GDPR Policy for Respondents

Ifop Group’commitments regarding the protection of personal data in the context of its studies and surveys.

 

Ifop Group

Effective 08.09.2025

Ifop Group respects the privacy of respondents to its studies and surveys. This policy on the rights of respondents to our studies and surveys explains how we collect, use, disclose and protect personal data (hereinafter “Personal Data”) collected in the context of our studies and surveys.

This Policy does not apply to the collection or use of Personal Data of visitors to our website pages; if you would like more information regarding this framework for the use of your Personal Data, please refer to our dedicated RGPD policy.

 

1. Lawfulness of the processing of Personal Data in the context of Ifop Group‘s studies and surveys and consent

Each Ifop Group entity informs respondents of the manner in which their Personal Data is collected and processed via the sending of information notices. This information is adapted to the type of survey carried out, and may be validated in advance with our clients.

In accordance with Article 6 of the General Data Protection Regulation (hereinafter “GDPR”), Ifop Group, directly or through its subcontractors, collects respondents’ personal data on the legal basis of consent. Accordingly, we make a point of collecting valid consent with regard to th GDPR i.e. free, specific, informed and unambiguous consent from the person contacted to respond to our study or survey, after having clearly, precisely and concisely explained the purposes of the collection.

We systematically ensure that our subcontractors comply with these conditions when collecting consent from respondents.

  • Unrestricted consent: when asked, the individual is informed that his or her response to the questionnaire is optional, and that refusal to answer will not entail any negative consequences for him or her;
  • Specific consent: the person is only asked to respond to a specific study;
  • Informed consent: the individual is informed, prior to data collection, of the purposes and categories of data collected;
  • Unambiguous consent: a positive act on the part of the person concerned is required to access our questionnaire.

Respondents’ consent is obtained prior to any response to our questionnaires. The methods of obtaining consent vary according to the methodology of the study concerned.

Ifop Group retains proof of this consent for the period required for processing, i.e. generally for the duration of the survey and related quality control activities.

Ifop Group is authorized via the GDPR to reuse personal data, initially collected by third parties for other purposes, insofar as the market research activity is assimilated to scientific research activities.

 

2. Retention period for Respondents’ personal Data

Ifop Group is committed to ensuring that Respondents’ Personal Data is retained for no longer than is necessary for the purposes for which it is collected or processed, with the application of clear rules regarding retention periods.

Ifop Group’s default retention period for your Personal Data is twenty-four (24) months from the end of the study or survey concerned.

However, this period may vary depending on the type of survey, Ifop Group entity involved in the survey, and the needs of Ifop Group clients.

If you have any questions about the length of time we keep your Personal Data for our surveys, please do not hesitate to contact us directly as indicated in the paragraph ” Your rights ” below.

 

3. Minimization of Respondents’ Personal Data

To comply with the principle of minimization, Ifop Group ensures that it only collects Personal Data that is relevant, adequate and limited to what is necessary for each study carried out:

  • Ifop Group only collects categories of data that are relevant and/or indicated by clients and that enable it to fulfil a specific purpose, i.e. the objective of collecting Personal Data;
  • Ifop Group ensures that Personal Data is not used in a manner incompatible with this purpose.

Ifop Group undertakes to preserve the anonymity of respondents to its surveys vis-à-vis the end customer by providing the latter only with raw or aggregated, non-nominative data, except in special cases, in which case the transmission of identifying Data to Ifop Group customers is subject to obtaining the prior express consent of the respondent concerned.

 

4.Transfer of your Personal Data & Subcontracting

4.1 External subcontracting

In addition to transferring Personal Data to its internal and IT teams, the Ifop Group may use external suppliers or subcontractors to perform certain services related to its business and may therefore transfer your Personal Data to them.

Ifop Group selects its suppliers and ensures that they have the capacity to comply with directives and regulations relating to the protection of Personal Data, by requiring them to

to make contractual commitments to this effect prior to any operations carried out on behalf of Ifop Group.

Various measures have been put in place to ensure that its subcontractors comply with the principles of personal data protection, namely :

  • The systematic signing of contractual undertakings containing at least the clauses required by the RGPD ;
  • The use of encrypted messaging for any transfer of personal data outside our secure internal network;
  • The possibility of carrying out an audit to check compliance with legal and contractual obligations. A procedure associated with this audit has been adopted;
  • Adherence to our ethics charter, which includes ESOMAR’s ethical principles.

4.2 Ifop Group internal subcontracting

Depending on the purpose of the study, Ifop Group entities may exchange your Personal Data with each other, in France or abroad. For this purpose, Ifop Group entities have entered into intra-group agreements providing a legal framework for such transfers.

Ifop Group entities concerned are as follows:

  • Ifop Eastwego Shanghai – Unit 1108, Lee Gardens, No.668 Xinzha Road, Jing ‘an District, 200041 Shanghai (China)
  • Ifop Eastwego Hong Kong – 42/F., Central Plaza, 18 Harbour Road, Wanchai, Hong Kong
  • Ifop Inc – 10 Rockefeller Plz Suite 1001 New York NY 10020 (USA)
  • Brain Value Shanghai– Suite 405, Yuyuan Road 108, 200040 Shanghai (China)
  • Brain Value Hong-KongUnit B6, 12th Floor, Wing Wah Building, No. 677 King’s Road, Quarry Bay, Hong Kong Island, Hong Kong

All Ifop Group entities are subject to the same strict rules regarding the processing, storage and security of your Personal Data.

4.3 External international transfers

Ifop Group does not transfer any Personal Data outside the EEA without ensuring that :

  • The data controller is informed of this transfer;
  • The entity is located in a country whose legislation is deemed equivalent to the GDPR or, failing that, that it has signed a contract with Ifop Group concerned authorizing such a transfer ;
  • The entity has implemented measures offering the level of security required by the regulations.

In any event, Ifop Group will only transfer Personal Data outside the EEA after informing respondents of this possibility and after respondents have not objected.

4.4 Public bodies

Ifop Group may disclose Personal Data to public bodies, courts, administrative bodies and authorities responsible for the protection of Personal Data, if required by law or if ordered to do so.

 

5. Processing of sensitive Personal Data

Depending on the subjects dealt with in the surveys commissioned by its clients, Ifop Group may be required to process sensitive Personal Data.

For more information on the qualification of sensitive personal data: https://www.cnil.fr/en 

Ifop Group undertakes to deal on a case-by-case basis with research requests which, due to the nature of their processing, would expose the persons responding to them to a high level of risk.

In such cases, Ifop Group requests the respondent’s explicit consent to collect sensitive personal data, and works with the data controller to implement specific measures. These measures are studied on a case-by-case basis, depending on the nature and volume of the data collected.

 

6. Personal data of minors

As a general rule, surveys carried out by IfopGroup are conducted with people of legal age. Nevertheless, where applicable, Ifop Group undertakes not to process the Personal Data of minors under the age of 15 – or any other legal age defined by the applicable law of the country where the survey is conducted – without parental consent .

 

7. Your rights

Under applicable law, you have the following rights:

Access to your Personal Data: if you request it in writing, we will make available to you, to the extent required and/or permitted by law, the Personal Data concerning you that is processed by Ifop Group.

Correction of your Personal Data: if you believe that your Personal Data is inaccurate, you may request that it be corrected.

Deletion of your Personal Data: If you consider that it is no longer necessary for Ifop Group to process your Personal Data, you may request their deletion from our databases.

Limitation of the processing of your Personal Data: If you consider that the processing of your Personal Data is inaccurate or unlawful, you may request the limitation of the processing. Ifop Group will then only store your Personal Data and will not process it in any other way without your consent.

Objection to the processing of your Personal Data: if you have previously consented to the processing of your Personal Data by Ifop Group, you have the right to object to such processing on grounds relating to your particular situation at any time.

Decision regarding the processing of your Personal Data after your death: at any time, you or the person you have designated for this purpose may inform Ifop Group regarding the processing of your Personal Data after your death, whether this involves deletion, retention or disclosure.

In order to exercise any of these rights in relation to the personal data we may hold, please submit your request in writing to:

Ifop Group has put in place an internal procedure for all requests to exercise the rights of respondents interviewed for our studies, to ensure that these requests are met within the deadlines imposed by regulations. This procedure includes all parties involved (any subsequent subcontractors and the data controller).

 

8. Teams and training

GDPR compliance within Ifop Group is overseen by the Group’s General Counsel and DPO, who heads an in-house team specializing in personal data protection.

All staff at all entities making up Ifop Group follow a training and awareness program on the principles of the GDPR and the Group’s internal procedures. Our operational teams are systematically trained when they arrive, and then regularly throughout their careers within the Group.

 

9. IT security and Artificial Intelligence

The security of your Personal Data is very important to us.

Ifop Group’s IT teams, under the supervision of the Information Systems Security Manager (ISSM), implement technical and organizational measures to ensure the security of Personal Data collected, processed and stored; and thus protect them against unauthorized destruction, loss, alteration, disclosure and access, whether accidental or unlawful

Ifop Group may use artificial intelligence processes. We are adapting our processes to comply with European regulation (EU) 2024/1689 on artificial intelligence (AI) by 2026, and have set up a dedicated watch to comply with any legislative developments in this area.

Where necessary, specific disclosures will be made to respondents to comply with our transparency requirements.

 

10. Changes to this Policy

This Policy on the Rights of Respondents to our studies is in effect as of the date of the last revision appearing at the top of this page. It may be modified at any time.

 

 

RGPD policy for respondents to our surveys

This GDPR Policy does not apply to the collection or use of Personal Data of visitors to our site. If you find yourself in this situation and would like more information on how we protect your data, please refer to our dedicated Privacy Policy.