GDPR Notice

This GDPR Notice will inform you of our legal grounds for processing your Personal Data, any transfers of your Personal Data to third parties, and any extra rights you have in relation to the processing of your Personal Data.

Userpeek processes Personal Data as both a Processor and a Controller (as defined by the General Data Protection Regulation of the European Union, or "GDPR"), as follows:

Customer Account Data and Tester Account Data, as well as Recording Data for Tests generated by Userpeek, are controlled by Userpeek.

In compliance with GDPR, the Customer is the Controller of Session and Recording Data gathered during Customer's use of the Platform and Services, and Userpeek is the Processor. Customer does not notice any correlation between Session and Recording Data and other Tester Account Data.

Categories of Personal Information Recipients

The types of receivers of Personal Data with whom we may share your Personal Data are stated in the part of the Userpeek Privacy Policy titled "How we share your Personal Data."

Purposes of Processing and Legal Bases

Userpeek utilizes your Personal Information for a variety of purposes, as outlined in its Privacy Statement. Certain cookies are required for us to deliver the Site, Platform, and Services you use, as well as to comply with our legal requirements. Some cookies enable us to present you with more relevant and tailored offers and information. We always have a Legitimate Business Reason and a legal basis for processing your Personal Information. Several of the most prevalent legal reasons on which we depend are briefly described here.

  • Performance of a Contract: We may handle your Personal Data for the performance of a contract to which you are a party, i.e. your use of the Platform or Services. For example, if you wish to become a Tester, we must process your Personal Data, including your payment information, to enable you to do so and pay you.

  • Legitimate Business Purposes: We may handle Personal Data where necessary for our legitimate business reasons, as outlined in the User Testing Privacy Policy, but only to the extent that your personal interests or basic rights and freedoms do not outweigh these interests. When we rely on these legal grounds, we will conduct a legitimate interest assessment to ensure that we take into account and weigh any potential impact on you (both positive and negative) and your rights under relevant data protection legislation.

  • Consent: Userpeek may depend on consent when required, such as with respect to Recording Data being accessible to Customers and some information gathered via cookies and similar technologies (other than strictly essential cookies), or when we are requesting confirmation of your marketing choices. When we rely on consent, you will be prompted to confirm that Userpeek has your permission to process your Personal Information. At the time of requesting your consent, you will be informed of the specifics of the processing, including the reason Userpeek wishes to process your data, how it will be used, and whether or not it will be shared. If you no longer want Userpeek to process your Personal Data, you may withdraw your permission at any time.

  • Legal Obligation: Userpeek may be required by law to collect and disclose your Personal Information. If feasible, we will notify you when we are required by law to handle your data. However, this may not always be practicable. Userpeek may need to disclose your information with law enforcement in order to prevent or identify illegal conduct. In such cases, we may share information with law authorities. This is accomplished in a secure and safe manner. Userpeek must comply with its legal, regulatory, and contractual obligations, thus if you object to this processing, Userpeek will be unable to offer you with its services.

The table below explains in further detail how the aforementioned legal grounds for processing may relate to our major reasons for processing various categories of Personal Data:

Purpose of Processing

Type of Personal Data Used for Purpose

Legal Basis 

To provide you access to and use of the Platform or Services, including registering as a Customer or a Tester

Tester Account Data Customer Account Data

Performance of a Contract

To improve and enhance your experience with the Services, including the content and general administration of the Services.

Visitor DataRecording DataTester Account DataCustomer Account Data

Legitimate Business Purpose

To retain records as may be required for tax, legal and financial purposes.

Only such information as may be required

Compliance with a Legal Obligation

To understand how you access, use and interact with the Services in order to provide technical functionality, develop new products and services, and analyze your use of the Services.

Visitor DataRecording DataTester Account DataCustomer Account DataTracking Data

Legitimate Business Purpose

To communicate with you.

Visitor DataTester Account DataCustomer Account DataInformation from Third Parties 

Performance of a Contract

Legitimate Business Purpose

To provide you with customer support in connection with your use of the Services.

Customer Account Data

Tester Account Data

Performance of a Contract 

To detect fraud, illegal activities or security breaches.

Only such information as may be required

Legitimate Business Purpose, but in some cases the processing may be required for Compliance with a Legal Obligation

To receive and make payments.

Tester Account DataCustomer Account Data

Performance of a Contract

To provide information to regulatory bodies when legally required, and only as outlined in this Privacy Policy.

Only such information as may be required

Legitimate Business Purpose, but in some cases the processing may be required for Compliance with a Legal Obligation

Controlling Your Information: Your Legal Rights

If the GDPR applies to you, you have the following rights regarding your Personal Information:

  • The right to be informed - our responsibility to tell you that we process your personal data (which is what this Privacy Statement does);

  • The right of access - the right to get a copy of the personal information we possess about you (sometimes referred to as a "data subject access request");

  • The right to rectification - the right to request that we update missing or erroneous personal data about you (though we normally advocate making changes to your account settings first);

  • The right to erasure (also known as the "right to be forgotten") – under certain circumstances, you may request that we delete the personal data we have about you (unless it remains necessary for us to continue processing your personal data for a legitimate business purpose or to comply with a legal obligation, in which case we will inform you);

  • The right to restrict processing - your right, under certain conditions, to request that we halt processing of your personal data;

  • The right to data portability - the right to request a copy of your personal data in a standard format (such as a.csv file);

  • The right to object - your right to object to our processing of your personal data (for instance, if you object to our use of your personal data for direct marketing purposes); and

  • Rights pertaining to automated decision-making and profiling — our need to be honest regarding any profiling or automated decisions we make.

These rights are subject to specific restrictions about when they may be exercised. Please fill out this form if you reside in the European Economic Area (EEA), Switzerland, or the United Kingdom and desire to exercise any of the rights outlined above.

You are not required to pay a charge to access your Personal Data (or to exercise any of your other rights), unless your request is manifestly unwarranted, repeated, or excessive. Alternatively, we may choose to deny your request under certain conditions.

We may require particular information from you in order to verify your identity. This is a precaution to guarantee that personal information is not shared to anybody who does not have the right to receive it. Please note that if we are unable to fairly verify your identity, we will be unable to comply with certain of your requests.

Within 30 days, we will react to all legitimate inquiries. If your request is exceptionally difficult or you have made many requests, it may take us longer than 30 days to fulfill it. As required by law, we will notify you and keep you updated in this situation.

In addition, if you no longer desire to receive marketing/promotional material from us, you may withdraw your agreement to direct marketing at any time using the unsubscribe link contained in every electronic marketing message we send you. If you do so, we will update our databases and take all reasonable measures to comply with your request as soon as practicable; nevertheless, we may continue to contact you to the degree necessary for delivering our Services.

Lastly, you have the right to lodge a complaint at any time with the data protection authorities in your country of residence. However, we would like the opportunity to resolve any issues before you approach the regulatory body, so please contact us first.

If you reside in the European Economic Area, Switzerland, or the United Kingdom, you may also contact our Data Protection Officer at


Under some conditions (such as with certain major changes), we will notify you of these modifications and, if required by relevant law, acquire your approval. You may be notified through email, by a prominent announcement on our applications and websites, or by any other method permitted by law.


Userpeek utilizes goods and services from third-party providers. As part of its efforts to ensure GDPR compliance, Userpeek has evaluated and continues to evaluate its vendors' compliance guarantees. Here, clients may log in to check current suppliers and their status.

Contact Information

Please contact us at if you have any questions, comments, or concerns concerning Userpeek or this GDPR Notice.

GraviTech (“UserPeek”)
167 Madison Avenue
Ste 205 #174
New York City, NY 10016

Last updated on 18 October 2022

Stop guessing, start knowing. Today.