Dentsu Danmark A/S
Lifestyle Survey Privacy Notice
Last updated: 01 September 2023
Dentsu Danmark A/S (“our”, “us”, “we” and “Dentsu”) is part of the Dentsu group (“Dentsu”). We are a global digital and media advertising company. Our core business is to help our clients improve how they advertise and market, whether by print, post, email or on websites. Information provided by people like you is therefore important to our business.
This privacy notice (“Notice”) tells you more about the information – specifically, the personal data - that we gather through the Lifestyle Survey and any follow-up surveys (together, the “Survey”).
The Survey is a consumer survey, which provides insight into the types of people who might buy Dentsu clients’ products or services. Thanks to the information that you share when completing the Survey, you have the power to influence some of the world’s largest brands.
Who is involved in the Survey?
- Dentsu: Dentsu DK commissions the Survey.
- Dentsu: As part of the Survey, Dentsu and its subsidiaries and affiliates may collect and use some of your personal data. Dentsu or one of its subsidiaries or affiliates will act as Data Controller for these purposes. Dentsu may share personal data collected from you with its group companies within Dentsu.
- Market research companies. We rely on market research companies to create and run the Survey – they invite you to complete the Survey. These are market research companies that you have voluntarily registered with, and they also act as independent data controllers for the data you share with them. This Notice should be read in conjunction with the privacy notices of these market research companies.
One such market research company is Bilendi. Bilendi administers the Survey in a number of countries. It is an independent controller of any data you share with it – such as the contact data that you disclosed when registering to become one of its members, and the personal data that you give when completing the Survey. A copy of Bilendi’s privacy notice can be found here: https://www.m3panel.dk/privacy-policy
- Partners – we may share your personal data with some of our third-party suppliers.
- Dentsu’s clients.
- You may also be invited to participate in follow-up surveys, which are conducted on behalf of clients of Dentsu. These clients act as independent controllers for the personal data collected from you during the course of those follow-up Surveys.
This Notice explains what data each of these companies may have access to, and why they have access to it.
Contents of this Notice
This Notice explains:
- the personal data we may collect,
- why we process your personal data,
- the legal grounds that allow us to process your personal data,
- where the personal data comes from,
- who gets to see the data,
- how long we keep the data,
- how we protect your personal data,
- your rights in relation to your personal data,
- transferring personal data overseas,
- how to contact us, and
- how we make changes to this Notice.
In the Supplementary Information section at the end of this Notice, we explain what is meant by “controller”, “personal data”, “processing” and other terms used in the Notice.
- Personal data we may collect
Each time you complete the Survey, we receive the following types of personal data from the market research company that’s responsible for administering the Survey:
- A unique reference code. Your Survey responses are linked to a unique reference code (a random arrangement of numbers and letters). This reference code is given to you by the market research company.
- Your Survey responses. These will include your demographics, attitudes and interests. The Survey asks for your opinions, interests, hobbies; views on products and services items you own and buy; your age; occupation; income; lifestyle; media usage; views on marketing and advertising; and other information that is useful for describing different types of people. We do not use this information to knowingly target you with marketing and advertising.
Your contact details. If you consent to it we will receive a pseudonymized e-mail address to use for the purpose of targeting customers that are similar to you and may be interested in our clients’ products or services (lookalike audiences) with advertising messages as set out in the consent that you have accepted.
2. Why we process your personal data
Market and marketing insights research purposes
We use your data provided through the Survey for research purposes, which includes creating marketing insights – to allow us to better understand how consumers respond to marketing and advertising.
Assisting our clients’ marketing strategy
Your personal data can help us decide the right types of people to target when carrying out marketing and advertising activities on behalf of clients. To do this we use the personal data described in section 1 to gain an understanding about what different types of people are likely to be interested in. We may do this in a number of ways, including:
Identifiable Data Matching
We use the contact details that you agree to give to us in combination with Meta and Google so that we are able to find consumers that are similar to you and may also be interested in our clients’ products or services. We then build target audiences of those people and market to those people on our clients’ instruction. This is often called a “lookalike audience”.
Dentsu and its clients are not able to deliberately identify you and specifically target you with advertising based on your completion of the Survey, and takes steps to remove you from any audience identified for targeted advertising.
All this means is that people who we think are similar to you (in your preferences or behaviours that we learn from the Survey) will receive specific, targeted marketing from our clients for the products and services that we think you would have been interested in. The personal data collected about you through the Survey is not used to directly target you with Dentsus clients marketing activities. However, where parts of the data from the Survey are used to identify types of people (“Segments”), and those identified Segments are then matched against similar groups from Meta and Google, there is a chance that you will form a part of the Segments chosen by Dentsu’s clients to display their adverts. We do all we can to avoid targeting you, but because we are matching against Segments based on their characteristics, rather than the people who make up the Segment, we are not able to control whether or not you will form a part of the targeted Segment.
This type of activity may include what’s known as “profiling”.
Profiling
This means that we use automated means to process your personal data to analyse or predict your personal preferences, interests, or behaviour. This helps with our research – it enables us to work out how best to target other people with the same preferences, interests, or behaviours as you.
Our profiling activities allow us to learn about our clients’ target audiences so that we can determine when, where and how to market to those audiences. You can object to our profiling (see section 8 of this Notice, below).
3. What are the legal grounds that allow us to process your personal data?
When we receive the types of personal data described in section 1 from the market research companies that administer the Survey, we process it on the basis of our legitimate interests. We have a legitimate interest in deriving insight into audiences that are relevant to Dentsu’s clients in order to assist them with their business strategy. We will not process your personal data if your interests, rights and freedoms override our interests.
Where we combine your Survey data with data from other sources, we do so with your consent, which you provide when completing the Survey.
4. Where the personal data comes from
Dentsu employs market research companies to run the Survey. You will have voluntarily registered with one or more of these market research companies.
5. Who gets to see your personal data?
Most of the research work described at section 2 of this Notice uses data from aggregated groups of Survey respondents, not individual responses. We share these aggregated data, not individual responses, with Dentsu staff responsible for creating consumer insight reports and media plan recommendations for clients. We also share this type of data with clients of Dentsu.
We share the personal data described in section 1 on an individual, rather than aggregated, basis with: (i) other companies within the Dentsu group so that they can use the data for the same purposes as described in section 2 (or help us to achieve the purposes described in section 2); (ii) companies that can assist us with the type of work described in section 2, including META (Facebook) and Google in order to advertise our client’s products or services to lookalike audiences. For example, we use companies to help us carry out faster analysis and a client of Dentsu where the client has commissioned a follow-up survey and has specifically requested access to personal data collected using the initial Survey. In these cases, the client will not have access to your name or contact details, and our client will be an independent controller and responsible for providing you with information about how they are using your data).
6. How long do we keep your personal data?
We will keep your personal data for as long as is necessary for the purposes described in section 2, and in accordance with our legal obligations. After this time, your personal data will either be securely deleted or anonymised so that it can be used for analytical purposes.
7. How We Protect Your Personal data
Our safeguards include robust systems and processes designed to ensure that we collect only the minimum personal data necessary to pursue the purposes for which we process your personal data described in section 2, and that only those who need to view your personal data can see it. We adhere to restrictions on our use of the personal data (such as making sure that no marketing or advertising is directed at individuals who have provided data through the Survey).
Under Dentsu’s Chief Information Security Officer, there is a group-wide security function tasked with understanding security threats. Policies have been implemented to help keep your personal data secure. These policies are aligned to applicable regulations and industry standards including ISO27001 and NIST and are applicable to all parts of Dentsu.
8. Your rights
You have rights (with some exceptions and restrictions) to:
- object to our processing of your personal data, including profiling. You can object, on grounds relating to your particular situation, at any time. In which case, we shall stop processing the data that your objection relates to, unless we can show compelling legitimate grounds to continue that processing;
- access your personal data. If you make this kind of request and we hold personal data about you, we are required to provide you with information on it, including a description and copy of the personal data and why we are processing it;
- request that we provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format;
- request erasure of your personal data in certain circumstances;
- request correction or updating of the personal data that we hold about you and that is inaccurate;
- request the restriction of our processing of your personal data in some situations. If you request this, we can continue to store your personal data but are restricted from processing it while the restriction is in place;
- complain to your local data protection authority about our collection or use of your personal data. For example, in the UK, the local data protection authority is the UK Information Commissioner's Office.
If you choose to exercise the rights described above, we may ask you to provide additional information so that we can satisfy ourselves of your identity before we take further action.
If you would like to exercise any of these rights in relation to any personal data that we hold about you, please contact us using the contact details in section 11 of this Notice.
9. Transferring personal data overseas
Your personal data is kept on servers in multiple countries and may be transferred outside of your country or territory (for example, outside of the UK or the EEA) for the purposes described in this Notice. We may transfer personal data to countries where Dentsu group companies or clients are located so that they may review and use the research and insight.
When we transfer data, we take appropriate steps to ensure compliance with UK and European Union data protection law. These steps might include, for example, transferring the personal data a country which the UK Information Commissioner or the European Commission (as appropriate) has decided provides adequate protection for personal data, or to a company who has signed standard contractual clauses approved by the European Commission.
10. How to contact us
If you have any questions about this Notice or would like to exercise any of the rights mentioned in section 9 of this Notice, you can contact our Data Protection Officer in any of the following ways:
Address: Overgaden Neden Vandet 7, 1414 København
Telephone: +45 77 30 09 80
Email: dpo@dentsu.com
SUPPLEMENTARY INFORMATION
In this Supplementary Information section, we explain some of the terminology used in the Notice.
- "controller" – the person or company that controls the purposes and means of processing personal data.
- "EEA” – the European Economic Area, which comprises the current countries in the European Union plus Iceland, Liechtenstein and Norway.
- "personal data" – any information that relates to you (or from which you can be identified).
- "processing" – doing anything with personal data. For example, collecting it, storing it, disclosing it and deleting it.
- "profiling" – using automated means to process personal data in order to work out certain things about people, like analysing or predicting their performance at work, economic situation, personal preferences, interests, behaviour, location or movements.