Kantar Scope Privacy Policy February 2022
This Privacy Policy (“Privacy Policy”, “Policy”) sets out the commitment of The Kantar Group Limited, 6 More London Place, Tooley Street, London, SE1 2QY, UK ("Kantar"), to the privacy of the members, users and participants of various panels and other sources (altogether “Participants”) who agree to participate in the Kantar Media ASA project ("Project") and governs Participants rights regarding privacy and data protection. This Policy is made available to the Parents/Guardians who agree their child will participate in this project researching the advertising their child receives on their Android mobile device.
In order to participate in the Project, you are required to download and install a small software application called Kantar Scope (the "Application") on your mobile phone or tablet device.
Participants are invited to the Project by various panels, communities, sites or any other sources, (altogether “Panels”) operated by Kantar or other third-party companies which are each the data controller of their respective data and Participants. Taking part in the Project is entirely voluntary.
By signing up to the Project, and by accepting these terms, you confirm that you have read and understood the terms of this Privacy Policy. We ask you to read this Privacy Policy carefully. For the purpose of this Privacy Policy, “personal data” means any information which relates to an identifiable living individual.
This Policy does not replace the existing privacy policy of the Panels as that still applies to all Participants, whether or not they choose to participate in this Project. This Policy is supplemental to the Panels policies and applies only to those Participants who choose to participate in the Project.
This Policy describes our data collection and use practices for consumers who download the Application. This Policy applies only to the operation of the Application and not to any other application, website or service.
As part of the Project you may be invited to participate in studies involving the collection of Clickstream data from your device. This part of the Project is by invitation only and would require you to activate a part of the Application which is comprised of the Meter and VPN, as described further below). This technology is made available by RealityMine on behalf of Kantar on your mobile phone or tablet.
If you choose to participate in a Clickstream study, the Application will either install the "Meter" (a piece of software on your device to collect the data described in section 2) and/or will establish the "VPN" (a profile on your device to direct all internet data generated by and for your device through RealityMine to enable Us to collect the data), which individually and collectively are components of the Application. Regardless of whether data is collected via the Meter or the VPN, we will only use the data as described in this Policy.
Which data we collect:
Kantar collects both non-personally identifiable information and personally identifiable information from you through the Application such as surveys and Clickstream data via the Meter - if you choose to activate this part of the Application.
Examples explained below and are related to "clickstream data" collected via the Meter. Clickstream data is information generated by you and your device while surfing the Internet and interacting with various sites, services, apps, and device functions. In greater detail, the Application collects the following types of information. Note that isn’t a comprehensive list of every single data element within such data types.
1. Online Browsing: This includes the sites you visit and apps you use, including news sites/apps or social networks, and your interactions with how you use them, how much time you spend browsing the internet and the terms of any search you carry out.
2. Online Activities: This includes the search terms you enter, the videos you view, the products you shop for online, the advertisements you see, information and content on sites or apps that you visit or use and with which you interact subject to the process described below in the section entitled "Protecting Personal & Sensitive Information".
3. Information on secure pages/apps: This includes information and content from protected or secure pages or apps that you access, such as online accounts or the content of complete and incomplete consumer transactions when you are checking out through a service's shopping cart, even if the service makes this information unreadable to others.
4. System Information: This includes information about the device and system you are running on, including unique identifiers that may be stored in your device's operating system such as your device’s unique identifier, IP address and phone number of the device. This also includes unique identifiers used by websites and apps and information about your access to cellular and wifi networks.
5. Mobile Device and Computer Usage
Information: This includes information about your use of your mobile phone,
tablet or computer. device (mobile device or computer). Please note this
information is collected and transmitted to Us "in the background"
and does not require any further activation on your part. We call this
"passive tracking".
This can include the following types of information:
• Information about your internet browsing habits – how much time you spend browsing the internet on your mobile phone, tablet or computer or your mobile device, the sites you visit or apps you use, and the terms of any search you carry out.
• Information about your usage of other apps and features on your device, including the identity of the apps and features, when you downloaded them, how often you use them and for how long. This includes things like your use of the camera(s) (although we do not collect your photos) and the media player(s) (including the titles of songs/tracks and videos)
• Information about the type of device you own, when and for how long you charge it, its battery status, whether it is switched on, off or in a stand-by or "Airplane" mode.
• Information about which mobile network you use, which WIFI networks you connect to, and at what times.
• Information about the volume of data downloaded to your mobile device, the times that you download that data and the method of connection you use (WIFI or mobile network).
• Information we can deduct from combining the above information – e.g., what apps you were using just before you searched for particular information using your device’s internet browser.
How we use your data:
Main data usage:
The below describes how your data – which includes web use, app use, demographic information, survey responses and information we have obtained from third parties – contributes to the kinds of services our clients buy from Us. Our typical process is to combine Participants data into consumer segments and to report on the aggregated (or grouped) results. Consumer segments are pools of users who have common interests or characteristics. For example, "women between the ages of 28-34 interested in travel websites”. Once aggregated, the results and consumer segments are shared with our clients and other parties as described in this Policy. The following are examples of the kinds of services we provide, and how your data is used in these services:
Advertising Research – Your data is combined with data from other users into a pool that is then analysed for exposure to certain advertising. Information about the combined pool, which does not identify any particular user, is shared with clients so they can understand if and how their advertising spending impacts the consumer journey and consumer decisions. For example, by comparing the behaviours of a group of users who saw a particular online advertisement with another group of users who did not see that advertisement, we can help advertisers understand the effectiveness of their ads. The Application may also modify or replace content or ads that you see, as part of a market research study.
Media Use Analysis – Your data is combined with data from other users to form consumer segments that are shared with clients without identifying any particular user. These segments are typically analysed on behalf of clients to understand where consumers go online and how consumers interact with digital media, which includes website content, apps and advertising that they see. For example, we help companies understand the effectiveness of their websites or apps by comparing how users are interacting with their websites or apps versus how users are interacting with their competitors websites or apps.
User-Level Data - On occasion, we may share user-level data we collected from you with third parties (including affiliates), for purposes beyond the specific examples noted in this Policy. User-level data is information that is associated with your specific device and is not aggregated with other data. For example, we may share data with a third-party that reveals that you have viewed certain sites or used certain apps or features, but you will not be personally identified with such information. Rather, the user-level data will be associated with an identifier (such as user "X"). We prohibit the third parties with whom we share such user-level data from trying to uncover the actual identity of "X", except as may be otherwise allowed under this Policy, such as in the "Consumer Analysis" section above.
Other data usages:
We also may use your information for purposes of maintaining the configuration and proper functioning of the Application, for database or Application services (such as customer support, email, or surveys), and for purposes of data quality and data cleansing
We may provide RealityMine with data collected through the Application for RealityMine’s own internal use only to develop and enhance its general offerings; however, RealityMine is not authorized to provide any third party with access to, or use of, such data in any manner that identifies you
As part of the registration process prior to installation of the Application or in connection with your participation in a survey or other service, we may directly collect information such as your name, telephone number, email address, birth year, household information, income, gender, and ethnicity. This information is part of your consumer profile and used as described above. Of course, the contact information you give also helps us reach you with information related to Application maintenance and upgrades and other service related communications.
When working with a third party (such as another data provider) to supplement your profile, we protect your privacy by having our partner sign a confidentiality agreement stating that they will not share personally identifiable information with unauthorized parties. We instruct them to maintain the confidentiality, security and integrity of the information we provide and not to use the information for any purpose other than those we explicitly authorize.
We may share information about you with authorized vendors and service providers, such as RealityMine Ltd., in connection with the services that they perform for us. These third parties are prohibited from using your information for other purposes.
In the event We go through a business transition, such as a merger, acquisition by another company, or sale of all or a portion of its assets, your information may be among the assets transferred.
Lawful collection:
We have set out below more detailed information about how we use your personal data. We are also required by law to explain the legal basis for processing your personal data. These legal bases are listed below and could be different for each use case:
We will never misrepresent ourselves or what we are doing. If you receive an email that concerns you, purporting to be from us, please let us know as shown below in ”How to Contact Us”.
|
Case |
Purpose |
Data collected/processed |
|
Market Research |
To understand your views about certain products and services or to understand your behaviour in different situations |
Identifier, contact details, email address, voice, image, opinion. |
|
Public Disclosure |
To share or disclosed pursuant to judicial or other government subpoenas, warrants, orders or pursuant to similar and other legal or regulatory requirements, we will provide such information to the appropriate authorities. |
Identifier, name, contact details, email address, incentive received. |
|
Fraud Protection |
Protection of our business interests against fraudulent behaviour or behaviour not in line with our Terms and Conditions |
IP address, browser specifications, device specifications, postal addresses, email addresses, official identification number (i.e. ME number) |
|
Survey Participation Uniqueness |
Prevention of multiple entries in surveys by the same individuals in line with our Terms and Conditions |
IP address, browser specifications, device specifications |
|
Ad Exposure and Measurement |
We will identify what advertisements you may have been exposed to on the sites and platforms you may use. We may work with third parties to identify the advertisers/advert campaign. The third parties that we work with are not allowed to use the data for any other purpose.
|
Persistent unique identifier, contact details, email address, social login, IP address, mobile device ID, official identification number (i.e. ME number) |
Our third-party partners are all contractually bound to keep any information they collect and disclose to us, or that we collect and disclose to them, confidential and must protect it with security standards and practices that are equivalent to our own.
For personal data which is subject to the GDPR and transferred to a country or territory outside the European Economic Area (EEA), we shall put adequate safeguards in place to ensure the transfer is made by a lawful method for the purposes of EU data protection law and secure. For data which is not subject to the GDPR, Kantar shall strictly follow any other applicable data protection laws.
Data is collected and transmitted by the Application from your device to RealityMine, whose servers are located in the European Union. Data is then transferred to Us. Our servers are maintained in the United States of America and on the cloud.
By using the Application, you freely and specifically give us your consent to export your personally identifiable information to the USA and to store and use it in the USA as specified in this Policy. You understand that our data is subject to lawful requests by the courts or law enforcement authorities in the United States.
We take appropriate technological and organisational measures to protect your personal data, both during transmission and once we receive it. Our security procedures are consistent with generally accepted standards used to protect personal data.
All our employees are contractually obliged to follow our policies and procedures regarding confidentiality, security and privacy.
Your account information and personal data are password-protected so that you and only you have access to your information. In order to keep your personal data safe, we recommend that you do not divulge your password to anyone. Kantar will never ask you for your password in an unsolicited phone call or in an unsolicited email. Also, please remember to sign out of your Panels account and close your browser window when you have finished visiting our site. This is to ensure that others cannot access your personal data and correspondence if you share a computer with someone else or are using a computer in a public place like a library or Internet cafe. Please change your password regularly.
Whenever Kantar handles personal data as described above, regardless of where this occurs, Kantar takes steps to ensure that your information is treated securely and in accordance with this Privacy Policy. Unfortunately, no data transmission can be guaranteed to be 100% secure. As a result, while we strive to protect your personal data, Kantar cannot ensure or warrant the security of any information you transmit to us or from our online products or services, and you do so at your own risk. Once we receive your transmission, we will take reasonable steps to ensure our systems are secure.
Ultimately, you are solely responsible for maintaining the secrecy of your passwords and/or any account information. Please be careful and responsible whenever you're online.
We adhere to standards and industry requirements, including:
Cookies are small text files stored on your computer or mobile device by a website that assigns a numerical user ID and stores certain information about your online browsing. They are used to help users navigate websites efficiently and perform certain functions. The website sends information to the browser which then creates a text file on the user’s computer or mobile device. Every time the user goes back to the same website, the browser retrieves and sends this file to the website's server.
For behavioural tracking research, we use optional cookies / software applications, but only if you have given your consent to these cookies / applications.
As is true of most online surveys, we gather certain information automatically and store it in survey data files. This information may include things like Internet Protocol addresses (IP address), browser type, Internet service provider (“ISP”); referring/exit pages, operating system and date/time stamp.
We use this automatically collected information to analyse trends such as browser usage and to administer the site, e.g. to optimise the survey experience depending on your browser type. We may also use your IP address to check whether there have been multiple participations in the survey from this IP address and also to protect our business against fraudulent behaviour.
Kantar defines cookies within 3 categories:
As you use the Internet, a trail of electronic information is left at each web site you visit. This information, which is sometimes referred to as ‘clickstream data’, may be collected and stored by a website's server. Clickstream data can tell us the type of computer and browsing software you use and the address of the web site from which you linked to the Site. We may collect and use clickstream data as aggregated information to anonymously determine how much time visitors spend on each page of our site, how visitors navigate throughout the site and how we may tailor our web pages to better meet the needs of visitors. This information will be used to improve our site and our services. Any collection or use of clickstream data will be anonymous and will not intentionally contain any personal data.
We take reasonable steps to keep personal data in our possession or control accurate, complete and current, based on the most recent information made available to us by you and/or by our client.
We rely on you to help us keep your personal data accurate, complete and current by answering our questions honestly. You are responsible for ensuring that you notify us of any changes to your personal data.
Kantar recognizes the need to provide further privacy protections with respect to personal data collected from children. We never knowingly invite children under the legal age set by the authorities in the country in which you reside to participate in research studies without parental permission. If it is necessary and appropriate to a particular project to directly involve children under the legal age, we take measures to ensure we have been given permission by their parent or legal guardian. Kantar will provide parents and guardians information about the survey topic, about any personal or sensitive information which may be collected from the children, the way this data will be used and whether and with whom Kantar may share such information.
While the child is completing the survey, it is the responsibility of the parent or guardian to supervise them.
We have established specific procedural and technical privacy rules and processes designed to avoid as much as possible the processing of personally identifiable information and sensitive information that can be identified by those processes, such as but not limited to credit card numbers, social security numbers, email addresses, email content from most web-based email accounts or health data. The processes are executed daily prior to the insertion of such data in our database.
Despite our efforts, some information might get through our rules and processes. Our rules and processes are reviewed and upgraded periodically by our analysts to identify new types of personally identifiable information and sensitive information and to prevent them from being inserted in our database. If it happens that we identify such information in our database, this information will be immediately deleted.
Most applications encrypt personally identifiable information and sensitive information in line with most data protection regulations in the world. If you use an application which doesn’t respect these requirements, you may transfer your data in an unencrypted format through the Internet. Your data may be captured as is by our Application. The detection of such situations is also part of our procedures and we will delete your data immediately if we identify such case.
To request access to personal data that we hold about you, you should submit your request in writing to the e-mail address or postal address shown below in ”How to Contact Us”.
You have the following rights in relation to your personal data:
We shall also notify third parties to whom we have transferred your personal data of any changes that we make on your request. Note that while Kantar communicates to these third parties, Kantar is not responsible for the actions taken by these third parties to answer your request. You may be able to access your personal data held by these third parties and correct, amend or delete it where it is inaccurate.
We will retain the information described above for 18 months before going to glacial storage. We keep it in glacial storage for further 18 months. If you opt out from the Project by following the instructions to remove the Application (which requires that you uninstall both the Meter and VPN) we no longer will collect data from you but we will retain and continue to use your data collected prior to your removal of the Application unless you contact us. We are not able to modify or remove clickstream data, information that has been collected or information that has already been shared with a third party as permitted by this Policy.
If you have set your browser to "private browsing" or a similar setting, the Application may still continue to operate and collect data to be sent to Us. To completely stop the operation of the Application and the collection of data from your device, you must follow the instructions to remove the Application (which requires that you uninstall both the meter and VPN).
As part of the Company Business Continuity Plan and as required by ISO 27001, ISO 9001, ISO 20252 and in certain instances the law, our electronic systems are backed up and archived. These archives are retained for a defined period of time in a strictly controlled environment. Once expired, the data is deleted and destroyed to ensure the data is erased completely.
We reserve the right to change, add to, or remove portions from this Privacy Policy at any time. You should read this page regularly to ensure you are updated as to any changes. However, if any material change is made to this Privacy Policy, we will notify you of that change via email. Your continued access to the Project and related sites and services after such changes conclusively demonstrates your consent to any changes.
We will always display the most up-to-date policy on this web page.
Last updated: 3rd February 2022
If you are not happy with the way we have processed your personal data, we’d like a chance to put that right. Please contact us at privacy-global@kantar.com or in writing to Quality and Information Security team Kantar, 222 Gray’s Inn Rd, London WC1X 8HB and we will have somebody contact you.
We will investigate all complaints and attempt to resolve those that we find are justified. If necessary, we will amend our policies and procedures to ensure that other individuals do not experience the same problem.
If you have any questions or comments, you may contact Kantar’s Data Protection Officer, please email dataprotection@kantar.com
If you are not satisfied with how we handle and protect personal data, you have the right to complain to a supervisory authority such as
· The Information Commissioner's Office in the UK whose details can be found at www.ico.org.uk
· The Data Protection Commissioner in Ireland whose details can be found at www.dataprotection.ie
We are a Kantar Group Company. Our registered name and address is:
·
Kantar Media
UK Ltd
222 Gray’s Inn Road
· London WC1X 8HB
· UK Companies House number 00275304
14. Additional Terms for Users of Android Devices
If you have downloaded the Kantar Scope App via Google Play, the following shall apply:
The Application uses Accessibility services and is using the respective permissions with active consent by the end-user. The Accessibility permissions are used for analysing the application and web usage on this device as part of an opt-in market research panel.