Download PRIVACY & COOKIE POLICY FOR SURVEYS (EN)
PRIVACY & COOKIE POLICY FOR SURVEYS (“Policy”)
Last updated: January 2023
Introduction
Our surveys are either conducted by Kantar TNS Oy.
We conduct market research on behalf of clients and more often than not, the client is the data controller, and we act as the data processor.
We ask you to read this privacy policy carefully.
For the purpose of this Policy, the definition of ‘personal data’ is information which relates to and can identify a living individual and/or a specific household, if you are located in California.
Lawful collection and use
This Policy explains how we collect, store and use the personal data you provide when taking part in an online, face to face, postal or telephone survey for us.
When we conduct surveys, our interviewers/invitations/platforms and questionnaires clearly identify us and explain the purpose(s) of our contact and if applicable, the purpose for our collecting your personal data. You may decline to answer any questions or withdraw from participation in a survey at any time.
When we contact you, generally in person, by telephone, by email or by post, we do so for any of the following purposes:
We will never misrepresent ourselves or what we are doing. If you receive an email that concerns you, purporting to be from us, please let us know as shown below in ‘How to contact us’.
We have contacted you to take part in a survey by telephone, post, face to face or online by
Receiving your contact details from the client we are conducting the survey for, with whom you may either be registered, received products or services from or generally dealt with
Buying sample from a sample provider
Sourcing your information from publicly available resources
Receiving your contact information from a recruiter that has been in contact with you
Or
You have previously agreed to be re-contacted to possibly participate in further surveys
You have proactively clicked on a link you’ve seen online or on social media to participate in one of our surveys
Third parties and data transfer across borders:
We collect and process personal data for the purposes described above, but we do not share or sell your personal data to any third parties, unless it is required by law, or you have agreed otherwise.
Your personal data may be collected, stored, transferred or processed by companies within the Kantar group, or 3rd party service providers for survey-related purposes, such as data processing, and fulfilment of prize draws or other incentives both within and outside the EEA. All parties are contractually bound to keep any information they collect and disclose to us or, we collect and disclose to them, confidential and must protect it with security standards and practices that are equivalent to our own. If your personal data has been transferred to, stored, or otherwise processed to a territory outside the EEA (as applicable) and that territory has not been recognized as providing an adequate level of protection of personal data, we will put in place an appropriate legal safeguard. For example, standard contractual clauses approved by the European Commission and other relevant authorities, working with parties that have implemented binding corporate rules or other intra- group processes, obtaining your consent to transfer personal data, where the transfer is necessary for the performance of a contract between us or where a contract was entered into on your behalf, or where the transfer is necessary to establish, exercise or defend legal claims.
Confidentiality, security and industry requirements:
We have appropriate technological and organizational measures in place to protect your personal data and take all reasonable steps to ensure your personal data is processed securely. All information you provide us is stored
in secure servers and environments. Unfortunately, no data transmission can be guaranteed to be 100% secure. As a result, while we strive to protect your personal data, we cannot ensure or warrant the security of any information you transmit to us or from our online products or services, and you do so at your own risk. Once we receive your transmission, we will take reasonable steps to ensure our systems are secure.
All our third-party contractors, site service providers and employees are contractually obliged to follow our policies and procedures regarding confidentiality, security, and privacy.
We adhere to the following industry requirements:
The EU GDPR and any subsequent legislation, which may be amended from time to time
We follow the MRS and ESOMAR professional Codes of Conduct
We combine your survey responses in a given survey with the responses of all others who participate and report those combined responses to the client that commissioned the study, unless one or more of the following criteria are met.
The only exceptions when we may disclose your personal data or survey responses to third parties are as follows:
You request or consent to sharing your identifying information and/or individual responses with a third party for a specified purpose;
When we provide your responses to a third-party processor who is contractually bound to keep the information disclosed confidential and use it only for research or statistical purposes.
Cookie disclosures (only for online survey participants):
Cookies are small text files stored on your computer or device by a website that assigns a numerical user ID and stores certain information about your online browsing. They are used by web developers to help users navigate their websites efficiently and perform certain functions. The website sends information to the browser which then creates a text file. Every time the user goes back to the same website, the browser retrieves and sends this file to the website's server.
We do not use cookies on standard online in-house surveys. Where cookies are required by a partner’s platform, this is notified by the platform privacy notice/policy.
For behavioral tracking surveys, we use optional cookies / software applications, but only if you have given your explicit consent to such cookies / applications.
As is true of most online surveys, we gather certain information automatically and store it in survey data files. This information may include things like Internet Protocol address (IP address), browser type, Internet Service Provider (ISP); referring/exit pages, operating system and date/time stamp.
We use this automatically collected information to analyze trends such as browser usage and to administer the site, e.g. to optimize the survey experience depending on your browser type. We may also use your IP address to check whether there have been multiple participations in the survey from this IP address.
Accuracy:
We take all reasonable steps to keep your personal data accurate, complete, current and relevant, based on the most recent information provided to us. If you would like to update your personal data, please contact us using the details provided below.
We rely on you to help us keep your personal information accurate, complete and current by answering our questions honestly and you are responsible for ensuring that the data controller (which may be us or - more often - our client) is notified of any updates or changes to your personal data.
Children’s data collection:
We never knowingly invite children under the age of 16 years to participate in surveys without consent. If it is necessary and appropriate to a particular project to directly involve children under the age of 16 years, we take measures to ensure we have been given permission by the responsible adult. We do not sell children’s personal data.
Sensitive data collection:
In our survey we may request to collect personal data that is classified as “special categories” of personal data. This includes racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation. You will always be able to choose whether or not to provide this data to us to be used as described.
Rights of individuals:
To request access to personal data that we hold about you, you should submit your request in writing to the e- mail address or postal address shown below in “How to Contact Us”. When you make a request, you should indicate the division of Kantar in which you are making the request (and, for example, your panellist ID or other identifier).
If you contact us using an email address or contact details for which we do not hold a record of, you will also need to provide a copy of a valid government issued or official identification (such as drivers license or passport).
You have the following rights in relation to your personal data:
Right to change your mind and to withdraw your consent
Right to access your personal data
Right to rectify your personal data
Right to erase your personal data from our systems, unless we have legitimate interest reasons for continuing to process the information
Right to port your personal data (portability right)
Right to restrict processing of your personal data
Right to object to the processing of your personal data
Right to not be discriminated against for exercising any of the rights available to you under applicable data protection laws
If necessary, we will notify any other parties such as our suppliers or service providers to whom we have transferred your personal data of any changes that we make when you make a request. Note that while we
communicate to these third parties, we are not responsible for the actions taken by these third parties to answer your request. You may be able to access your personal data held by these third parties and correct, amend or delete it where it is inaccurate.
Data storage and retention:
Personal data will be retained only for such period as is appropriate for its intended and lawful use, in this case we shall retain data for no longer than 12 months, unless otherwise required to do so by law. Personal data that is no longer required will be disposed of in ways that ensure their confidential nature is not compromised.
As part of the Company Business Continuity plan and as required by ISO 27001, ISO 9001, ISO 20252 certifications where held, and in certain instances the law, our electronic systems are backed up and archived. These archives are retained for a defined period of time in a strictly controlled environment. Once expired, the data is deleted, and the physical media destroyed to ensure the data is erased completely.
Notification of material changes:
We keep our privacy policy under regular review, and it may be amended from time to time. We will always have the most up-to-date policy on this web page. We will record when the policy was last revised.
Date created: 13/06/2011 Last revised: 04/01/2023
Automated decision making / profiling:
In certain circumstances we shall carry out automated decision making or profiling about you. However, in the majority of cases this will not result in any legally significant decisions being made about you. You have the right to appeal if any automated decision made about you is legally significant. If you have any questions about this, please contact us.
How to contact us:
If you are not happy with the way we have processed your personal data, we’d like a chance to put that right. Please contact us at DataProtection@kantar.com or in writing to Kantar TNS Oy (y-tunnus 0114300-3), Aleksanterinkatu 30-34, 00100 Helsinki, and we will have somebody contact you. If you are based in California, you can contact us on the toll-free number +1 866-471-1399.
We will investigate all complaints and attempt to resolve those that we find are justified. If necessary, we will amend our policies and procedures to ensure that other individuals do not experience the same problem.
If you have any questions or comments, you may contact Kantar’s Data Protection Officer, please email DataProtection@kantar.com
Complaints and country specific disclosures:
If you are not satisfied with how we handle and protect personal data, you have the right to complain to a supervisory authority such as The Office of the Data Protection Ombudsman in Finland whose details can be found at https://tietosuoja.fi/en/home
We are a Kantar Group Company. Our registered name and address is Kantar TNS Oy (y-tunnus 0114300-3), Aleksanterinkatu 30-34, 00100 Helsinki.