MARU/EDR LIMITED (“we”, “our”, and “us”) is committed to protecting and respecting your privacy. We are part of the MARU Group and are a UK based research agency.
This policy sets out the basis on which any personal data we collect from you, or that you provide to us, or that we have received from a third party source will be processed by us.
Please read the following policy carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting this webpage (“our site”) and continuing to participate in the survey, you are accepting and consenting to the practices described in this policy.
Our site may, from time to time, contain links to and from partners’, advertisers’, affiliates’ and social network sites. If you follow a link to any of these websites, please note that these sites have their own privacy policies and that we do not accept any responsibility or liability for those policies. Please check their privacy policies before you submit any personal data to those websites as they may not be on the same terms as ours.
In accordance with the Market Research Society Code of Conduct for Internet Surveys, in order to take part in any survey or questionnaire from our website, you must be over 16 years of age.
References in this policy to “data protection law” mean (as applicable) the Data Protection Act 1998, the General Data Protection Regulation (Regulation (EU) 2016/679) and all related data protection legislation having effect in the United Kingdom from time to time.
References in this policy to “data or “information” include “sensitive personal data” and “special categories of data” (as defined under data protection law) where applicable.
1.1 For the purposes of our business we are the data controller.
1.2 In respect of processing that we undertake on behalf of our clients we are the data processor and our client is the data controller who determines the purpose and means of the processing of personal data which they provide us with. There may be instances where we are a joint data controller with our client.
1.3 Our data protection officer can be reached at email@example.com
2.1 The following sections set out why we are processing your information, what information we collect, the legal basis for and duration of our processing of your information and (if applicable) who your information will be shared with and where those recipients are based.
2.2 We process the following information from you:
2.2.1 Information you give us. This is information about you that you give us by filling in forms on our site. It includes information you provide when you register to use our site, request marketing information, use our online chat feature, enter a competition, promotion or survey and when you report a problem with our site. The information you give us may include your name, address, email address, phone number, date of birth and gender.
2.2.2 Surveys and Panels. Where information is volunteered and subsequently collected that can identify you this is used to provide insights and information that allow our clients to create more efficient and effective products and services for their customers. You will not be contacted by us unless you have specifically consented to us doing so.
2.2.3 Competitions and Draws. Where your information is required to identify whether you are the winner of a competition or draw this may be revealed to the appropriate client. Please refer to the individual competition rules which will refer to the requirements for publicity of winners’ names.
2.2.4 Information we collect about you. Like most other website operators, we collect non-personally identifying information of the sort that web browsers and servers typically make available. This includes technical information and information about your visit, such as records of how you navigate the pages on our site and how you interact with the pages.
2.2.5 We process information you give us and that we collect about you for the following purposes:
18.104.22.168 to fulfil our obligations under the contracts between us and our clients;
22.214.171.124 to improve our services;
126.96.36.199 to ensure that content from our site is presented in the most effective manner for you and for your computer; and
2.2.6 Information obtained from or provided by third parties. We obtain or are provided with information, such as your name, address, email address, phone number, date of birth and gender which we have been supplied by third parties from whom you have recently purchased or used goods or services (“our clients”). We will also receive information about you if you use any of the other websites we operate, which include eMysteryShopper.com, eCustomerOpinions.com, eGlobalPanel.com, eDigitalCommunities.com, eDigitalForums.com, ePanelManager.com and eProductRating.com.
2.2.7 We process information we obtain from or are provided by third parties in order to fulfil the contractual obligation between us and our clients the purpose of which is to understand and improve the service provided by our clients.
2.3 We are processing your data on the following ground(s):
2.3.1 you have previously given your consent to our client to the processing for the purposes stated in section 2.2, above; and/or
2.3.2 the processing is necessary for achieving our clients’ legitimate interest of receiving your feedback in respect of the goods or services you have used or purchased from them. In accordance with data protection law, we have carefully weighed your interests and fundamental rights and freedoms against our clients’ interest to process your information and are satisfied that we are justified in processing your information for this purpose.
2.4 We will regularly review the personal data which we are holding about you, and will delete it as appropriate. We will store your personal data for no longer than is necessary for us to fulfil the purpose for which it was obtained, provided that we have a reasonable commercial case for doing so, and in any event for no longer than 2 years after the project has completed. If we need to keep your information for a longer period then we will notify you of the reason and grounds for doing so.
2.5 To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. We maintain a data processing register for each project we undertake.
2.6 In order to achieve the purpose(s) set out in section 2.2 above, we will share your data only with the following people or group of people:
2.6.1 our clients to whom your personal data is relevant; and
2.6.2 if necessary for the specific project in question, other companies within the Maru Group
2.8 We share aggregated demographic information with our partners and clients; this is not linked to any personal information that can identify any individual person or organisation.
2.9 We will disclose your personal information to third parties:
2.9.1 in the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets; or
2.9.2 if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or to protect our rights, property, or safety, or that of our clients, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
2.10 The data that we collect from you will not be transferred to or stored at a destination outside the European Economic Area (“EEA”) without your prior consent.
2.11 We do not make automated decisions about you based on your information.
2.12 Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmission to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
3.1. Under data protection law you have the following rights:
3.1.1 the right to be informed as to what we do with your information. This includes but is not limited to the right to know what information we gather, process and store, what we do with it, who we share it with and how long we keep it for;
3.1.2 if we are processing your data on the basis of your consent then you have the right to withdraw that consent at any time. Consent can be withdrawn by and notifying us using the details set out in section 8 below. The lawfulness of our historic processing based on your consent will not be retrospectively affected by your withdrawal of consent;
3.1.3 the right to access a copy of your information which we hold. This is called a ‘subject access request’. Additional details on how to exercise this right are set out in section 5, below;
3.1.4 the right to object to processing of your information where it is likely to cause or is causing damage or distress. You can notify us of your objection to us processing your personal data using the contact details set out in section 8;
3.1.5 the right to prevent us processing your information for direct marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us using the details set out in section 8, below;
3.1.6 the right to object to decisions being made about you by automated means. We will inform you if your information is subject to automated processing;
3.1.7 the right, in certain circumstances, to have your information rectified, blocked, erased or destroyed if it is inaccurate;
3.1.8 the right, in certain circumstances, to claim compensation for damages caused by us breaching data protection law;
3.1.9 enhanced rights to request that we erase, rectify, cease processing and/or delete your information; and
3.1.10in certain circumstances, the right to request the information we hold on you in a machine readable format so that you can transfer it to other services. This right is called ‘data portability’. Additional details on how to exercise this right are set out in section 5, below.
3.2 For further information on your rights under data protection law and how to exercise them, you can contact Citizens Advice Bureau (www.citizensadvice.org.uk) or the Information Commissioner’s Office (www.ico.org.uk).
4.2 We use “cookies” to gather statistical information that helps us understand what users find interesting and useful on both our own and our clients’ websites. Users can decline the cookies by adjusting the “accept cookies” setting on their browser, however, this may affect the functionality of our surveys on client web sites. We may also embed a piece of code into pages of certain client sites. This gives us statistical site usage information about how the site is used. We aggregate this information to provide our clients with a closer understanding of how visitors use their site. We do not use this code to collect any personally identifiable information.
5.1 You have the right to access information held about you by making a written request to us. You must send us proof of your identity, or proof of authority if making the request on behalf of someone else, before we can supply the information to you. Requests should be sent to firstname.lastname@example.org. In certain circumstances, you will be entitled to receive the information in a structured, commonly used and machine-readable form.
5.2 We will be allowed to charge you for our reasonable administrative costs in collating and providing you with details of the requested information which we hold about you, if your request is clearly unfounded or excessive.
7.1 You have the general right to complain to us (in the first instance) and to the Information Commissioner’s Office (if you are not satisfied by our response) if you have any concerns about how we hold and process your information. Our contact details are set out in section 8, below. The Information Commissioner’s Office website is www.ico.org.uk.