EU data protection law makes a distinction between organizations that process personal data for their own purposes (known as "controllers") and organizations that process personal data on behalf of other organizations (known as "processors"). J.D. Power may act as either a controller or a processor depending on the circumstances. J.D. Power, is the controller with respect to information you provide through the Service. If your information is collected in Europe, international transfers of your personal data will be subject to appropriate or suitable safeguards, such as EU standard contractual clauses.
Sometimes J.D. Power operates as a processor on behalf of a client, a separate legal entity, which is the data controller. For example, J.D. Power provides market research services to its clients and processes personal data on their behalf through collection and analysis of survey responses. Please visit the applicable client’s privacy policy for information about their privacy practices. Any questions that you may have relating to such personal data and your rights under data protection law should therefore be directed to the client as the controller, not to J.D. Power.
If you are a data subject in Europe, you have the right to access, rectify, or erase any personal data we have collected about you through the Service. You also have the right to data portability and the right to restrict or object to our processing of personal data we have collected about you through the Service. In addition, you have the right to ask us not to process your personal data (or provide it to separate entities to process) for marketing purposes or purposes materially different than for which it was originally collected or subsequently authorized by you. You may withdraw your consent at any time for any data processing we do based on consent you have provided to us.
You may exercise your rights by submitting a written request to our Data Protection Officer at:
Email:
Address:
We will respond to your request within 30 days. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal data or response to your requests regarding your personal data, you may contact our Data Protection Officer or submit a complaint to the data protection regulator in your jurisdiction.
J.D. Power acknowledges that you have rights in connection with Client Data to the extent it contains your personal data. If your information has been processed by J.D. Power on behalf of a client and you wish to exercise any rights you have with such information, please inquire with our client directly. If you wish to make your request directly to J.D. Power, please provide the name of the J.D. Power client on whose behalf J.D. Power processed your information. We will refer your request to that client, and we will support them to the extent required by applicable law in responding to your request.
We will not process your personal data unless we have a lawful basis for processing. Our lawful bases include where: (a) you have given your consent to our processing for a specific purpose, either to us or to our service providers, partners or clients; (b) processing is necessary for the performance of a contract with you or to comply with a legal obligation; or (c) processing is necessary for the purposes of the legitimate interests pursued by J.D. Power or a third-party controller, including our clients.
We will retain your information, for as long as necessary to fulfill the purposes for which we collected it and as permissible by applicable law.
To determine the appropriate retention period for information, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure of your information, the purposes for which we process your information and whether we can achieve those purposes through other means, and the applicable legal requirements.
This supplement is effective as of January 1, 2020.