com
Once you leave Empato (whether by expressly requesting such or by our decision), we'll keep your personal
data on record for the ensuing 12 calendar months following your departure, in the event you reconsider. We
will not use the data that we save and it will remain duly blocked. After the 12 months expire, and if you do
not become active again within the 12 months, we will anonymize your data, removing any connection to you
and store it in a separate database for statistical analysis purposes.
Protecting the privacy of young children is especially important. Empato does not knowingly collect or solicit
personal information from anyone under the age of 18 or knowingly allow such persons to register with the Service. If we become aware that we have
collected personal information from a child under the relevant age without parental consent, we take steps
to remove that information.
Links to Other Web Sites
We are not responsible for the practices employed by websites linked to or from the Service, nor the
information or content contained therein. Please remember that when you use a link to go from the Service
website, including those that have a link on our website, is subject to that website’s own rules and policies.
Often times this means our clients’ own survey websites, so be sure to read and understand specific rules
and policies of the respective websites.
Your Right to Lodge a Complaint
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with
a supervisory authority, in particular in the Member State of your habitual residence, place of work or place
of the alleged infringement if you consider that the processing of personal data relating to you infringes your
rights on data protection and privacy. The supervisory authority with which the complaint is lodged shall
inform you on the progress and the outcome of the complaint including the possibility of a judicial remedy
pursuant to Article 78 of the EU General Data Protection Regulation.
In the, we hope, unlikely circumstance, you feel we may inadvertently breach any of your data privacy rights,
let’s talk. We are always open to resolve any issue amicably, and we encourage you to contact us to discuss
your case in detail. You can do so at all times by emailing us at firstname.lastname@example.org
. We of course hope
that will never be the case, as we take your privacy and security very seriously.
If we change our privacy policies and procedures, we will post those changes on this page to keep you
aware of what information we collect, how we use it and under what circumstances we may disclose it.
, or send regular mail to:
Empato Research SRL
13 Baba Novac Street
Brasov, 500333, Romania