- We are Nepa – a leading consumer insights company that conducts research into consumer markets (B2C) and professional markets (B2B) to collect and analyse opinions about areas such as brands, products and services to the companies that request our Services (“Customers”).
- The Service is operated by Nepa AB, a company incorporated under Swedish law whose principal place of business is at Maria Skolgata 83, 118 53 Stockholm, Sweden, and its affiliates in the Nepa AB group of companies (“Nepa”, “we”, “us”).
- We act typically as a joint data controller with our customers commissioning the marketing surveys that you participate in. We explain what this means to you in this policy.
- The surveys you choose to participate in collects certain information about you, your preferences and information you choose to submit. This information is typically non-sensitive, involving information about consumers’ attitudes, habits, and preferences towards companies, brands, products, services, and advertising.
- Certain surveys may require additional information that may be subject to additional terms.
- You are entitled to access, rectify and, in some cases, delete Personal Data that we process. Also, you have the right to object to processing that is based on Nepa’s legitimate interest and you can withdraw your consent at any time. Nepa will respect all your rights regarding your Personal Data.
- As we are part of an international group of companies and share administrative systems, we may share your personal data with affiliates for the purposes described in this Policy.
- If you have any questions or concerns, please contact us at email@example.com.
Nepa is a consumer insights company that conducts research into consumer markets (B2C) and professional markets (B2B) to collect and analyse opinions about areas such as brands, products and services. To achieve this, Nepa conducts online surveys and other types of interviews via consumer panels and sources like our Customer’s customer register. Nepa also owns and manages consumer panels for the purpose of enabling consumers to answer surveys.
- You are a member of a Panel owned and/or managed by Nepa which is used for market research purposes.
- You were invited to join a research study conducted and/or managed by Nepa.
- You are a customer of one of our customers/clients for which we provide research services.
- Jointly referred to as a “Panelist”.
Your participation may also be governed by a privacy notice of one of our Panel owners, in such a situation you will receive clear information beforehand.
Who is Nepa
2.1 Nepa’s role with respect to your personal data
We provide various marketing research Services to our Customers (“Services”). Typically, Nepa’s surveys are commissioned by a Customer that would like to have additional insights into various aspects of their brand, advertisement, products, services and gain more knowledge into their target consumers’ attitudes, habits and preferences. In some cases we act on behalf of the Customer as a data processor, and, as set out below, we act as a data controller together with the Customer.
The Customer hires Nepa to conduct the marketing research services and determines the purpose the data will be used for. Often the Customer will use the insights gained from a survey to adapt their next advertising campaign.
Nepa will, in our role as the expert in carrying out these Services, determine suitable methods to conduct the surveys and compile the answers of the surveys.
In this situation, both the Customer and Nepa can decide how your data is used and will therefore act as joint data controllers concerning the processing of your personal data. You will always be able to contact each of Nepa or a Customer that is relevant for a specific panel with your questions and concerns.
Your Personal Data may be used for several purposes that are explained in section 6, along with examples of categories of personal data. Specific details on the use of Personal information might also be described further within a survey or other market research program. If you would like more information, you are always welcome to contact us as described in the “CONTACT US” section below.
Nepa protects your privacy
Your participation in a survey or other market research program is completely voluntary, and Nepa’s use of your Personal Data is carried out with your consent. Also, note that Nepa has developed internal procedures to protect the Personal Data that you provide us with and that we receive from third-party sources.
Nepa strives to conform its privacy practices to applicable laws, codes, and regulations, and the codes of standards of applicable market and opinion survey research associations, including, without limitation ESOMAR (www.esomar.org).
Market research is not marketing and you will not receive third-party advertisement or offers to purchase items from our partners.
Nepa does not knowingly collect Personal Data from children below the age where parental consent is required. If Nepa becomes aware that Nepa has inadvertently collected Personal Data from a child below the age where parental consent is required, Nepa will delete such Personal Data from our database.
The security of your Personal Data is very important to us. Accordingly, Nepa has put in place reasonable technical, physical, and administrative safeguards to protect the information Nepa collects. Only those employees who need access to your information to perform their duties are authorized to have access to your Personal Data.
Despite the safeguards Nepa implements, transmissions over the Internet and/or a mobile network are not totally secure, and Nepa does not guarantee the security of online transmissions. Nepa is not responsible for any errors by individuals in submitting Personal Data to Nepa.
What personal data is collected and processed?
Nepa collects Personal Data directly from you when you voluntarily provide it to us. Also, Nepa obtains Personal Data from our Panel Owners, Customers or market research firms who have obtained your consent.
Nepa only collects your Personal Data for market research purposes, and any participation in a Nepa research project or panel is always completely voluntary. Your consent is voluntary and may be withdrawn at any time, after which we will cease using your data.
Your Personal Data will always be collected by fair and lawful means and only for specific purposes. For example, Nepa may collect your Personal Data when you register for or participate in a panel of one of our Panel Owners, complete a survey or participate in another market research program. Also, we can collect your Personal Data via automated means or other methods as described in the “What information is collected by automated technologies?” section below.
4.1 Information that you provide
Personal Data that is processed for the purpose of market research includes your name; title; zip-code; street address; e-mail address; marital status; gender; mobile phone number; social security number, IP address; customer analysis data; internet ID, e.g. Facebook ID; loyalty card number; customer segmentation data; devices; preferences and opinions; transaction data; contract number; visitor data, audio, videos and photos, and any similar customer-related data.
4.2 Automatically captured data
Nepa collects specific Personal Data about you automatically. Such information includes information about your device and device capabilities (the device operating system, the other applications on your device, cookie information, IP address, device network provider, device type, time zone, network status, browser type, browser identifier), unique device identification number (such as Identifiers for analytics or advertising), network provider user ID (a number uniquely allocated to you by your network provider), Media Access Control (MAC) address, mobile advertising identifier, location and other information that alone or in combination may be used to identify your device uniquely.
Using and storing a Respondent-ID and Personal Data collected automatically help us to unify your activities and allocate relevant partners, campaigns and advertisements to your account. This is necessary for our interest to measure and improve the long-term performance of our services.
4.3 Third-Party Sources
For Panelist of a panel of one our Panel Owners, Nepa will collect and process data following the instructions from the Panel Owner. For survey respondent of a survey for one of our Customers, Nepa will collect and process data following their instructions.
Nepa also obtains Personal Data from database owners. The database owners have assured us that their databases comprise only individuals who have consented to be included and have their Personal Data shared. Finally, Nepa collects and uses Personal Data obtained from publicly available sources, such as telephone directories.
4.4 Especially Regarding Sensitive Personal Data
From time to time, Nepa may collect sensitive personal data about you. Depending on the country in which you live the sensitive personal data may include, racial or ethnic origin, health records, financial information, political opinions and religious or philosophical beliefs. If Nepa collects your sensitive personal data, Nepa will always obtain your explicit consent. Furthermore, Nepa will only process the sensitive personal data within the scope of the specific survey, meaning for analysis purposes and developing, e.g. a product offering or communication towards consumers. Nepa will only present the results from the survey in an anonymised, aggregated format and will remove the data when the results have been compiled. We limit all access to personal data to our employees that need such access to carry out their work.
How and why we use your personal data
5.1 Why we use your data
We use the information we collect about you for four main reasons:
- to evaluate your profile and determine if you are in the target demographic and if you should be invited to a particular survey;
- to invite you to a survey;
- to follow-up with additional questions when you have completed a survey;
- to give you incentives when you have completed a survey;
- to communicate with you in case you have questions or request support;
- to re-invite you to future surveys.
Below you will find a list of sub-purposes, to give you a better and more clear idea of why we process information about you, including:
- enable your participation in a panel of Nepa or one of our Panel Owners;
- contact you to invite you to participate in surveys or other market research programs;
- manage our incentives programs and fulfil your requests for such incentives;
- to respond to any messages or requests you may send to us;
- validate your profiling information or answers you provided to a survey or other market research program;
- provide service and support to you;
- detect and prevent violation of our Terms & Conditions;
- to investigate suspected fraudulent activity or violation of another party’s rights;
- to respond to duly authorized information requests of governmental authorities or where required by law;
- we will review surveys for signs of low quality, including checking response time and response patterns;
For these reasons, we combine the collected Personal Data to give you a smoother, more consistent and personalized experience. To improve the protection of your privacy, we have developed both technical and organizational security measures designed to prevent certain combinations of data. Below you will find a list of each purpose for the processing of your personal data, how we fulfil these purposes and on what legal basis we base the processing.
Nepa always ensures that it is permitted to process your Personal Data. Nepa generally does this by obtaining your consent, however in limited cases, Nepa may use a statutory condition to process Personal Data.
If a statutory condition applies allowing Nepa to process your Personal Data and you withdraw consent to process your Personal Data this will not necessarily mean that Nepa will cease to process your Personal Data as it may, for example, be under a statutory duty to continue to process your Personal Data for some purposes, e.g. to keep copies of commercial transactions for a minimum of seven years.
5.2 Our legal basis for our use of your data
We only process your data for the purposes stated above. Our legal basis to use your personal data depends to certain part on the activity you are participating in.
5.2.1 Evaluating your profile.
We process your Personal Data to determine if you are in the target demographic that should be invited to a particular survey of ours.
Legal basis: We use personal data necessary to fulfil our legitimate interest in providing both you with relevant surveys and our Customers with appropriate Panelists. Also, we use personal data necessary to uphold our contract with you, i.e. the General Terms & Conditions.
5.2.2 Inviting you to a survey
After we have determined that you are in the target demographic of a survey, we process your Personal Data to contact and invite you to participate in the survey or other market research program that we consider to be relevant for you.
Legal basis: We use personal data necessary to fulfil our legitimate interest to make sure that you find the relevant survey and on our contract with you to provide you with surveys.
5.2.3 When you participate in a survey
We use Personal Data necessary to validate your profiling information or the answers that you provide in a survey or other market research program. Also, we process your Personal Data to provide you with incentives and rewards for completing a survey. This we do to honour what we have promised you in our contract with you (survey terms or General Terms & Conditions). Furthermore, we will review surveys for signs of low quality, including checking response time and response patterns.
In certain cases, we may also record and collect video and audio of video meetings when you participate in a qualitative market research interview to be able to review your expressions in addition to oral or written answers.
Legal basis: We base our use of your Personal Data on our contractual obligations and our legitimate interest of providing our Customers only with high-quality responses. You will be informed of the recording of material at the start of a qualitative market research interview and your options should you decline.
5.2.4 Follow-up after you have participated in a survey
We may contact you again when you have completed a survey to follow-up with additional relevant questions. We do this as we may need to supplement the survey questions afterwards with additional information.
Legal basis: our legal basis is to fulfil our agreement with you and our Customers and our legitimate interest to provide high qualitative surveys to our customers.
5.2.5 Managing incentives when you have completed a survey
We use Personal Data necessary to provide you with incentives and rewards for completing a survey. This we do to keep what we have promised you in our contract with you (survey terms or General Terms & Conditions).
Legal basis: We base this processing on our contractual obligations towards you.
5.2.6 Your membership in Nepa Panel
We use Personal Data necessary to provide you with the benefits of our membership as we have promised in our contract with you (general Terms & Conditions). Legal basis: we use the Personal Data necessary to fulfil our legitimate interest in providing you with our services efficiently and securely, which is in your interest.
5.2.7 Communicating with you and providing you with support
We use Personal Data necessary to fulfil our legitimate joint interests in communicating with you upon your requests, such as responding to your questions, concerns or complaints. Also, we process your Personal Data to be able to provide you with the service and support you need and/or specifically request.
Legal basis: This processing is carried out to reply to your requests and to fulfil our contractual obligations and legal obligations.
We use visitor data to protect the security of our products, services and customers, to detect and prevent fraud and to resolve disputes and to enforce our agreements.
Legal basis: We carry out this processing because it is necessary for our legitimate interest to protect our systems and services.
5.2.9 Statistics, analytics, and service improvement:
We collect and store IP addresses, device location, browser type, operating system and other usage information about the use of our website, to help us design our website, survey and panels to better suit your needs. We may also use tracking cookies, tags, and scripts to track certain information about you based on your activity on our site or third-party sites. Nepa may use this information to determine whether you have seen, clicked on, or otherwise interacted with an online ad or promotion that we are working on to help evaluate for one of our research Customers.
With your consent, our Customers or Partners may also place cookies on your computer or device and use those cookies, tags and scripts to track certain information about your activity on certain websites. Our Customers or Partners may use this information for their market research activities.
5.2.10 Providing you with relevant marketing from our affiliates and business partners
We work with our affiliates and several other businesses which we have carefully selected. When you provide us with your email, you may receive marketing from our affiliates and other companies you might be interested in. You may always choose to unsubscribe to such messages or emails, should you not wish to receive these marketing messages. When unsubscribing, you must contact the sender in question, to opt-out from marketing communication.
5.2.11 Other legal basis
When processing your Personal Data, we cooperate with our affiliates to offer you the services you use and have ordered, operate our business, meet our contractual and legal obligations, protect our systems and Customers, or meet the legitimate interests as described in detail in section 5.1. “Why we use your data”.
Nepa always ensures that it is permitted to process your Personal Data. Nepa generally does this by obtaining your consent, however, in limited cases, Nepa may use a statutory condition to process Personal Data.
If an applicable statutory condition allows Nepa to process your Personal Data and you withdraw consent to process your Personal Data this will not necessarily mean that Nepa will cease to process your Personal Data as it may, for example, be under a statutory duty to continue to process your Personal Data for some purposes, e.g. to keep copies of commercial transactions for a minimum of seven years.
We will not process your Personal Data for another legal basis and another purpose than for which we initially collected it. If we want to use your Personal Data for another purpose, we inform you about it and then we will ask for your permission to do so.
When we transfer personal data from the European Union, we make it based on several legal mechanisms, as described in section 12. “Transborder policy”.
Why does Nepa share Personal Data?
6.1 Customers that own a panel or have employed our Services
You approve that Nepa shall have the right to pass on information that you have provided in a survey with information in your user profile to our Customers. The material will be shared in a statistically processed form and in a form that is anonymized. We will not pass on information that may identify you (as name, email address) to our Customers unless you expressly have provided your consent to this.
Your anonymous data may also be shared with our Customers for research purposes in accordance with the codes of ESOMAR. Hence, Nepa may pass on information that you have provided in a survey with information in your user profile to our Customers. We will not share identifiable personal data unless it is necessary for our Customer to ensure reliable an non-fraudulent survey results. We aim to share material in a statistically processed form and in a form that is anonymized. To be clear, your data will not be used for targeted marketing from third parties.
6.2 Partners that facilitate our Services (hosting partners, incentives etc.)
Nepa will not make your Personal Data available to any third party without your consent unless it is required by law, as further specified below.
- Nepa may disclose your Personal Data, profiling data, or other research data to third parties as follows with agents, contractors or partners regarding services that these individuals or entities perform for, or with, Nepa. These parties are restricted from using this information in any way other than to provide services for Nepa. Nepa may, for example, provide Personal Data to agents, contractors or Partners for hosting our survey or panel websites, for data collection or processing services, or for sending you information that you requested, including your vouchers and incentives. Still, those parties cannot use your Personal Data for their own purposes unrelated to the work they are doing for us. A non-exhaustive list of these service providers includes:
- Cint AB – Cint is Nepa’s main Panel platform provider. When you register for a panel with Nepa or one of our Panel owners, most often Cint is the company that provides the panel platform.
- Confirmit Ltd. (UK) – Confirmit is the survey system that Nepa uses. For some panels, Confirmit also provides panel platform functionality.
- In connection with market research services (including our incentives programs), to our agents, contractors or Partners that facilitate such services; provided, however, such parties are restricted from using your Personal Data in any way other than to provide services to Nepa.
6.3 Other justified disclosures of your Personal Data
- in connection with the request or requirement of any lawful request by public authorities, to meet national security or law enforcement requirements;
- pursuant to required legal process, to the related compelling party;
- when Nepa believes that disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with suspected or actual illegal activity; and
Retention of personal data
7.1 Introduction to Retention Times
Nepa will store Personal Data no longer than necessary for the purpose of the processing activity or as authorized by you. This period may also be based on Nepa’s or one of our Panel Owner’s, Clients or Partner’s contractual commitments to you, applicable periods of limitation (to bring claims) or according to applicable law.
Nepa may maintain Personal Data or machine identifiable information to satisfy your requests and/or Nepa’s business requirements. For instance, Nepa may retain the email address of Participants who opted out to ensure Nepa conforms to any such wish. Any retention of Personal Data is done in compliance with applicable laws and regulations.
When our purpose has been fulfilled, we will delete or render the information de-identifiable.
Nepa only retains your Personal Data for as long as necessary to fulfil the purposes set out in section 5.2 above. The storage times depend on the data type.
Video-, audio- and photos are retained one year after the completion of the survey.
Contact details including name, e-mail and phone number will be retained seven years after the survey is completed for bookkeeping purposes in accordance with 7 chapter 2 § of the Swedish Bookkeeping Act so we can pay your compensation.
7.2 Specific Retention Times
7.2.1 Your response to specific surveys
We only keep your Personal Data regarding your responses to our and our Customers’ surveys for as long as we need them. After that, we anonymize and/or delete all your Personal Data. Please observe that we usually do not share your responses with our Customers’ in an identifiable way.
7.2.2 When you terminate your membership in Nepa Panel
If you choose to terminate your membership in the Nepa Panel and decide to no longer participate in our Customers’ surveys, we will anonymize and/or delete all your Personal Data as soon as practically possible. The retention time for membership data consists of a maximum of thirty (30) days.
7.2.3 When you ask for service or support
When you request our support, we will keep your contact information, such as your name and your email address as well as any Personal Data that you provide to us in a free text format in your message, for as long as we need this information to respond to your inquiry.
7.3 The criteria that determine how long we store your Personal Data
7.3.1 How long do we need the Personal Data to be able to provide you with the functions of our service?
This includes maintaining and improving the service, managing your membership or other agreements we have with you, protecting our systems, and administering necessary business and accounting information. This is the general rule underlying the calculation of most storage periods.
7.3.2 Is the Personal Data considered sensitive?
In these cases, the storage period is usually shorter to eliminate the risks associated with keeping such Personal Data. E.g. if we process data on your health, we will minimize the time that we keep such data in an identifiable form.
7.3.3 Have you consented to a more extended storage period?
In these cases, we will store your Personal Data for a more extended period, based on your explicit consent.
7.3.4 Do we have legal, contractual or other similar obligations to store the data?
Examples of this may include mandatory legislation on retention of information, such as for accounting reasons, government orders to store data which is relevant for surveys or data that must be retained for resolving a possible dispute.
8.1 General about your Rights regarding your Personal Data
You have the right to review, correct, restrict or delete your Personal Data, subject to applicable laws and regulations. Specifically, you hold the:
- Right of access — You have the right to obtain confirmation and information about the processing of your Personal Data
- Right to rectification — You have the right to have any inaccuracies about your Personal Data corrected
- Right to erasure — You have the right to have your Personal Data deleted (this right is limited to data which according to law and regulation may only be processed with your consent if you withdraw your consent for processing)
- Right to restriction of data processing — You have the right to require that the processing of your Personal Data be restricted (during any investigation into honouring your request, Nepa’s access your Personal Data will be limited)
- Right to data portability — You have the right to have your Personal Data transferred to another party (this right is limited to data provided by you)
- Right to file a complaint — You are entitled to file a complaint with a data protection authority. The Swedish Data Protection Authority (‘Datainspektionen’) is the authority in Sweden that oversees how Nepa comply with relevant data protection legislation.
If you want to exercise any of your rights, you may contact us with such a request via the email address firstname.lastname@example.org.
Nepa’s Data Protection Officer:
Caroline Olstedt Carlström, Cirio Advokatbyrå
Maria Skolgata 83
118 53 Stockholm
8.2 Nepa’s use of automated individual decision-making (including profiling)
As a rule, we do not make decisions based on automated processing and profiling that will have legal effect for you as defined in Article 22 GDPR. In case we were to use such procedures on a case-by-case basis, we will inform you separately and request your consent before such new use of your personal data, to the extent required by law.
8.3 About Your Right to Object under Article 21, GDPR
8.3.1 Right to object to processing which is based on our legitimate interests
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on our legitimate interest. Processing to safeguard our legitimate interest includes any profiling based on those provisions within the meaning of Article 4 (4) GDPR. If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or unless the processing is for the establishment, exercise or defense of legal claims.
8.3.2 Right to object to the processing of data for marketing purposes
You can at any time object to the processing of Personal Data concerning yourself for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, we will no longer process your personal data for such purposes.
8.4 Contact Information to Exercise Your Rights
Upon receiving a request from an individual, Nepa will attempt to provide the requested information within thirty (30) days, providing that the request is such that it can be reasonably be responded to in that time frame. If we need more time to complete your request, Nepa will notify you within thirty days (30) providing you with an explanation and a date for when to complete the request.
In certain situations, however, Nepa may not be able to provide access to some Personal Data. This may occur when:
- providing access to Personal Data would be likely to reveal Personal Data about another party;
- disclosing the information would reveal confidential information;
- there are other means for you to obtain the information you have requested; or
- the information has been collected for the purposes of a legal investigation.
If Nepa denies an individual’s request for access to their Personal Data, Nepa will advise the individual of the reason for the refusal.
How do I opt-out?
Your decision to participate in a survey or other market research program, respond to any specific survey question or provide Personal Data, including Sensitive Personal Data, will always be respected.
You may choose whether to participate in a particular survey or other market research program, refuse to answer certain questions or discontinue participation at any time. However, failure to provide certain information or fully participate in a particular survey may preclude you from receiving incentive compensation or participation in future certain research studies.
You can always revoke a given consent by adjusting the settings in your panel account.
As a global organization, companies within the Nepa group of companies or non-affiliated service provider may collect, process, store or transfer your Personal Data outside your originating country, including outside the EU.
Nepa’s legal entities, partners and suppliers outside the EU and EEA have entered into data protection agreements using standard contractual clauses prepared by the European Commission. Nepa has contracts in place with service providers and other business providers that require the contracting parties to respect the confidentiality of your Personal Data and to handle European Personal Data in accordance with applicable European data protection laws.
11.1 Third-Party Links:
11.2 Aggregated data
Aggregated data is collected and processed to monitor and evaluate user trends on our website and panels. This means that information about your actions on our website and panels is collected and then anonymised in a way that means we cannot link the information back to you any longer. We use this anonymous information about how our users use our website and services for statistics, service improvement and product development. This data will be completely anonymous and does not constitute personal data. It may, therefore, be stored a longer time than your personal data.
Anonymisation means that data which was once personal information is stripped away of anything that may connect it to an individual, as well as being severed from anything that in the future might make it possible to reconnect this data to an individual. This de-personalisation treatment of data is one step further than the process of pseudonymisation, which means keeping certain information apart, to make it harder to identify an individual using this data.
Nepa very much values your opinion and feedback. If you want to review, correct, or delete your Personal Data or have questions, comments or suggestions, or if you would like to opt-out of our surveys or other market research programs or have questions about your Personal Data, please contact us:
Via email at: email@example.com
Or via postal mail at:
Nepa Sweden AB
Maria Skolgata 83, 118 53 Stockholm, Sweden
Nepa’s Data Protection Officer:
Caroline Olstedt Carlström, Cirio Advokatbyrå
Last Revised: [05-07-2022]
10 April 2019: The Policy has been revised to be concise, clear, comprehensible, and easier to understand
7 May 2020: The Policy has been revised to be concise, clear, comprehensible, and easier to understand.
7 April 2021: The Policy has been revised to be concise, clear, comprehensible, and easier to understand. The Policy has been further updated to reflect additional requirements of transparency and how we set the storage times.
17 December 2021: The policy has been updated with information about processing of personal data in videos (real time and recording) and sharing of personal data to third parties (section 5.2.3, 6.1, 62. And 7.2.1).
7 March 2022: The policy has been updated with information about re-invites to future studies. Revised to be concise, clear, comprehensive and easier to understand regarding recording and collection of video and audio in video meetings (section 5.1 and 5.2.3).
5 July 2022: The policy has been revised with the new contact information for the Data Protection Officer.