Terms we use here - in particular “Incentive”, “Site” and “Survey” - are defined in our Terms and Conditions for Survey Respondents.
Our GDPR statement can be found here: GDPR
The personal data we hold may include some or all of the following:
Some of your personal data may be shared with us by third parties such as:
We also collect, use and share Aggregated Data such as statistical or demographic data. Aggregated Data may be derived from your personal data but is put together in an aggregated and anonymous manner (so that it cannot be associated with any of your Identity and Contact Data or other personal data) and does not constitute personal data for legal purposes. For example, we may anonymise and aggregate your Survey Data, Profile Data and/or Technical Data with that of others and (a) use it for internal management purposes, (b) share it with current or prospective business partners, and (c) use it to target offers that are made through the Sites.
When, as part of your Survey Data or otherwise, we collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data) we do this only with your explicit consent.
These are the legal bases we have for holding and processing your personal data:
And here is how we use your personal data, and our relevant legal basis (Our basis) for doing so:
If you register or take part in a Survey with us, you provide us with Identity and Contact Data. That Identity and Contact Data may be supplemented over time with other information, such as Incentive Data, Survey Data and additional or updated Identity and Contact Data. We use this information to maintain your registration with the Sites, advise you of matters relating to Surveys that you have contributed to and administer our relationship with you. Our basis: Consent and Legitimate Interest (to remind you of matters relating to your account).
When you enter into, complete or supplement a Survey, you provide Survey Data, which we may provide to the business or charity that has commissioned the Survey and may compile with survey data contributed by others to create Survey-related reports and summaries. Our basis: Consent, Explicit Consent (for Special Categories of Personal Data) and Legitimate Interest (for the furtherance of our survey-related business).
If you are provided with an Incentive in connection with a Survey, we will use your Identity and Contact Data and Payment Data, and the related Incentive Data, to deal with the provision of that Incentive to you. Our basis: Contract and Legitimate Interest (to receive payment of sums owed to us). [Note that we do not store your complete Payment Data – this is held by payment service providers.
From time to time, you may provide us with feedback or otherwise engage with us in ways that, in combination with other data we hold, may be included in your Profile Data. In using the Sites, we and our service providers will also collect Technical Data. We use Profile Data and Technical Data to analyse your use of the Sites and Surveys and combine it with similar data for other users like you, with the object of making our services, including the Sites and Surveys, better and more relevant to you, to enable us to create content that is more suited to you and to send you more relevant communications. Our basis: Legitimate Interest (making our services and their marketing more specific to you).
Where you opt to receive marketing communications from ODR, we will use your relevant Marketing and Communications Data to communicate that marketing to you. Our basis: Consent.
We retain records of your Surveys and our transactions with you in order to maintain adequate accounting records and to meet legal requirements. Our basis: Obligation.
We will only use your personal data for the above purposes, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. We may process your personal data without your knowledge or consent where this is required or permitted by law.
We will share your personal data with various third parties, but always for the uses referred to above. These third parties are businesses (and in some cases charities) of the following types:
We may also share your personal data with others where to do so is mandated by applicable law.
Your Marketing and Communications Data will only be shared with a third party for the purpose of them directly marketing to you where you have consented to that marketing.
If we transfer your personal data outside the European Economic Area (EEA) to a country that does not provide a similar level of legal protection to that provided by the United Kingdom’s data protection laws, we put in place legally appropriate safeguards to require the protection of your personal data. You can request details of those safeguards by contacting our Data Protection Officer.
If we sell our business or assets, your personal data may be provided to the prospective purchaser’s advisers with appropriate legal protections and will be passed to the new owners of the business.
Our carefully selected partners and service providers may process personal information about you on our behalf as described below:
We periodically appoint digital marketing agents to conduct marketing activity on our behalf, such activity may result in the compliant processing of personal information. Our appointed data processors include:
We keep your personal data for as long as is necessary:
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure of that data, the purposes for which we process it, whether we can achieve those purposes through other means, as well as legal, taxation and accounting requirements.
You can request more details of how we apply these criteria by contacting our Data Protection Officer
When the need to keep your personal data ends, we either delete or anonymise it.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Under the law, you have the right to:
If you wish to exercise any of the rights set out above, please contact our Data Protection Officer by email to the address specified below. You will not have to pay a fee to exercise any of your legal rights as specified above. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the relevant your personal data (or to exercise any of your other legal rights). This is a security measure we take to help avoid your personal data being disclosed to a person who has no right to receive it.
We may also contact you to ask you for further information in relation to your request to help speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
To make a personal data request please use our personal data requests form
A personal data request is appropriate if you want:
Email address of Data Protection Officer: firstname.lastname@example.org
Postal address of Data Protection Officer: Meb Gafur, On Device Research, 2nd Floor, White Bear Yard, 144a Clerkenwell Road, London EC1R 5DF
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO.