Privacy Policy

for PacificEast Group of Companies

Last Revised: October 10, 2023

This Privacy Policy is relevant to information collected or processed by PacificEast Research Corporation, PacificEast Research Inc., and IDICIA, doing business as IDICIA.com – a division of PacificEast Research, (hereafter all referred to as “PacificEast”), on or via its websites including sites for IDICIA.com, a division of PacificEast Research; or, to information passed to it as a Processor On Behalf by organizations which control or own the information. This policy is designed to ensure that both registered customers who use our private websites to submit information to be processed, and individuals who submit information as part of an opt-in process, understand how we use information provided in each of those circumstances. In both these cases, PacificEast endeavors to transparently follow the privacy principles, as described below.

Types of Personal Data Collected

PacificEast commits to be subject to the Data Privacy Framework Principles for all personal data that PacificEast receives from the EEA (European Economic Area) in reliance on the Data Privacy Framework. Personal data on US citizens received from customers based in the U.S. falls under the regulatory authority of the US Federal Trade Commission. Information regarding the Data Privacy Framework and PacificEast’s certification can be found at: https://www.dataprivacyframework.gov.

PacificEast maintains an E-Newsletter and an RSS feed with which to communicate with our customers and prospective customers. Email addresses obtained via the website are collected when individuals ask to opt-in to our email lists, RSS feeds or other opt-in communications or when a customer initiates a transaction or service order for which an email is necessary for communications regarding the transaction or service.

From Website Visitors, including those in the EEA, PacificEast may collect the following types of personal data:

  • contact information
  • company information
  • other personal data provided by website visitors

Customers who transact with PacificEast or PacificEast customers, including those who initiate transactions or order and/or pay for products or services on a PacificEast website, will be verified using PacificEast identity and attribute verification services. By transacting in the above manner, customers or consumers authorize their mobile operator and/or telecommunications service provider to disclose account details for the purpose of verifying the customer’s identity. Those details may include, among others, the customer’s name, business name, billing address, email, and phone number. When verifying the validity of a phone number, PacificEast obtains phone number status information from the telecommunication service provider to which that number is assigned. We use this information to ascertain the validity of the phone number or information related to it that has been provided by customers, businesses or consumers.

From our service customers, PacificEast may receive the following types of personal data about their clients and prospects, some of which may be residents of an EEA country:

  • contact information
  • company information
  • other personal or contact information provided by our customers

Purposes of Collection and Use

PacificEast collects and uses personal data of Website Visitors solely for the purpose of communicating with them and providing the services and/or information they request. PacificEast receives client and prospect contact data from our Business Customers (some of whom may be located in the EEA) for the purposes of:

  • providing client and prospect data hygiene, standardization and appending services to our business customers
  • providing products, services and support to our customers
  • conducting related tasks for legitimate business purposes
  • other purposes requested and/or disclosed at the time of collection

Commitment to Subject to the Principles

We subject to the Data Privacy Framework Principles all European personal data that we receive from individuals or companies in the EEA in reliance on the Data Privacy Framework. We may also receive some data in reliance on other compliance mechanisms, including data processing agreements based on the EU Standard Contractual Clauses. For the purposes of complying with CCPA and other US based privacy regulations, we follow the general principles of Data Privacy Framework, GDPR and CCPA for all personally identifiable consumer data which we may either collect on a PacificEast website, or which may be sent to us for processing on behalf of one of our customers. Residents of California may obtain further details about our compliance with the California Consumer Privacy Act in the section below entitled For Residents of California.

Type of Third Parties to Which We Disclose Personal Data and Purposes

PacificEast does not share personal contact information we collect from customers via our websites with any third party other than for the purpose of verifying their identities and processing transactions requested by them. PacificEast, as a Processor On Behalf of our customers and only at the request of our customers, may share the consumer or business contact information of our customer’s clients and prospects with companies operating in the US, Canada or the EEA with the following types of third parties and for the stated purposes:

  • subsidiaries, affiliates and contractors, who perform data hygiene, standardization or appending on the contact data supplied by our customers
  • other third party service providers contracted to provide services on our behalf
  • other corporate entities if PacificEast goes through a business transition, such as a merger, acquisition by another company, or sale of all or a portion of its assets

Choices and Means

When acting as a Processor On Behalf processing consumer or business contact information under the direction of our registered customers, PacificEast has no direct relationship with the individuals whose personal data we process. The data processing services performed by PacificEast may require PacificEast to use contracted third-party agents acting, in turn, on our behalf for the purpose of providing standardization, verification, hygiene or appending services. In all cases, these third-party agents are contractually limited to no less than the same level of care, protection, control and restriction of use than is PacificEast. It is the responsibility of PacificEast’s registered customers to inform individuals about the possibility of such disclosures and provide individuals with the choice of opting out of them.

Since PacificEast does not receive onward transfers of consumer data and acts only as a processor on behalf of our registered customers we have no personal data over which consumers may limit use or disclosure.  However, with the express and verified direction of the consumer we will allow the consumer to choose to limit the flow of some consumer information passing through our platform.   Consumers wishing to exercise such a choice should follow the provided means outlined in the section on Access, below.   Because some PacificEast systems allow consumer information to be verified in compliance with the Gramm, Leach, Bliley Act (GLBA) and in order for our customers to conduct electronic commerce with the consumer, PacificEast bears no responsibility for any impact or consequence to the consumer if they choose to limit the flow of their personal data through our platform. 

Visitors to a PacificEast website, including those from the EEA or EEA Business Contacts can, at any time after registering for information, change their mind about receiving information from us and cancel any account or request. This can be done by contacting us via the contact information in the “Right to Access” section below. Otherwise, we will retain and use their supplied information for as long as needed to provide them services, comply with our legal obligations, resolve disputes and enforce our agreements or process transactions they have requested.

Notice

Each PacificEast registered customer is provided with private and secure login access. PacificEast does not partner with or have special relationships with any Ad server companies. PacificEast does not place cookies on user machines except where the user has opted in to such placement. However, website performance and benchmarking software used by PacificEast may place a cookie on a user’s machine for the purpose of benchmarking and analyzing website traffic. PacificEast may utilize that information only to gather analytics and performance data about our public websites. The only individual information PacificEast itself collects and controls are the email addresses of clients who opt-in to receive email notifications and newsletters or the billing and contact information of customers transacting with PacificEast.

Data processing services may be performed on business or consumer/individual information, (known as “client information”) some of which may be personally identifiable. Such information may be appended to, standardized and/or verified based on the request of our registered customers. The information provided to PacificEast for these purposes from our registered customers is processed and then sent back to the registered customer. PacificEast does not retain any customer information without the expressed, written consent of that customer, and even then it retains such information only for billing, assessment and verification of data quality, for use in customer requested predictive models or for or for customer convenience to assist them with questions regarding billing or data quality. When PacificEast is contracted by a customer to provide services as a Processor On Behalf it does not accumulate, compile, aggregate or otherwise integrate the customer data into any of our products or services unless specifically requested by our customers to do so.

Onward Transfer Liability

As defined in the EU-U.S. Data Privacy Framework (https://www.dataprivacyframework.gov) PacificEast acts as a Processor On Behalf of other organizations. Information temporarily passed to and processed by PacificEast for those organizations is not considered to be an “onward transfer” since ownership of and responsibility and control over the information processed has not been transferred. PacificEast informs any registered customers which we know to be subject to the privacy laws of the UK or EU that we adhere to the Privacy Principles of the EU-US Data Privacy Framework as described below in the section on Data Privacy Framework.

PacificEast remains liable under the Data Privacy Framework Program if the company’s third-party Processor “onward transfer” recipients process relevant Personal Data in a manner inconsistent with the Data Privacy Framework Principles, unless PacificEast proves that it is not responsible for the event giving rise to the damage.

Access

When acting as a Processor On Behalf, PacificEast has no direct relationship with the individuals whose personal data we process. Any individual, including those in the EEA, who seek access to correct, amend, or delete inaccurate data must first attempt to direct their request to the Organization which has contracted with PacificEast for such processing. PacificEast may, in the interests of safety, privacy of an individual or regulatory compliance, implement systems which allow an authenticated individual to effectively prevent information about themselves, including Personally Identifiable Information (PII) or Personal Health Information (PHI) from being passed through our systems. Such requests must be presented in writing to PacificEast and submitted either to our mailing address (noted at the bottom of this section) or emailed to info@pacificeast.com. Such requests will be processed only if and after PacificEast is able to authenticate that the individual making the request and the data subject are the same individual and if PacificEast has any control over the individual’s relevant PII or PHI. PacificEast cannot enforce restrictions on information controlled by another entity, including covered entities as defined under HIPAA.

If a registered customer or prospective customer has already opted-in for PacificEast communications and do not want to receive an e-mail or E-Newsletter from PacificEast in the future, we request that they let us know by sending an e-mail notification to info@pacificeast.com. If they feel that PacificEast or this site is not following its stated privacy policy, we request that they please contact us at info@pacificeast.com or 1-800-665-8400.

Please send all correspondence related to any privacy issue to the following address:
PacificEast Research Inc.
Attn: Office of the COO
8625 SW Cascade Ave., Suite 250
Beaverton, OR 97008

Security

We actively work with our customers to encourage them to use encrypted methods when moving all sensitive or personally identifiable data to and from our secure servers. All PacificEast employees have signed confidentiality agreements and access to sensitive data is on a need to know basis only. PacificEast has taken appropriate security measures of our physical facilities to protect against the loss, misuse or alteration of any client or consumer information in our possession. We maintain security policies and procedures to keep information from being accessed by any unauthorized person or business. This is reviewed on a regular basis to ensure only authorized access.

Data Integrity

By acting as a Processor On Behalf, processing personal information under the direction of our registered customers, PacificEast assists our registered customers in ensuring that data is reliable for its intended use, that it is accurate, complete and current.

Enforcement

For adherence to GDPR, PacificEast uses a self-assessment approach to assure compliance with this privacy policy and periodically verifies that the policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented, accessible and in conformity with the Principles. PacificEast encourages interested persons to raise any concerns using the contact information provided and we will investigate and attempt to resolve any complaints and disputes regarding use and disclosure of Personal Information in accordance with these Principles.

If complaints are not resolved by PacificEast within a reasonable period of time, you may direct formal requests for independent dispute resolution to the International Centre for Dispute Resolution, the international division of the American Arbitration Association (ICDR/AAA). PacificEast has committed to refer unresolved Data Privacy Framework complaints to the ICDR/AAA. For more information or to file a complaint, please visit http://go.adr.org/privacyshield.html. The services of the ICDR/AAA are provided at no cost to you.

Binding Arbitration

If neither PacificEast Research Inc. nor ICDR/AAA Data Privacy Framework Program resolves your complaint, you may have the possibility to engage in binding arbitration before the Data Privacy Framework Panel of the U.S. Department of Commerce and the European Commission. Information about engaging with this panel is available on the Data Privacy Framework website.

Requirement to Disclose

PacificEast may disclose personal data in special cases when we have a good faith belief that such action is necessary to: (a) conform to legal requirements or to respond to lawful requests by public authorities, including to meet national security or law enforcement requirements; (b) protect and defend our rights or property; (c) enforce the website Terms and Conditions; or (d) act to protect the interests of our customers, users or others.

EU-US

PacificEast complies with the principles of the EU-US Data Privacy Framework regarding the collection, use and retention of personal information from EEA member countries. PacificEast is certified under the US FTC’s Data Privacy program and adheres to the Data Privacy Framework Program. Please see dataprivacyframework.gov for details regarding our compliance. In compliance with the EU-US Data Privacy Framework Principles, PacificEast commits to resolve complaints about your privacy and our collection or use of your personal information. EEA citizens with inquiries or complaints regarding this privacy policy should first contact PacificEast at privacy@pacificeast.com or 1-800-665-8400.

This privacy policy is inclusive of the following covered entities:
PacificEast Research Corp
PacificEast Research Inc.
IDICIA.com, a division of PacificEast Research

All above listed covered entities (hereafter PacificEast) comply with the EU-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and the United Kingdom, as applicable to the United States in reliance on Data Privacy Framework. PacificEast has certified to the Department of Commerce that it adheres to the Data Privacy Framework Principles with respect to such information. If there is any conflict between the terms in this privacy policy and the Principles, the Data Privacy Framework Principles shall govern. To learn more about the Data Privacy Framework program, and to view our certification, please visit https://www.dataprivacyframework.gov.

PacificEast is subject to the jurisdiction of the U.S. Federal Trade Commission. The Federal Trade Commission may be contacted at the following address:
Federal Trade Commission
Attn: Consumer Response Center
600 Pennsylvania Avenue NW
Washington, DC 20580
consumerline@ftc.gov

Changes to this Data Privacy Policy

The practices described in this policy are current personal data protection policies as of July 24, 2023. PacificEast reserves the right to modify or amend this policy at any time consistent with the requirements of the Data Privacy Framework Principles as they regard personal information for residents of the United States, Canada or EEA member countries. Appropriate public notice will be given concerning such amendments.

For Residents of California and other states where there are privacy laws providing rights substantially similar to the CCPA and CPRA rights in California

Effective as of January 1, 2023.

This section applies to the use of our Services by residents of California and other states where they have privacy laws with similar rights as in the California Consumer Privacy Act (“CCPA”) as may be amended, superseded or replaced. Per CCPA 999.317(g) statistics for prior calendar years can be found here.

The PacificEast Group of Companies has no direct relationship with consumers. PacificEast processes Personal Information for its customers to help them enhance their consumer data, verify identity information, meet compliance requirements, and reduce fraud. The customers send their database of Personal Information to PacificEast and PacificEast processes the data with information from multiple sources to update, standardize and correct it. PacificEast does not retain or reidentify or otherwise link Personal Information received from our customers or other sources for any purpose other than to complete the particular processing for which the customer provided it.

PacificEast receives the following categories of Personal Information from its customers and from other sources:

  1. name
  2. postal address
  3. unique personal identifier
  4. Internet Protocol address
  5. email address
  6. telephone number
  7. social security number
  8. date of birth

The sources of the information are the customers of PacificEast and other companies that have obtained consumer information from legitimate sources. PacificEast requires these companies to certify that they comply with the CCPA, and that they have provided notice to their consumer customers about their data use and given the individuals the right to opt out.

If you are 16 years of age or older, you, just as any California resident, have the right to direct us to not provide your personal information at any time (the “right to opt-out”) to the extent of the CCPA regulation. We do not knowingly provide or process the personal information of consumers who are less than 16 years of age unless we receive affirmative authorization (the “right to opt-in”) from either the consumer who is between 13 and 16 years of age, or the parent or guardian of a consumer less than 13 years of age. Consumers who opt-in to allow us to process or provide their personal information may opt-out at any time.

PacificEast does not store or retain personal information and therefore there is nothing for us to remove when a consumer opts out. PacificEast uses the personal information it accesses from third parties only for the purpose of completing the processing request for a specified customer and for no other purpose. PacificEast also does not retain consumer information after the processing is complete. However, in the spirit of cooperation with the CCPA, PacificEast provides the ability for consumers to request that their information not be passed through our systems and provided to our customers.

You do not need to create an account with us to exercise your opt-out rights. You need only provide the requested personal information and we will only use the personal information provided in an opt-out request to review and comply with your request if we are able to do so.