Last updated: November 2022
Our surveys are conducted by Kantar Media UK Ltd
We conduct market research on behalf of clients and more often than not, the client is the data controller and we act as the data processor.
For the purpose of this Policy, the definition of ‘personal data’ is information relating to an identifiable living individual.
Lawful collection and use
This Policy explains how we collect, store and use the personal data you provide when taking part in an online, face to face, postal or telephone survey for us.
When we conduct surveys, our interviewers/invitations/platforms and questionnaires clearly identify us and explain the purpose(s) of our contact and if applicable, the purpose for our collecting your personal data. You may decline to answer any questions or withdraw from participation in a survey at any time.
When we contact you, generally in person, by telephone, by email or by post, we do so for one of the following purposes:
We will never misrepresent ourselves or what we are doing. If you receive an email that concerns you, purporting to be from Kantar, please let us know using the details below in ‘How to contact us’.
We have contacted you to take part in a survey by telephone, post, face to face or online by
• Randomly selecting your address through Royal Mail’s publicly accessible Postcode Address File (PAF) or via Data Ireland Geo Directory
• Randomly knocking on your door
• Randomly ringing your number using a Random Digit Dialler (RDD)
• Receiving your contact details from the client we are conducting the survey for, with whom you may either be registered, received products or services from or generally dealt with
• Buying sample from a sample provider
• Sourcing your information from publicly available resources
• Receiving your contact information from a recruiter that has been in contact with you
• Or you have previously agreed to be re-contacted to possibly participate in further surveys
Third parties and data transfer across borders:
We collect and process personal data for the purposes described above, but we do not share or sell your personal data to any third parties, unless it is required by law or you have agreed otherwise.
Your personal data may be collected, stored, transferred or processed by our sister companies within the Kantar group, or 3rd party service providers for survey-related purposes, such as data processing, and fulfilment of prize draws or other incentives both within and outside the UK and the EEA . All parties are contractually bound to keep any information they collect and disclose to us or, we collect and disclose to them, confidential and must protect it with security standards and practices that are equivalent to our own. If your personal data has been transferred to, stored, or otherwise processed to a territory outside the UK or EEA (as applicable) and that territory has not been recognised as providing an adequate level of protection of personal data, we will put in place an appropriate legal safeguard. For example standard contractual clauses approved by the European Commission and other relevant authorities, working with parties that have implemented binding corporate rules or other intra-group processes, obtaining your consent to transfer personal data, where the transfer is necessary for the performance of a contract between us or where a contract was entered into on your behalf, or where the transfer is necessary to establish, exercise or defend legal claims.
Confidentiality, security and industry requirements:
We have appropriate technological and organisational measures in place to protect your personal data and take all reasonable steps to ensure your personal data is processed securely. All information you provide us is stored in secure servers and environments. Unfortunately, no data transmission can be guaranteed to be 100% secure. As a result, while we strive to protect your personal data, we cannot ensure or warrant the security of any information you transmit to us or from our online products or services, and you do so at your own risk. Once we receive your transmission, we will take reasonable steps to ensure our systems are secure.
All our third party contractors, site service providers and employees are contractually obliged to follow our policies and procedures regarding confidentiality, security and privacy.
We adhere to the following industry requirements:
• The UK GDPR, UK Data Protection Act 2018, the EU GDPR ,the Irish Data Protection Act 2018 and any subsequent legislation, which may be amended from time to time
• We follow the MRS and ESOMAR professional Codes of Conduct
• In the UK, divisions of Kantar hold Market Research Society (MRS) Company Partner Accreditation
We combine your survey responses in a given survey with the responses of all others who participate and report those combined responses to the client that commissioned the study, unless one or more of the following criteria are met.
The only exceptions when we may disclose your personal data or survey responses to third parties are as follows
• You request or consent to sharing your identifying information and/or individual responses with a third party for a specified purpose;
• When we provide your responses to a third-party processor who is contractually bound to keep the information disclosed confidential and use it only for research or statistical purposes;
Cookie disclosures (only for online survey participants):
Cookies are small text files stored on your computer or device by a website that assigns a numerical user ID and stores certain information about your online browsing. They are used by web developers to help users navigate their websites efficiently and perform certain functions. The website sends information to the browser which then creates a text file. Every time the user goes back to the same website, the browser retrieves and sends this file to the website's server.
For behavioural tracking surveys, we use optional cookies / software applications, but only if you have given your explicit consent to such cookies / applications.
As is true of most online surveys, we gather certain information automatically and store it in survey data files. This information may include things like Internet Protocol address (IP address), browser type, Internet Service Provider (ISP); referring/exit pages, operating system and date/time stamp.
We use this automatically collected information to analyse trends such as browser usage and to administer the site, e.g. to optimise the survey experience depending on your browser type. We may also use your IP address to check whether there have been multiple participations in the survey from this IP address.
We take all reasonable steps to keep your personal data accurate, complete, current and relevant, based on the most recent information provided to us. If you would like to update your personal data, please contact us using the details provided below.
We rely on you to help us keep your personal information accurate, complete and current by answering our questions honestly and you are responsible for ensuring that the data controller (which may be us or - more often - our client) is notified of any updates or changes to your personal data.
Children’s data collection:
We never knowingly invite children under the age of 16 years to participate in surveys without consent. If it is necessary and appropriate to a particular project to directly involve children under the age of 16 years, we take measures to ensure we have been given permission by the responsible adult. We do not sell children’s personal data.
Sensitive data collection:
In our survey we may request to collect personal data that is classified as “special categories” of personal data. This includes racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation. You will always be able to choose whether or not to provide this data to us to be used as described.
Rights of individuals:
To request access to personal data that we hold about you, you should submit your request in writing to the e-mail address or postal address shown below in “How to Contact Us”. Please state the name of the study you have been participating in.
If you contact us using an email address or contact details for which we do not hold a record of, you will also need to provide a copy of a valid government issued or official identification (such as drivers licence or passport).
You have the following rights in relation to your personal data:
• Right to change your mind and to withdraw your consent
• Right to access your personal data
• Right to rectify your personal data
• Right to erase your personal data from our systems, unless we have legitimate interest reasons for continuing to process the information
• Right to port your personal data (portability right)
• Right to restrict processing of your personal data
• Right to object to the processing of your personal data
• Right to not be discriminated against for exercising any of the rights available to you under applicable data protection laws
If necessary, we will notify any other parties such as our suppliers or service providers to whom we have transferred your personal data of any changes that we make when you make a request. Note that while we communicate to these third parties, we are not responsible for the actions taken by these third parties to answer your request. You may be able to access your personal data held by these third parties and correct, amend or delete it where it is inaccurate.
Data storage and retention:
Personal data will be retained only for such period as is appropriate for its intended and lawful use, in this case we shall retain data for no longer than 12 months, unless otherwise stated when you participate in a study or required to do so by law. Personal data that is no longer required will be disposed of in ways that ensure their confidential nature is not compromised.
As part of the Company Business Continuity plan and as required by ISO 9001 and ISO 20252 certifications where held, and in certain instances the law, our electronic systems are backed up and archived. These archives are retained for a defined period of time in a strictly controlled environment. Once expired, the data is deleted and the physical media destroyed to ensure the data is erased completely.
Notification of material changes:
Date created: 01/11/2022
Last revised: 01/11/2022
Automated decision making / profiling:
In certain circumstances we shall carry out automated decision making or profiling about you. However, in the majority of cases this will not result in any legally significant decisions being made about you. You have the right to appeal if any automated decision made about you is legally significant. If you have any questions about this, please contact us.
How to contact us:
If you are not happy with the way we have processed your personal data, we’d like a chance to put that right. Please contact us at email@example.com or in writing to Privacy Enquiries, Kantar Media UK Ltd, 222 Grays Inn Rd, London WC1X 8HB and we will have somebody contact you.
We will investigate all complaints and attempt to resolve those that we find are justified. If necessary, we will amend our policies and procedures to ensure that other individuals do not experience the same problem.
If you have any questions or comments you may contact Kantar’s Data Protection Officer, please email firstname.lastname@example.org
Complaints and country specific disclosures:
If you are not satisfied with how we handle and protect personal data, you have the right to complain to a supervisory authority such as
• The Information Commissioner's Office in the UK whose details can be found at www.ico.org.uk
• The Data Protection Commissioner in Ireland whose details can be found at www.dataprotection.ie
We are a Kantar Group company. Our registered name and address is
Kantar Media UK Ltd
222 Grays Inn Road,
Companies House number: 00275304