La Greca Research LLC

Privacy Policy

Effective Date: 03/18/2026 · Last Updated: 03/18/2026

1. Introduction

La Greca Research LLC (“La Greca Research,” “we,” “us,” or “our”) is a market research consultancy based in Georgetown, Texas, United States. We provide research consulting services to businesses, including survey design and administration, qualitative interviewing, data analysis, and strategic research advisory.

This Privacy Policy explains how we collect, use, store, share, and protect personal information in connection with our website (lagrecaresearch.com), our market research services, and our business operations. It applies to three categories of individuals:

  • Website visitors who access our website or submit inquiries through our contact forms
  • Research participants (respondents) who take part in surveys, interviews, or other research activities we conduct
  • Business contacts, including clients, prospective clients, and professional contacts whose information we process in the ordinary course of business

We are committed to handling personal information responsibly and in compliance with applicable data protection laws, including the Texas Data Privacy and Security Act (TDPSA) and other applicable state and federal regulations. Although La Greca Research does not currently meet the applicability thresholds of the California Consumer Privacy Act (CCPA/CPRA), we voluntarily extend the substantive rights provided under CCPA to California residents as described in Section 11 of this policy.

2. Who We Are

La Greca Research LLC is a Texas limited liability company. For purposes of applicable data protection law:

  • When we collect and use personal information about website visitors and business contacts for our own purposes, we act as a data controller (or “business” under US state privacy laws).
  • When we collect and process personal information from research participants on behalf of our clients, we typically act as a data processor (or “service provider” under US state privacy laws), processing data according to our client’s instructions and under a contractual agreement. In some engagements, we may act as a joint controller with our client or as an independent controller, depending on the scope and terms of the project.

This distinction matters because the rights you may exercise and the obligations that apply to us depend on our role in relation to your data.

Contact Information

La Greca Research LLC
1003 Boxwood Loop, Georgetown, TX 78628, United States
privacy@lagrecaresearch.com

3. Information We Collect

3.1 Information from Website Visitors

When you visit our website or interact with us through our online presence, we may collect:

  • Contact information you voluntarily provide through forms, including your name, email address, company name, job title, and phone number
  • Technical information collected automatically, including IP address, browser type and version, operating system, referring URL, pages visited, time spent on pages, and date/time of access
  • Cookie and tracking data, including information collected through cookies, web beacons, and similar technologies used by our analytics and marketing tools (see Section 10 for details)

3.2 Information from Research Participants

When you participate in a market research study conducted by La Greca Research, we may collect some or all of the following, depending on the study design and with your explicit consent:

  • Identifying information such as your name, email address, phone number, company name, and job title (where required for recruitment, scheduling, or incentive fulfillment)
  • Professional and demographic information such as your industry, role, seniority, company size, geographic location, and other screening or classification data
  • Survey responses, including quantitative ratings, open-ended text responses, and selections
  • Interview and discussion data, including audio recordings, video recordings, and written transcripts of qualitative research sessions
  • Biometric data collected voluntarily as part of specific research studies, which may include eye-tracking measurements, facial coding data, heart rate data, and skin conductance (galvanic skin response) measurements. Biometric data is only collected with your explicit, informed consent prior to the research session and is used solely for the research purpose disclosed to you at the time of collection.

Many of our research studies collect responses on an anonymous or de-identified basis, meaning no personally identifiable information is linked to your responses. Where a study does collect identifiable data, you will be informed of this before you participate.

3.3 Information from Business Contacts

In the ordinary course of business, we collect and maintain contact information for clients, prospective clients, vendors, and professional contacts, including name, email address, phone number, company, job title, and records of our business interactions.

4. How We Use Your Information

4.1 Website Visitor Data

  • To respond to inquiries you submit through our website
  • To send you information about our services if you have opted in to receive communications from us
  • To analyze website traffic and usage patterns to improve our website and user experience
  • To maintain the security and functionality of our website

4.2 Research Participant Data

  • To conduct the market research study for which you have been recruited and have consented to participate
  • To analyze, aggregate, and report research findings to our clients
  • To fulfill incentive payments or other compensation for your participation
  • To contact you about the study in which you are participating (e.g., scheduling, follow-up, clarification)
  • To maintain quality control and data integrity within research studies

Research participant data is used exclusively for the research purposes disclosed to you at the time of consent. We do not use research participant data for marketing, advertising, or any purpose unrelated to the research engagement.

4.3 Business Contact Data

  • To manage our client relationships and deliver contracted services
  • To communicate about ongoing or prospective engagements
  • To send relevant professional communications (you may opt out at any time)
  • To manage our business operations, including invoicing, contracting, and vendor management

4.4 Use of Artificial Intelligence Tools

La Greca Research uses artificial intelligence (AI) tools, including large language models, to support our research analysis, reporting, and business operations. When AI tools are used to process research data:

  • Research data provided to AI tools is anonymized or de-identified before processing wherever feasible
  • AI tools are used to assist with tasks such as qualitative coding, thematic analysis, survey data analysis, and report drafting — not to make autonomous decisions about individuals
  • We use AI providers whose terms prohibit the use of customer inputs for model training (e.g., Anthropic’s commercial API terms)
  • No identified research participant data is shared with AI providers unless necessary for the specific research task, de-identification is not feasible, and appropriate safeguards are in place

5. Legal Basis for Processing (EEA/UK Residents)

If you are located in the European Economic Area or the United Kingdom, we process your personal data on the following legal bases:

  • Consent – where you have provided explicit consent to participate in research or to the use of specific types of data (including biometric data)
  • Contract – where processing is necessary to perform a contract with you or to take steps at your request
  • Legitimate Interests – for business operations, client communications, and improving our services, provided such interests are not overridden by your rights
  • Legal Obligation – where we are required to comply with applicable law

6. Special Category Data (Biometric)

Where we collect biometric or other sensitive personal data, we do so only with your explicit, informed consent and solely for the purposes disclosed at the time of collection. Such data is processed in accordance with heightened security and confidentiality measures.

7. Research Integrity

All personal data collected in connection with market research is used exclusively for research purposes. We do not use research participant data for sales, marketing, or direct outreach unless explicitly disclosed and consented to. We adhere to applicable industry standards, including those established by ESOMAR and the Insights Association, to ensure the confidentiality, integrity, and ethical use of research data.

8. How We Share Information

We do not sell personal information. We share personal information only in the following circumstances:

With Our Clients

Research findings are shared with clients in aggregated or anonymized form. Identified research participant data is shared with clients only if the participant has explicitly opted in to such sharing. Client identity is protected in blind research studies.

With Service Providers

We work with a limited number of third-party service providers who assist us in delivering our services. These include:

  • Sample recruitment and panel providers (for recruiting research participants)
  • Survey platform providers (for hosting and administering surveys)
  • Cloud hosting and data storage providers
  • Analytics and marketing technology providers
  • AI and technology providers (for analysis support, subject to the safeguards described in Section 4.4)

These providers process data on our behalf and under our instructions, subject to data processing agreements that require them to protect the confidentiality and security of the data.

As Required by Law

We may disclose personal information when we have a good-faith belief that disclosure is necessary to comply with applicable law, regulation, legal process, or enforceable governmental request, or to protect our rights, property, or safety, or the rights, property, or safety of others.

In a Business Transfer

In the event of a merger, acquisition, reorganization, or sale of assets, personal information may be transferred as part of that transaction. We will notify affected individuals of any change in control or use of their personal information.

9. Data Retention

We retain personal information for the minimum period necessary to fulfill the purposes described in this policy, unless a longer retention period is required or permitted by law.

Research Participant Data (Identifiable)

Identifiable research participant data — including names, contact information, audio/video recordings, and biometric measurements linked to an individual — is retained for up to twenty-four (24) months following the completion of the research project, unless a different retention period is specified in the applicable client agreement or required by law. At the end of the retention period, identifiable data is either securely deleted or irreversibly de-identified.

Research Data (De-identified and Aggregated)

De-identified research data, from which all personally identifiable information has been permanently removed, may be retained indefinitely. We maintain de-identified data for purposes including internal benchmarking, normative database development, methodological improvement, and longitudinal analysis. We commit to maintaining de-identified data in de-identified form and will not attempt to re-identify individuals from this data.

Website and Marketing Data

Contact form submissions and marketing communications data are retained for as long as you remain an active contact or until you request deletion or withdraw consent. Website analytics data is retained in accordance with the settings of our analytics providers.

Business Contact Data

Client and business contact data is retained for the duration of the business relationship and for a reasonable period thereafter to manage ongoing obligations, unless you request earlier deletion.

10. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies. Cookies are small text files stored on your device when you visit our website.

Types of Cookies We Use

Strictly necessary cookies are required for the website to function and cannot be disabled. Analytics cookies (such as those used by Google Analytics) collect information about how visitors use our website, including which pages are most visited and whether visitors encounter error messages. Marketing and tracking cookies (such as those used by HubSpot) help us understand how visitors interact with our marketing content and allow us to measure the effectiveness of our communications.

Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to refuse or delete cookies. You may also use browser-based opt-out mechanisms such as Global Privacy Control (GPC). Please note that disabling cookies may affect the functionality of our website.

Where required by applicable law, we obtain your consent before placing non-essential cookies on your device. You may manage your cookie preferences through our cookie banner or your browser settings.

11. Your Rights

11.1 Rights for All Individuals

Regardless of your location, you may:

  • Request information about what personal data we hold about you
  • Request correction of inaccurate personal data
  • Request deletion of your personal data, subject to any legal obligations requiring retention
  • Withdraw consent where processing is based on consent, without affecting the lawfulness of processing carried out prior to withdrawal
  • Opt out of marketing communications at any time

11.2 Additional Rights for Texas Residents

Under the Texas Data Privacy and Security Act, Texas residents may also:

  • Obtain a copy of personal data previously provided to us in a portable format
  • Opt out of the processing of personal data for targeted advertising, the sale of personal data, or profiling that produces legal or similarly significant effects

We do not sell personal data. We will respond to verified requests within forty-five (45) days. If we are unable to fulfill a request, we will explain why and inform you of your right to appeal.

11.3 Additional Rights for California Residents

Although La Greca Research does not currently meet the statutory thresholds for mandatory compliance under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), we voluntarily extend the following rights to California residents:

  • The right to know what personal information we have collected, the sources from which it was collected, the business purpose for collection, and the categories of third parties with whom it is shared
  • The right to delete personal information we hold about you, subject to applicable exceptions
  • The right to correct inaccurate personal information
  • The right to opt out of the sale or sharing of personal information. We do not sell personal information. We do not share personal information for cross-context behavioral advertising.
  • The right to limit the use and disclosure of sensitive personal information to purposes necessary to provide the services you have requested
  • The right to non-discrimination for exercising any of these rights

We will respond to verified requests within forty-five (45) days, consistent with CCPA timelines. To submit a request, contact us at privacy@lagrecaresearch.com.

11.4 Additional Rights for EEA/UK Residents

If you are located in the European Economic Area or the United Kingdom, you may also exercise the following rights under applicable data protection law:

  • Right to restrict processing
  • Right to object to processing
  • Right to lodge a complaint with a supervisory authority

11.5 Research Participant Rights

If you are a research participant, you may withdraw from a study at any time before or during your participation. If you withdraw, we will cease collecting data from you. Whether data already collected can be deleted depends on whether it has already been de-identified and aggregated. If your data is still identifiable, we will delete it upon request. If it has already been irreversibly de-identified and incorporated into aggregate results, deletion may not be feasible, as the data can no longer be traced back to you.

11.6 How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@lagrecaresearch.com. We may need to verify your identity before fulfilling your request. We will respond to all requests within the timeframes required by applicable law.

12. Data Security

We implement reasonable administrative, technical, and organizational security measures appropriate to the nature and sensitivity of the personal information we process. These measures are designed to protect personal information from unauthorized access, disclosure, alteration, destruction, or loss.

While we take commercially reasonable steps to secure your information, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security, but we are committed to promptly addressing any suspected data breach in accordance with applicable law, including notifying affected individuals and relevant authorities as required.

13. International Data Transfers

La Greca Research is based in the United States. All data we collect is stored and processed in the United States. If you are located outside the United States and provide information to us, please be aware that your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction.

Where personal data is transferred outside of your jurisdiction (including to the United States), we implement appropriate safeguards in accordance with applicable law, including:

  • Standard Contractual Clauses approved by the European Commission
  • UK International Data Transfer Agreements (IDTA) where applicable
  • Contractual and organizational safeguards with our service providers

You may request additional information about these safeguards by contacting us.

14. Children’s Privacy

Our website and services are not directed at children under the age of 16 (or under the age of 13 where COPPA applies). We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child, we will take steps to delete it promptly. If you believe a child has provided us with personal information, please contact us at privacy@lagrecaresearch.com.

15. Third-Party Links

Our website may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party site you visit.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or services. When we make material changes, we will update the “Last Updated” date at the top of this policy and, where appropriate, provide additional notice (such as posting a notice on our website). We encourage you to review this policy periodically.

17. Contact Us

If you have questions about this Privacy Policy, our data practices, or wish to exercise any of your rights, please contact us at:

La Greca Research LLC
Attn: Privacy
1003 Boxwood Loop, Georgetown, TX 78628, United States
privacy@lagrecaresearch.com

This Privacy Policy is effective as of the date stated above and applies to all personal information collected or processed by La Greca Research LLC on or after that date.