Our Privacy Policy

LAB HAT CONSULTING LLC

Privacy Policy

Effective Date: April 10, 2026

1. Introduction & Scope

Lab Hat Consulting LLC (“Lab Hat,” “Lab Hat Consulting,” “we,” “us”) provides strategic advisory and market research services. This Privacy Policy describes how we collect, use, share, and protect personal data and proprietary information during our professional engagements. This policy applies to our clients, research participants, and website visitors.

Lab Hat acts as a data controller with respect to personal data collected in connection with its services. Where Lab Hat engages third-party service providers to process data on its behalf, those providers act as data processors subject to appropriate contractual protections.

2. Information We Collect

We collect information through three primary channels:

  • Direct Engagement: Business contact information provided by clients during project scoping and execution.
  • Research Activities: During qualitative and quantitative studies, we may collect names, contact details, demographic data, and audio/visual recordings of interviews. Voice recordings and video footage are treated as personally identifiable information (PII) in all jurisdictions, including but not limited to those in the European Economic Area (EEA).  Participation in all research projects is strictly voluntary; respondents may choose to opt out or withdraw their consent at any time without penalty.
  • Automatic Collection: Technical data such as IP addresses and usage patterns from our digital platforms.

3. Purpose of Data Processing & Legal Basis

We process personal data for the following purposes. Where the General Data Protection Regulation (GDPR) applies, the lawful basis for each purpose is identified below:

  • Consulting Services: Delivering strategic insights, benchmarking, and business design expertise. Lawful basis: Legitimate interests (Article 6(1)(f) GDPR).
  • Research Analysis: Analyzing qualitative feedback, including interview recordings and transcripts, to identify market trends and consumer behaviors. Lawful basis: Consent (Article 6(1)(a) GDPR) — participants will be asked to provide explicit, informed consent prior to recording.
  • Client Reporting: Sharing research findings (including transcripts or recordings) with the sponsoring client, subject to appropriate participant disclosures. Lawful basis: Consent (Article 6(1)(a) GDPR).
  • Legal Compliance: Meeting regulatory requirements for data privacy across domestic and international jurisdictions. Lawful basis: Legal obligation (Article 6(1)(c) GDPR).

4. Data Sharing & Third-Party Disclosure

Lab Hat does not sell personal data. Information is shared only with:

  • End Clients: Research findings, including transcripts or recordings, are shared with the specific client sponsoring the study, provided appropriate disclosures have been made to participants at the time of data collection.
  • Service Providers: Trusted partners who assist in participant recruiting, data hosting, or transcription. All such providers are engaged under written Data Processing Agreements (DPAs) that impose obligations consistent with applicable privacy law, including the GDPR.
  • Marketing, Business Developments, & Testimonials: Lab Hat may occasionally feature client testimonials or case studies on its digital platforms, and in professional business development materials (such as firm overviews and presentation decks). Any such information is shared only with the express prior consent of the client or individual. Consent for such use may be withdrawn at any time, at which point the information will be promptly removed.
  • Legal Necessity: When required by law, court order, or judicial proceedings, or to protect our rights and the rights of others.

5. International Data Transfers & U.S. State Law Compliance

Lab Hat operates in compliance with applicable international and domestic privacy frameworks.  In addition to statutory requirements, Lab Hat adheres to industry-standard ethical codes and professional standards for market and opinion research in the United States and all jurisdictions in which it manages research engagements.

6. GDPR & EMEA Participants

For research involving participants located in the European Economic Area (EEA) or United Kingdom:

  • Voice recordings and video footage are treated as PII and are processed only with explicit prior consent.
  • Any transfer of personal data outside the EEA is governed by Standard Contractual Clauses (SCCs) as approved by the European Commission, or another lawful transfer mechanism under Chapter V of the GDPR.
  • Where consent to share identifiable data (including recordings) is not obtained, Lab Hat will use PII-scrubbed transcripts and de-identified data in all deliverables.
  • Consent may be withdrawn at any time. Withdrawal does not affect the lawfulness of prior processing.

7. U.S. State Privacy Laws

Lab Hat maintains protocols to ensure compliance with U.S. state privacy laws in states including, but not limited to, California (CCPA/CPRA), Colorado, Connecticut, Texas, Virginia, and other states with comprehensive privacy legislation. Where required, Lab Hat will limit participant recruitment to states where Lab Hat’s data practices are fully compliant.

8. Data Security & Confidentiality

Lab Hat maintains administrative and technical safeguards to protect personal data from unauthorized access, disclosure, alteration, or destruction. All client proprietary information is treated as strictly confidential and is siloed from other project data. Access to personal data is limited to personnel who require it to fulfill their responsibilities. 

  • Technical measures include the use of encrypted hardware with biometric access controls, multi-factor authentication for all primary data repositories (including secure cloud-based vaults), and secure Virtual Private Networks (VPNs) with active threat protection and endpoint security for all remote work.
  • Administrative measures include directory-level data segregation to ensure client confidentiality, and a formal data lifecycle management protocol that mandates the review and secure disposal or anonymization of sensitive information on a 12-month recurring basis. Access to personal data is strictly limited to authorized personnel necessary to fulfill project objectives.

9. Data Retention

Lab Hat retains personal and project-related data for a period of 12 months following the formal completion of an engagement. This period ensures our ability to provide continued support, address follow-up inquiries, and ensure the continuity of strategic recommendations for our clients.

Upon the expiration of this 12-month period, Lab Hat will take one of the following actions:

  • Anonymization: We may strip all Personal Identifying Information (PII) from transcripts and datasets, retaining only the aggregated, non-identifiable insights for internal benchmarking and historical reference.
  • Secure Disposal: Data that is no longer required for business or legal purposes, and which cannot be effectively anonymized, will be permanently deleted from our primary systems and backups.
  • Archival: In specific instances required by contract or legal obligation, data may be moved to a secure, encrypted offline archive with restricted access.

Notwithstanding the above, Lab Hat may retain personal data for a longer period where required by applicable law, regulatory obligation, or ongoing legal proceedings. In such cases, access to retained data will remain restricted and subject to the security safeguards described in Section 6.

10. Your Rights

Depending on your location and applicable law, you may have the following rights with respect to your personal data:

  • Right of Access: The right to request a copy of the personal data we hold about you.
  • Right to Rectification: The right to request correction of inaccurate or incomplete personal data.
  • Right to Erasure: The right to request deletion of your personal data, subject to applicable legal exceptions.
  • Right to Restrict Processing: The right to request that we limit how we use your personal data.
  • Right to Data Portability: The right to receive your personal data in a structured, machine-readable format.
  • Right to Object: The right to object to processing based on legitimate interests.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection supervisory authority (e.g., a EU Data Protection Authority) if you believe your rights have been violated.

To exercise any of these rights, please contact us at the address below. We will respond to all requests within 30 days in accordance with applicable law.

11. Cookies & Online Tracking

Lab Hat’s digital platforms may use cookies and similar tracking technologies to collect technical data such as IP addresses and usage patterns. These are used solely for operating and improving our platforms. Users may configure their browser settings to decline cookies, though doing so may affect the functionality of our digital tools.

12. Contact & Privacy Officer

For questions, rights requests, or concerns regarding this Privacy Policy or our data practices, please contact:

Lab Hat Consulting LLC

Attn: Privacy Officer — Francesco Fazio, Managing Partner

1333 West School Street, Chicago, IL

Email: francesco@Labhatzone.com

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by