Differentology privacy statement

Introduction

This privacy policy is about how Differentology uses and protects any information that you give us when you complete a survey. Differentology is committed to ensuring that your privacy is protected. All information you provide, both the responses to survey questions and data that we gather automatically, will only be used in accordance with this privacy statement. We may change this policy from time to time by updating this page. This policy is effective from 24 February 2019.

What personal information do we collect about you?

Information you give us

We collect the responses you provide to the surveys that we run solely for the purpose of market research. These are typically measures of your awareness of consumer products and their advertising campaigns, and your opinions relating to those products and campaigns. This data is collated, along with that of other respondents, to form completely anonymised data tables. In accordance with Market Research Society (MRS) rules we will not use survey data or your contact details for marketing purposes and, unless you expressly consent otherwise, your identity will not be revealed to our clients, nor will any data allowing them to uniquely associate you with the responses you have given be passed to them. In cases where we collect your contact details for the purposes of a prize draw related to the survey participation will be entirely voluntary and you will be given the option for your contact details to be processed only by Differentology. Details collected for prize draws will never be used for any other purpose, and you will not receive any marketing material as a result of submitting them to us.

Information we collect automatically

When you enter a survey we automatically record your computer’s IP-address, some information about the type of device, operating system and browser you are using, and an approximate geographical location for you. These details are used only for quality control purposes and do not allow Differentology to uniquely identify you.

Information about children

Market Research Society rules do not allow direct contact with anyone under the age of 16 for the purposes of conducting market research. On the rare occasion that our surveys are aimed at children we will make initial contact with the parent and seek their explicit consent to allow their child to complete the survey. In such cases we will also ask for sufficient information from the parent to allow us to validate that they do have parental responsibility for the child.

How do we use your personal information?

The information you provide is only ever used for market research purposes, and will only ever be delivered to a third-party in an anonymised form, unless we have your express consent to do otherwise. Some of the survey responses you provide may be used to automatically categorise you within the survey (e.g. into groups who have/have not seen a particular advertisement). This automatic categorisation is purely for internal analysis and has no consequences for you. Information about you that is collected automatically is used for quality control purposes.

Security

We’re committed to making sure your information is secure. In order to prevent unauthorised access or disclosure, we’ve put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

Links to other websites

Occasionally our surveys may contain links to content hosted on 3rd-party websites. Once you’ve used these links to leave our site, we don’t have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and take a good look at the privacy statement applicable to the third-party website in question. We will never include links to websites which we believe are hosting harmful or malicious content in our surveys.

How long do we keep your personal information for?

We keep your information for the following periods:

• Automated data collected and any answers submitted to a survey which you do not complete, and which does not collect contact details for a prize draw: 1 week from the close of the survey

Automated data collected and answers submitted to a survey which you do complete, and which does not collect contact details for a prize draw: 3 months from the close of the survey

Automated data collected and any answers submitted for a survey which does collect contact details for a prize draw, irrespective of whether you complete the survey: 1 month from the awarding of the prize draw prize At the end of the retention period your identifying details will be removed from the survey data and the answers you provided will be retained, in an anonymised form, for future analysis. In some cases we need to keep a record of your having completed a survey, so that you’re not invited to take part in a later phase of the same study. In such cases we practice data minimisation, and keep only a pseudonymous identifier, which does not allow us to identify you personally. All such identifiers are keep only for the duration of the full project, plus one month.

Who do we share your personal information with?

We do not routinely share your personal information with any other parties. If any identifying information about you, or anything that links you to the responses you have given to a survey, is going to be passed to a third-party then we will seek your explicit consent to do so. On occasion we use 3rd-party profiling services to, for example, provide an ACORN classification, based on a postcode you have supplied. In all such cases we send the minimum information to these parties, and not enough to uniquely identify you. Where required we share your personal information with third parties to comply with a legal obligation; when we believe in good faith that an applicable law requires it; at the request of governmental authorities conducting an investigation; to verify or enforce our Terms of Use or other applicable policies; to detect and protect against fraud, or any technical or security vulnerabilities; to respond to an emergency; or otherwise to protect the rights, property, safety, or security of third parties, our business or the public.

Do we transfer your personal information outside the EEA?

All the data you provide us sits on our secure servers in the EEA. In a scenario where your processing would be done outside the EEA all relevant UK and EU laws or guidelines (including GDPR) apply.

What are your rights?

By law, you have a number of rights when it comes to your personal information. Further information and advice about your rights can be obtained from the data protection regulator in your country:

Rights What does this mean?
1. The right to object to processing You have the right to object to certain types of processing, including processing for direct marketing.
2. The right to be informed You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this Policy.
3. The right of access You have the right to obtain access to your information (if we’re processing it), and certain other information (similar to that provided in this Privacy Policy). This is so you’re aware and can check that we’re using your information in accordance with data protection law.
4. The right to rectification You are entitled to have your information corrected if it’s inaccurate or incomplete.
5. The right to erasure This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there’s no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.
6. The right to restrict processing You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.
7. The right to data portability You have rights to obtain and reuse your personal information for your own purposes across different services. For example, if you decide to switch to a new provider, this enables you to move, copy or transfer your information easily between our IT systems and theirs safely and securely, without affecting its usability.
8. The right to lodge a complaint You have the right to lodge a complaint about the way we handle or process your personal information with your national data protection regulator.
9. The right to withdraw consent If you have given your consent to anything we do with your personal information, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal information with your consent up to that point is unlawful).

Many of these rights are dependent on us holding enough information to identify you, and confirm your identity which, in most cases, we do not. We usually act on requests and provide information free of charge, but may charge a reasonable fee to cover our administrative costs of providing the information for: • baseless or excessive/repeated requests, or • further copies of the same information. Alternatively, we may be entitled to refuse to act on the request. Please consider your request responsibly before submitting it. We’ll respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we’ll come back to you and let you know.

How do we contact you?

We will rarely need to contact you, although we may do so in circumstances such as:

• To inform you that you have won a prize draw

• To inform you of a data breach, which may affect you

• If we need your consent for additional processing In most cases we do not hold sufficient identifying information to contact you.

If we do need to contact you then we will use any method we have, including by email, telephone or over social media.

How do you contact us?

If you have any enquires you can contact us at: ask@differentology.co.uk or by writing to us at: Attn. Data Protection Lead, Differentology, Toffee Factory, Newcastle upon Tyne, NE1 2DF.