World of Curiosity Community Panel Privacy Notice
Last updated: 25th May 2018
Who are we?
We are Toluna Group Limited, part of the ITWP Acquisitions Limited worldwide group ("we" "our" "us" or "Toluna"). You can see who our group members are by clicking on the link below:
Toluna are an online data collection group focused on providing high-quality market research data to its clients who are in various business sectors, including other market research agencies and other global and corporate clients of all sizes. we also build and maintain large online consumer panels, providing real-time digital consumer insights to our clients via our market research client surveys and analytics platforms.
What is our Privacy Commitment to you?
we respect your privacy and are committed to protecting your personal data. This privacy notice describes how we collect, use, share and secure personal data you provide on www.theworldofcuriosity.com (the "site") when you become a community member and participate in surveys and/or research studies ("surveys") that we conduct for and on behalf of our Client who operates in the [specify the Client's market industry e.g. food/technology, etc] ("Client"). It also explains your privacy rights and how laws that are applicable to you may protect you.
This Privacy Notice tells you about:
- Who are we?
- What is our Privacy Commitment to you?
- What personal data do we collect about you and how do we use your personal data?
- Who do we share your personal data with?
- Do we transfer your personal data to other countries?
- What cookies do we use on the site?
- What other tracking technologies do we use for surveys you participate in and for other purposes?
- How do you access your information; use the member services area and/or update, correct or delete your information?
- How do you terminate your community membership?
- How do you ask a question or make a complaint?
- What is our winner's policy?
- What security measures do we undertake to protect your personal data?
- How do you opt out from your community membership?
- What are our data retention and destruction policies?
- Children's privacy
- Your legal rights if you are in the EEA
- What are the legal bases we rely on when processing your personal data?
- Who is the data controller?
- Changes to the privacy notice and your duty to inform us of changes
- Privacy contact details
What personal data do we collect about you and how do we use your personal data?
When you agree to become one of our Client community members, you are able to participate in our Client surveys. We will ask you to complete the registration form on the site or via links displayed on our partners' websites. As part of your registration, you will provide us with your Identity data and Contact data and we will through your participation in the Surveys obtain certain other data about you, such as; Demographic/Profile data, Technical data and Pseudonymised data.
We use your Identity data and Contact data for:
- Contacting you for any reason connected with your panel community membership;
- Incentive fulfilment - when you earn incentive points through your participation in the surveys, the points are deposited into your account. When you wish to redeem them, we will use your Identity data and Contact data to send you your rewards.
- Sending you invitations for your participation in surveys - to ask you if you are interested in participating in our upcoming surveys. We may also make you aware via your online panel community membership account of surveys you may be suitable to participate in, based on our knowledge of your personal data.
We may from time to time ask you to provide us with Special Categories of personal data about yourself for specific surveys and if required by applicable law, we will ask you for your consent before processing such Special Categories of personal data.
We use your Demographic/Profile data for matching you with appropriate surveys to see if you qualify for particular surveys and your birth date is automatically updated so that we may ensure we select individuals, based on their age as may be required for the relevant survey.
Public forums and blogs
Our site offers publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them.
we display personal testimonials of satisfied customers on the site in addition to other endorsements. With your consent, we may post your testimonial along with your username. If you wish to update or delete your testimonial, you can contact us at email@example.com.
You should be aware that any personal data you choose to make public on the site, in the Community area (under a message on your wall, as an opinion, topic, battle, thumb it) can be read, collected, stored and/or used by other users and could be used to send you unsolicited messages. We strongly discourage you from disclosing any of your personal data in the community area that you may find on the site and/or providing your personal data as we cannot guarantee that third parties who may collect and process your personal data from those community areas will keep them secure. Please be aware that we are not responsible for the personal data you choose to submit or make public. In addition, we are not responsible for the content you publicly post on the site that can be found via web-based search engines.
Toluna would never ask you to provide your Contact data or Identity data as part of a survey, so please do not transfer such data to a third party as we cannot guarantee the security of such data.
Categories of personal data we may process about you
- Identity data – name (includes first, last, maiden and married names), date of birth, marital status, gender, panellist id and username.
- Contact data – postal address, email address and telephone number.
- Special categories of personal data – ethnic/racial origin, health, genetics, political opinion, religion, sexual orientation and sex life and biometrics (used for ID purposes).
Biometrics means personal data resulting from specific technical processing relating to the physical, physiological, or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or finger print data.
- Demographic/Profile data - interests, preferences, feedback and survey responses and including, but not limited to; age, marital status, gender, birthday, household size, income, education and employment status.
- Technical data includes internet protocol (IP) addresses, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
- "Pseudonymised data" is identifiable data as unique identifiers such as panellist ID's are used, however direct identifiers, such as; name and Contact data are removed.
Who do we share your personal data with?
All of the responses we collect from you via our surveys are provided to our Client in aggregate or pseudonymised form. This means that information is provided about groups of individuals and not on an individual level but may include Pseudonymised data.
Except for the results of surveys, which may be pseudonymised data, we do not allow our Client to process any personal data about you. If on occasions we do provide your personal data to our Client, such use shall be for specific surveys, for the purposes of research, and we would never provide such data to our Client unless we have first received your consent and confirmed with them that their use is in accordance with applicable law.
From time to time we may engage third parties to issue you with cheques or processing the delivery of your rewards and they will need to use your Identity data and Contact data for those purposes. we may transfer your personal data to third parties for the purposes of those parties providing us or [our Client/our] with services such as; data processing or analytics services or to append data they previously collected about you. Such third parties are not allowed to use your personal data for any other reason and we enter into contracts with those third parties to ensure your personal data is kept secure and erased in accordance with our data retention and destruction policies.
From time to time, Toluna may use third-party software for email list management and email distribution, or may use third party list management providers to match our community members to members of other lists or panels, or to validate the accuracy of personal data you provide.
Though we make every effort to preserve your privacy, we may be required to disclose your personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements; or to comply with a subpoena or other legal process, when we believe in good faith that disclosure is necessary to protect our rights, to protect your safety or the safety of others, to investigate fraud or breaches of the site terms, or to respond to a government request.
Do we transfer your personal data to other countries?
From time to time your personal data is transferred from a Toluna company that is located in the Europe to a country that has not been recognised as providing equivalent protection. Toluna has put in place transfer agreements using the standard model contracts for the transfer of personal data to third countries as decreed by the European Commission.
Toluna USA Inc., - EU-U.S. and the Swiss-U.S. Privacy Shield Framework
Toluna's global back up and hosting service centre is located in the USA. Toluna USA Inc., ("Toluna USA") is a member of the ITWP group of companies and all data that Toluna uses are transferred to Toluna USA for those purposes. Toluna USA recognises that the EEA (including Switzerland) have established strict protections regarding the handling of personal data from the EEA, including requirements to provide adequate protection for such personal data transferred outside of the EEA. Toluna ensures that it provides adequate protection for certain EEA personal data about individuals (including about you and Toluna corporate clients, suppliers, business partners, job applicants and employees. Toluna USA has therefore elected to self-certify to the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework administered by the US Department of Commerce ("Privacy Shield"). Toluna USA is responsible for the processing of personal data it receives, under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf for the purposes of providing back up services to ensure the security of your personal data. Toluna USA adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement, and Liability. If there is any conflict between the terms of this privacy notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern.
For the purposes of enforcing compliance with the Privacy Shield, Toluna is subject to the investigatory and enforcement authority of the US Federal Trade Commission. For more information about the Privacy Shield, see the US Department of Commerce's Privacy Shield website located at https://www.privacyshield.gov. To review Toluna's representation on the Privacy Shield list, see the US Department of Commerce's Privacy Shield self-certification list located at https://www.privacyshield.gov/list.
What Cookies do we use on the site?
What other Tracking Technologies do we use for surveys you participate in and for other purposes?
As is true of most websites, we gather certain information automatically and store it in log files. This information may include Internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data. we may combine this automatically collected log information with other information we collect about you. we do this to improve services we offer you, to improve analytics, marketing, and site functionality.
In general, digital Fingerprinting technologies assign a unique identifier or "Machine-ID" to a user's computer to identify and track your computer. we will not use digital fingerprinting technology (the "Technology") to collect your personal data,or track your online activities; and will not disrupt or interfere with the use or control of your computer or alter, modify or change its settings or functionality. Occasionally, in specific market research programs, we will use the Technology to assist our Client in ensuring the integrity of survey results. The Technology will analyse publicly available information and data obtained from your computer's web browser and from other publicly available data points, including the technical settings of your computer, the characteristics of your computer, and its IP Address, to create a unique identifier, which will be assigned to your computer. The unique identifier will be an alpha-numeric ID In order to assist our Client in protecting and ensuring the integrity of survey results, we may; (a) link or associate your unique identifier to you and any of your personal data; (b) share your unique identifier with our Client and with other sample or panel providers; and (c) receive or obtain a unique identifier linked to you from a third party, including without limitation a sample or panel provider or our client, however we will only provide such information to any third parties our Client on an aggregated and anonymised or pseudonymised basis. In addition, any unique identifier(s) received or obtained by us and linked to you will be protected in accordance with this privacy notice and if required by law, we will ask for your consent in advance.
We shall do everything we can to ensure that the Technology is safe, secure and does not cause undue privacy or data security risks and we shall use and distribute the Technology in a professional and ethical manner and in accordance with (a) this privacy notice, (b) any other statements and/or disclosures made by us to you and (c) applicable laws and market research codes of practice.
In the event that we discover or learn of any unethical conduct in connection with the use of the Technology, or that the Technology is being used in a manner that is inconsistent with the statements and/or disclosures made by us to you or is in breach of applicable laws and the market research codes of conduct, we will take immediate action to prohibit such unethical conduct and to ensure the proper administration of the Technology.
How do you access your information; use the member services area and/or update, correct or delete your information?
Upon request, we will provide you with information about whether we hold any of your personal data. If you are based in the EEA, you should refer to section entitled Your legal rights if you are in the EEA to understand more about your rights. You may access, correct, or request deletion of your personal data, or terminate your membership by logging into your Community Account. By following the appropriate directions, your information should be automatically updated in our database. For these purposes, and if you are unable to correct your personal data yourself via your Community Account you may write to us at the postal address found at the end of this Privacy notice, or contact us by email at firstname.lastname@example.org. We will respond to all requests within a reasonable timeframe.
How do you terminate your panel community membership?
If you are a Community member and terminate your membership, we will no longer use your Identity data or Contact data, except for archival purposes and we will process your personal data in accordance with our backup procedures, your personal data are eventually destroyed in accordance with our data retention policies and we will continue to employ the security procedures and technologies to keep your personal data safe.
If you choose to end your membership with the Community, or to require us to cease processing your personal data, you may automatically discontinue your membership by clicking Unsubscribe in the footer of our Homepage. By following the appropriate directions, your record will be marked as "do not contact", and you will no longer receive communications from the Client. In addition, you will forfeit any incentive balance that has not been requested as of the time you opt out. As an alternative, you may send an email directly to email@example.com requesting to be removed. Email links are provided on the site so that you may contact us directly with any questions or concerns you may have. Each email we receive is read and responded to individually. In most cases it will take 2 to 3 days to process this change, but please allow up to two full weeks for your status to be finalised. In the meantime, you may receive emails from us.
How do you ask a question or make a complaint?
You can direct any questions or complaints about the use or disclosure of your personal data to our Privacy Contact. We will investigate and attempt to resolve any complaints or disputes regarding the use or disclosure of your personal data within 30 days of receiving your complaint.
If you are based outside the EEA and have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. Under certain conditions, more fully described on the Privacy Shield website https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint], you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
If you are based in the EEA and have an unresolved privacy or data use concern that we have not addressed satisfactorily, then please refer to your rights to make a complaint under the section entitled Your legal rights if you are in the EEA.
What is our winner's policy?
Community members either receive points for their participation in surveys, other activities and as being a member of the community or [are randomly selected to] may win prizes for participation in surveys, polls, and other promotions. All winners are notified by email of their winnings. For more information, please visit our Terms and Conditions page. Toluna shall post the usernames or first name and first initial of last name of winners on the Reward Page or communicate them via newsletter to all panelists. For more information about earning points, please visit our Terms and Conditions page.
What data security measures do we undertake to protect your personal data?
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator or supervisory authority of a breach where we are legally required to do so.
How do you opt out from your panel community membership?
If you choose to end your membership with the Community or require us to cease processing your personal data, you may discontinue your membership by logging into your account and clicking on the unsubscribe link in the footer of the website. By following the appropriate directions, your record will be marked as "unsubscribed", and you will no longer receive invites to participate in future Surveys or other community activities from Toluna. In addition, you will forfeit any incentive balance that has not been requested as of the time you opt out. In most cases it will take 2 to 3 days to process this change, but please allow up to two full weeks for your status to be finalised. In the meantime, you may receive emails from us. As an alternative, you may send an email directly to firstname.lastname@example.org requesting to be removed. Each email we receive is read and responded to individually; please allow two to three business days for us to get back to you.
What are our data retention and destruction policies?
How long will you use my personal data for?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
If you are a citizen or resident of the EEA, or we are processing your personal data in the EEA, in some circumstances you can ask us to delete your data: see the section entitled Your legal rights if you are in the EEA below for further information.
As the results of the surveys and other aggregated or Pseudonymised data are used for research and/or statistical purposes, we, our Client and other third parties may use this information in accordance with the terms indefinitely without further notice to you.
From time to time we may offer visitors the ability to voluntarily link to other sites. Toluna does not review and is not responsible for, the content or effect of the privacy policies of these sites.
It is important that the personal data we hold about you is accurate and current. Please keep your Account details updated if your personal data changes during your relationship with us.
Your legal rights if you are in the EEA
If you have signed up with a Toluna company who is located in Europe or you are a resident or citizen of a country in the EEA, you have rights under data protection laws in relation to your personal data. If you wish to exercise any of the rights set out above, please contact us.
You have the right to:
- request access to your personal data and we may conduct ID checks before we can respond to your request.
- have your personal data erased, corrected or restricted if it is inaccurate or requires updating. You may also have the right under certain circumstances to request deletion of your personal data; however, this is not always possible due to legal requirements and other obligations and factors. You can update your account information via your Account or by contacting us at the address given below.
- have your personal data transferred to you or to a third party from 25th May 2018. we will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- make a complaint at any time to a data protection regulator. A list of National Data Protection Authorities can be found here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. we would, however, appreciate the chance to deal with your concerns before you approach the data protection regulator so please contact us in the first instance.
What are the legal bases we rely on when using your personal data?
The law on data protection in the EEA sets out a number of different reasons for which a company that is processing personal data may collect and process such personal data, including:
Consent – In certain cases, we collect and process your personal data with your consent e.g. when you participate in surveys.
Contractual obligations – In some circumstances, we need to process your personal data to comply with a contractual obligation e.g. when we use your personal data to send you your rewards.
Legal compliance – If the law requires us to, we may need to collect and process your personal data in response to lawful requests by public authorities or if e.g. we believe in good faith that disclosure is necessary to protect our rights, to protect your safety or the safety of others, to investigate fraud or breaches of our site terms, or to respond to a government request.
Legitimate interest – In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests e.g. to pass the results of surveys to our Client.
Who is the data controller?
The Toluna company with whom you registered with as a community member is a controller and responsible for your personal data. Due to the nature of the information the Client processes about you, whilst the Client is never allowed to process your Contact data, the Client is also a data controller. Our Client has asked us not to disclose their name to you, so that the responses you provide to us in surveys and your use of the Community are not biased in any way, however you have the right to know who the identity of the Client. You can find out who our Client is by contacting us at email@example.com.
We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the DPO using the details set out below.
Changes to the privacy notice and your duty to inform us of changes
The data protection law in the EEA (including the UK) will change on 25th May 2018. Although this privacy notice sets out most of your rights under the new laws, we will respond to some of your requests (for example, a request for the transfer or erasure of your personal data) from 25th May 2018.
If we decide to change our privacy notice, we will post those changes to this privacy statement on the homepage, or other places we deem appropriate so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it.
We reserve the right to modify this privacy statement at any time, so please review it frequently. If we make material changes to this policy, we will notify you here, by email, or by means of a notice on our home page prior to the change becoming effective.
It is important that the personal data we hold about you is accurate and current. Please keep your Account details updated if your personal data changes during your relationship with us.
Privacy contact details
You may contact us by writing to:
The Data Protection Officer
5, avenue du Château