Cint USA – Code of Conduct

For All Buyers and Suppliers

1. Marketplace Standards.

Cint USA, Inc. (f/k/a Lucid Holdings, Inc.) (“Cint”) operates the Marketplace (“Marketplace”). Cint grants access to the Marketplace for the selling and buying of Sample (i.e., access to Respondents) between Suppliers and Buyers, respectively. For clarity, Cint may also act as a Buyer or Supplier. Suppliers and Buyers are responsible to each other for quality and compliance regarding Sample. Cint disclaims all responsibility for quality and compliance with applicable laws and industry standards regarding Sample as operator of the Marketplace.

These standards are incorporated by reference into all contracts between Cint and Buyers or Suppliers and between Buyers and Suppliers, except where the parties to a contract expressly agree on derogations or other terms. These standards do not create any rights or obligations for Cint, any Buyer or any Supplier, except when incorporated into a particular contract by reference. When incorporated into a particular contract, these standards create rights and duties only for the contracting parties and no beneficiary rights for any third parties. If there are inconsistencies with this Code of Conduct and stricter provisions within another written agreement, the stricter provisions will control.

The defined terms in Cint’s terms and conditions with Buyers and Suppliers have the same meanings as defined therein and are used throughout this Code of Conduct.

2. Ethical Standards.

Buyers and Suppliers in the Marketplace must respect the customs, rules, and practices that apply to our industry, some of which are described in this Code of Conduct. As a Buyer or Supplier on the Marketplace, Cint adheres to these ethical standards as well.

Protection of Human Rights. Buyers and Suppliers shall protect the human rights of its employees and comply with all Applicable Laws, as well as all ethical standards applicable in the countries in which they operate.
Corruption and Bribery. Our Buyers and Suppliers shall not engage in corruption, extortion, embezzlement, money laundering, or bribery.
Child Labor and Forced Labor. Buyers and Suppliers shall prohibit and refrain from child labor within their organizations.

3. Children and Minors.

Suppliers and Buyers must obtain verifiable parental consent for the collection of any data collected from minors and children, as required by Applicable Laws. If Suppliers or Buyers exclude minors from Buyer Opportunities, they must ask about birth dates in neutral ways (e.g., “when is your birthday?”) and not in ways that could induce minors to overstate their age (e.g., “are you 18 or older?”). If a Supplier or Buyer knows a minor completed a survey, the Supplier and Buyer must confirm and verify parental consent in accordance with the Applicable Laws protecting such minor.

Minors cannot act as Buyers or Suppliers on the Marketplace. With respect to Sample, Cint contractually obligates Buyers and Suppliers to comply with parental consent requirements under Applicable Law, and Cint does not allow minors under the age of 13 to complete Buyer Opportunities.

4. Data Privacy Law Compliance.

Suppliers and Buyers are responsible for compliance with data privacy laws that apply to their collection and use of data via the Marketplace. Suppliers must ensure Respondents receive sufficient notice and information about how Suppliers and Buyers collect and use their data. Suppliers and Buyers must determine whether they need to obtain consent under Applicable Laws (often, a conspicuous and easy-to-understand opt-in notice is sufficient and more appropriate where Respondents actively volunteer data). Suppliers must inform and obligate Buyers regarding any restrictions on their use of data (based on Applicable Laws or promises Supplier made in privacy policies or invitations to take surveys).

Cint processes data on behalf of Buyers and Suppliers for purposes of performing Cint’s contractual obligations. Buyers’ and Suppliers’ instructions to Cint for the processing of Personal Data shall comply with Data Protection Laws and Regulations.

Personally Identifiable Information (PII), as generally defined under data privacy laws in the United States, is prohibited within the Marketplace.

5. General Data Protection Regulation Roles.

For the control and processing of Personal Data of European Union Data Subjects in accordance with the General Data Protection Regulation: (i) Suppliers acknowledge and agree that they are Controllers regarding the control and processing of Sample sold on the Marketplace, (ii) Buyers acknowledge and agree that they are Controllers regarding the control and processing of Personal Data during the survey when off the Cint. Marketplace, and (iii) Cint acts as Processor for any processing activity conducted at the direction of Buyers and Suppliers on the Marketplace. Regarding the control and processing of Personal Data collected by Cint on the Marketplace, Cint acts as the Controller of such data and is responsible for ensuring proper opt-in consents.

When Buyers and Suppliers control and process Respondent Screening Data containing Personal Data, Buyers or Suppliers shall either (1) become a separate and independent Controller of such data with Cint and be responsible for having a lawful basis to control and process such data, or (2) delete such data upon termination of its Agreement with Cint. To the extent Buyers or Suppliers forward profiling data to Cint containing Personal Data, Cint shall become a separate and independent Controller of such data and is responsible for ensuring proper opt-in consents.

6. Data Residency or Localization.

Buyers and Suppliers are responsible for compliance with data residency and localization laws, including but not limited to, laws in Russia, Kazakhstan, the People’s Republic of China and Indonesia that require certain categories of data collected from individuals in such jurisdictions must be processed on primary systems in such countries. This may require additional technical steps in the context of the data collection, but does not typically preclude use of the Marketplace, because data residency or localization laws do not entirely prohibit a transfer of redacted survey responses, aggregated data (statistics) or a copy of an individual record so long as the original data processing occurs locally within the jurisdiction. Cint operates the Marketplace on servers in the United States and does not maintain local presences outside the United States to satisfy data residency or localization requirements.

7. Data Security.

Suppliers and Buyers are responsible for compliance with applicable data security laws and must meet or exceed the following technical and organizational data protection measures that Cint applies to its operation of the Marketplace:

Security Access Control: Implement suitable measures in order to prevent unauthorized persons from gaining access to data processing equipment and premises; limit access to employees and service providers with a legitimate need to know and subject to adequate written confidentiality and data security agreements.
Transmission Control: Implement SSL for Internet transmissions and other measures to reduce the risk that data is read, copied, altered or deleted by unauthorized parties during the transmission thereof or during the transport of the data media.
Data Handling: Have adequate security protection, procedures and protocols in place to ensure data is used, stored, maintained, protected, transferred, deleted or archived, as necessary and required by Applicable Laws.
Data Access, Correction, and Deletion: Disclose, correct, delete, or redact data on request from data subjects, where required by Applicable Laws.

8. Audio and Video.

If surveys are conducted with audio or video, then Suppliers and Buyers must ensure Respondents are adequately informed about the implications of being identifiable and comply with all other industry guidelines, including legal and compliance requirements relating to processing of data with audio and video. Buyer is responsible for ensuring appropriate consents.

9. Restrictions Applicable to Buyers and Suppliers.

Processing of PII is prohibited on the Marketplace. If the Buyer intends to conduct a survey collecting any PII when off the Marketplace, then the PII Checkbox on the Marketplace must be selected to ensure PII is never hosted on the Marketplace. Buyers shall not create custom questions on the Marketplace intended to derive answers containing PII or other sensitive data.

On the Marketplace, Buyers and Suppliers shall not:

Share User IDs, passwords, and/or API keys with any unauthorized third party.
Use survey farms, bots, or scrapers for any purpose.
Ask or answer questions using vulgar, abusive, or inappropriate language or content.
Fundraise, advertise, or make solicitations.
Ask or answer leading questions that are intended to coach, guide, or bias specific responses.
Misrepresent the source of Sample in any way.
Use copyrights, trademarks, or any other intellectual property without proper ownership or license.
Download, submit, or otherwise save sensitive content on the Marketplace
Sensitive content includes survey content of an offensive or especially personal nature.
Ask or answer questions about sensitive content in ways that do not conform with industry guidelines or Applicable Laws.
Ask or answer questions about sensitive financial information, including but not limited to, bank account and credit cards, and government-issued identification numbers.
Ask minors to answer questions without obtaining parental consent, as defined under Applicable Laws.
Solicit Respondents to take fraudulent or otherwise illegal surveys.

Failure to adhere to these restrictions shall be considered a material breach of the terms and conditions between Cint and its Buyers and Suppliers.

10. Buyers

Buyers are responsible for good faith reconciliations for Completes on the Marketplace. Acceptable reasons for reconciling Completes include poor response quality and inattentive, incomplete, or inappropriate responses. A detailed explanation of valid reasons for reconciling Completes can be found at https://support.lucidhq.com/s/article/Reconciliation-Report. Buyers shall not include PII in any reconciliation reports.

Buyers are prohibited from assigning a $0 or fraudulent Cost Per Interview for Over The Counter Sample purchases.

11. Suppliers

After 60 days without sending traffic to the Marketplace, Supplier API keys will automatically expire. This will prevent the Supplier from accessing the Marketplace. Suppliers should contact Cint if they wish to reactivate their API keys.

Suppliers must participate in Cint’s Supplier Quality Program. The Supplier Quality Program is a quarterly assessment of Suppliers quantifying the response quality of survey-takers and the consistency of a panel’s behavioral attributes. More information can be found at https://luc.id/quality/.

If Suppliers run medical ailment work, then Suppliers must comply with regulations for adverse impact reporting regarding negative side effects. Including, but not limited to, facilitating re-contact with Respondents indicating adverse impacts of medical ailments.

In order for Suppliers to seek Respondents for healthcare studies in countries with adverse event requirements, their staff must be adverse event trained by the BHBIA, and how to respond when a Respondent indicates an adverse event.

Suppliers must implement security protocols including SHA‑1 and Google Invisible Captcha.