Updated 18 April 2023

1.1. Purpose

Privacy policy of SS Holdings Group, LLC D/B/A Sago, branded as “Sago”, for people who are engaging with us or our digital platforms as research or prospective clients, as research partners or participants (e.g., consumers, healthcare professionals, patients, or business individuals).

1.2. Policy

Your privacy is important to us.

It is Sago’s policy to respect your privacy and comply with any applicable law and regulation regarding any personal information we may collect about you, including across our website, and other sites we own and operate.

In the event our site contains links to third-party sites and services, please be aware that we have no control over the content and policies of those sites and cannot accept responsibility or liability for their respective privacy practices.

Our privacy policy aims to bring you all the necessary transparency for a positive and confident experience with our services. Additional information may be provided to you as necessary when you sign up for a particular product or service.

Our privacy policy complies with global research industry Codes and Standards, as well as all pertinent laws governing privacy.

1.2.1 What Information Do We Collect

Information we collect falls into one of two categories: “voluntarily provided” information and “automatically collected” information.

“Voluntarily provided” information refers to any information you knowingly and actively provide us when using or participating in any of our services and promotions.

“Automatically collected” information refers to any information automatically sent by your devices while accessing our products and services.

We only collect and use your personal information lawfully, fairly, and in a transparent manner. We systematically respect the principle of minimization, which implies collecting and processing only what is strictly necessary to achieve our legitimate objective. We do not aim any of our products or services directly at children under the national child age consent, and we do not knowingly collect personal information about children under the national child age consent.

The information notice that is sent to you before any collection or processing details the applicable legal basis, which depends on the services you use and how you use them. This means we only collect and use your information on the following grounds:

In order to respect your choice when we request consent from you:
“Personal information” only includes information relating to natural persons who can be identified or who are identifiable, directly from the information in question. Or who can be indirectly identified from that information in combination with other information. For example, name, contact details, location, consumer options/preferences, video/audio recordings… We may ask your consent for processing such information — for example, when you register an account or when you contact us via email, social media, or any similar technologies — which may include your name, your email, your phone/mobile number… When you contact us, you shall consent to your name and email address being used so we can respond to your inquiry.

Participation in all market research projects is voluntary and based on consent. Respondents may opt out of any market research project, at any time.

Personal information may also include “Sensitive information” or “Special categories of data” which is a subset of personal information that is given a higher level of protection. The types of sensitive information that we may collect about you include:
· Racial or ethnic origin
· Political opinions
· Religion
· Philosophical beliefs
· Sexual orientation
· Sexual practices or sex life
· Health information

We will not collect sensitive information about you without first obtaining your consent, and we will only use or disclose your sensitive information as permitted, required, or authorized by law.

In addition, we ensure that strengthened security measures are applied to these data, in order to avoid any breach of confidentiality, integrity, and availability.

“Cookie” is a small piece of data that our website stores on your computer and accesses each time you visit. We use cookies to collect information about you and your activity across our site to understand how you use our site and to enable you to access and use our website. At all times, you may decline cookies from our site.

Please refer to our Cookie Policy for more information.

You may withdraw your consent at any time using the facilities we provide; however, this will not affect any use of your information that has already taken place.

While you may request that we delete your contact details at any time, we cannot recall any email we have already sent. If you have any further inquiries about how to withdraw your consent, please feel free to enquire using the details provided in the Contact Us section of this privacy policy.

In order to allow the performance of a contract or transaction at your request:
For example, if you purchase a product, service, or subscription from us, we may need to use your personal and payment information in order to process and deliver your order.

In order to follow our legitimate interests:
Where we assess whether it is necessary for our legitimate interests, such as for us to provide, operate, improve, and communicate our services, we consider our legitimate interests to include:

· research and development, understanding our audience, marketing and promoting our services, measures taken to operate our services efficiently, marketing analysis, and measures taken to protect our legal rights and interests,
· business development, including operating and improving our website, associated applications, and associated social media platforms,
· security and fraud prevention, and to ensure that our sites and apps are safe, secure, and used in line with our terms of use.

When you visit our website, our servers may automatically log the standard data provided by your web browser. It may include your device’s Internet Protocol (IP) address, your browser type and version, the pages you visit, the time and date of your visit, the time spent on each page, and other details about your visit. The data we collect can depend on the individual settings of your device and software. We recommend checking the policies of your device manufacturer or software provider to learn what information they make available to us.

Additionally, if you encounter certain errors while using the site, we may automatically collect data about the error and the circumstances surrounding its occurrence. This data may include technical details about your device, what you were trying to do when the error happened, and other technical information relating to the problem. You may or may not receive notice of such errors, even at the moment they occur, that they have occurred, or what the nature of the error is.

Please be aware that while this information may not be personally identifying by itself, it may be possible to combine it with other data to personally identify individual persons.

“Transaction data” refers to data that accumulates over the normal course of operation on our platform. This may include transaction records, stored files, user profiles, analytics data, and other metrics, as well as other types of information, created or generated, as users interact with our services.

We consider “User-generated content” to be materials (text, image and/or video content) voluntarily supplied to us by our users for the purpose of publication, processing, or usage on our platform. All user-generated content is associated with the account or email address used to submit the materials.

Please be aware that any content you submit for the purpose of publication will be property of the client after posting (and subsequent review or vetting process). User-generated content cannot be used for purposes beyond market research (i.e., advertisements and customer testimonials) without express written permission. Once published, it may be accessible to third parties not covered under this privacy policy.

In order to comply with the law:
In some cases, we may have a legal obligation to use or keep your personal information. Such cases may include (but are not limited to) court orders, criminal investigations, government requests, and regulatory obligations. If you have any further inquiries about how we retain personal information in order to comply with the law, please feel free to enquire using the details provided in the Contact Us section of this privacy policy.

1.2.2 How Do We Ensure the Security of Your Personal Information

Because we are ISO 27001 certified, we comply with high international standards for computer security and the protection of personal information.

When we collect and process personal information, and while we retain this information, we will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorized access, disclosure, copying, use, or modification.

We comply with laws applicable to us in respect of any data breach.

1.2.3 How Long Do We Keep Your Personal Information

We keep your personal information only for as long as we need to. This time period may depend on what we are using your information for, in accordance with this privacy policy.

For example, if you have provided us with personal information as part of creating an account with us, we may retain this information for the duration your account exists on our system.

If your personal information is no longer required for this purpose, we will delete it or make it anonymous by removing all details that identify you.

However, if necessary, we may retain your personal information for our compliance with a legal, accounting, or reporting obligation (i) such as reporting of Incentive payments on a yearly basis to federal and/or state regulatory authorities pursuant to legal requirements or (ii) for archiving purposes in the public interest, scientific, or historical research purposes or statistical purposes.

They will then be destroyed or archived in accordance with legal requirements.

1.2.4 Who Are the Recipients of Your Personal Information and Where Are They Located

We may disclose personal information to:
· a parent, subsidiary, or affiliate of our company in order to provide product support
· third-party service providers for the purpose of enabling them to provide their services, including (without limitation) IT service providers, data storage, hosting and server providers, analytics, error loggers, debt collectors, maintenance or problem-solving providers, professional advisors, and payment systems operators
· our employees, contractors, and/or related entities in order to support the product
· our existing or potential agents or business partners in order to support the product
· credit reporting agencies, courts, tribunals, and regulatory authorities, in the event you fail to pay for goods or services we have provided to you
· courts, tribunals, regulatory authorities, and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise, or defend our legal rights
· third parties, including agents or sub-contractors, who assist us in providing information, products, services, or direct marketing to you
· an entity that buys, or to which we transfer all or substantially all of our assets and business

Third parties we currently use include:
• Google Analytics for product usage metrics (unless prohibited by national data protection authorities);
• Google Ads and LinkedIn Insights Tag to measure our marketing campaigns;
• Drift Chatbot to help site visitors to navigate and make decisions;
• Marketo (our Automation tool) to record and process user-submitted information;
• Sense to get account insights;
• Research Defender, Imperium, IPQualityScore, RelevantID, and MaxMind to identify suspicious respondents, eliminate fraudsters and bad actors, and ensure accurate and high-value datasets.

If we or our assets are acquired, or in the unlikely event that we go out of business or enter bankruptcy, we would include data, including your personal information, among the assets transferred to any parties who acquire us.

You acknowledge that such transfers may occur and that any parties who acquire us may, to the extent permitted by applicable law, continue to use your personal information according to this policy, which they will be required to assume as it is the basis for any ownership or use rights we have over such information.

The personal information we collect is stored and/or processed in the United States, or where we or our partners, affiliates, and third-party providers maintain facilities.

The countries to which we store, process, or transfer your personal information may not have the same data protection laws as the country in which you initially provided the information. If we transfer your personal information to third parties in other countries: (i) we will perform those transfers in accordance with the requirements of applicable law; and (ii) we will protect the transferred personal information in accordance with this privacy policy.

1.2.5 Which Are the Security Measures in Place?

Access to private, sensitive, and confidential information, including your personal information, is restricted to authorized employees with legitimate business reasons.

All employees are expected to always maintain the confidentiality of personal information, and failure to do so will result in appropriate disciplinary measures.

We follow reasonable technical and management practices to help protect the confidentiality, security, and integrity of data stored on our system. While no computer system is completely secure, the measures implemented by our website reduce the likelihood of security problems to a level appropriate to the type of data involved.

We employ physical, electronic, and procedural safeguards in connection with the collection, storage, and disclosure of any personal contact information.

We encrypt the transmission of sensitive information using secure socket layer technology (SSL).

1.2.6 What Are Your Rights

· Your choice: By providing personal information to us, you understand we will collect, hold, use, and disclose your personal information in accordance with this privacy policy. You do not have to provide personal information to us, however, if you do not, it may affect your use of our website or the products and/or services offered on or through it.
· Information from third parties: If we receive personal information about you from a third party, we will protect it as set out in this privacy policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such a person’s consent to provide the personal information to us.
· Marketing permission: If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by contacting us using the details below.
· Correction: If you believe that any information, we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, please contact us using the details provided in this privacy policy. We will take reasonable steps to correct any information found to be inaccurate, incomplete, misleading, or out of date.
· Non-discrimination: We will not discriminate against you for exercising any of your rights over your personal information. Unless your personal information is required to provide you with a particular service or offer (for example processing transaction data), we will not deny you goods or services and/or charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties, or provide you with a different level or quality of goods or services.
· Complaints: If you believe that we have breached a relevant data protection law and wish to make a complaint, please contact us using the details below and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint. You also have the right to contact a regulatory body or data protection authority in relation to your complaint.

Under European, Australian, and Canadian data protection laws, you also have the following rights:
· Access: You may request details of the personal information that we hold about you.
· Downloading of Personal Information: We provide a means for you to be provided with the personal information you have shared through our site. Please contact us for more information.
· Restrict: You have the right to request that we restrict the processing of your personal information if (i) you are concerned about the accuracy of your personal information; (ii) you believe your personal information has been unlawfully processed; (iii) you need us to maintain the personal information solely for the purpose of a legal claim; or (iv) we are in the process of considering your objection in relation to processing on the basis of legitimate interests.
· Objecting to processing: You have the right to object to the processing of your personal information that is based on our legitimate interests or public interest. If this is done, we must provide compelling legitimate grounds for the processing which overrides your interests, rights, and freedoms, in order to proceed with the processing of your personal information.
· Data portability: You may have the right to request a copy of the personal information we hold about you. Where possible, we will provide this information in CSV format or another easily readable machine format. You may also have the right to request that we transfer this personal information to a third party.
· Deletion: The data controller of a project may have a right to request that we delete the personal information we hold at any time, and we will take reasonable steps to delete personal information from our current records. If you ask us to delete your personal information, we will let you know how the deletion affects your use of our website or products and services. There may be exceptions to this right for specific legal reasons which, if applicable, we will set out for you in response to your request. If you terminate or delete your account, we will delete your personal information without undue delay. Please be aware that search engines and similar third parties may still retain copies of your personal information that has been made public at least once, like certain profile information and public comments, even after you have deleted the information from our services or deactivated your account.

We would respond to your requests without undue delay and at the latest within one month of receipt of your request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests.

1.3. United States Considerations

The purpose of this privacy policy is to inform you about the processing of your personal data by Sago and its entities in accordance with research industry Codes and Standards relating to the USA and additionally the country in which each Sago company is based.
Sago companies comply with all pertinent Federal and State laws governing privacy, including but not limited to the enacted California Consumer Privacy Act (CCPA) and recently amended California Privacy Rights Act (CPRA).
For questions or concerns relating to privacy, you may contact us by email at
All requests to exercise your rights must be accompanied by the details necessary to process your request. A copy of proof of identity may be requested if necessary.

1.4. European Considerations

The purpose of this privacy policy is to inform you about the processing of your personal data by Sago and its entities in accordance with the European Data Protection Regulation (the GDPR) and the UK GDPR, the amended French Data Protection Act, the new Spanish Fundamental Law on Data Protection (the NLOPD), the new German Federal Data Protection Act (the BDSG), and the UK Data Protection Act (the DPA).
Sago has signed internal EU Commission Standard Contractual Clauses and UK Addendum to safeguard its international transfers of personal data.
You have the right to lodge a complaint with your national data protection authority. You can find more information about your data protection rights on your authority’s website.
Sago has appointed a Data Privacy Officer in each European country to be your privileged interlocutor regarding the processing of your personal data. If you wish to contact a DPO, you can write to them at the following addresses:

All requests to exercise your rights must be accompanied by the details necessary to process your request. A copy of proof of identity may be requested if necessary.

1.5. Canadian Considerations

The purpose of this privacy policy is to inform you about the processing of your personal data by the Sago and its entities in accordance with the laws of Ontario and the applicable federal laws of Canada.
If you have any questions or comments about this Privacy Policy, you may contact us at or via postal mail at:
370 King St. West, 5th Floor, Box 4
Toronto, ON, Canada, M5V1J9

1.6. Australian Considerations

The purpose of this privacy policy is to inform you about the processing of your personal data by Sago and its entities in accordance with the federal Privacy Act, the Australian Privacy Principles, and States and Territories’ legislations.
The Central Server is located in an Australian data centre with a fully redundant network with No Single Point of Failure, contains Multiple Layers of Network Security and is also secured with Windows Firewall and IPsec Policy.
You can change your information at any time, through the profile tab in your member portal. We are obliged by law to ensure that your information is accurate and up to date at all times.
If you have any queries or complaints in relation to your personal information, please don’t hesitate to get in touch:
You will need to outline what information you would like access to or identify your concerns. We will endeavour to respond to you within 3 business days.

1.7. How Can You Find Out About Changes to This Policy

At our discretion, we may change our privacy policy to reflect updates to our business processes, current acceptable practices, or legislative or regulatory changes. If we decide to change this privacy policy, we will post the changes here at the same link by which you are accessing this privacy policy.
If the changes are significant, or if required by applicable law, we will contact you (based on your selected preferences for communications from us) and all our registered users with the new details and links to the updated or changed policy.
If required by law, we will get your permission or give you the opportunity to opt in to or opt out of, as applicable, any new uses of your personal information.

1.8. Contact Us

For any questions or concerns regarding your privacy, you may contact us using the following details: