Prolific Privacy Notice and Cookies Policy
Prolific's Privacy Notice and Cookies Policy document can be found and downloaded from here📎
Our updated policy explains your rights under this new law and will become effective May 23, 2018. By continuing to use our sites and apps after this date, you agree to these updated terms.
This article summarises the key points about how Prolific treats your data.
All users of Prolific
The GDPR provides certain rights for individuals in relation to their personal data, and you can exercise those rights by contacting us.
You can read guidance from the Information Commissioner’s Office at www.ico.org.uk for a fuller explanation of your rights.
When you use the Site, it will store data on your device by two methods: Web storage and cookies.
We may process the account data ("account data") you provide to us, which may include your name, email address, phone, and address, and we may also any correspondence between you and us and associated contact details (“correspondence data”). The account data and correspondence data may be processed for the purposes of operating our website and business, providing our services, ensuring the security of our website and services, and communicating with you.
In some cases we use other companies and products as processors to handle your data, and some of the third parties to whom we may transfer your personal data, discussed above, may be located outside the EEA. If so, then we will ensure that transfers by our appointed data processors will only be made lawfully.
We won’t keep your data for longer than necessary.
We are registered as a data controller with the UK Information Commissioner's Office. Our data protection registration number is ZA317731. Our data Protection Officer's contact details are: firstname.lastname@example.org
We may process information relating to transactions that you enter into with us through our website or by other means.
If you are a Researcher, then it is your responsibility to ensure that you have performed your legal obligations as data controller in relation to any personal data you may receive, and in particular, to ensure that you have provided all information required by law prior to the collection of any such personal data and ensured that any transfer of such personal data outside the EEA is lawful.
Further information about information you may not request in your study can be found here: Can I ask Participants for their Personal Information/Identifiers?
We may process your information included by you in your personal profile on our website ("profile data"). The profile data may include your gender, date of birth, relationship status, interests and hobbies, educational details, employment details, and other categories.
The profile data which we process may also include special categories of data. This data may include data about race, ethnic origin, politics, religion, health, sex life or sexual orientation. We process profile data for the purposes of demographic screening.
If you choose to enter any special category data in response to our screening questions, then you consent to our processing that data in accordance with our Privacy Notice. You can withdraw that consent and remove that data by deleting the relevant screening questions at any time.
We will not disclose personal data between Participants and Researchers, although Researchers will see anonymized demographic data relating to Participants for screening purposes. If you are a Participant and you agree to participate in any study posted by a Researcher, then any personal data you disclose to the Researcher (whether through Prolific or otherwise) will be used by that Researcher as a data controller in its own right, and we are not responsible for any such use.
We may process information relating to payments we make to you ("payments data"), which may include your contact details, your payment account details, and the transaction details. We process this for the purposes of paying rewards to you.
Prolific's security systems
Prolific's security systems protect participant data and confidentiality in the following ways:
- Prolific uses encrypted HTTPS connections, secured by Transport Layer Security (TLS).
- Participants are fully anonymized. They are assigned a unique participant ID (24 character alphanumeric).
- Prolific provides an anonymized internal messaging service, which allows participants to message researchers (and vice versa) with any concerns.
- Researchers cannot access participants’ identifiable information. Clear guidance is provided on what information researchers cannot request. It can be found in the FAQ section below.
- User data is stored in a secure cloud container environment.
- Passwords are hashed using industry approved technologies. They are stored securely and can not be viewed by Prolific.
- We do not store any data provided within studies. These are carried out on external survey software/platforms.
- Participants are free to opt-out at any time, and we are fully GDPR compliant.