Effective as of the 25th of May, 2018.
I. Introduction – Who are we?
Insites Compages NV undertakes to respect the applicable data protection legislation as specified in Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, (hereafter “General Data Protection Regulation” or “GDPR”).
InSites Compages NV, with registered office at Evergemsesteenweg 195, 9032 Ghent (Belgium) and registered with the Crossroads Bank for Enterprises under the number BE0837.297.070, our subsidiaries and affiliates (see XIII. Contact for more information) (hereafter: “InSites”, “our”, “us” or “we”) believes in protecting the privacy and the confidentiality of the Personal Data we hold of you.
We acknowledge that you may have privacy and security concerns with respect to the Personal Data we collect, use, and possibly disclose to third parties for the purpose of allowing us to offer and provide our products and services. To this end, we have developed this Privacy Statement (“Statement”).
Personal Data is any combination of information, in the possession of or likely to come into the possession of InSites, that can be used to identify an individual (hereafter “Personal Data”). All processing of Personal Data by InSites will be treated in accordance with applicable data protection legislation and this Privacy Statement. Any information that cannot be used to identify a discrete individual (such as aggregated statistical information) is not Personal Data.
It should be clear that this Statement only applies to the processing of Personal Data by InSites acting as a controller, meaning when InSites is the one determining the purpose and means (the “why” and “how”) of such processing.
This Statement sets out how InSites processes information collected via
(I) the market research products and services we offer to our clients (e.g. the collection of information through surveys, panels, communities (such as “Square”), interviews or any other form of market research tools (hereafter the “Market research activities”);
(II) the different websites such as our http://www.insites-consulting.com/, https://www.futuretalkers.com/, http://www.howcoolbrandsstayhot.com/ (hereafter our “Websites”) and all activities and services relating to it.
If necessary a distinction will be made between Market research activities and our Websites.
It also sets out our practices regarding the use of such information, the steps we take to protect it, as well as the choices and rights that data subjects (“you” or “your”) have regarding on how we collect and process information about them. Data subjects involved can vary from
(I) participants in our Market research activities; or
(II) every user of our Websites, recruitment applicants, subscribers to our newsletters, personal or corporate clients (and individuals associated with our corporate clients), suppliers (including subcontractors and individuals associated with our suppliers and subcontractors), business contacts (existing and potential clients and/or individuals associated with them), any other individuals who get in touch with us
Unless we may otherwise communicate to you, we act in the capacity of data controller. When we collect personal data pursuant to an agreement with a third party, and that third party determines the means for and purposes of the processing, we generally act as data processor on behalf of that third party who will be the data controller.
Should you have any comments or questions about this Privacy Statement you can contact us via our contact information provided under XIII. Contact.
II. How do we process your Personal Data?
We are a market research company and a member of ESOMAR. ESOMAR is an international organisation that focuses on developing better market research methods. We adhere to the professional standards which ESOMAR sets out for its members. Where we collect and process information in connection with the market research products and services we offer to our clients we will at the same time, protect the privacy of the Personal Data we obtain from participants involved in such activities.
We carry out these activities on behalf of our clients.
Where we need to process Personal Data under the sole instruction of our clients, we ask our clients to provide the necessary information to the data subjects involved regarding its use and as set out hereunder. We permit our clients to use relevant sections of this Statement or refer them to this Statement if they consider it appropriate to do so. However, we cannot be held accountable if this information would not be sufficiently providing them with the necessary information.
We may also collect and process information via our Websites and in connection with all business activities relating to it. These operating activities can involve the processing of Personal Data of the following individuals: every visitor to our Websites, recruitment applicants, personal or corporate clients (and individuals associated with our corporate clients), suppliers (including subcontractors and individuals associated with our suppliers and subcontractors), business contacts (existing and potential clients and/or individuals associated with them) or other individuals who get in touch with us.
III. When do we collect your Personal Data?
The Personal Data collected and processed by InSites is generally received from you voluntarily, based upon:your participation in one or several of our Market research activities (e.g. questionnaires, panels or any other market research tool);
– your participation in one or several of our prize competitions; and
– all information you actively provide us with during such participations.
– when you contact us via our Websites, by e-mail, post, telephone, by exchanging business cards, by submitting a request to exercise your rights,…;
– when you engage or maintain a contractual relationship with us;
– when you apply for a job with us;
– when you subscribe to our newsletter;
– when you leave a comment on our Websites;
– when you request a download;
If InSites would receive Personal Data of you from clients or other third parties and we use this information for further processing as a controller, we will inform you about such processing at the latest at the moment of first contact with you.
It is possible that we receive your Personal Data from other sources, such as our Client’s database, list brokers, our panel website or via advertising.
IV. Which Personal Data of you do we collect?
We may collect and process the following (non-exhaustive) Personal Data. Depending on the situation and the Market research activity you participate in, we do not maintain all information mentioned hereafter.
– Contact information, such as your name, e-mail address or any other relevant contact details
– Personal and identification details, such as age, date of birth, place of birth, copy of an identity card, ….
– Electronic identification data, such as browser type, Internet Protocol (IP) address, user ID, unique identifier assigned to your device, geographic location, actions performed within a web page, information derived from content of a web page, …
– Contact history, such as sent and received communication (e.g. e-mail messages), … as a result of the communication we have with each other during your participation.
– Work related details, such as CV, education, professional activities, professional skills, …
– Habits, interests, opinions or behaviour, such as consumer behaviour, shopping behaviour, hobby’s, … in general the answers you provide on questions to perform market research for our clients;
– Photos, image or sound recordings
In general we will only collect Personal Data that is needed to provide our services to our clients and that is relevant for achieving the purposes as specified hereafter.
Information that we collect in questionnaires or panel are processed on an authorized level. Each registered participant has a unique identification number in our database which allows us to identify you as an individual participant. This number will be encrusted in confidential material submitted to you as that individual participant.
Depending on the specific purpose of the Market research activities we carry out for our clients it is possible that we collect and process special categories of Personal Data (e.g. information on race or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, genetic data, biometric data, sexual life or sexual orientation). InSites will only process special categories of Personal Data with your explicit consent or when required by law.
Where we allow children under the age of 16 – or under a lower age, depending on the provisions made by applicable local legislation – to participate in our online Marketing research activities we are aware that in addition of the child’s consent we must obtain consent given or authorised by a person with parental responsibility for the child. When processing Personal Data of children we will only do so when we have such consents. In addition, InSites respects the guidelines established by ESOMAR concerning online protection involving minors.
V. Why and how do we use your Personal Data?
As mentioned above, we generally obtain your Personal Data from you directly. We only collect the Personal Data necessary for the purposes of carrying out our services or activities.
Personal Data, obtained from Market research activities can be used by InSites for the following purposes:
– for the registration, invitation and participation in our Market research services;
– for research and statistical goals;
– to draw up collective profiles (not of individual people);
– to enable us to contact a winner of a competition;
– to enable us to verify your use of confidential material submitted by us to you; or
– to enable us to take appropriate measures in case you violate your obligation(s) towards us, as set out in the terms and conditions of each Market research service, such as the non-disclosure obligation in relation to confidential material submitted to you.
Other Personal Data obtained by InSites (e.g. via our Websites) can be used for the following purposes:
– Operational purposes, such as: administering and managing our Websites, products and services; considering a job application, answering requests for information or to exercise your rights, security, quality and risk management activities,….
– Business purposes, such as: providing our products and services; administering, managing and developing our businesses, business relationships, contracts, products and services; providing information about us and our range of services; for research and statistical goals; complying with any requirement of law, regulation or a professional body of which we are a member,….
– Commercial purposes, such as: direct marketing purposes (e.g. sending you our newsletter)
InSites will only use your Personal Data for these above mentioned purposes, unless you have specifically consented to it. If we intend to use your Personal Data for other purposes other than communicated to you, we will inform you in advance. For example: we will not use your Personal Data for advertising purposes unless you have freely given your explicit and prior consent.
VI. On which legal grounds do we collect your Personal Data?
InSites processes your Personal Data on the following legal grounds:
For Market research activities and newsletters: based upon your explicit consent. You can withdraw your consent at any time. For more information on how you can do this, see XI. Your Rights
– We may also process your Personal Data when we have a legitimate interest to do so, such as to defend and prosecute legal claims and rights, and other business interests. Where we rely on this legal processing ground, we will mitigate the effect(s) this might have on your privacy by appropriately minimising our use and putting in place adequate access and security safeguards to prevent unauthorised use.
– The processing is necessary for the performance of a contract for existing customers or suppliers (providing you with marketing materials relating to similar products or services that you have previously requested, used or participated in) or in order to take further action upon your request in order to enter into a contract with us.
– We may also process your Personal Data when we have a legal obligation to do so.
We use these technologies to make navigation of our Websites easier for you and to better deliver tailored content to you.
We also use these technologies to gather tracking information and statistics regarding use of our Websites.
We may utilise online identification technologies from marketing partners, third party sites and social media platforms. These technologies help us measure the efficacy of our marketing and awareness campaigns and to understand how visitors navigate to our Websites from a InSites Consulting ad.
You can control and manage cookies using your browser. Please note that removing or blocking cookies can impact your user experience and some functionality may no longer be available.
Most browsers allow you to view, manage, delete and block cookies for a website. Be aware that if you delete all cookies then any preferences you have set will be lost, including the ability to opt-out from cookies as this function itself requires placement of an opt out cookie on your device.
VIII. How long we keep your Personal Data
We retain the Personal Data processed by us for as long as is considered necessary for the purpose for which it was collected. Considering the data retention period for which Personal Data can be held, depends on the purposes for which the information was collected, the data retention period can vary in each situation.
InSites will maintain the following process regarding the retention of personal data collected through the use of the Square:
(i) After a stagnation period of 4 months the platform will be closed. This means that the platform will no longer be accessible to the public.
(ii) If the platform is subsequently (after closure) subject to another stagnation period of 6 months, the platform will be archived by InSites.
(iii) After a stagnation period of another 24 months after the platform was closed as mentioned in (i), InSites will delete the platform. This means that all data (including Personal Data) will be removed by InSites. The only exception concerns personal data related to incentives. For fiscal regulation reasons, InSites is bound to retain this data for 7 years. InSites commits to keep this data during this period in a secure manner (dynamic and regardless of the status of the platform).
In the event the platform will be reopened, the platform archiving and deletion period will not (further) run. Each stagnation period will start again from the moment the platform is re-closed.
You will be able to unsubscribe from the platform at any time. From the moment of unsubscription, your Personal Data will be deleted within 90 days by InSites, except for the Personal Data which InSites is required to keep during 7 years for fiscal regulation reasons.
IX. What measures do we take to secure your Personal Data
InSites takes the security of all Personal Data we process (e.g. through our Websites or in connection to our Market research activities) seriously. Therefore we have implemented appropriate technical and organisational measures to secure the processing of Personal Data. These safeguards will vary depending on the sensitivity, format, location, amount, distribution and storage of the Personal Data, and include measures designed to keep Personal Data protected from unauthorized access. If appropriate, the safeguards include the encryption of communications via for example SSL, encryption of information during storage, firewalls, access controls, separation of duties, and similar security protocols. We restrict access to Personal Data to our staff members and third parties that require access to such information for legitimate and relevant business purposes.
All our staff members, contractors and third parties who will have access to your Personal Data on InSites’ instructions will be bound to confidentiality and we use access controls to limit access to individuals that require such access for the performance of their responsibilities and tasks.
X. Transfers of Personal Data
We will only share your Personal Data with others when we are legally permitted to do so and where it’s necessary to fulfil the purposes related to those described above.
When we share Personal Data with others, we put contractual arrangements and security mechanisms in place to protect the Personal Data and to comply with our own data protection, confidentiality and security standards.
Personal Data we hold could be transferred:
– to our clients
By carrying out our Market research activities we collect and process information of individuals (participants) whose Personal Data can be obtained in connection with providing our market research products and services to our clients (e.g. existing or potential clients of our own clients). We process this information on behalf of our clients and sharing this information with our clients is necessary for delivering our products and services. In this context it is possible that we share photos, image recordings, sound recordings or full datasets we hold of you. However, we will only do so when we have obtained your explicit consent to such transfer.
We will not share Personal Data obtained in connection with providing our products and services to one client, with another client. We will also not sell, rent or lease this information to other third parties.
– to our subsidiaries and affiliates
We may share your Personal Data within our global network of corporations when this is necessary for providing or improving our products and services (e.g. processing and storage, providing you with access to our business activities and services, providing customer support, content development,…) or when this is necessary for the purpose for which your Personal Data was collected. For details of our subsidiaries and affiliates, please see contact details below or click here.
– to our Service Providers
Where necessary we use third parties to support us in providing our services and to help provide, run and manage our internal IT systems or (internal) business processes and ask them to perform certain tasks on behalf of us.
For example, providers of information technology, cloud based software as a service provider, Website hosting and management, data analysis, recruiting software, data back-up, security and storage services.
We will only disclose or make accessible such Personal Data to these service providers to the extent required for the respective purpose. This data may not be used by them for any other purposes, in particular not for their own or third party purposes. In addition, our service providers are contractually bound to respect the confidentiality of your personal data through a so called “Data Protection Agreement”.
When you participate to our incentive system, we may have to share your Personal Data (e.g. name, e-mail address, …) with third parties that help us take care of our incentive handling.
– law enforcement or other government and regulatory agencies or to other third parties as required by, and in accordance with, applicable law or regulation:
We reserve the right to disclose any and all pertinent information to law enforcement or other third parties with the authority to acquire Personal Data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, to establish, exercise or defend legal rights. We will only fulfil requests for Personal Data where this is necessary and appropriate and where we are permitted to do so in accordance with applicable law or regulation.
We are part of a global network of corporations and can make use of third party service provides or our subsidiaries and affiliates in other countries to help us run our business. As a result, the Personal Data may be transferred outside the European Economic Area (“EEA”). Under certain conditions the GDPR allows InSites to transfer Personal Data to such countries.
In the context of international research projects InSites may also invite you to take part in research projects of both national and international business clients or partners, again including possible transfers outside the EEA .
In any case, we have taken steps to ensure all Personal Data is processed respecting adequate levels of security and that all transfers of the Personal Data outside the EEA take place in accordance with applicable data protection legislation and that there will be an appropriate level of protection. We will implement legal safeguards governing such transfer, such as model contractual clauses, individuals’ consent, or other legal grounds permitted by applicable legal requirements.
XI. Your rights
The GDPR provides you with certain rights in relation to your Personal Data. These rights are listed below. Please contact us if you wish to exercise any of the rights below. You can find our contact information under XII. Contact, as set out below.
Please be aware that certain exceptions apply in exercising these rights which means you may not be able to exercise these in all situations:
a) Subject Access: You have a right to have access to your Personal Data held by InSites.
b) Rectification: You can ask us to have inaccurate Personal Data corrected.
c) Erasure (‘Right to be forgotten’): You can ask us to erase Personal Data in certain circumstances and we will take reasonable steps to inform data processors that are processing the Personal Data on our behalf that you have requested the erasure of any links to, copies or replication of your Personal Data.
d) Restriction: You can require certain Personal Data to be marked as restricted and also restrict processing in certain other circumstances.
e) Portability: You can ask us to transmit the Personal Data of you to a third party electronically insofar as permitted under the GDPR.
f) Raise a complaint: You can raise a complaint about our processing with the data protection regulator, the (Belgian) “Data Protection Authority”, (address) Drukpersstraat 35, 1000 Brussel, (tel) 32 (0)2 274 48 00, (email) firstname.lastname@example.org.
In addition, under certain conditions, you have the right to:
– where processing is based on consent, withdraw the consent; all newsletters contain an unsubscribe button in the footer of that e-mail.
– object to any processing of personal that InSites justifies on the “legitimate interests” legal ground, unless our reasons for undertaking that processing outweigh any prejudice to the individual’s privacy rights; and
– object to direct marketing (including any profiling for such purposes) at any time.
XII. Updates to this Statement
InSites reserves the right to revise and update this Statement at any time. The date of the last update can be found at the top of this Statement.
Therefore, you should review our Websites periodically so that you are up-to-date on our most current policies and practices.
Should you have any comments or questions about this Privacy Statement or the processing of your Personal Data by InSites acting as a controller, you may contact us
– Via e-mail: email@example.com
– Via telephone: +32 (0)9.269.15.00
– Via postal mail:
InSites Compages NV (BE)
InSites NV (BE)
InSites Consulting BV (NL)
2908 ME Capelle aan den IJssel
InSites Consultants Ltd. (UK)
27/31 Clerkenwell Close, unit 5.14
EC1R 0AT London
InSites Marketing Consulting Inc (US)
1410 Broadway, Suite 3001
New York, NY 10018
InSites DE GMBH (DE)
Factory Campus – Erkrather Strasse 401
ISC Reasearch SRL (ROM)
2 Strada Dr. Liviu Gabor
Direction First Pty Ltd (AUS)
241 Castlereagh Street, Level 5
Sydney, NSW 2000