Privacy Policy

Material Holdings, LLC (f/k/a Lieberman Research Worldwide), is a marketing services and digital
transformation consultancy having affiliated subsidiary businesses which include Material US, Inc., and Interviewing Service of
America (collectively referred
to herein as “Material”). Material also operates several consumer-facing research panel services, including Q-Insights, MySoapbox, and icanmakeitbetter
(collectively, “Our Panels”). The SoapBox trademark is owned by Calign, Inc. and is used under license. 

Material is committed to protecting the privacy of all information we collect, store, or otherwise, process
(collectively, “Process”) relating to our business activities (our “Services”). This policy applies to any
facility, system, or network controlled by Material that Processes the personal data or information of
Material’s clients, vendors, Research Participants, and/or other consumers; it is understood that the terms
“information” and “data” shall be used interchangeably herein.  

By engaging with, accessing, and/or browsing our Services, participating in any of our Research Studies
(defined below), contacting us and communicating with us, or otherwise providing your data to us, such
activities and the data Processing that arises therefrom are guided by this privacy policy. If your
interactions with Material fit any of the categories referenced in the next section, please be aware of the
additional privacy notices related to such activities.  

Registered Research Participants of Our Panels. If you are a current or former Research
Participant registered as a member of one of Our Panels, please refer to the sub-section (below) titled
“Research Participants Registered With Our Panels” and any other terms in this policy that refer specifically
to Research Participants. In the event of a conflict between the terms applicable to Research Participants and
the other terms found herein, the former terms shall prevail for Research Participants.  

California-Resident Business Service Providers. Material’s California-resident personnel (which
includes, Material’s employees and independent contractors), and also the California-resident personnel of
Material’s clients, vendors, and similar service providers should refer to Material’s California-Resident Privacy Notice for additional privacy
disclosures. In the event of a conflict between the California-Resident Privacy Notice terms and the terms
herein, the former terms shall prevail for California-resident personnel.  

California-Resident Job Applicants. If you are applying for a role with Material, whether through our
“Careers Portal” or a third-party platform (i.e. LinkedIn®), please refer to Material’s California-Resident Applicant and Candidate Privacy
Statement. In the event of a conflict between the California-Resident Applicant and Candidate Privacy
Statement terms and the terms herein, the former terms shall prevail. 

“Personal information” or “personal data” are terms we use interchangeably in this notice to
refer to any information or combination of information that is reasonably capable of revealing your specific
identity. Various jurisdictions define these terms slightly differently but generally align with this broad
definition. 

As to our business-to-business activities concerning marketing, digital transformation, branding, strategy,
technology, design, and communications consultancy—we Process personal information to communicate with you,
enter into agreements with you, and support our Services.  Such information is not used for any other purpose
without your consent. 

As to our other consumer-facing business activities, i.e. market research and analytics activities, we also
collect and process information which includes (a) personal information and (b) sensitive personal
information; sensitive personal information is collected based on opt-in consent (in accordance with the GDPR
and Data Privacy Framework Principle of “Choice”) and/or alternative legal bases available to us
under the circumstances.  We may also collect information that is ancillary to our activities, such as visits
to our websites and signups for our newsletters or whitepapers.  To effectively operate our market research
and analytics business operations and services, if you are the subject of such activities, those activities
will require that we collect information from or about you.  In so doing, we follow prevailing market
industry standards as well as applicable laws.  In particular, if you are a Research Participant (defined
below), we collect a variety of feedback from you which may include “personal information” and “sensitive
personal information” (i) in connection with developing and maintaining our research survey panels, (ii) as
part of research and data collection activity we undertake for ourselves, our clients and/or our vendors,
and/or (iii) relating to your activities or behavior in the context of analyzing sentiments with the help of
technology.  

Research Study participation is voluntary, and participants have the opportunity to “opt out” of the research
after agreeing to participate. If you cannot find the instructions on how to “opt-out” of a Research Study,
please contact us in the manner specified in the Your Rights As to Your Personal Data section (below).

Research Participants Registered With Our Panels. We are often unable to identify
specific Research Participants in our “Research Studies” unless the Research Participant or an authorized
third party (such as our client) shares identifying information with us. A subset of our “Research
Participants” however are registered members of Our Panels who voluntarily provide us with their email
addresses and other identifying information so we can regularly share Research Study opportunities. The
information we request at registration, including profile information, helps us match each member of Our Panel
with appropriate Research Studies.   

Personal data we collect upon registration to Our Panels include but is not limited to: first and last name,
residential and work address, email address, telephone number, race, age, gender, date of birth, income level,
disabilities, educational attainment, home ownership, employment status, hobbies, interests, product
use/ownership, and geographic location. Our legal basis for Processing such personal data is consent. Consent
can be withdrawn at any time.  

A member of Our Panel may terminate his or her membership by logging in to his or her account and following
the instructions to delete one’s account. Alternatively, he or she may send an email request
to support@mysoapbox.com and please specify which of Our panels is applicable. When an account termination is
fully processed,  survey invites will cease and any points or rewards earned will be forfeited. If we
receive information about you from a client or vendor for use in connection with our Research Studies, our
legal basis for processing that information is our legitimate interest to perform our obligations under our
contract.  

Types of Research Studies We Conduct. Most Research studies we conduct fall into
either or both of the following two categories: (1) “quantitative studies”, and (2) “qualitative studies”.
  

“Quantitative studies” almost always avoid the use of information that would allow us to reveal your
identity.  For example, when you enter our survey environment for a quantitative study, you are assigned
a random alphanumeric identification (“Research ID”) to avoid collecting your actual identity.  When we
collect your research responses in this context, the categories of information we collect are generally:
demographic information, opinion data, and behavioral data. This information will be associated with your
Research ID.  Quantitative studies are generally delivered as online surveys and polls and consist of an
initial screening section to qualify you for the survey, followed by the actual survey for those who qualify.
Many research studies attempt to find hard-to-reach audiences.  As such, qualifying for a survey does not
guarantee that you will successfully complete the survey. Nevertheless, we will collect, process, and store
the information we collected from or about you in order to demonstrate and improve our research methodologies.
    

“Qualitative studies”, on the other hand, generally require one or more identifying data points about you in
order to contact you about the study and/or associate you personally with your research feedback.  In
many instances, a qualitative study opportunity presents itself after completing a quantitative study. For
example, by completing the quantitative study, you might be invited into a related qualitative study.
Qualitative studies come in many forms, both in-person and virtual, including, in-depth interviews, in-home
product testing, shopper behavior, focus groups, and virtual communities.  

Data collected as part of our Research Studies may also include a photo, video, or audio response with your
consent.   

Joining a research community involves repeated interaction with a community moderator and/or other community
participants over a defined period. When you participate in a research community, we typically have personal
data about you (including a means to contact you), but other participants in the study would not have access
to your identity unless you share it with them (i.e. in community-facing messages and/or choosing a community
username that reveals your identity).  

The privacy laws of some jurisdictions (e.g. California, Virginia, and the European Union) define personally
identifying information broadly to include the de-identified feedback you provide to us in Research Studies;
even when it is impractical for us to reveal your identity with such information. Some jurisdictions (namely,
the European Union and some states in the United States e.g. California, Utah, Virginia, Colorado, and
Connecticut) also recognize a subset of personal information that is referred to as “sensitive personal
information” or “special categories of personal data”. Examples of “sensitive personal information” include
your ethnicity, religious beliefs, and sexual preferences. At any time, you may use our Your Data Your
Rights privacy request portal (“Privacy Portal”) and/or our privacy request phoneline (see Your Rights
As to Your Personal Data, below) to send us requests related to your privacy.  When you make a privacy
request, please be aware that it is often impossible to match your name, email, and other identifying
information to records in our system because you may have entered into our system in a de-identified manner
and we use best efforts to preserve your anonymity or pseudonymity in such instances.  Nevertheless, we
will use good faith efforts to find a record that matches you and, if found, we will process your request in
accordance with applicable laws, industry customs, and our privacy policies. 

If a Research Study involves an incentive, we may ask for your name and telephone number or email address to
notify you if you are a winner or if you earned the applicable incentive. There is never an obligation to
provide this information to participate in the Research Study but if you don’t provide it, we have no
practical ability to reward you.  When we collect your contact information for incentivization, we use good
faith measures to avoid associating it with your research-related feedback. Our legal basis for the collection
and processing of Research Participant-supplied identifying data is consent.  Consent can be withdrawn at any
time. 

Third-Party Data

Sometimes, we obtain identifying information directly from our clients, third-party vendors, or partners that
have the right to provide it to us.  The information we receive in such cases might include personal
identifiers so we can send you an invitation to participate in the study.  When we purchase data aggregated by
third parties about you or your devices (“third-party data”), such data is generally de-identified and
consists of demographic, interest, or behavioral information. We use this information to correlate and append
it to your survey responses so we can perform a more robust analysis of such data and create broad cohorts of
Research Participants that share common characteristics (this is known as “segmentation”).  When we conduct
research with the help of third-party data, we use good faith efforts to ensure that the research data we
collect remains de-identified to us by employing a variety of data protection methods, including, assigning a
Research ID, encryption, hashing, pixel tagging, and/or using cookies.  

Publicly Available Data

In some Research Activities, we may collect publicly available information, including comments made in
connection with product reviews or on social media which may, from time to time, include a “handle” or
“username” you used to identify yourself on those platforms. We use reasonable commercial efforts to avoid
collecting identifying information.  Our legal basis for collecting and processing such publicly available
information is our legitimate interest to perform our obligations under our contract with the client
commissioning the research study in question. 

Quality Assurance

Additionally, in connection with our Research Studies consisting of online surveys, we employ software to
identify certain information related to the systems you are using.  The information we collect includes
IP address, device type, browser type, geographic location, mouse movement, and key-entry monitoring. This
information is collected for the purpose of protecting the integrity of the research and generally improving
the research experience that we offer.  This information is only used for the aforementioned purpose, and
shared with third-party vendors, for such purpose.  Our legal basis for the collection and processing of this
information is our legitimate interest to protect the integrity of our business and enhance the services we
perform for our clients. 

California-Resident Service Provider Data

If you are (or work for) a client or vendor engaged with us, we likely have collected various contact,
business, and in some cases financial information about you in the course of procuring our Services.  In those
cases, our legal basis for the collection and processing of the information includes our legitimate interest
to perform our actual or expected obligations with you or the company you represent. California residents
should further consult our California-Resident Privacy Notice for more information
about the information we collect in this context. We may collect certain information regarding visitors to our
Services, including IP address, device and browser type, date and time of visit, name of the visitor’s
Internet service provider, state or country from which the Services were accessed, web pages from which the
visitors linked to the Services, and behavior while on the Services (e.g., which links were clicked on).  We
may do so using cookies, which are small files placed on your internet browser when you visit our Services, to
offer you a more tailored experience in the future by, for example, understanding and remembering your
particular browsing preferences.  Occasionally, cookies, pixels, or web beacons may be placed on our Services
by service providers or partners; we do not permit data that reveals your identity to be collected or accessed
by these cookies, pixels, or web beacons.  If you prefer not to receive cookies from our Services you can
disable their use in your web browser settings. By doing so you may reduce the functionality of the web pages
you view.  Currently, our systems do not respond to browser do-not-track signals, and we do not treat such
do-not-track signals as “do not sell” signals under the CCPA (as defined below).   

Informational and Marketing Communication

If you choose to sign up for our newsletters, mailing lists, and/or to receive white papers or ebooks, we
collect the information you supply for use in the promotion of our businesses and its Services. If you wish to
be removed from such communications, please email us at info@materiaplus.io or use the “unsubscribe” link
found in the email you received or the unsubscribe feature made available by your email service
provider. 

Data Processing and Handling (in General)

Depending on how we obtain your personal data,  we may be considered a “controller” of the data or a
“processor” of the data (as such terms are defined by applicable law).  If we are the processor, we will
process the data in accordance with the instructions provided to us by the controller of the data. 

Regarding data collected as part of our research activities, we collect data for research purposes.   In many
cases, this information is shared with the client commissioning the study pursuant to our contract with that
client.  In some cases, we may need to share personal data with third parties for ancillary services in
support of the Research Studies. In these cases, we contractually require the third party to follow privacy
protection measures no less stringent than those that we follow.  

Insofar as we have operations (and conduct business) globally, any data we collect and process in connection
with our business activity may be transferred between or among two or more countries (including from the EU,
UK, and/or India to the US), either within Material or between Material and a client or other third party
described herein.  In all cases, we will take appropriate measures to ensure that personal data is transferred
in accordance with this privacy policy and the applicable legally-provided mechanisms available to the parties
to lawfully transfer data across borders (e.g. by entering into Standard Contractual Clauses issued by the
European Union, when appropriate). These measures further include, in the case of transfers to the US from the
EU, the United Kingdom, and Switzerland- adherence to the “Data Privacy Framework” (or, “DPF”) (described in
the EU/US DPF, UK Extension to the EU/US DPF and Swiss/US DPF).  

We do not sell personal data in the traditional sense and we do not rent, sell or give personal
data to any third party for the purpose of directly marketing any products or services, and have not done so
in the preceding 12 months.   However, you should be aware that certain laws to which we are subject, for
example, the California Consumer Privacy Act (the “CCPA”), define the terms “sell” and “sale” very broadly,
such that some of our research-related activities might fall within the definition of “sale”. If a California
resident submits a “do not sell” request through our Privacy Portal, we will treat the request as a request to
delete their personal information. 

We reserve the right to disclose your personal information for the following purposes: (i) if you consent,
authorize, or direct us to share your personal information; (ii) to comply with requests under prevailing
privacy laws; (iii) disclosures amongst Material’s affiliated entities and business units or as part of a
merger, stock or asset sale, or other corporate transaction; and (iv) as otherwise required or permitted by
applicable law, court or regulatory body (e.g. in response to a legal request from public authorities or in
response to a subpoena or other legal process). 

We do not discriminate financially between those who elect to supply their personal data to us and those who
elect to not do so, provided, however, that to the extent a survey or other Research Study involves the
transfer of a reward, financial incentive, or entry in sweepstakes, and you decline to provide us with the
information needed to make the transference possible, we would have no practical way to fulfill such reward,
incentive or sweepstakes entry. 

In all cases, Material will take reasonable steps to ensure the personal data we collect is accurate,
complete, current, and relevant and being used only for the intended purposes. We will use our best commercial
efforts to not process personal data in a way that is incompatible with the purposes for which it has been
collected or subsequently authorized by the individual. 

We keep personal data for no longer than necessary for the purposes for which the personal data is collected
or processed. The length of time we retain personal data for depends on the purposes for which we collect and
use it and/or as required to comply with contractual obligations, industry standards, and applicable laws and
to establish, exercise, or defend our legal rights. 

We maintain physical, electronic, and procedural security measures to help safeguard client and
personal data which are consistent with industry standards and practice and in compliance with applicable law
(our “Safeguards”). Notwithstanding the category of individuals about whom personal data is collected, our
Safeguarding is designed to use commercial best efforts to protect the data we process from loss, misuse,
unauthorized access, disclosure, alteration, and destruction. While the specific Safeguards we use vary
depending on the circumstance of the Processing activities, they include, (1) a cybersecurity program and data
privacy program, (2) data breach incident management procedures, (3) periodic self-assessments and third-party
assessments, and (4) penetration tests.  

The technical and organizational safeguards we employ meet the applicable standards of industry practice that
are relevant to our business activities and the volume and sensitivity of the data we process. Third parties
that provide us with support or services and that may also receive personal data are required by us to
maintain safeguarding measures similar to ours with respect to such information.  

Our Services may contain resources and links to third parties. We do not control third-party services, and
therefore we cannot be responsible for the protection and privacy of any information that you provide while
engaging with them. Third-party websites and services are not governed by this privacy policy unless expressly
stated otherwise, and if you have questions about how a third party uses your information, consult their
privacy statement. 

We comply with the EU/US DPF, UK Extension to the EU/US DPF, and Swiss/US DPF as set forth by the US
Department of Commerce, under the enforcement authority of the Federal Trade Commission, regarding the
collection, use, and retention of personal information from European Union member countries, United Kingdom
and Switzerland. We have certified that our organization(s) adhere to the Data Privacy Framework Principles of
Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access,
and Recourse, Enforcement and Liability. If there is any conflict between the policies in this privacy policy
and the Data Privacy Framework Principles, the Data Privacy Framework Principles shall govern.  To learn
more about the Data Privacy Framework program, and to view our certification page, please visit https://www.dataprivacyframework.gov/s/ 

Consumers, including Research Participants, may have the right to make certain jurisdiction-specific
privacy-related requests about the information we Process, including:  that we provide access to any personal
data we hold about you; that we update any of your personal data which is out of date or incorrect; where our
basis for processing your personal data is consent, that your consent to further processing be withdrawn;
where we received your personal data from a third party, inquire where the data originated; that we delete any
personal data which we are holding about you; that we restrict the way that we process your personal data
(including that we no longer “sell” your personal data or that we not “share” your personal data to third
parties for cross-context behavioral advertising; that we prevent the processing of your personal data for
direct-marketing purposes; that we provide, or not provide, your personal data to a third party; that we
provide you with a copy of any personal data which we hold about you; that we consider any valid objections
which you have to our use of your personal data; that you not be discriminated against for exercising any of
your privacy rights; that you initiate a private cause of action for data breaches; and that we limit the use
and disclosure of sensitive personal information.  Under applicable law, certain personal data may be exempt
from some of these requests. Also, if you wish to request that we restrict processing of your personal data in
a particular way that would be operationally impractical for us to execute, we reserve the right to instead
remove, delete or otherwise render your personal information non-identifiable from our systems in lieu of the
operationally impractical request. In the case of Research Participants, an operationally impractical request
may result in disqualification from participating in a Research Study, permanent revocation from membership in
Our Panel, and/or forfeiture of incentives, rewards, and prizes. 

If you would like further information about your rights (or would like to exercise any of your rights),
please contact us in one of the following manners: (1) write to us at Material Holdings, LLC, 1900 Ave of the
Stars, 16th Floor, Los Angeles, CA 90067 USA, Attn:  Privacy Officer; (2) email us at privacy@materialplus.io;
(3)  leave us a message at (888) 914-9661 (PIN: 892698), or (4) submit your question or request to our Privacy Portal. 

To exercise privacy rights in your capacity as our employee, job applicant, independent
contractor, or the personnel of our clients and vendors, please contact privacyrequests@materialplus.io.
 

By law, as well as for your protection, if you use one of the methods in the previous paragraph to make a
privacy request we may verify your identity before processing your request.  If we are not able to verify your
identity, understand your request, or if your request is not privacy-related, we will not process your
request.  To verify your identity, we minimally request that you supply your basic contact information, as
well as certain other non-personally identifiable information (e.g., information relating to your last
interaction with us, such as subject matter and type of study). This information will only be used in
connection with processing your request. When we receive a valid privacy request, we then attempt to find the
records relating to the request.  If we find such records, we will attempt to process your request and
will inform you of the outcome in a timely manner.  An authorized agent may make a privacy request on your
behalf, provided that we reserve the right to verify your and their identity as described above. 

Any personal data which may be collected in the Careers sections of our Services will be used solely for
purposes of the consideration of possible employment. This information will not be used in connection with
research or other aspects of our operations. California-resident job applicants should further consult our California Candidate Privacy Statement. 

We operate in compliance with the Children’s Online Privacy Protection Act (“COPPA”), under the
enforcement authority of the US Federal Trade Commission (“FTC”). We do not knowingly collect, use or disclose
information from children under the age of 13 online without permission from a parent or guardian in the
manner required by law. We also do not “sell” (as defined in CCPA) the personal information of persons under
16 without affirmative authorization. For more information on COPPA, please
visit http://www.ftc.gov/ogc/coppa1.htm.  

If you are a California resident who is 16 years of age or older, you have the right to direct us to not sell
your personal information. We do not knowingly sell such information unless we receive an opt-in from the
Consumer who is at least 13 but under 16, or from the parent or guardian of a Consumer younger than 13.
Consumers who opt-in to the sale of their personal information may opt out at any time. If you think we may
have unknowingly collected personal information for sale relating to yourself or of your child under the age
of 13, or if you are at least 13 but under 16, please exercise your (or your child’s) right to opt out of such
sale (per the instructions in the Your Rights As to Your Personal Data section above).

Material is subject to the investigatory and enforcement authority of the FTC.   

Also, as members of the Insights Association and ESOMAR, we strive to model our policies according to
guidelines promulgated by those organizations.  

Our Privacy Officer is available if you have questions about our Privacy Policy, or for processing a
complaint. Please refer to the contact information described above under the heading “Your Rights As to Your
Personal Data”. 

We also comply with the principles of the EU/US DPF, UK Extension to the EU/US DPF, and Swiss/US DPF as set
forth by the U.S. Department of Commerce (“Data Privacy Framework Principles” or “DPF Principles”) regarding
the collection, use, and retention of data from the European Union and the United Kingdom, and Switzerland.
These principles are available to view here. If you are concerned about our use of personal
or client information, you may contact us as described above under the heading “Your Rights As to Your
Personal Data.”  

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Material commits to cooperate and
comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and
the UK Information Commissioner’s Office (ICO) with regard to unresolved complaints concerning our handling of
human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF in the
context of the employment relationship. 

European Union, United Kingdom, and Swiss individuals with inquiries or complaints regarding this privacy
policy are encouraged to first contact Material as described above under the heading “Your Rights As to Your
Personal Data.”  

Material takes responsibility for cross-border onward transfers to third parties made in a manner that is
inconsistent with the Data Privacy Framework Principles referenced herein. 

In compliance with the EU/US DPF, we are committed to resolving complaints about your privacy
and our collection or use of your personal information. European Union, United Kingdom and Swiss individuals
with inquiries or complaints regarding this privacy policy should first contact us through our privacy request
portal at: www.materialplus.io/yourdatayourrights 

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Material
commits to refer unresolved complaints concerning our handling of personal data received in reliance on the
EU-U.S. DPF and UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to Material, an alternative dispute
resolution provider based in the United States. As such, you may invoke binding arbitration through this
alternative dispute resolution provider. If you do not receive timely acknowledgment of your DPF
Principles-related complaint from us, or if we have not addressed your DPF PRinciples-related complaint to
your satisfaction, please visit https://www.insightsassociation.org/Resources/Data-Privacy-Framework
for more information or to file a complaint pursuant
to the Recourse, Enforcement and Liability Principle set forth in the Data Privacy
Framework, Annex 1 (found at https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf).
The services of Insights Association are provided at no cost to you. 

Finally, if required or permitted by law, you may also make a complaint to the data protection authority in
the EU country or Switzerland where we may have operations or where we process personal data that relates to
offering goods or services to you in the EU.

We may update this Privacy Policy from time to time by posting an amended version of the statement on one or
more of our Services. Please refer to this policy regularly.  

Last Update: