D3 Privacy Statement

Download a PDF copy here.

Context and Controller

D3 Systems, Inc. (D3) has always respected the privacy of our data research subjects, our professional colleagues, our clients, and our vendors/consultants in the United States and around the world. Since our founding in 1985, we have consistently followed the professional standards of organizations such as the American Association of Public Opinion Research (AAPOR), the European Society of Opinion and Market Research (ESOMAR), and the World Association of Public Opinion Research (WAPOR) and protected the anonymity of our data subjects and the confidentiality of the information they have provided us on a voluntary and consensual basis.

What types of personal information do we collect?

We have consistently solicited the approval of our research data subjects for the collection of personally identifiable information (PII) such as names, physical addresses, telephone numbers, email addresses, photos of respondents and their homes, audio/video recordings, IP addresses and the collection of GPS data on the location of the household within the sampling point.

Why and how do we process your personal data?

Your information is used for statistical public opinion research, evaluations, and analysis. While D3 would prefer to leave all PII in the countries where they are collected, for reasons of sampling evaluation, quality assurance, and complex weighting, some of the PII for our data subjects will reside on D3’s secure server.  All data transfers are done in accordance with the applicable regulations and standard industry practices utilizing secure data transmission protocols.

What is the legal basis for our collecting/processing of your personal data?

We collect your information with your explicit consent.  If at any time during the collection process you are uncomfortable, or do not wish to provide a particular piece of information, you are under no obligation to provide the information or proceed with the survey.

What means do we use to collect your personal data?

We collect your data through in person, phone, and online surveys.  In all cases, we start the collection process with a statement of your rights as a data subject and obtain your consent to proceed before collecting any personal information.

Who has access to your personal data and to whom is it disclosed?

Through the course of our work field partners, subsidiary, employees, and clients may have access to your personal data.

How do we protect and safeguard your information?

Our suppliers provide data security during the initial collection and processing phases of a survey in accordance with the applicable regulations, contractual obligations, and standard industry practices.  D3 provides up-to-date security protocols in accordance with applicable regulations and standard industry practices during the transfer of such data to our server and during the further processing, delivery, and storage of such information.

How can you verify, modify, or delete your information?

You can make a Data Subject Access Request by contacting our Data Protection Officer at: DPO@d3systems.com.

703 388 2450

8300 Greensboro Drive, Suite 450

McLean, VA 22102

How long do we keep your personal information?

We keep your personal information as long as it is needed to perform and validate our statistical public opinion research, evaluations, and analysis including follow up derivative analyses.

Sale of Personal Information

In the preceding twelve (12) months, we have not sold any Personal Information.

Privacy Rights Specific to European Union and other Residents

Some data protection laws, including the European Union’s General Data Protection Regulation (“GDPR”), corresponding legislation in Switzerland and in the United Kingdom, and some U.S. state laws, provide you with certain rights in connection with Personal Data you have shared with us. Data collected in EEA countries is transferred to the U.S. utilizing the safeguards put in place by the EU Standard Contractual Clauses. If you are resident in the European Economic Area, you may have the following rights:

  1. The right to be informed. You are entitled to be informed of the use of your Personal Data.  This Privacy Policy provides such information to you.
  2. The right of access. You have the right to request a copy of your Personal Data which we hold about you.
  3. The right of correction: You have the right to request correction or changes of your Personal Data if it is found to be inaccurate or out of date.
  4. The right to be forgotten: You have the right to request us, at any time, to delete your Personal Data from our servers and to erase your Personal Data when it is no longer necessary for us to retain such data.  Note, however, that deletion of your Personal Data will likely impact your ability to use our services.
  5. The right to object (opt-out): You have the right to opt-out of certain uses of your Personal Data at any time.
  6. The right to data portability: You have the right to a “portable” copy of your Personal Data that you have submitted to us.  Generally, this means your right to request that we move, copy or transmit your Personal Data stored on our servers / IT environment to another service provider’s servers / IT environment.
  7. The right to refuse to be subjected to automated decision making, including profiling: You have the right not to be subject to a decision and insist on human intervention if the decision is based on automated processing and produces a legal effect or a similarly significant effect on you.
  8. The right to lodge a complaint with a supervisory authority.


You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here:  http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

If you need further assistance regarding your rights, please contact us using the contact information provided below and we will consider your request in accordance with applicable law. For your protection, we may need to verify your identity before responding to your request. We may respond to your request by letter, email, telephone, or any other suitable method.  If we no longer need to process Personal Data about you, we will not maintain, acquire, or process additional information in order to identify you for the purpose of responding to your request.

In some cases, our ability to uphold these rights for you may depend upon our obligations to process personal information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request.

You can make a Data Subject Access Request by contacting our Data Protection Officer at: DPO@d3systems.com.

703 388 2450

8300 Greensboro Drive, Suite 450

McLean, VA 22102

Information Collected Related to California Residents

During the last twelve (12) months, we have collected the following categories of personal information from consumers/website visitors.

Category Type of Identifiers We Collect Collected
Identifiers First and last name, address, online identifier, Internet Protocol address, email address YES
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). A name, address, telephone number, employment or employment history. NO
Internet or other similar network activity. Browsing history and time, search history. YES
Commercial Information. Not collected. NO
Professional or employment-related information. Not collected. NO
Inferences drawn from other personal information. Not collected. NO

We obtain the categories of Personal Information listed above from the following categories of sources:

  • Directly from our customers/website visitors or their agents.
  • Indirectly from our customers/website visitors or their agents.
  • Directly and indirectly from activity on our website (www.d3systems.com). For example, from website usage details that are collected automatically.
  • From social media websites, such as Facebook and LinkedIn.

Contact information

If you have any questions about D3’s Privacy Statement, the data we hold on you, or would like to exercise one of your data subject rights, please do not hesitate to contact our Data Protection Officer at: DPO@d3systems.com.

If you have any questions about D3’s Information Security Program, contact our Chief Information Security Officer at: CISO@d3systems.com.


Should you wish to report a complaint or if you feel that D3 has not addressed your concerns in a satisfactory manner, you may contact: