Privacy Policy for Kantar Sifo Employee Experience (EX)

Select language

Date created: 25/05/2018                               Last revised: 14/09/2021

This website is provided by Kantar Sifo on behalf of Kantar Insight. Kantar Sifo is the data processor.

Your privacy is important to us. All information you provide to us is treated with care and respect and we always strive for a high level of data protection. All answers we collect directly from respondents are processed into statistics and anonymised before reporting. In order to be able to invite you to the employee survey, we collect certain data from your employer, e.g. your name and email address, but your employer can never see them together with the answers you submit. As we work in a trust industry, privacy issues are taken most seriously at Kantar Sifo. In this policy, we wish to inform you why you can feel secure with Kantar Sifo’s processing of your personal data, the purpose for which we collect personal data in connection with our surveys and what rights you have.

What is personal data?
Personal data is information that can identify a living individual and/or a specific household (if you are located in California), e.g. name, personal identification number, telephone number, email address, location data, network identifier, images or videos.

Collection, Source and Use of Personal Data
Use case: Every action or combination of actions performed with personal data is to be regarded as processing, whether performed automatically or manually. Examples of the processing of personal data by us at Kantar Sifo are collecting, registering, organising, structuring, storing, processing, modifying, developing, reading and usage. Restriction, deletion or destruction are other examples that also constitute processing.

Purpose: Kantar Sifo conducts surveys and data collection from both private individuals (B2C) and companies (B2B). Participation in Kantar Sifo’s surveys is always voluntary.

Source: Kantar Sifo collects personal data such as name and email address from the customers for the purpose of inviting employees to participate in their employee survey. If the employees invited to Kantar Sifo’s survey voluntarily consent to participate in the survey, we also collect data directly from the employees.

Data collected/processed: Kantar Sifo collects e.g. details of your name, email address, company, detailed organisational belonging, and direct manager. If you participate in our surveys online, IP address, browser specifications, and device types are also collected.

Legal basis: The use of personal data is necessary for our customers’ legitimate interests to be able to invite their employees to an employee survey. Since participation in employee surveys are always voluntary, participants give Kantar consent for the use of their personal data by submitting their answers. The results from our surveys are important basis for decision making for our customers.

Third Parties (Clients and Suppliers)
We collect and process personal data for the purposes described above and the aggregated data is delivered to our client. However, we do not share or sell your personal data to any other third parties.

We treat your responses confidentially
When you participate in our surveys, we assure you that you are anonymous. Kantar Sifo and our partners treat all personal data confidentially. Your responses and your personal data are handled with the utmost care. Your personal data is stored on Kantar Sifo’s servers located in Sweden. No personal data is transferred to a third country without your consent. In case your personal data should be transferred to a third country (non-EU/EEA member state) Standard Contractual Clauses will apply.

We will never publish the responses of an individual. Personal data is handled by a small number of employees who are bound by professional secrecy. Our surveys are conducted in line with the EU General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and applicable guidelines and industry standards for the processing of personal data.

When you participate in our surveys, you agree that the information you share will be stored for up to 2 years. Your responses and other data are stored only within the EU/EES. The information is used for statistical analyses.

We comply with the laws, guidelines, and industry standards that apply to our business, we respect the confidentiality and anonymity of our participants, and we protect personal data. In addition to GDPR and the Swedish Data Protection Authority’s guidelines, this also includes ESOMAR’s ethical rules and industry standards.

Protection of personal data
You may rest assured that Kantar Sifo handles your personal data safely and securely. Personal data is encrypted during transfer and sent only through secure file transfer protocol. Vulnerability assessments and safety tests are performed on a regular basis.

Kantar Sifo maintains an updated backup of data and software used for the processing of personal data and ensures proper destruction when the personal data has served its purpose. Access to personal data is limited. All staff who handle personal data are bound by professional secrecy and have a duty of confidentiality. Your personal data is kept separately from the responses you gave in the survey.

We follow standards and industry requirements from ICC/ESOMAR for protection of anonymity of the person submitting the data and clarity in delineation of the line between market research surveys on the one hand and marketing, telemarketing and various forms of direct sales measure on the other and so on.

Children Data Collection
We never knowingly invite children under the age of 16 years to participate in research studies without consent. If it is necessary and appropriate to a particular project to directly involve children under the age of 16 years, we take measures to ensure we have been given permission by the responsible adult. We do not sell children’s personal data.

Your rights
When we process your personal data in the context of this survey, you have the following rights:

• Right of access to your personal data.
• Right to have incorrect personal data corrected in our systems.
• Right to deletion of your personal data from our systems unless we have legitimate interests or a legal obligation to continue processing it.
• Right to object to the processing of your personal data.
• Right to limit the processing of your personal data.
• Right to withdraw your consent to our use of your personal data.
• Right to data portability (to receive your personal data in a machine-readable format).
• Right to not be discriminated against for exercising any of the rights available to you under applicable data protection laws.

If you inform us that you wish to exercise any of these rights, we will respond within 30 days. We will also notify third parties to whom we have transferred your personal data, of changes made based on your request. Please note that we will contact these third parties but are not responsible for their actions in connection with your request. You may need to contact them yourself to exercise your rights as registered against these third parties, such as access to your personal data, correction, alteration, or deletion where they are incorrect.

You are entitled to receive an extract of the personal data we have registered about you, and you are entitled to obtain an extract of this data if you request it, within 30 days. If the data is incorrect, incomplete or irrelevant, you are entitled to apply for the data to be altered or deleted. For registry extracts, we may require you to provide identification for us to ensure that we do not disclose your personal data to any unauthorised person. To receive a registry extract, please contact us by email, phone or letter using the contact details provided under “Contacts and Complaints” in this policy.

Storage of your personal data
Personal data will only be stored for the period appropriate for its legal use. The storage time may therefore vary depending on how long the processing lasts, but generally no personal data will be stored for longer than 2 years, unless otherwise required by law. Personal data that is no longer required will be deleted in a manner which ensures that the confidential nature is not compromised.

Alteration to this privacy policy
We keep our privacy policy under regular review and it may be amended from time to time. We will always have the most up-to-date policy on this web page. We will record when the policy was last revised.

Complaints and contact details
The Swedish Data Protection Authority is responsible for monitoring the application of the legislation. Anyone who believes that a company is handling personal data incorrectly may submit a complaint with the Swedish Data Protection Authority. If you believe that your personal information is being processed in a manner contrary to applicable law, you may submit a complaint directly to us or to the Swedish Data Protection Authority.

Our support can be contacted for questions regarding processing of personal data, if you wish to withdraw your consent, object to a balance of interest’s test, or apply any of your other rights.

Support can be reached via email at . Any complaints can be made to this support, or directly to the Swedish Data Protection Authority.

Our postal address is Kantar Sifo AB, SE-114 78 Stockholm, and our switchboard phone number is +46 8-507 420 00. If you are located in the United States, you can use the toll-free number +1 866-471-1399.

To protect your interests, Kantar has also appointed a Data Protection Officer (DPO), Ravinder Roopra, Senior Director, Privacy & Data Protection Officer.