Nepa
Headquarters
Maria Skolgata 83,
118 53 Stockholm, Sweden
Phone: +46 8 400 268 00
Email: hello@nepa.com
Follow us
Solutions
Copyright © Nepa | Powered by GO MO Group. All Rights Reserved.
Nepa
Global
Summary
1.
Nepa is a consumer insights company that conducts research into consumer markets (B2C) and professional markets (B2B) to collect and analyse opinions about areas such as brands, products and services. To achieve this, Nepa conducts online surveys and other types of interviews via consumer panels and sources like our Customer’s customer register. Nepa also owns and manages consumer panels for the purpose of enabling consumers to answer surveys.
This Privacy Policy defines how Nepa AB reg. no. 556865-8883, Maria Skolgata 83, 118 53 Stockholm, Sweden and the subsidiary companies of the Nepa AB group of companies (jointly “Nepa”) use (collects, stores, uses and discloses and otherwise uses) your Personal Data (“Personal Data” which may also be referred to as Personally Identifiable Information or “PII”) and other information described in this Privacy Policy whether:
Your participation may also be governed by a privacy notice of one of our Panel owners, in such a situation you will receive clear information beforehand.
Nepa is headquartered in Stockholm Sweden but operates in 50+ markets across the globe. We have offices in the Nordics, Asia, EU and North America. Nepa is established in the EU, and the information in this Privacy Policy is based on the European Union General Data Protection Regulation (2016/679) or GDPR, which provides a high standard with respect to the protection of Personal Data. However, depending on where you live, other privacy laws and regulations may apply as well. This Privacy Policy applies to residents of every country worldwide.
Nepa will, and will cause its affiliates to, establish and maintain business procedures that are consistent with this Privacy Policy.
This Privacy Policy describes Nepa’s policies and practices regarding its collection and use of your personal data and sets forth your privacy rights. We recognise that information privacy is an ongoing responsibility, and so we will from time to time update this Privacy Policy as we undertake new personal data practices or adopt new privacy policies.
2.
We provide various marketing research Services to our Customers (“Services”). Typically, Nepa’s surveys are commissioned by a Customer that would like to have additional insights into various aspects of their brand, advertisement, products, services and gain more knowledge into their target consumers’ attitudes, habits and preferences. In some cases we act on behalf of the Customer as a data processor, and, as set out below, we act as a data controller together with the Customer.
The Customer hires Nepa to conduct the marketing research services and determines the purpose the data will be used for. Often the Customer will use the insights gained from a survey to adapt their next advertising campaign.
Nepa will, in our role as the expert in carrying out these Services, determine suitable methods to conduct the surveys and compile the answers of the surveys.
In this situation, both the Customer and Nepa can decide how your data is used and will therefore act as joint data controllers concerning the processing of your personal data. You will always be able to contact each of Nepa or a Customer that is relevant for a specific panel with your questions and concerns.
Your Personal Data may be used for several purposes that are explained in section 6, along with examples of categories of personal data. Specific details on the use of Personal information might also be described further within a survey or other market research program. If you would like more information, you are always welcome to contact us as described in the “CONTACT US” section below.
3.
Your participation in a survey or other market research program is completely voluntary, and Nepa’s use of your Personal Data is carried out with your consent. Also, note that Nepa has developed internal procedures to protect the Personal Data that you provide us with and that we receive from third-party sources.
Nepa strives to conform its privacy practices to applicable laws, codes, and regulations, and the codes of standards of applicable market and opinion survey research associations, including, without limitation ESOMAR (www.esomar.org).
Market research is not marketing and you will not receive third-party advertisement or offers to purchase items from our partners.
Nepa does not knowingly collect Personal Data from children below the age where parental consent is required. If Nepa becomes aware that Nepa has inadvertently collected Personal Data from a child below the age where parental consent is required, Nepa will delete such Personal Data from our database.
The security of your Personal Data is very important to us. Accordingly, Nepa has put in place reasonable technical, physical, and administrative safeguards to protect the information Nepa collects. Only those employees who need access to your information to perform their duties are authorized to have access to your Personal Data.
We have an Internal Privacy Policy in place that thoroughly describes our processes and practices for handling personal pata. We recognise that privacy is an ongoing responsibility. Therefore, we regularly review and update our operations, such as our standard retention times, when needed.
Despite the safeguards Nepa implements, transmissions over the Internet and/or a mobile network are not totally secure, and Nepa does not guarantee the security of online transmissions. Nepa is not responsible for any errors by individuals in submitting Personal Data to Nepa.
4.
Nepa collects Personal Data directly from you when you voluntarily provide it to us. Also, Nepa obtains Personal Data from our Panel Owners, Customers or market research firms who have obtained your consent.
Nepa only collects your Personal Data for market research purposes, and any participation in a Nepa research project or panel is always completely voluntary. Your consent is voluntary and may be withdrawn at any time, after which we will cease using your data.
Your Personal Data will always be collected by fair and lawful means and only for specific purposes. For example, Nepa may collect your Personal Data when you register for or participate in a panel of one of our Panel Owners, complete a survey or participate in another market research program. Also, we can collect your Personal Data via automated means or other methods as described in the “What information is collected by automated technologies?” section below.
Personal Data that is processed for the purpose of market research includes your name; title; zip-code; street address; e-mail address; marital status; gender; mobile phone number; social security number, IP address; customer analysis data; internet ID, e.g. Facebook ID; loyalty card number; customer segmentation data; devices; preferences and opinions; transaction data; contract number; visitor data, audio, videos and photos, and any similar customer-related data.
You may also submit, upload or transmit content or material, including photos, videos, and/or any other similar or related content or material which may include your Personal Data, for example, when participating in surveys or other market research programs. Such Personal data is used and disclosed as described in this Privacy Policy and should not include audio, video, images, or the likeness of anyone other than you.
When you have accepted the General Terms & Conditions and consented to this Privacy Policy, an individual user-ID will be assigned to you (“Respondent-ID”). All registration entries and transactions will be saved under this Respondent-ID.
Nepa collects specific Personal Data about you automatically. Such information includes information about your device and device capabilities (the device operating system, the other applications on your device, cookie information, IP address, device network provider, device type, time zone, network status, browser type, browser identifier), unique device identification number (such as Identifiers for analytics or advertising), network provider user ID (a number uniquely allocated to you by your network provider), Media Access Control (MAC) address, mobile advertising identifier, location and other information that alone or in combination may be used to identify your device uniquely.
Using and storing a Respondent-ID and Personal Data collected automatically help us to unify your activities and allocate relevant partners, campaigns and advertisements to your account. This is necessary for our interest to measure and improve the long-term performance of our services.
For Panelist of a panel of one our Panel Owners, Nepa will collect and process data following the instructions from the Panel Owner. For survey respondent of a survey for one of our Customers, Nepa will collect and process data following their instructions.
Nepa also obtains Personal Data from database owners. The database owners have assured us that their databases comprise only individuals who have consented to be included and have their Personal Data shared. Finally, Nepa collects and uses Personal Data obtained from publicly available sources, such as telephone directories.
From time to time, Nepa may collect sensitive personal data about you. Depending on the country in which you live the sensitive personal data may include, racial or ethnic origin, health records, financial information, political opinions and religious or philosophical beliefs. If Nepa collects your sensitive personal data, Nepa will always obtain your explicit consent. Furthermore, Nepa will only process the sensitive personal data within the scope of the specific survey, meaning for analysis purposes and developing, e.g. a product offering or communication towards consumers. Nepa will only present the results from the survey in an anonymised, aggregated format and will remove the data when the results have been compiled. We limit all access to personal data to our employees that need such access to carry out their work.
5.
We use the information we collect about you for four main reasons:
Below you will find a list of sub-purposes, to give you a better and more clear idea of why we process information about you, including:
For these reasons, we combine the collected Personal Data to give you a smoother, more consistent and personalized experience. To improve the protection of your privacy, we have developed both technical and organizational security measures designed to prevent certain combinations of data. Below you will find a list of each purpose for the processing of your personal data, how we fulfil these purposes and on what legal basis we base the processing.
Nepa always ensures that it is permitted to process your Personal Data. Nepa generally does this by obtaining your consent, however in limited cases, Nepa may use a statutory condition to process Personal Data.
If a statutory condition applies allowing Nepa to process your Personal Data and you withdraw consent to process your Personal Data this will not necessarily mean that Nepa will cease to process your Personal Data as it may, for example, be under a statutory duty to continue to process your Personal Data for some purposes, e.g. to keep copies of commercial transactions for a minimum of seven years.
We only process your data for the purposes stated above. Our legal basis to use your personal data depends to certain part on the activity you are participating in.
We process your Personal Data to determine if you are in the target demographic that should be invited to a particular survey of ours.
Legal basis: We use personal data necessary to fulfil our legitimate interest in providing both you with relevant surveys and our Customers with appropriate Panelists. Also, we use personal data necessary to uphold our contract with you, i.e. the General Terms & Conditions.
After we have determined that you are in the target demographic of a survey, we process your Personal Data to contact and invite you to participate in the survey or other market research program that we consider to be relevant for you.
Legal basis: We use personal data necessary to fulfil our legitimate interest to make sure that you find the relevant survey and on our contract with you to provide you with surveys.
We use Personal Data necessary to validate your profiling information or the answers that you provide in a survey or other market research program. Also, we process your Personal Data to provide you with incentives and rewards for completing a survey. This we do to honour what we have promised you in our contract with you (survey terms or General Terms & Conditions). Furthermore, we will review surveys for signs of low quality, including checking response time and response patterns.
In certain cases, we may also record and collect video and audio of video meetings when you participate in a qualitative market research interview to be able to review your expressions in addition to oral or written answers.
Legal basis: We base our use of your Personal Data on our contractual obligations and our legitimate interest of providing our Customers only with high-quality responses. You will be informed of the recording of material at the start of a qualitative market research interview and your options should you decline.
We may contact you again when you have completed a survey to follow-up with additional relevant questions. We do this as we may need to supplement the survey questions afterwards with additional information.
Legal basis: our legal basis is to fulfil our agreement with you and our Customers and our legitimate interest to provide high qualitative surveys to our customers.
We use Personal Data necessary to provide you with incentives and rewards for completing a survey. This we do to keep what we have promised you in our contract with you (survey terms or General Terms & Conditions).
Legal basis: We base this processing on our contractual obligations towards you.
We use Personal Data necessary to provide you with the benefits of our membership as we have promised in our contract with you (general Terms & Conditions). Legal basis: we use the Personal Data necessary to fulfil our legitimate interest in providing you with our services efficiently and securely, which is in your interest.
We use Personal Data necessary to fulfil our legitimate joint interests in communicating with you upon your requests, such as responding to your questions, concerns or complaints. Also, we process your Personal Data to be able to provide you with the service and support you need and/or specifically request.
Legal basis: This processing is carried out to reply to your requests and to fulfil our contractual obligations and legal obligations.
We use visitor data to protect the security of our products, services and customers, to detect and prevent fraud and to resolve disputes and to enforce our agreements.
Legal basis: We carry out this processing because it is necessary for our legitimate interest to protect our systems and services.
We collect and store IP addresses, device location, browser type, operating system and other usage information about the use of our website, to help us design our website, survey and panels to better suit your needs. We may also use tracking cookies, tags, and scripts to track certain information about you based on your activity on our site or third-party sites. Nepa may use this information to determine whether you have seen, clicked on, or otherwise interacted with an online ad or promotion that we are working on to help evaluate for one of our research Customers.
With your consent, our Customers or Partners may also place cookies on your computer or device and use those cookies, tags and scripts to track certain information about your activity on certain websites. Our Customers or Partners may use this information for their market research activities.
We may also use your IP address to help diagnose problems with our server and to administer our website, analyse trends, track visitor movements, and gather demographic information which assists us in identifying visitor preferences. For statistical purposes we store information about how many individual visitors to our website we have, and how often these individual users visit our website. We collect and store this information to better understand our customers’ needs and interests, so that we can develop and improve our services. For more information about the use of cookies, please read our Cookie Policy.
Legal basis: We carry out this processing because it is necessary for our legitimate interest to improve our services and to develop our business. As applicable, we also rely on your consent to our use of cookies under the e-Privacy directive.
We work with our affiliates and several other businesses which we have carefully selected. When you provide us with your email, you may receive marketing from our affiliates and other companies you might be interested in. You may always choose to unsubscribe to such messages or emails, should you not wish to receive these marketing messages. When unsubscribing, you must contact the sender in question, to opt-out from marketing communication.
Legal basis: We carry out this processing to the extent it is necessary for our legitimate interest to understand our visitors and provide them with personalized and relevant content and offers. As applicable, we also rely on your consent to our use of cookies under the e-Privacy directive.
When processing your Personal Data, we cooperate with our affiliates to offer you the services you use and have ordered, operate our business, meet our contractual and legal obligations, protect our systems and Customers, or meet the legitimate interests as described in detail in section 5.1. “Why we use your data”.
Nepa always ensures that it is permitted to process your Personal Data. Nepa generally does this by obtaining your consent, however, in limited cases, Nepa may use a statutory condition to process Personal Data.
If an applicable statutory condition allows Nepa to process your Personal Data and you withdraw consent to process your Personal Data this will not necessarily mean that Nepa will cease to process your Personal Data as it may, for example, be under a statutory duty to continue to process your Personal Data for some purposes, e.g. to keep copies of commercial transactions for a minimum of seven years.
We will not process your Personal Data for another legal basis and another purpose than for which we initially collected it. If we want to use your Personal Data for another purpose, we inform you about it and then we will ask for your permission to do so.
When we transfer personal data from the European Union, we make it based on several legal mechanisms, as described in section 12. “Transborder policy”.
6.
You approve that Nepa shall have the right to pass on information that you have provided in a survey with information in your user profile to our Customers. The material will be shared in a statistically processed form and in a form that is anonymized. We will not pass on information that may identify you (as name, email address) to our Customers unless you expressly have provided your consent to this.
Your anonymous data may also be shared with our Customers for research purposes in accordance with the codes of ESOMAR. Hence, Nepa may pass on information that you have provided in a survey with information in your user profile to our Customers. We will not share identifiable personal data unless it is necessary for our Customer to ensure reliable an non-fraudulent survey results. We aim to share material in a statistically processed form and in a form that is anonymized. To be clear, your data will not be used for targeted marketing from third parties.
Nepa will not make your Personal Data available to any third party without your consent unless it is required by law, as further specified below.
7.
Nepa will store Personal Data no longer than necessary for the purpose of the processing activity or as authorized by you. This period may also be based on Nepa’s or one of our Panel Owner’s, Clients or Partner’s contractual commitments to you, applicable periods of limitation (to bring claims) or according to applicable law.
Nepa may maintain Personal Data or machine identifiable information to satisfy your requests and/or Nepa’s business requirements. For instance, Nepa may retain the email address of Participants who opted out to ensure Nepa conforms to any such wish. Any retention of Personal Data is done in compliance with applicable laws and regulations.
When our purpose has been fulfilled, we will delete or render the information de-identifiable.
Nepa only retains your Personal Data for as long as necessary to fulfil the purposes set out in section 5.2 above. The storage times depend on the data type.
Video-, audio- and photos are retained one year after the completion of the survey.
Contact details including name, e-mail and phone number will be retained seven years after the survey is completed for bookkeeping purposes in accordance with 7 chapter 2 § of the Swedish Bookkeeping Act so we can pay your compensation.
We only keep your Personal Data regarding your responses to our and our Customers’ surveys for as long as we need them. After that, we anonymize and/or delete all your Personal Data. Please observe that we usually do not share your responses with our Customers’ in an identifiable way.
If you choose to terminate your membership in the Nepa Panel and decide to no longer participate in our Customers’ surveys, we will anonymize and/or delete all your Personal Data as soon as practically possible. The retention time for membership data consists of a maximum of thirty (30) days.
When you request our support, we will keep your contact information, such as your name and your email address as well as any Personal Data that you provide to us in a free text format in your message, for as long as we need this information to respond to your inquiry.
This includes maintaining and improving the service, managing your membership or other agreements we have with you, protecting our systems, and administering necessary business and accounting information. This is the general rule underlying the calculation of most storage periods.
In these cases, the storage period is usually shorter to eliminate the risks associated with keeping such Personal Data. E.g. if we process data on your health, we will minimize the time that we keep such data in an identifiable form.
In these cases, we will store your Personal Data for a more extended period, based on your explicit consent.
Examples of this may include mandatory legislation on retention of information, such as for accounting reasons, government orders to store data which is relevant for surveys or data that must be retained for resolving a possible dispute.
8.
You have the right to review, correct, restrict or delete your Personal Data, subject to applicable laws and regulations. Specifically, you hold the:
If you want to exercise any of your rights, you may contact us with such a request via the email address privacy@nepa.com.
You are always welcome to contact our Data Protection Officer directly for questions or concerns about Nepa’s Privacy Policy or privacy practices.
Nepa’s Data Protection Officer:
Caroline Olstedt Carlström, Cirio Advokatbyrå
dpo@nepa.com
Nepa AB
Att: “DPO”
Maria Skolgata 83
118 53 Stockholm
As a rule, we do not make decisions based on automated processing and profiling that will have legal effect for you as defined in Article 22 GDPR. In case we were to use such procedures on a case-by-case basis, we will inform you separately and request your consent before such new use of your personal data, to the extent required by law.
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on our legitimate interest. Processing to safeguard our legitimate interest includes any profiling based on those provisions within the meaning of Article 4 (4) GDPR. If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or unless the processing is for the establishment, exercise or defense of legal claims.
You can at any time object to the processing of Personal Data concerning yourself for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, we will no longer process your personal data for such purposes.
Upon receiving a request from an individual, Nepa will attempt to provide the requested information within thirty (30) days, providing that the request is such that it can be reasonably be responded to in that time frame. If we need more time to complete your request, Nepa will notify you within thirty days (30) providing you with an explanation and a date for when to complete the request.
In certain situations, however, Nepa may not be able to provide access to some Personal Data. This may occur when:
If Nepa denies an individual’s request for access to their Personal Data, Nepa will advise the individual of the reason for the refusal.
9.
Your decision to participate in a survey or other market research program, respond to any specific survey question or provide Personal Data, including Sensitive Personal Data, will always be respected.
You may choose whether to participate in a particular survey or other market research program, refuse to answer certain questions or discontinue participation at any time. However, failure to provide certain information or fully participate in a particular survey may preclude you from receiving incentive compensation or participation in future certain research studies.
You can always revoke a given consent by adjusting the settings in your panel account.
10.
As a global organization, companies within the Nepa group of companies or non-affiliated service provider may collect, process, store or transfer your Personal Data outside your originating country, including outside the EU.
Nepa’s legal entities, partners and suppliers outside the EU and EEA have entered into data protection agreements using standard contractual clauses prepared by the European Commission. Nepa has contracts in place with service providers and other business providers that require the contracting parties to respect the confidentiality of your Personal Data and to handle European Personal Data in accordance with applicable European data protection laws.
11.
This Privacy Policy does not apply to any personal data that you provide to another user through the website or through any other means. Any third-party links you click on via our website and panels may be subject to these third parties’ privacy policies, terms or different rules. Please make sure you read the respective privacy information for each third-party whose links you click in, to keep yourself up to date about the processing of your personal data.
Aggregated data is collected and processed to monitor and evaluate user trends on our website and panels. This means that information about your actions on our website and panels is collected and then anonymised in a way that means we cannot link the information back to you any longer. We use this anonymous information about how our users use our website and services for statistics, service improvement and product development. This data will be completely anonymous and does not constitute personal data. It may, therefore, be stored a longer time than your personal data.
Anonymisation means that data which was once personal information is stripped away of anything that may connect it to an individual, as well as being severed from anything that in the future might make it possible to reconnect this data to an individual. This de-personalisation treatment of data is one step further than the process of pseudonymisation, which means keeping certain information apart, to make it harder to identify an individual using this data.
12.
We will update our Privacy Policy when needed to reflect customer feedback, and changes to the Service. When the Policy is updated, the latest update date is shown at the top of the Policy and the changes are described on the Change History page. If there are major changes in the policy or how Nepa uses your personal information, you will be notified via web or email before the changes come into force to the extent required by law. Please read this Privacy Policy from time to time to keep you informed about how Nepa protects your personal information and privacy.
13.
Nepa very much values your opinion and feedback. If you want to review, correct, or delete your Personal Data or have questions, comments or suggestions, or if you would like to opt-out of our surveys or other market research programs or have questions about your Personal Data, please contact us:
Via email at: privacy@nepa.com
Or via postal mail at:
Nepa Sweden AB
Attention: ”Privacy”
Maria Skolgata 83, 118 53 Stockholm, Sweden
You are always welcome to contact our Data Protection Officer directly for questions or concerns about Nepa’s Privacy Policy or privacy practices.
Nepa’s Data Protection Officer:
Caroline Olstedt Carlström, Cirio Advokatbyrå
dpo@nepa.com
Last Revised: [05-07-2022]
——————
Change history
10 April 2019: The Policy has been revised to be concise, clear, comprehensible, and easier to understand
7 May 2020: The Policy has been revised to be concise, clear, comprehensible, and easier to understand.
7 April 2021: The Policy has been revised to be concise, clear, comprehensible, and easier to understand. The Policy has been further updated to reflect additional requirements of transparency and how we set the storage times.
17 December 2021: The policy has been updated with information about processing of personal data in videos (real time and recording) and sharing of personal data to third parties (section 5.2.3, 6.1, 62. And 7.2.1).
7 March 2022: The policy has been updated with information about re-invites to future studies. Revised to be concise, clear, comprehensive and easier to understand regarding recording and collection of video and audio in video meetings (section 5.1 and 5.2.3).
5 July 2022: The policy has been revised with the new contact information for the Data Protection Officer.