Bridge Analytics complies with applicable data privacy laws, including:
Domestic Privacy Law
● New Jersey Consumer Fraud Act (CFA) – Prohibits deceptive practices in data collection.
● New Jersey Identity Theft Prevention Act (NJITPA) – Requires businesses to protect and properly dispose of personal data.
● New Jersey Data Breach Notification Law (N.J. Stat. § 56:8-161 – 166) – Mandates timely notification in case of a data breach.
● Federal Trade Commission Act (FTC Act, Section 5) – Prohibits unfair or deceptive data practices.
● Council of American Survey Research Organizations (CASRO) Standards – Ensures ethical handling of survey data.
● Children’s Online Privacy Protection Act (COPPA) – Governs data collection from minors. 
● California Consumer Privacy Act (CCPA) & California Privacy Rights Act (CPRA) (Cal. Civ. Code § 1798.100 et seq.) – Provides California residents with rights over their personal data, including access, deletion, and opt-out rights.
● Other U.S. State Privacy Laws (Virginia CDPA, Colorado CPA, Connecticut CTDPA, Utah UCPA, etc.) – Requires businesses handling personal data of state residents to implement data protection measures. 
European Union Privacy Law
● General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) – Governs the collection and processing of personal data for individuals in the EU, including rights to access, correct, delete, and restrict processing. 

For respondents located in California, the European Union, or other U.S. states with privacy laws, additional rights and disclosures apply, as detailed in the Global Compliance & Regional Privacy Rights section below.

Your survey responses are confidentially handled. For market research surveys respondents are identified using alphanumeric Respondent ID numbers, ensuring anonymity in our research data.  We combine all participants responses to report on an aggregated basis to the client that commissioned the study.

We use Personal Identificatiable Information only for:
● Processing research incentives (e.g., gift cards or compensation).
● Recontacting respondents for follow-up studies, if they opt in.
● Sharing media files (video/audio responses) with end clients for internal analysis only (never for marketing or promotional purposes). 
Bridge Analytics partners with third-party vendors to recruit research participants, administer surveys, and facilitate follow-up research. These vendors maintain their own privacy policies and compliance obligations. We encourage respondents to review the privacy policies of any third-party research providers involved in a given study.

We do not collect or store personal information directly. Instead, we purchase research samples from third-party sample providers who maintain proprietary respondent panels. Any personal data respondents provide during their panel registration is managed by these providers. If a respondent opts in to share Personal Identificatiable Information (e.g., email or phone number) during a study, this information is collected through the Decipher programming platform and securely transferred to Bridge Analytics.

We implement security measures to protect personal information, including:
● Analyzing research data in aggregate form to prevent individual identification.
● Securing video and audio uploads through Google Workspace enterprise tools.
● Relying on Google’s built-in safeguards for data storage and access control.

Bridge Analytics retains personal data only for as long as necessary to fulfill the stated research purposes. After completing a study:
● Emails for incentive payments are securely deleted once processed.
● Opt-in contact details for follow-up research are retained only until the research is completed.
● Media uploads (video/audio responses) are stored temporarily for analysis and are not retained beyond the project’s duration. Once data is no longer needed, it is securely deleted or anonymized to prevent unauthorized access. 

In compliance with the New Jersey Data Breach Notification Law, if a data breach occurs involving personal information, Bridge Analytics will:
● Notify affected individuals without unreasonable delay.
● Inform the New Jersey Attorney General if required.
● Take immediate action to mitigate risks and prevent future breaches.

Respondents provide Consent by:
● Opting in to join Dynata’s panel and agreeing to be contacted for research.
● Continuing a study after passing an eligibility screener.
● Explicitly opting in before submitting video/audio responses. How to Withdraw Consent:
● Respondents can opt out at any time by discontinuing the self-administered survey.
● To request removal from future research studies, respondents can email tracy@bridgeanalyticsresearch.com.

A. California Consumer Privacy Act (CCPA/CPRA) (Cal. Civ. Code § 1798.100 et seq.) For California residents, we comply with the California Consumer Privacy Act (CCPA) and its amendment, the California Privacy Rights Act (CPRA). Under these laws, California residents have the right to:
● Know what personal information is collected (Cal. Civ. Code § 1798.110).
● Delete personal data collected about them (Cal. Civ. Code § 1798.105).
● Opt-out of the sale or sharing of personal data (Cal. Civ. Code § 1798.120).
● Correct inaccurate data (CPRA Addition – Cal. Civ. Code § 1798.106).
● Limit the use of sensitive personal information (CPRA Addition – Cal. Civ. Code § 1798.121).

How to exercise these rights: Email tracy@bridgeanalyticsresearch.com with the subject “CCPA Data Request.”

B. General Data Protection Regulation (GDPR) (EU Residents) (Regulation (EU) 2016/679) If Bridge Analytics collects Personally Identifiable Information (PII) from individuals in the European Union, we comply with GDPR, which provides the following rights:
● Right to Access (Art. 15 GDPR): Respondents may request a copy of their personal data.
● Right to Rectification (Art. 16 GDPR): Respondents can correct inaccurate personal data.
● Right to Erasure ("Right to be Forgotten") (Art. 17 GDPR): Respondents may request deletion of their personal data.
● Right to Restrict Processing (Art. 18 GDPR): Respondents may limit how their data is processed.
● Right to Data Portability (Art. 20 GDPR): Respondents can request their data in a portable format.

How to exercise GDPR rights: Email tracy@bridgeanalyticsresearch.com with the subject “GDPR Data Request.”

C. Other U.S. State Privacy Laws Bridge Analytics monitors changes in U.S. privacy laws, including those in Virginia, Colorado, Connecticut, and Utah. Residents of these states may have similar rights as outlined above.

Bridge Analytics may update this Privacy Policy as necessary to reflect changes in business practices, regulatory requirements, or industry standards. The most current version will always be posted on our website.

If you have any questions or concerns about this Privacy Policy or how we handle your personal information, please contact us at: Bridge Analytics, LLC, Mailing Address: 24B W Main Street, Mendham NJ 07945 Email: tracy@bridgeanalyticsresearch.com Phone: 203-913-8050