Effective as of 31.03.2021

 

Ifop respects the privacy of respondents to its researches. This privacy policy (“Privacy Policy”) explains how we collect, use, disclose and protect personal data (“Personal Data”) submitted through our surveys.

This Privacy Policy does not apply to the collection and use of personal data of the visitors of our websites. In these cases, please refer to our dedicated privacy policy

 

1. Lawfulness of personal data processing as part of Ifop’s market research studies and surveys, and consent:

In accordance with Article 6 of the GDPR, Ifop only collects personal data if it obtains the freely given, specific and informed prior consent of the person contacted to respond to the market research study or survey, after having explained to that person the purpose of data collection in a clear, accurate and concise way.

Ifop will keep evidence of this consent for the period necessary for processing, generally the duration of the study and associated quality control activities.

Ifop undertakes to inform the person responding to the study of the origin of their data if this data comes from a contractor or customer rather than being directly generated by Ifop. The new European Regulation authorizes Ifop to reuse customer data for research purposes, as market research studies are categorized as scientific research.

 

2. Nature of the personal data processed and duration of their storage

Ifop has made a commitment that personal data will not be stored longer than for the purpose for which they were collected or processed, with the application of clear provisions on retention periods.

If you have any questions related to the processing of your personal data, please refer to « Your rights »  bellow.

 

3. Minimization and anonymization of personal data

Ifop has made a commitment to reduce the impact of personal data collection by limiting and minimizing collection to the elements required for the purposes of the study, and by ensuring that this data is not used in a way that is incompatible with these purposes.

Ifop has also introduced procedures to guarantee that those participating in its studies do not experience any harm or injury as a direct result of their collaboration in the study, using anonymization techniques and by limiting access to personal data to field teams and study personnel working on the study in question.

Finally, Ifop undertakes to preserve the anonymity of the persons responding to its studies vis-à-vis the end customer by providing it only non-nominal aggregated or raw data, except where agreement and consent are given by the persons responding to the studies if pharmacovigilance obligations require Ifop to communicate their identities to the customer, or as part of transparency declarations (e.g. Sunshine Act in the USA).

 

4. Sharing of personal data

4.1 External service providers:

In addition to the transfer of personal data to its internal teams, subsidiaries and IT teams, Ifop may use a supplier or subcontractor to perform certain services related to its activity and may therefore transfer personal data to it. Ifop selects its suppliers and ensures that they have the ability to comply with the directives and regulations related to the protection of personal data, and will transfer the personal data only if a commitment and agreement has been previously signed between this external service provider and Ifop.

 

4.2 International transfers

Personal data submitted through our studies resides on our servers located in our data center in Paris, France.

​Ifop is a global organization. Your personal data may be transferred to one or more Ifop affiliated companies in other countries and used for the purposes described previously. To facilitate our global operations, we may transfer and access Personal Information from around the world, including the United States, Shanghai or Hong Kong. This Privacy Policy shall apply even if we transfer Personal Information to other countries.

​Ifop’s legal entities outside the European Union have entered into intra-company data protection agreements using standard contractual clauses prepared by the European Commission. These agreements require the contracting parties to respect the confidentiality of your Personal Information and to handle European personal data in accordance with applicable European data protection laws. Ifop’s legal entities outside the European Union are the following:

Ifop Eastwego Shanghai – Unit 1601 – 1602 Wangjiao Plaza 175 Yan’an East Roas – Shanghaï 200002 – P.R. China

Ifop Eastwego Hong Kong – 42/F., Central Plaza, 18 Harbour Road, Wanchai, Hong Kong

Ifop Inc. – New York, NY 10016

Ifop  does  not  transfer  any  personal  data  outside  the  European  Economic  Area (EEA) unless  a  prior transfer agreement has been established with the entity receiving the personal data, and unless it has received guarantees that this entity has implemented measures offering the same level of security as that required by European regulations.

In any case, Ifop only transfers personal data outside the EEA after having obtained the consent of the persons responding to the studies.

 

4.3 Public bodies

Ifop may disclose personal data to public bodies, courts, administrative bodies or the administrative authority responsible for the protection of personal data if the law so requires or if it receives an order requiring it to do so.

 

5. Sensitive data processing

If required by the topic of the studies commissioned by the client, Ifop may process sensitive data. Ifop undertakes to process these sensitive data in accordance with applicable regulations. In particular, Ifop is committed to treating on a case-by-case basis the requests for studies that, because of their type of processing, would expose respondents to Ifop’s studies to high risk.

In close consultation with the client and prior to their implementation, these studies will be the subject of a privacy impact assessment to evaluate the potential risks in terms of protection of personal data.

This analysis will include at least:

• A systematic description of the processing operations envisaged and the purposes of the processing;
• An assessment of the necessity and proportionality of the operations with regard to the purposes;
• An assessment of the risks created by the processing;
• Measures to deal with these risks.

 

6. Personal data concerning children

Ifop will not collect or process personal data about children under the age of 16 – or the legally required age defined by French law or by the applicable law – without the prior permission of the parent(s) or legal guardian(s).

 

7. Your rights:

• Under the applicable law, you have the following rights:
  • Access to personal data: We will make available to you the personal data about you in our custody or control that we have collected, used or disclosed, upon your written request, to the extent required and/or permitted by law.
  • Rectification of your personal data: If you think that your personal data is inaccurate, you can ask for their rectification.
  • Erasure of your personal data: If you believe that Ifop no longer requires to process your personal data, you can ask for their erasure from our databases.
  • Restriction of the processing of your personal data: If you believe that the processing of your personal data is either inaccurate or unlawful, you can ask or the restriction of this processing. Ifop will then only store this data and no longer process them in any other way without your consent.
  • Opposition to the processing of your personal data: If you previously consented to the processing of your personal data by Ifop, you have the right to object this processing of your data on grounds relating to your particular situation and at any time.
  • Deciding of the processing of your personal data after your death: At any times, you or a person you designated can inform Ifop of your decision about the processing of your personal data after your death, whether this is the erasure, the conservation or the communication of these data.

  ​To exercise any of these rights related to the personal information that we may hold about you, we require that you submit your request in writing to dpo@ifop.com. When we receive an access request from an individual, we will attempt to fulfil the requested information within 30 days.

  In certain situations, however, we may not be able to give individuals access to all or some of their personal data. If we deny an individual’s request for access to their personal data, we will advise the individual of the reason for the refusal.

 

• 8. Dedicated team, training and internal tools

8.1 Internal tools

In accordance with regulatory requirements, Ifop maintains specific internal documentation:

• • Documentation relating to the processing of personal data: the processing register, impact assessments carried out, the management of non-EEA transfers or contractual clauses;
  • Documentation relating to information to persons: information statements given to the person whose data were collected, the form for the collection of the consent of the persons, the procedure put in place for the exercise of the rights of persons (right of access, modification etc.);
  • Contracts defining the roles and responsibilities of each actor: contracts with subcontractors.

 

8.2 Training

Ifop has launched a training and awareness programme for all its teams on the new European regulation on the protection of personal data.

 

8.3 Dedicated team

Ifop has set up an internal team dedicated to the protection of personal data, headed by the Data Protection Officer and the Head of IT.

 

9. Security

The security of your personal data is very important to us. We have put in place reasonable physical, electronic, and administrative procedures to safeguard the information Ifop collects. Access to your personal data is granted only to those employees who require it in order to perform their duties.

Ifop has implemented security protocols to control risks, as described in an Ifop technical protocol, notably through the use of an encrypted, secure messaging service for sending and receiving personal data files. This protocol complies with internationally recognized standards and is regularly examined and updated if necessary.

 

10. Changes to this policy

According to the evolution of the applicable law, we may update our privacy practices and this privacy policy at any time. For this reason, we encourage you to refer to this privacy policy on an ongoing basis. This privacy policy is current as of the “last revised” date which appears at the top of this page. We will treat personal data in a manner consistent with the privacy policy under which it was collected, unless we have your consent to treat it differently. By using this website following any privacy policy change, you freely and specifically give us your consent to collect, use, transfer and disclose your personal data in the manner specified in such then-current privacy policy.