This Online Privacy Policy (“Policy”) governs your use of the Institute for Mixed Methods Research (“IMMR”) website and services including any and all seminars, educational workshops, training sessions, and consulting services. IMMR is a subsidiary of SocioCultural Research Consultants, LLC (“SCRC”).
IMMR is committed to safeguarding the privacy of our website visitors and service users.
The following Policy applies where we are acting as a data controller with respect to the personal data of our website visitors and service users; in other words, where we determine the purposes and means of the processing of that personal data.
When using our sites and applications, You may transmit and obtain information, access online products and services, communicate with us or others, or link to other websites and services. You may choose to provide information so that IMMR can deliver enhanced products or services to You and to personalize Your experience on our website and while using our applications.
This Policy describes how we use and try to protect any Personally Identifiable Information (“PII”) You chose to transmit or share with IMMR.
This Policy was initially made effective on or about July 7, 2023; may be modified periodically; and is subject to change with or without notice, or by posting notice at:
https://www.immrglobal.org/privacy
The following principles govern websites and applications owned and operated by IMMR. These principles may or may not apply to any other websites of other entities to which we may provide links. IMMR is not responsible, and cannot control the privacy practices or content of any other website or service. IMMR collects PII when You use this website, register with IMMR, or use any other IMMR applications or services for the following purposes:
When You register with IMMR, we ask for Your name, e-mail address, physical address, telephone numbers and, in some cases, credit card information when You order services online. Some of our customers use IMMR to include teams of researchers, colleagues, or others to use IMMR services. Some of our customers include other institutions, businesses, or organizations as collaborators. Our customers will sometimes list business offices, individuals in those offices, or others involved in payment or business transactions on behalf of the customer. IMMR may store this information on behalf of our customers as necessary to fulfill our obligations to our customers. IMMR requires that all such customers use, hold and process such PII in accordance with applicable privacy laws.
IMMR also automatically receives and records information regarding Your IP address, cookie information, and the page(s) You requested.
IMMR routinely collects information that cannot be identified to a particular individual such as time-stamps and logs events (like features used, number of participants, etc.) This data is used for accounting/billing purposes as well as for performance and optimization of the IMMR services.
Some of our customers will store information that may identify the names, addresses, telephone numbers, or other identifying information linked to individuals, groups, or organizations that they have included in their information database. IMMR tries to ensure that such records are viewed only by the customer and others authorized by the customer to access such records. However, IMMR is not responsible for any unauthorized access which may result from actions beyond the sole and exclusive control of IMMR. Each IMMR customer represents that he, she, or it, has the full authority to transmit to IMMR all of the information actually transmitted.
IMMR reserves the right to change its privacy policies. IMMR will post those changes to this policy statement at least 30 days before they take effect. Therefore, You should view this online privacy policy every 30 days to check for changes. In limited cases, we may be required to disclose certain information to comply with a legal process, such as a court order, subpoena or search warrant.
IMMR will not sell or rent Your PII except as authorized under this policy.
IMMR will send PII about You to other companies or people only when one or more of the following situations apply:
You can direct IMMR to edit, correct, or erase Your PII, at any time, except as otherwise provided for in this policy which will be done within 45 days of receipt of Your request. Regarding sharing of Your PII, You may also request that IMMR stop sharing your personal information (“opt-out”). Regarding erasure of Your PII, If You request that IMMR erase your PII, we will notify any service providers or contractors to delete your PII from their records and all third parties whom the business has sold or shared the personal information to with the exception that the PII was collected, used, processed, or retained in its role as a service provider or contractor to the business. To request such account maintenance, send Your e-mail request to contact@immrglobal.org. You may also indicate that You do not wish to receive messages from IMMR regarding our services or update Your information relating to such messages at contact@immrglobal.org. Following Your request for either type of data editing, Your information will be changed within a reasonable amount of time in IMMR’s databases after we receive the information necessary to process Your request.
IMMR strongly recommends that You carefully guard any passwords issued by IMMR for use of the websites or applications.
The authorized client may choose to relinquish a password at any time. However, such relinquishment will only be effective if done so according to IMMR’s policies and procedures. Within thirty (30) days of service termination, IMMR will terminate all passwords issued to the Customer.
a. We use cookies on our website. Insofar as those cookies are not strictly necessary for the provision of our website and services, we will ask You to consent to our use of cookies when You first visit our website. See our Cookies Policy further below in Paragraph 15 entitled “Cookies Policy.”
b. Our website incorporates privacy controls which affect how we will process Your personal data. By using the privacy controls, You can specify whether You would like to receive direct marketing communications and limit the publication of Your information.
c. In this policy, "we", "us" and "our" refer to IMMR. For more information about us, see Section 13.
d. IMMR is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
e. There exists the possibility, under certain conditions, for the individual to invoke binding arbitration when other dispute resolution procedures have been exhausted.
f. IMMR is required to disclose personal information in response to lawful requests by public authorities, including those necessary to meet national security or law enforcement requirements.
g. IMMR acknowledges the potential liability in cases of onward transfers to third parties of personal data of EU individuals received pursuant to Privacy Shield.
This Paragraph sets forth:
b. We may process data about Your use of our website and services ("Usage Data"). Usage Data may include Your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of Your service use. The source of the usage data is Google Analytics and Stackify. Usage Data may be processed for the purposes of analyzing the use of the website and services, or for troubleshooting issues. The legal basis for processing of Usage data may include any one or more of the following: with Your express or implied consent, verbal or written; to carry out IMMR’s legitimate or rational interests, including without limitation: monitoring and improving our website and services including; as deemed reasonably necessary by law as understood by IMMR in its reasonable discretion; and/or to carry out the purpose of any of Your requests; and/or any other reasonable or rational basis in connection with Usage Data.
c. We may process Your account data which may include for example, without limitation: Your name and/or account names and/or supplied email address, provided by You, Your account manager and/or Your employer (“Account Data”). Account Data may be processed for the purposes of operating our website, providing our services, ensuring the security of our website and services. The legal basis for processing of Account Data may be processed on the basis of any one or more of the following grounds: with Your express or implied consent, verbal or written; any legitimate or rational interest, including without limitation: when seeking support/troubleshooting; performance of a contract between You and IMMR and/or taking steps, at Your request, to enter into such a contract; on an as-needed basis; and/or any other reasonable or rational basis in connection with Account Data.
d. We may process Your information ("Profile Data"). The profile data may include Your name, address, telephone number, email address, date of birth, and employment details. Profile Data may be processed for the purposes of enabling and monitoring Your use of our website/or services. The legal basis for processing of Profile Data may include any one or more of the following grounds, without limitation: with Your express or implied consent, verbal or written; any legitimate or rational interest, including without limitation: when seeking support/troubleshooting; performance of a contract between You and IMMR and/or taking steps, at Your request, to enter into such a contract; on an as-needed basis; and/or any other reasonable or rational basis in connection with Profile Data.
e. We may process Your personal data that are provided in the course of the use of our services ("Service Data"). The service data may include Your name, address, telephone number, email address, date of birth, and employment details. The Service Data may be processed for the purposes of enabling and monitoring Your use of our website/or services. The legal basis for processing of Service Data may be processed on the basis of any one or more of the following grounds: with Your express or implied consent, verbal or written; other legitimate or rational interests, including without limitation: when seeking support/troubleshooting; performance of a contract between You and IMMR and/or taking steps, at Your request, to enter into such a contract; on an as-needed basis; and/or any other reasonable or rational basis in connection with Service Data.
f. We may process information that You post for publication on our website, or through our services or support staff ("Publication Data"). Publication Data may be processed for the purposes of enabling such publication and administering our website and services. The legal basis for processing of Publication data may be processed on the basis of any one or more of the following: with Your express or implied consent, verbal or written; other legitimate or rational interests, including without limitation: when seeking support/troubleshooting; performance of a contract between You and IMMR and/or taking steps, at Your request, to enter into such a contract; on an as-needed basis; and/or any other reasonable or rational basis in connection with Publication Data.
g. We may process information contained in any enquiry You submit to us regarding services and/or support inquiries ("Enquiry Data"). Enquiry Data may be processed for the purposes of offering, marketing and selling relevant goods and/or services to You. Enquiry data may be processed on the basis of any one or more of the following: with Your express or implied consent, verbal or written; other legitimate or rational interests, including without limitation: when seeking support/troubleshooting; performance of a contract between You and IMMR and/or taking steps, at Your request, to enter into such a contract; and/or on an as-needed basis; and/or any other reasonable or rational basis in connection with Enquiry Data.
h. We may process information relating to our customer relationships, including customer contact information ("Customer Relationship Data"). Customer Relationship Data may include Your name; Your employer; Your contact details; information contained in communications between us and You or Your employer; and the source of the Customer Relationship Data You or Your employer. Customer Relationship Data may be processed for the purposes of managing our relationships with customers, communicating with customers, keeping records of those communications and promoting our products and services to customers. data may be processed on the basis of any one or more of the following: with Your express or implied consent, verbal or written; other legitimate or rational interests, including without limitation: proper management of our customer relationships; for managing/providing specific support-related inquiries; performance of a contract between You and IMMR and/or taking steps, at Your request, to enter into such a contract; on an as-needed basis; and/or any other reasonable or rational basis in connection with Profile Data.
i. We may process information relating to transactions, including purchases of goods and services, that You enter into with us and/or through our website ("Transaction Data"). Transaction Data may include Your contact details, Your card details and the transaction details. Transaction Data may be processed for the purpose of supplying the purchased goods and services and keeping proper records of those transactions. The legal basis for processing of Transaction Data may include any one or more of the following: with Your express or implied consent, verbal or written; other legitimate or rational interests, including without limitation: processing is the performance of a contract between You and us and/or taking steps, at Your request, to enter into such a contract and our legitimate interests, namely the proper administration of our website, and business OR managing/providing specific support-related inquiries; when seeking support/troubleshooting; performance of a contract between You and IMMR and/or taking steps, at Your request, to enter into such a contract; on an as-needed basis; and/or any other reasonable or rational basis in connection with Profile Data.
j. We may process information that You provide to us for the purpose of subscribing to our email notifications and/or newsletters ("Notification data"). The notification data may be processed for the purposes of sending You the relevant notifications and/or newsletters. The legal basis for this processing is Your consent OR the performance of a contract between You and us and/or taking steps, at Your request, to enter into such a contract.
k. We may process information contained in or relating to any communication that You send to us ("Correspondence Data"). Correspondence Data may include the communication content and metadata associated with the communication. Our website will generate the metadata associated with communications made using the website contact forms. Correspondence Data may be processed for the purposes of communicating with You and record-keeping. The legal basis for processing of Correspondence Data may include any one or more of the following: with Your express or implied consent, verbal or written; other legitimate or rational interests, including without limitation: processing is the performance of a contract between You and us and/or taking steps, at Your request, to enter into such a contract and our legitimate interests, namely the proper administration of our website, and business OR managing/providing specific support-related inquiries; when seeking support/troubleshooting; proper administration of our website, business, and communications with users; performance of a contract between You and IMMR and/or taking steps, at Your request, to enter into such a contract; on an as-needed basis; and/or any other reasonable or rational basis in connection with Profile Data.
l. We may process any of Your personal data identified in this policy where necessary for the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, Your legal rights and the legal rights of others.
m. We may process any of Your personal data identified in this policy where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice. The legal basis for this processing is our legitimate interests, namely the proper protection of our business and customers against risks.
n. In addition to the specific purposes for which we may process Your personal data set out in this Section 3, we may also process any of Your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect Your vital interests or the vital interests of another natural person.
o. Please do not supply any other person's personal data to us, unless we prompt You to do so.
p. We may disclose your PII as required by law, such as pursuant to a subpoena or other governmental, judicial, or administrative order.
a. We may disclose Your personal data to any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes, and on the legal bases, set out in this policy.
b. We may disclose Your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
c. Financial transactions relating to our website and services are OR may be handled by our payment services providers, Stripe. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing Your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds. You can find information about the payment services providers' privacy policies and practices at: https://stripe.com/
d. In addition to the specific disclosures of personal data set out in this Section 3, we may disclose Your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect Your vital interests or the vital interests of another natural person. We may also disclose Your personal data where such disclosure is necessary for the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
e. IMMR acknowledges the potential liability in cases of onward transfers to third parties of personal data of EU individuals received pursuant to Privacy Shield.
a. In this Section 4, we provide information about the circumstances in which Your personal data may be transferred to countries outside the European Economic Area (EEA).
b. You acknowledge that personal data that You submit for publication through our website or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.
a. This Section 10 sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.
b. Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
c. We will retain Your personal data as follows:
d. We will retain Your personal data as follows:
e. Notwithstanding the other provisions of this Section 10, we may retain Your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect Your vital interests or the vital interests of another natural person.
a. We may update this policy from time to time by publishing a new version on our website.
b. You should check this page occasionally to ensure You are happy with any changes to this policy.
c. We will notify You of significant changes to this policy by email.
a. This Paragraph is designed to disclose rights You have under data protection law. Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, You should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
b. Your principal rights under data protection law are:
c. You have the right to confirmation as to whether or not we process Your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to You a copy of Your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.
d. You have the right to have any inaccurate personal data about You rectified and, taking into account the purposes of the processing, to have any incomplete personal data about You completed.
e. In some circumstances You have the right to the erasure of Your personal data without undue delay. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; You withdraw consent to consent-based processing; You object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary:
f. In some circumstances You have the right to restrict the processing of Your personal data. Those circumstances are: You contest the accuracy of the personal data; processing is unlawful but You oppose erasure; we no longer need the personal data for the purposes of our processing, but You require personal data for the establishment, exercise or defense of legal claims; and You have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store Your personal data. However, we will only otherwise process it: with Your consent; for the establishment, exercise or defense of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
g. You have the right to object to our processing of Your personal data on grounds relating to Your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If You make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override Your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims.
h. You have the right to object to our processing of Your personal data for direct marketing purposes (including profiling for direct marketing purposes). If You make such an objection, we will cease to process Your personal data for this purpose.
i. You have the right to object to our processing of Your personal data for scientific or historical research purposes or statistical purposes on grounds relating to Your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
j. To the extent that the legal basis for our processing of Your personal data is:
k. If You consider that our processing of Your personal information infringes data protection laws, You have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of Your habitual residence, Your place of work or the place of the alleged infringement.
l. To the extent that the legal basis for our processing of Your personal information is consent, You have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
m. You may exercise any of Your rights in relation to Your personal data by written notice to us OR via phone.
This website is owned and services operated by SocioCultural Research Consultants, LLC with its principal place of business is: 644 36th Street, Manhattan Beach, CA, 90266, United States. You can contact us:
a. Our data protection officer contact details are provided as follows: Jason Taylor (DPO@immrglobal.org), 644 36th Street, Manhattan Beach, CA, 90266, United State
a. About cookies: A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server. Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed. Cookies do not typically contain any information that personally identifies a user, but personal information that we store about You may be linked to the information stored in and obtained from cookies.
b. Cookies that we use: We use cookies for the following purposes:
c. Cookies used by our service providers
d. Managing cookies: Cookies are managed via Your internet browser controls. Please review the user manual for Your browser for the most up to date information on managing Your browser’s cookies. Blocking all cookies will have a negative impact upon the usability of many websites. If You block cookies, You will not be able to use all the features on our websi
All data communication through IMMR occurs through a 2-lock system. First, IMMR sets up an AES (Advanced Encryption Standard)-256 CBC (Cipher Block Chaining) Encrypted SSL (Secure Sockets Layer) tunnel using a premium SSL-EV certificate. All communication following this channel is encrypted. The user is not prompted for login information until this communication channel is established. In order to prevent transfer of login details, IMMR employs a one-way, non-reversible encryption algorithm known as SHA-2 (Secure Hash Algorithm)—designed by the United States National Security Agency. IMMR does not store user passwords. Rather, the system stores the known result of this algorithm against the username and password and then compares that result to the result the IMMR client sends to the server for authentication.
IMMR is hosted on commercial servers with all service-related data backed-up in-full on a nightly basis, encrypted using AES-256 processes, and transferred automatically to three Geo-redundant storage volumes. One of these volumes is on-site, while the other 2 are off-site and replicated across geographic regions. All service-related file data are encrypted and stored in a Microsoft Azure Geo-redundant fault tolerant storage volume, and for added safety, this storage volume is encrypted and mirrored in real-time to an Amazon S3 storage volume in the same geographic region. Both Microsoft's Azure Cloud Platform and Amazon's S3 Storage platform are fully SAS 70 Type II / SSAE 16 SOC and HIPAA compliant. To ensure these processes are working as designed, an automated program runs daily which includes: a) downloading the most recent backup files from each storage volume, b) verification the backup file is the correct version, c) a full test restoration of the database to assure data integrity, and c) email reporting of all backup and restoration process results to key members of the IMMR Admin team.
The following describes IMMR’s data retention policy:
IMMR provides industry standard protection for personally identifying information. IMMR would only disclose personally identifiable information about users or information about Your IMMR service to third parties in limited circumstances: (1) with Your consent; or (2) when we have a good faith belief it is required by law, such as pursuant to a subpoena or court order.
If IMMR is required by law to disclose personally identifying or service-related data, IMMR will attempt to provide You with notice (unless we are prohibited from doing so) that a request for Your information has been made in order to give You an opportunity to object to the disclosure. We will attempt to provide this notice by email, if You have given us an email address, and/or by postal mail if You have provided a postal address. Even if You challenge the disclosure request, we may still be legally required to turn over the personally identifying information and/or service-related data.
Data Retention and Sharing:
IMMR strongly believes Your data are Your data. IMMR does not through its educational or training services retain Your data other than to communicate with you. If for any reason You would like Your data deleted, please send an authorized request to contact@immrglobal.org and we will happily oblige.
Privacy Protection:
IMMR provides industry standard protection for personally identifying information. IMMR would only disclose personally identifiable information about users or information about Your service to third parties in limited circumstances: (1) with Your consent; or (2) when we have a good faith belief it is required by law, such as pursuant to a subpoena or other governmental, judicial, or administrative order.
If IMMR is required by law to disclose personally identifying or service-related data, IMMR will attempt to provide You with notice (unless we are prohibited from doing so) that a request for Your information has been made in order to give You an opportunity to object to the disclosure. We will attempt to provide this notice by email, if You have given us an email address, and/or by postal mail if You have provided a postal address. Even if you challenge the disclosure request, we may still be legally required to turn over the personally identifying information and/or service-related data.
Data Breach Notification and Incident Response Plan:
IMMR hosts all data within the continental U.S. unless agreed upon and determined as needed on a client-by-client basis. IMMR has a systematic plan for response and notification of any breach in data security designed to implement and maintain reasonable security procedures and practices. Upon the detection of any breach in data security, IMMR technical staff, lead by the IMMR Chief Technical Officer, will immediately assess the size, scope, and severity of the breach. Following this assessment, IMMR will notify all authorized clients of data may have been involved and communicate the response plan. Depending on the nature and cause of the breach, IMMR will take appropriate action to prevent any future breach and then, to the extent reasonably practicable, restore the integrity of all IMMR service-related data that had been affected. Further details about this notification and response plan will be provided upon request.
IMMR cannot and does not guarantee complete data security and integrity for service-related data. However, the tools described above are designed to provide industry-standard security and IMMR recommends that users strictly adhere to the security protocols described in this document and are diligent in their protection of the data for which they are responsible.
Updated: 2/21/2023
For all users subject to the GDPR, the following applies:
GDPR: IMMR complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. IMMR hereby certifies, including to the U.S. Department of Commerce, that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/
In compliance with the GDPR principals and Privacy Shield Principles, IMMR commits to resolve complaints about our collection or use of Your personal information. Individuals with inquiries or complaints regarding our privacy policy should first contact IMMR at:
Institute for Mixed Methods Research, a subsidiary of SocioCultural Research Consultants, LLC 644 36th Street, Manhattan Beach, California 90266
IMMR has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved GDPR or Privacy Shield complaints concerning data transferred from the EU and Switzerland.
