On Device Research Ltd

GDPR, On Device Research & You

As many of you will know, the EU’s General Data Protection Regulation (GDPR) is effective from May 25th, 2018.

The GDPR is a data protection regulation that imposes additional protections and obligations in relation to the processing of personal information of individuals located in the European Union.

Here, we’d like to explain how On Device Research collects data from consumers and how that data is used, as well as provide easy access to any information required by consumers regarding our GDPR compliance.

How we collect data, ensure consent and legal basis

Survey Data

In order to collect the opinions of consumers and for this survey data to be processed and analysed on an aggregated basis, we ensure that respondents agree to our Privacy Notice and Terms & Conditions. These are made explicit and accessible, whether for our existing panellists or for those respondents who have not yet joined our panel.

Cookies and other Online Identifiers

We measure digital advertising by working with our media partners, who embed our tracking pixel within the ad creatives being measured. Upon a consumer being exposed to the ad, the pixel allows us to collect the cookie (if browser) or advertising identifier (if mobile app) in our proprietary application.

We have data processing agreements (DPAs) in place with these media partners which contractually obliges them to only pass on data that is legally obtained. They are obliged to assure us that consent has been obtained by the publishers they work with, with whom they also have contracts in place. We will use the IAB Europe’s Transparency & Consent Framework to understand consent where possible.

Where applicable for a research study, we can match advertising identifiers to those on our panel, in order to invite panel members to a survey about the advertising they have been exposed to, either via our Curious Cat mobile app or via SMS or email.

As cookies cannot be matched to our panel, we also work with data partners to match cookies to advertising ID, in order to match advertising ID to our panel, for the same purpose. We have DPAs in place with these data partners which contractually obliges them to only pass on data that is legally obtained. They are obliged to assure us that consent has been obtained by the publishers, networks and website providers they work with, with whom they also have contracts in place. Furthermore, our Device Graph partners are participating in the IAB Europe’s Transparency & Consent Framework.

Location Data

Some of our research studies require us to understand the general location movements of those consumers who’ve been exposed to a particular digital advertising campaign for a particular period. When consumers download our Curious Cat App onto their mobile device, they can opt-in for their location data to be recorded and associated with their advertising ID.

Our location data partner is Location Sciences, with whom we have a DPA which contractually obliges them to only pass on data that is legally obtained. They work with their app publishers to ensure consent is given, and appropriate privacy statements and opt-outs are in place. Location Sciences is also registered with the IAB as a Vendor, and publishers can either implement the Transparency & Consent Framework through their own consent management provider, or use that of Location Sciences.

You can choose to opt-in or opt-out of location-matched tasks at any time in Settings > Curious Cat App.

Data Storage & Retention

We put great effort into ensuring that we store all the data we collect in accordance with qualified security protocols, where encryption and anonymisation are employed where applicable.

Our policy is to purge any personally identifiable data after a period of 3 months by default. Should there be a legitimate research requirement to retain the data for a longer period – such as recontact after 3 months, or processing online identifiers of the same consumers for more than 3 months – explicit consent will be attained.

Your rights as a 'Data Subject'

If you are a consumer whose Personal Data is held by On Device Research, you are considered a ‘Data Subject’ with the following entitlements:

  • You may request the withdrawal of consent you have given previously, which has allowed us to hold your Personal Data up to now.
  • You may request that any Personal Data we hold associated with you is erased, which if requested, we’d be obliged to execute within 30 days of submission.
  • You may request that we provide you a copy of all the Personal Data we hold associated with you, which if requested, we’d be obliged to execute within 30 days of submission.

You may submit your requests by completing this Personal Data Request form, specifying your request, or by contacting the Data Protection Officer, whose details are below.

Contact Details

Below are the contact details of the Data Protection Officer for On Device Research, whose role it is to inform and advise the company on its data protection obligations as well as a contact point for consumers and the supervisory authority.

Meb Gafur
Data Protection Officer
Summit House, 12 Red Lion Square
London
WC1R 4QH