GfK Mystery Shopping Privacy Policy

GfK Mystery Shopping Privacy Policy

Personal data

Personal data are information that directly or indirectly identifies you as an individual, indirectly meaning when combined with other information, for example, your name, postal address, email address and phone number, or a unique device identifier. The personal data we have about you is that which you provided when completing our census questionnaire on joining the panel, all categories of personal data can be seen in your page by logging on to the data collection/shopper portal.

How we share personal data

We will disclose your personal data only for the purposes and to those third parties, as described below. GfK will take appropriate steps to ensure that your personal data are processed, secured, and transferred according to applicable law.

If we ask you to share personal data other than specified in this privacy policy, such as with clients and/or third parties, we will describe the process to you and your consent will be given when you accept your assignment.

Personal data provided on previous projects may be shared with clients for the purposes of clearance for future work. The client uses these details to look up on their own database showing previous completed MS jobs. Client then retains this info if the assessor takes part for use with future checks.

Within GfK Group

GfK is part of a global organization (the “GfK Group”), consisting of several companies in and outside the European Union, all primarily owned by GfK SE in Germany. Your personal data may be transferred to one or more GfK Group affiliated companies as needed for data processing and storage, providing you with access to our services, providing customer support, making decisions about service improvements, content development and for other purposes as described in this Privacy Policy.

External service providers and transfer of personal data

Where necessary, we will commission other companies and individuals to perform certain tasks contributing to our services on our behalf within the framework of data processing agreements. We may, for example, provide personal data to agents, contractors or partners for hosting our databases and applications, for data processing services, for proofing, or to send you information that you requested, for the purpose of provision of support services. We will only share with or make accessible such data to external service providers to the extent required for the respective purpose. This data may not be used by them for any other purposes, in particular not for their own or third party purposes. Transfer of personal data may take place outside of the European Union. GfK’s external service providers are contractually bound to respect the confidentiality of your personal data.

Business Transfers

In connection with any reorganization, restructuring, merger or sale, or other transfer of assets (collectively "Business Transfer"), we will transfer information, including personal information, in a reasonable scale and as necessary for the Business Transfer, and provided that the receiving party agrees to respect your personal data in a manner that is consistent with applicable data protection laws. We will continue to ensure the confidentiality of any personal data and give affected users notice before personal data become subject to a different privacy policy.

Public bodies

We will only disclose your personal data to public bodies where this is required by law. GfK will for example respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include such authorities outside your country of residence.

Your legal rights

Right to withdraw consent: Where the processing of personal data is based on your consent you may withdraw this consent at any moment.

Right to rectification: If the personal data we hold about you is incorrect you have the right to corrected / updated this information at any time by logging in to the data entry/assessor portal.

Right to access: You can access your personal data any time by logging in to the data entry/assessor portal.

Right to portability: At your request, we will transfer your personal data to another controller, where technically feasible, provided that the processing is based on your consent or necessary for the performance of a contract.

Right to object: You may object – at any time – to the processing of your personal data due to your particular situation, provided that the processing is not based on your consent but on our legitimate interests or those of a third party. In this event we shall no longer process your personal data, unless we can demonstrate compelling legitimate grounds and an overriding interest for the processing or for the establishment, exercise or defense of legal claims. If you object to the processing, please specify whether you wish the erasure of your personal data or the restriction of its processing by us.

Right to erasure: You have a right to request that your personal data be deleted at any time providing that we have no other legitimate interest that may override such a request and that requires us to keep the personal data for such purposes.

Right to lodge a complaint: In case of an alleged infringement of applicable privacy laws, you may lodge a complaint with the data protection supervisory authority in the country you live in or where the alleged infringement occurred

Exercise your legal rights: In order to exercise your legal rights, please contact us in writing e.g. by email GfKShopperSupport@gfk.com or letter at the address below. You may also turn directly to our Data Protection Officer DataProtectionOfficer@gfk.com.

Security

GfK takes data security seriously. We apply an appropriate level of security and have therefore implemented reasonable physical, electronic, and administrative procedures to safeguard the data we collect from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored or otherwise processed. Our information security policies and procedures are closely aligned with widely accepted international standards and are reviewed regularly and updated as necessary to meet our business needs, changes in technology, and regulatory requirements. Access to your personal data is granted only to those personnel, service providers or GfK affiliates with a business need-to-know or who require it in order to perform their duties.

In the event of a data breach containing personal data, GfK will follow all applicable data breach notification laws.


Last updated: 11th May 2018