Dentsu Aegis Network and its affiliates ("Dentsu Aegis Network", "our", "us" and "we") is a global a digital and media advertising company. Our core business is to help our clients improve how they advertise and market, whether by print, post, email or on websites. Information about people like you is therefore important to our business.
This privacy notice (“Notice”) tells you more about the information – specifically, the personal data - that we gather through the Lifestyle Survey and any follow-up surveys (together, the “Survey”).
The Survey is our consumer survey, which provides insight into the types of people that might buy our clients’ products or services. Thanks to the information that you share when completing the Survey, you have the power to influence some of the world’s largest brands.
In brief, this Notice explains:
- why we process your personal data
- the legal grounds that allow us to process your personal data;
- where the personal data comes from;
- the types of personal data we process;
- who gets to see the data;
- how long we keep the data;
- how we protect your personal data;
- your rights in relation to your personal data; and
- how to contact us.
In the Supplementary Information section of this notice, we explain what is meant by “personal data”, “processing” and other terms used in the Notice.
1. Why we process your personal data
We never use personal data collected through the Survey to target you with our clients’ marketing activities.
Personal data provided through the Survey is used by us for research purposes – to allow us to better understand how consumers respond to marketing and advertising. Your personal data can help us decide the right types of people to target when carrying out marketing and advertising activities on behalf of our clients. To do this we use the personal data described in section 4 to gain audience insight for multiple clients.
We may also use the personal data you provide through the Survey to find individuals that behave in a similar manner to you and to then send those similar individuals targeted marketing and advertising on behalf of our clients. This type of activity may include what’s known as “profiling” (see Profiling and Your Right to Object to Profiling). As previously mentioned, we do not target people who have taken part in the Survey.
2. What are the legal grounds that allow us to process your data?
Data protection law allows us to process your personal data if we have a legitimate interest in doing so. As described in section 1, we use your personal data for research purposes: to derive insight into the audiences that are relevant to our clients. We will not process your personal data if your interests, rights and freedoms override our own interests.
3. Where the personal data comes from
We employ market research companies to run the Survey. You will have voluntarily registered with one or more of these market research companies.
4. Types of personal data we process
Each time you complete the Survey through a market research company, we receive a copy of your Survey responses. To help with our analysis of your Survey responses, your responses are linked to a unique reference code (a random arrangement of numbers and letters). This reference code is given to you by the market research company.
We do not receive your contact details (such as your name or email address) from the market research companies. This type of directly identifiable data is removed from the data set before being shared with us.
The Survey asks for your opinions, interests, hobbies; views on products and services items you own and buy; your age; occupation; income; lifestyle; media usage; views on marketing and advertising; and other information that is useful for describing different types of people.
Where legally permitted, we may ask about your sexual orientation or your religious beliefs, your race or ethnicity. It is always up to you whether you provide this information when completing the Survey. We never use this information to target you with marketing and advertising.
When you complete the Survey online, a cookie may be set and stored in your browser. The market research company will ask your permission to set the cookie. The cookie records your unique reference code and can be synced with other cookies on your device – for instance cookies that record the websites you have visited. This allows us to find other people that behave in a similar way to you. As previously stated, we only use this information for research purposes; never to target you with marketing and advertising.
Some of what we do with your personal data involves what's known as "profiling" – using automated means to process your personal data to analyse or predict your personal preferences, interests, or behaviour. This helps with our research – it enables us to work out how best to target a person with the same preferences, interests or behaviours as you.
Please note that we do not carry out profiling activities in order to target you with our clients’ marketing and advertising activities. You will not receive targeted marketing as a consequence of the profiling activity described in this Notice. Instead, profiling that involves your personal data enables us to derive insight into our clients’ target audiences so that we can determine when, where and how to market to those audiences. You can object to our profiling (see section 5 of this Notice, below).
5. Who gets to see your personal data?
Most of the analysis of the personal data described at section 4 of this Notice uses data from aggregated groups of Survey respondents (“Survey Results”), not individual responses. We share Survey Results, not individual data, with Dentsu Aegis Network staff responsible for creating consumer insight reports and media plan recommendations for our clients. We also share Survey Results with our clients.
We share individual responses to the Survey with: (i) a small team within Dentsu Aegis Network; (ii) the company that provides us with cross tabulation software – that’s software which enables us to carry out faster analysis; and (iii) a client of Dentsu Aegis Network where the client has commissioned a specific Survey.
6. How long do we keep your personal data?
We keep personal data for the length of time it takes us to pursue our legitimate interest, which is explained in section 2. When we no longer need your personal data, the data is securely deleted.
7. How We Protect Your Personal data
Our safeguards include robust systems and processes designed to ensure that we collect only the minimum personal data necessary to pursue our legitimate interest, and that only those who need to view your personal data can see it. We carry out checks to make sure we adhere to restrictions on our use of the information (such as making sure that no marketing or advertising is directed at individuals who have provided data through the Survey).
We have implemented policies, processes and systems to help keep your personal data secure. Our Global Information Security Program is based on the ISO27001/2 standards, and industry and internal best practices. We continuously monitor and improve standards and regularly test our security measures. We also maintain an incident response plan for dealing with any incident or breach where your information may be put at risk or compromised, including measures for logging and audit trails, incident detection and security incident information gathering and reporting.
8. Your rights
If you are from the European Economic Area, you have rights (with some exceptions and restrictions) to:
- object to our processing of your personal data, including profiling. You can object, on grounds relating to your particular situation, at any time. In which case, we shall stop processing the data that your objection relates to, unless we can show compelling legitimate grounds to continue that processing;
- access your personal data. If you make this kind of request and we hold personal data about you, we are required to provide you with information on it, including a description and copy of the personal data and why we are processing it
- request erasure of your personal data in certain circumstances;
- request correction or updating of the personal data that we hold about you and that is inaccurate;
- request the restriction of our processing of your personal data in some situations. If you request this, we can continue to store your personal data but are restricted from processing it while the restriction is in place;
- complain to your local data protection authority about our collection or use of your personal data. For example, in the UK, the local data protection authority is the UK Information Commissioner's Office.
Please note the limited data that we receive about you, as described in section 4 of this Notice. Therefore, if you choose to exercise the rights described above, we may ask you to provide additional information so that we can satisfy ourselves as to your identity before we take further action.
If you are from the European Economic Area and would like to exercise any of these rights in relation to any information that we hold about you, please contact us. Our contact details can be found in section 10 of this Notice. We will consider and respond to your request in accordance with the relevant law.
9. Transferring personal data from and to Europe
Your personal data is kept in on servers in multiple countries and may be transferred outside of the European Economic Area for analysis. We may transfer personal data to countries where our overseas group companies or clients are located to allow them to review the research and insight.
When we make any of these transfers, we take appropriate steps to ensure EU data protection law is complied with. These steps might include, for example, transferring the information to someone in a country which the European Commission has decided provides adequate protection for personal data, or to someone who has signed standard contractual clauses approved by the European Commission. Dentsu Aegis Network’s intra-group agreement includes these standard contractual clauses, to cover transfers to our non-European affiliates.
10. How to contact us
When processing your personal data in the ways described in this Notice, we act as a data controller. If you have any questions about this Notice or would like to exercise any of the rights mentioned in section 10 this Notice, you can contact our Data Protection Officer in any of the following ways:
Address: Data Protection Officer, Dentsu Aegis Network, Regent’s Place, 10 Triton Street, London, NW1 3BF
Telephone: (+44) (0) 207 070 7700
11. Changes to the Notice
We may make changes to this Notice on occasion. We will post any revised versions of this Notice on the www.dentsuaegisnetwork.com website. Please review this Notice periodically to see if any changes have been made.
In this Supplementary Information section, we explain some of terminology used in the Notice.
"controller" – the person or company that controls the purposes and means of processing personal data.
"European Economic Area" – the 28 countries in the European Union plus Iceland, Liechtenstein and Norway.
"personal data" – any information that relates to you (or from which you can be identified).
"processing" – doing anything with personal data. For example, collecting it, storing it, disclosing it and deleting it.
"profiling" – using automated means to process personal data in order to work out certain things about people, like analysing or predicting their performance at work, reliability, economic situation, personal preferences, interests, behaviour, location or movements.
"transfer" – sending personal data outside the European Economic Area (e.g. by storing it on equipment located outside the European Economic Area), or allowing someone from outside the European Economic Area to access the personal data.