OUTSET END USER PRIVACY POLICY
Last Updated: March 14, 2024
This Outset End User Privacy Policy (“End User Privacy Policy”) describes how Parnassus Labs, Inc. d/b/a as Outset.ai (collectively, “Outset,” “we,” or “us”) collects, uses, and discloses information about you if you are an end user, participant, and/or survey respondent (collectively, “End User”, “you”, “your”) of a research service (collectively “Research Services”) we provide on behalf of our Enterprise Customers. This Privacy Policy applies to information we collect and process as a “Processor” from you on behalf of our Enterprise Customers, who are the “Data Controllers” (as both terms are defined under the applicable data privacy laws). Please see our Privacy Policy for information about our privacy practices where Outset acts as a Data Controller.
Our privacy practices may vary in the locations where we operate to reflect local practices and legal requirements. If you are an End User located in the European Economic Area (“EEA”), the United Kingdom (“UK”), and Switzerland, please see the Additional Disclosures for Individuals in Europe, the United Kingdom or Switzerland section below.
We may change this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the top of this policy. We may also provide you with additional notice (such as by adding a statement to the Research Services), in connection with making material changes to this Privacy Policy. We encourage you to review this End User Privacy Policy regularly to stay informed about our information practices and the choices available to you.
Contents
- Collection of Information
- Use of Information
- Disclosures of Information
- Transfer of Information to the United States and Other Countries
- Your Choices
- Additional Disclosures for Individuals in Europe, the United Kingdom, or Switzerland
- Contact Us
COLLECTION OF INFORMATION
The information we collect from End Users varies depending on how our Enterprise Customers direct us to collect and process your information for use in connection with our Research Services. Below, we describe the different ways we might collect information from you.
Information You Provide to Us
We collect information End Users provide directly through our Research Services. The types of personal information we may collect will be determined by our Enterprise Customers and could include [name, email address, age, address, country, occupation, and any other information you may choose to provide.]
Information We Collect Automatically
We automatically collect certain information about your interactions with us or our Research Services, including:
- Activity Information: We collect information about your activity on our Research Services, such as your interaction with our Research Services and your communications with us.
- Device and Usage Information: We collect information about how you access our Research Services, including data about the device and network you use, such as your hardware model, operating system version, mobile network, IP address, unique device identifiers, browser type, and app version. We also collect information about your activity on our Research Services, such as access times, pages viewed, and links clicked.
USE OF INFORMATION
We use the personal information we collect from End Users as a processor on behalf of our Enterprise Customers to:
- Provide, maintain, improve, and develop our products and services, including to debug and repair errors in our Research Services and perform requested services;
- Manage and authenticate accounts;
- Send you technical notices, security alerts, support messages and other transactional or relationship messages;
- Monitor and analyze trends, usage, and activities in connection with our Research Services;
- Detect, investigate, and help prevent security incidents and other malicious, deceptive, fraudulent, or illegal activity and help protect the rights and property of Outset and others;
- Comply with our legal and financial obligations;
- Create de-identified, anonymized or aggregated information; and
- Carry out any other purpose described to you at the time the information was collected.
DISCLOSURES OF INFORMATION
We disclose personal information from End Users in the following circumstances or as otherwise described in this policy:
- We disclose personal information with the Enterprise Customer on whose behalf we have collected that information and as directed by the Enterprise Customer.
- We disclose personal information with vendors that access personal information to perform work for us, such as companies that assist us with web hosting and fraud prevention.
- We may disclose personal information if we believe that disclosure is in accordance with, or required by, any applicable law or legal process, including lawful requests by public authorities to meet national security or law enforcement requirements.
- We may disclose personal information if we believe that your actions are inconsistent with our user agreements or policies, if we believe that you have violated the law, or if we believe it is necessary to protect the rights, property, and safety of Outset, our users, the public, or others.
- We disclose personal information to our lawyers and other professional advisors where necessary to obtain advice or otherwise protect and manage our business interests.
- We may disclose personal information in connection with, or during negotiations concerning, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company.
- We also share aggregated or de-identified information that cannot reasonably be used to identify you.
TRANSFER OF INFORMATION TO THE UNITED STATES AND OTHER COUNTRIES
Outset is headquartered in the United States and we have operations and vendors in the United States and other countries. Therefore, we and those that perform work for us may transfer your personal information to, or store or access it in, jurisdictions that may not provide levels of data protection that are equivalent to those of your home jurisdiction. Where required by law, we provide adequate protection for the transfer of personal data in accordance with applicable law, such as by obtaining your consent, relying on adequacy decisions, or executing Standard Contractual Clauses.
YOUR CHOICES
You have certain choices available to you when it comes to your information. Based on the laws of some countries, you may have the right to request access to the personal information we collect from you, change that information, or delete it in some circumstances. To request to review, update, or delete your personal information, please submit a request by emailing us at privacy-requests@outset.ai.
ADDITIONAL DISCLOSURES FOR INDIVIDUALS IN EUROPE, THE UNITED KINGDOM, OR SWITZERLAND
If you are an End User located in the European Economic Area (“EEA”), the United Kingdom (“UK”), or Switzerland, the following specific provisions apply to Outset’s processing of your Personal Information as a Processor, which for purposes of this section shall include "personal data" or "personal information" as defined by applicable privacy laws in the EEA, UK, or Switzerland.
Legal Basis for Processing
Outset only processes your Personal Information as a Processor under the direction and instructions of our Enterprise Customers who are the Data Controllers. Accordingly, our Enterprise Customers determine the lawful basis for processing the Personal Information collected through our Research Services. Our Enterprise Customer directs us to process your Personal Information as described above in connection with the Research Services and does so in reliance on the following lawful bases:
- To perform its responsibilities under its contract with you (e.g., providing the products and services you requested).
- When it has a legitimate interest in processing your Personal Information to operate its business or protect its interests (e.g., to provide, maintain, and improve its products and services, conduct data analytics, and communicate with you).
- To comply with its legal obligations (e.g., to maintain a record of your consents and track those who have opted out of marketing communications).
- When it has your consent to do so (e.g., when you opt in to receive marketing communications from it). When consent is the legal basis for the Enterprise Customer’s processing of your Personal Information in connection with the Research Services, you may withdraw such consent at any time by emailing us at privacy-requests@outset.ai.
Data Subject Requests
As an End User, you have the right to: (1) request to know more about and access your Personal Information, including in a portable format, (2) request deletion of your Personal Information, (3) request correction of inaccurate Personal Information, (4) request restriction of processing of your Personal Information in certain scenarios, and (5) in certain cases, object to the processing of your Personal Information for certain purposes.
To exercise any of these rights, please email privacy-requests@outset.ai. As a Processor, we are unable to directly fulfill your request, but we will forward your request to the Enterprise Customers as the Controller, who will then respond to your request. We will assist our Enterprise Customers, insofar as this is possible, to fulfill their obligations as Controllers to respond to such requests, in accordance with applicable data privacy laws.
If you have a concern about the Enterprise Customer’s processing of Personal Information that it is not able to resolve, you have the right to lodge a complaint with the Data Protection Authority where you reside. Contact details for your Data Protection Authority can be found using the links below:
- For individuals in the EEA: https://edpb.europa.eu/about-edpb/board/members_en
- For individuals in the UK: https://ico.org.uk/global/contact-us/
- For individuals in Switzerland: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html
CONTACT US
If you have any questions about this Privacy Policy, please contact us at info@outset.ai.