OUTSET END USER PRIVACY POLICY

Last Updated: March 14, 2024


This Outset End User Privacy Policy (“End User Privacy Policy”) describes how Parnassus Labs, Inc. d/b/a as Outset (collectively, “Outset,” “we,” or “us”) collects, uses, and discloses information about you if you are an end user, participant, and/or survey respondent (collectively, “End User”, “you”, “your”) of a research service (collectively “Research Services”) we provide on behalf of our Enterprise Customers. This Privacy Policy applies to information we collect and process as a “Processor” from you on behalf of our Enterprise Customers, who are the “Data Controllers” (as both terms are defined under the applicable data privacy laws). Please see our Privacy Policy for information about our privacy practices where Outset acts as a Data Controller.

Our privacy practices may vary in the locations where we operate to reflect local practices and legal requirements. If you are an End User located in the European Economic Area (“EEA”), the United Kingdom (“UK”), and Switzerland, please see the Additional Disclosures for Individuals in Europe, the United Kingdom or Switzerland section below.

We may change this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the top of this policy. We may also provide you with additional notice (such as by adding a statement to the Research Services), in connection with making material changes to this Privacy Policy. We encourage you to review this End User Privacy Policy regularly to stay informed about our information practices and the choices available to you.

Contents

COLLECTION OF INFORMATION

The information we collect from End Users varies depending on how our Enterprise Customers direct us to collect and process your information for use in connection with our Research Services. Below, we describe the different ways we might collect information from you.

Information You Provide to Us

We collect information End Users provide directly through our Research Services. The types of personal information we may collect will be determined by our Enterprise Customers and could include [name, email address, age, address, country, occupation, and any other information you may choose to provide.]

Information We Collect Automatically

We automatically collect certain information about your interactions with us or our Research Services, including:

USE OF INFORMATION

We use the personal information we collect from End Users as a processor on behalf of our Enterprise Customers to:

DISCLOSURES OF INFORMATION

We disclose personal information from End Users in the following circumstances or as otherwise described in this policy:

TRANSFER OF INFORMATION TO THE UNITED STATES AND OTHER COUNTRIES

Outset is headquartered in the United States and we have operations and vendors in the United States and other countries. Therefore, we and those that perform work for us may transfer your personal information to, or store or access it in, jurisdictions that may not provide levels of data protection that are equivalent to those of your home jurisdiction. Where required by law, we provide adequate protection for the transfer of personal data in accordance with applicable law, such as by obtaining your consent, relying on adequacy decisions, or executing Standard Contractual Clauses.

YOUR CHOICES

You have certain choices available to you when it comes to your information. Based on the laws of some countries, you may have the right to request access to the personal information we collect from you, change that information, or delete it in some circumstances. To request to review, update, or delete your personal information, please submit a request by emailing us at privacy-requests@outset.ai.

ADDITIONAL DISCLOSURES FOR INDIVIDUALS IN EUROPE, THE UNITED KINGDOM, OR SWITZERLAND

If you are an End User located in the European Economic Area (“EEA”), the United Kingdom (“UK”), or Switzerland, the following specific provisions apply to Outset’s processing of your Personal Information as a Processor, which for purposes of this section shall include "personal data" or "personal information" as defined by applicable privacy laws in the EEA, UK, or Switzerland.

Legal Basis for Processing

Outset only processes your Personal Information as a Processor under the direction and instructions of our Enterprise Customers who are the Data Controllers. Accordingly, our Enterprise Customers determine the lawful basis for processing the Personal Information collected through our Research Services. Our Enterprise Customer directs us to process your Personal Information as described above in connection with the Research Services and does so in reliance on the following lawful bases:

Data Subject Requests

As an End User, you have the right to: (1) request to know more about and access your Personal Information, including in a portable format, (2) request deletion of your Personal Information, (3) request correction of inaccurate Personal Information, (4) request restriction of processing of your Personal Information in certain scenarios, and (5) in certain cases, object to the processing of your Personal Information for certain purposes.

To exercise any of these rights, please email privacy-requests@outset.ai. As a Processor, we are unable to directly fulfill your request, but we will forward your request to the Enterprise Customers as the Controller, who will then respond to your request. We will assist our Enterprise Customers, insofar as this is possible, to fulfill their obligations as Controllers to respond to such requests, in accordance with applicable data privacy laws.

If you have a concern about the Enterprise Customer’s processing of Personal Information that it is not able to resolve, you have the right to lodge a complaint with the Data Protection Authority where you reside. Contact details for your Data Protection Authority can be found using the links below:

CONTACT US

If you have any questions about this Privacy Policy, please contact us at info@outset.ai.