Cookies and Tracking,

We use cookies and similar technologies on our websites to support functionality, security, performance, analytics, and user experience. A cookie is a small text file that is stored on your device when you visit a website and helps the site recognize your browser, remember preferences, and maintain secure sessions. Our websites also use a consent management platform to help manage cookie preferences and support compliance with applicable privacy laws such as the EU GDPR, UK GDPR, and the ePrivacy Directive.

When you visit our websites, you may be presented with a cookie consent banner—depending on the specific site and your region—that allows you to accept, reject, or customize your cookie preferences. Non-essential cookies will only be activated after you provide consent where required by applicable law.

Cookies on our websites may help us to:
– Maintain secure sessions
– Enable core website functionality
– Remember user preferences
– Measure website traffic and usage patterns
– Improve performance and user experience
– Detect fraud, prevent duplicate survey participation, or misuse of research systems
– Support session management for research participation and reward processing

Mobile Applications (iOS and Android)

If you use the EthOS mobile application, we may collect additional information necessary for app functionality and research participation.

Device permissions may include:
– Camera
– Microphone
– Photo library
– Location services, including precise GPS-level location when enabled
– Push notifications for new studies, research tasks, or reminders

We may collect mobile device information such as device model, operating system, identifiers, app diagnostics, and network information to ensure proper app functionality, maintain security, troubleshoot technical issues, analyze performance, and prevent fraud or misuse. We also use analytics and performance monitoring tools to identify application errors, improve functionality, and maintain service reliability.

We do not use advertising identifiers for cross-context behavioral advertising.

Cookies and Tracking,

We use cookies and similar technologies on our websites to support functionality, security, performance, analytics, and user experience. A cookie is a small text file that is stored on your device when you visit a website and helps the site recognize your browser, remember preferences, and maintain secure sessions. Our websites also use a consent management platform to help manage cookie preferences and support compliance with applicable privacy laws such as the EU GDPR, UK GDPR, and the ePrivacy Directive.

When you visit our websites, you may be presented with a cookie consent banner—depending on the specific site and your region—that allows you to accept, reject, or customize your cookie preferences. Non-essential cookies will only be activated after you provide consent where required by applicable law.

Cookies on our websites may help us to:
– Maintain secure sessions
– Enable core website functionality
– Remember user preferences
– Measure website traffic and usage patterns
– Improve performance and user experience
– Detect fraud, prevent duplicate survey participation, or misuse of research systems
– Support session management for research participation and reward processing

Mobile Applications (iOS and Android)

If you use the EthOS mobile application, we may collect additional information necessary for app functionality and research participation.

Device permissions may include:
– Camera
– Microphone
– Photo library
– Location services, including precise GPS-level location when enabled
– Push notifications for new studies, research tasks, or reminders

We may collect mobile device information such as device model, operating system, identifiers, app diagnostics, and network information to ensure proper app functionality, maintain security, troubleshoot technical issues, analyze performance, and prevent fraud or misuse. We also use analytics and performance monitoring tools to identify application errors, improve functionality, and maintain service reliability.

We do not use advertising identifiers for cross-context behavioral advertising.

5. International Data Transfers

As a U.S.-based company, personal data may be processed in the United States or other countries where data protection laws may differ from those in your country.

Where required, we implement safeguards such as:

Standard Contractual Clauses (SCCs) – Legal agreements approved by regulators that require organizations transferring data internationally to protect it according to EU/UK privacy standards.
Contractual Data Protection Provisions – Privacy and security commitments written into our contracts with partners and service providers to ensure personal data is handled appropriately.
Security and Technical Safeguards – Technical and organizational protections such as encryption, access controls, and confidentiality requirements designed to keep personal data secure when transferred or processed. Additional safeguards may be implemented where required under applicable law.

6. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy, including conducting research studies, administering research panels, providing our services, complying with legal obligations, resolving disputes, and enforcing agreements.

Retention periods may vary depending on the nature of the research project, contractual obligations with research sponsors, regulatory requirements, and legitimate business needs. When personal data is no longer required, we securely delete, anonymize, or de-identify the information in accordance with our data retention policies. In some circumstances, research results may be retained in pseudonymized or aggregated form for statistical analysis or research validation purposes.

7. Privacy Rights

Depending on your location and applicable data protection laws, you may have certain rights regarding your personal data. We do not use automated decision‑making or profiling that produces legal or similarly significant effects on individuals. These rights may arise under laws such as the EU General Data Protection Regulation (GDPR), UK GDPR, and U.S. state privacy laws including the California Consumer Privacy Act (CCPA/CPRA). While the specific rights available may vary by jurisdiction, we make reasonable efforts to honor these rights for individuals wherever possible, even when local laws may not strictly require it.

• Access
• Correction
• Deletion
• Restriction
• Objection
• Data portability
• Withdraw consent
• Non-discrimination

To exercise your rights, please contact us at privacy@ovationmr.com. For privacy and security reasons, we may take reasonable steps to verify your identity before fulfilling a request. In some cases, if the personal data was collected as part of a research study conducted on behalf of a research sponsor, we may direct your request to the appropriate organization responsible for that study. We will respond to privacy requests within the timeframes required by applicable law. We may also retain limited information related to a request (such as the email correspondence or records of the request) where necessary to document our compliance with applicable privacy laws and regulatory requirements.

8. Children’s Privacy

Our Services are not directed to children under the age of 13, consistent with the U.S. Children’s Online Privacy Protection Act (COPPA), or to minors under the age permitted by applicable law in their jurisdiction. In limited circumstances, research studies involving minors may be conducted only where appropriate parental or guardian consent has been obtained in accordance with applicable laws and research ethics standards. We do not knowingly collect personal data from children without such consent. If we become aware that personal data from a child has been collected without the required consent, we will take reasonable steps to promptly delete that information from our systems. If you believe a child has provided personal data without appropriate consent, please contact us so that we can investigate and address the situation.

9. Security Measures

We use a combination of administrative, technical, and organizational safeguards to protect personal data from unauthorized access, loss, misuse, or disclosure. OvationMR maintains an ISO/IEC 27001‑certified Information Security Management System (ISMS), which means our security program follows internationally recognized standards for protecting information.

Examples of security controls we use include:

Access Controls – Only authorized personnel can access systems containing personal data, and access is limited based on job responsibilities.

Encryption – Sensitive information is protected using encryption when transmitted over networks and when stored in secure systems.

Security Monitoring – Our systems are monitored for suspicious activity, unauthorized access attempts, and potential security threats.

Vendor Security Reviews – Third‑party service providers are evaluated to ensure they meet appropriate security and privacy standards.

Employee Training – Employees receive training on information security, data protection, and confidentiality obligations.

Incident Response Procedures – We maintain processes for identifying, investigating, and responding to potential security incidents.

While no system can guarantee absolute security, we continually review and improve our safeguards to protect personal data.

10. Changes to This Policy

We may update this Privacy Policy periodically. Where required by applicable law, we will provide notice of material changes. Updates will be posted with a revised effective date.

11. Contact Info

12. Complaints

If you have concerns about how your personal data has been handled, you may have the right to lodge a complaint with a supervisory authority in your jurisdiction.

However, we would appreciate the opportunity to address and resolve your concern first. If you have a privacy-related question or complaint, please contact us at privacy@ovationmr.com so that we can work with you to resolve the matter.

For individuals located in the European Economic Area (EEA) or the United Kingdom, we have appointed representatives for data protection matters in those regions. These representatives are designated specifically for regulatory purposes within those jurisdictions.

Contact form: verasafe.com/public-resources/contact-data-protection-representative