ToS
IFOP COMMITMENTS REGARDING PROTECTION OF PERSONAL DATA
THROUGH IFOP ON THE GO
Effective as of 2023/06/28
Ifop respects the privacy of respondents to its researches. This privacy policy ("Privacy Policy") explains how we collect, use, disclose and protect personal data (“Personal Data”) submitted through our application Ifop On The Go (“the Application”).
1. LAWFULNESS OF PERSONAL DATA PROCESSING AS PART OF MARKET RESEARCH STUDIES AND SURVEYS CARRIED OUT THROUGH IFOP ON THE GO, AND CONSENT:
In accordance with Article 6 of the GDPR, Ifop only collects personal data if it obtains the freely given, specific and informed prior consent of the person using the Application, after having explained to that person the purpose of data collection in a clear, accurate and concise way. This information is provided to data subjects before they are asked to download the Application.
No personal data is collected by the Application before you give your consent to this collection. Ifop will keep evidence of this consent for the period necessary for processing, generally the duration of the study and associated quality control activities.
Ifop undertakes to inform the person responding to the study of the origin of their data if this data comes from a contractor or customer rather than being directly generated by Ifop. The new European Regulation authorizes Ifop to reuse customer data for research purposes, as market research studies are categorized as scientific research.
2. NATURE OF THE PERSONAL DATA PROCESSED AND DURATION OF THEIR STORAGE
Ifop has made a commitment that personal data will not be stored longer than for the purpose for which they were collected or processed, with the application of clear provisions on retention periods.
If you have any questions related to the processing of your personal data, please refer to the section “Your rights” below.
3. MINIMIZATION AND ANONYMIZATION OF PERSONAL DATA
Ifop has made a commitment to reduce the impact of personal data collection by limiting and minimizing collection to the elements required for the purposes of the study, and by ensuring that this data is not used in a way that is incompatible with these purposes.
Ifop has also introduced procedures to guarantee that those participating in its studies do not experience any harm or injury as a direct result of their collaboration in the study, using anonymization techniques and by limiting access to personal data to field teams and study personnel working on the study in question.
Finally, Ifop undertakes to preserve the anonymity of the persons responding to its studies vis-à-vis the end customer by providing it only non-nominal aggregated or raw data, except where agreement and consent are given by the persons responding to the studies if cosmetovigilance obligations require Ifop to communicate their identities to the customer.
4.SHARING OF PERSONAL DATA
4.1 External service providers:
In addition to the transfer of personal data to its internal teams, subsidiaries and IT teams, Ifop may use a supplier or subcontractor to perform certain services related to its activity and may therefore transfer personal data to it. Ifop selects its suppliers and ensures that they have the ability to comply with the directives and regulations related to the protection of personal data, and will transfer the personal data only if a commitment and agreement has been previously signed between this external service provider and Ifop.
4.2 International transfers
Personal data submitted through our studies resides on our servers located in our data center in Paris, France, and on Microsoft Azure French servers.
Ifop SAS if part of an international group. Your personal data may be transferred to one or more companies of said group in other countries and used for the purposes described previously. To facilitate our global operations, we may transfer and access Personal Information from around the world, including the United States, Shanghai or Hong Kong. This Privacy Policy shall apply even if we transfer Personal Information to other countries.
Ifop group’s legal entities outside the European Union have entered into intra-company data protection agreements using standard contractual clauses prepared by the European Commission. These agreements require the contracting parties to respect the confidentiality of your Personal Information and to handle European personal data in accordance with applicable European data protection laws. Ifop group’s legal entities outside the European Union are the following:
Ifop Eastwego Shanghai – Unit 1601 - 1602 Wangjiao Plaza 175 Yan’an East Roas - Shanghaï 200002 - P.R. China
Ifop Eastwego Hong Kong – 42/F., Central Plaza, 18 Harbour Road, Wanchai, Hong Kong
Ifop Inc. – 570 Broad Street, Suite 502, Newark, NJ, New York, NY 10016
Ifop does not transfer any personal data outside the European Economic Area (EEA) unless a prior transfer agreement has been established with the entity receiving the personal data, and unless it has received guarantees that this entity has implemented measures offering the same level of security as that required by European regulations.
In any case, Ifop only transfers personal data outside the EEA after having obtained the consent of the persons responding to the studies.
4.3 Public bodies
Ifop may disclose personal data to public bodies, courts, administrative bodies or the administrative authority responsible for the protection of personal data if the law so requires or if it receives an order requiring it to do so.
5. SENSITIVE DATA PROCESSING
If required by the topic of the studies commissioned by the client, Ifop may process sensitive data. Ifop undertakes to process these sensitive data in accordance with applicable regulations. In particular, Ifop is committed to treating on a case-by-case basis the requests for studies that, because of their type of processing, would expose respondents to Ifop’s studies to high risk.
In close consultation with the client and prior to their implementation, these studies will be the subject of a privacy impact assessment to evaluate the potential risks in terms of protection of personal data.
This analysis will include at least:
- A systematic description of the processing operations envisaged and the purposes of the processing;
- An assessment of the necessity and proportionality of the operations with regard to the purposes;
- An assessment of the risks created by the processing;
- Measures to deal with these risks.
6. PERSONAL DATA CONCERNING CHILDREN
Ifop will not collect or process personal data about children under the age of 16 - or the legally required age defined by French law or by the applicable law - without the prior permission of the parent(s) or legal guardian(s).
7. YOUR RIGHTS:
Under the applicable law, you have the following rights:
- Access to personal data: We will make available to you the personal data about you in our custody or control that we have collected, used or disclosed, upon your written request, to the extent required and/or permitted by law.
- Rectification of your personal data: If you think that your personal data is inaccurate, you can ask for their rectification.
- Erasure of your personal data: If you believe that Ifop no longer requires to process your personal data, you can ask for their erasure from our databases.
- Restriction of the processing of your personal data: If you believe that the processing of your personal data is either inaccurate or unlawful, you can ask or the restriction of this processing. Ifop will then only store this data and no longer process them in any other way without your consent.
- Opposition to the processing of your personal data: If you previously consented to the processing of your personal data by Ifop, you have the right to object this processing of your data on grounds relating to your particular situation and at any time.
- Deciding of the processing of your personal data after your death: At any times, you or a person you designated can inform Ifop of your decision about the processing of your personal data after your death, whether this is the erasure, the conservation or the communication of these data.
To exercise any of these rights related to the personal information that we may hold about you, we require that you submit your request in writing to dpo@ifop.com. When we receive an access request from an individual, we will attempt to fulfil the requested information within 30 days.
Using Ifop On The Go, data you provide via the Application is associated with the authentication code provided by Ifop and enabling access to our market research. To identify you and to enable us to process your query as per this section, please provide this authentication code when exercising any of your rights.
In certain situations, however, we may not be able to give individuals access to all or some of their personal data. If we deny an individual's request for access to their personal data, we will advise the individual of the reason for the refusal.
8. SECURITY
The security of your personal data is very important to us. We have put in place reasonable physical, electronic, and administrative procedures to safeguard the information Ifop collects. Access to your personal data is granted only to those employees who require it in order to perform their duties.
9. CHANGES TO THIS POLICY
According to the evolution of the applicable law, we may update our privacy practices and this privacy policy at any time. For this reason, we encourage you to refer to this privacy policy on an ongoing basis. This privacy policy is current as of the "last revised” date which appears at the top of this page. We will treat personal data in a manner consistent with the privacy policy under which it was collected, unless we have your consent to treat it differently. By using the Application following any privacy policy change, you freely and specifically give us your consent to collect, use, transfer and disclose your personal data in the manner specified in such then-current privacy policy.