Privacy Policy
By using our website and services you agree to the below.
Introduction
Mystery Shopping (the “website“) is operated by MCE Performance Evaluation Consultants Ltd (company number SC460264) which is registered in Scotland at 36 Buckstone Loan, Edinburgh, EH10 6UD and referred to in this policy as “we“, “us” and “our“).
Please read this policy in addition to our Cookie Policy and Terms & Conditions in full as we want you to understand how we use your data and be confident that the information you give us is safe and secure. Important points to note are that by registering with us as a member we will use your data primarily for the purposes of sending you research opportunity emails. We never give third parties permission to email you and you can easily opt out of our processing at any time.
Last updated: 29th April 2024
1. Categories
During the course of your relationship with us, we may collect personal data about you. Personal data means any information capable of identifying you as an individual – it does not include anonymised data. Personal data we collect includes:
- Identity (full name, job title, employer)
- Contact (email address, telephone number)
- Technical (date of enquiry, IP address, local time zone, operating system and browser)
- Usage (how you interact with our website, emails and services)
We may process aggregated data from your personal data but this data does not reveal your identity and as such in itself is not personal data. An example of this is where we review your usage data to work out the percentage of website users using a specific feature. If we link the aggregated data with your personal data so that you can be identified from it then it is treated as personal data.
We do not collect any sensitive data about you. Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, genetic and biometric data, criminal convictions or offences.
2. Collection
We collect data about you through a variety of methods including:
Direct Interactions
You may provide data directly to us by filling in forms on our website or otherwise communicating with us by email, phone or similar methods. This includes when you submit an enquiry; request marketing be sent to you; enter a competition, prize draw, promotion or survey; or give us feedback.
Automated Technology
As you use our website and services, we may automatically collect technical data about your device, actions and usage patterns. We collect this data by using cookies, server logs and similar technologies. We may also receive technical data about you if you visit other websites that use our cookies. Please see our Cookie Policy for further details.
Third Parties & Public Sources
We may receive personal data such as identity, contact or technical details about you from various third parties and public sources where necessary.
3. Use
There are a number of ways we process your data, all of which relate to a legal ground for processing. We may process your personal data for more than one legal ground depending on the specific purpose for which we are using your data.
Consent
This includes where you have given us clearly informed consent to process your personal data for a specific purpose. We only collect information that we deem to be relevant and obtain your informed consent to ensure you agree to your data being processed in this way. This includes registering for an email newsletter from us or requesting marketing material is sent to a personal email address. We provide a clear consent statement and ask you to agree to both our privacy notice and terms and conditions. You are free to unsubscribe at any time. Another example of obtaining your consent is when you make an enquiry to us, we may ask if you will allow us to pass your details on to a third party if we are unable to fulfil your request.
Contract
If we have a contract with you, or you have asked us to take specific steps before entering into a contract, we may need to use your personal data. For example, we may need to use your personal details in contracts and/or invoices if you are self-employed and not trading under a separate legal entity such as a company. This also applies if we need to award you with a prize if you have won a competition.
Legal Obligation
If we are required to do so by law, we may need to collect and process your data as a legal obligation. As an example, if we suspect you are involved in fraudulent or criminal activity of any kind we reserve the right to process your details and share them with relevant authorities.
Legitimate Interests
This processing is necessary for our own legitimate interests. This includes things which may reasonably be expected as part of us offering our service and which does not materially impact your rights, freedom or interests. You are free to object to any of our legitimate interests, please contact us. Our legitimate interests include:
- Email communications which are not referred to under ‘Consent’ above (e.g. responding to queries, discussing new opportunities or payment, informing you about changes to our services). Service updates can be unsubscribed from at any time (other messages will only be sent as a reply if you email us first).
- Ensuring we avoid communicating with you by email through the use of a ‘do not contact’ (suppression) list after you have requested not to be contacted. You are free to request deletion from our suppression list.
- Preventing fraud and system abuse by monitoring suspicious activity (we reserve the right to suspend access to our services in accordance with our terms and conditions). You can request we stop associating your personal data with these suspected activities, however our legitimate interests may be compelling enough to override your rights.
- Analysing usage of how you interact with our website, emails and offers (including whether you decide to open an email, click on a link or enquire about a particular offer). This helps us to understand your interests and improve our services. You are free to request removal and have this data anonymised.
- Segmentation based on details you have provided such as your location. You are free to request removal of all or part of the personal data we hold for you (it may result in missing out on targeted offers which we cannot match you with).
- Personalisation of your experience based on details you have provided such as your company or location. You are free to request removal of all or part of the personal data we hold for you.
4. Sharing
We pride ourselves on being fair and reasonable with your data, so none of the ways we share it below should be a surprise. We may share your data with:
- Service providers who provide IT support, data, communication and system administration services.
- Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
- HM Revenue & Customs, regulators and other authorities based in the United Kingdom and other relevant jurisdictions who require reporting of processing activities in certain circumstances.
- Buyers, agents and advisers of a merger, acquisition or sale of any part of our business. Use of data would only be authorised on the same basis as it was collected.
- Clients, media contacts and other organisations in an aggregated format only if we ask you to take part in research (for clarity, we will not share any of your personal data and associated research responses together to any third party). This means the third party would not be able to identify you from the information provided, e.g. “5% of people in the UK enjoy going to the gym”.
- Others only where we have your consent.
Due to the global nature of the internet, from time to time and for operational reasons the personal information we collect from you may be transferred to and stored in countries outside of the European Economic Area (“EEA”). Your information may also be processed by some of our service providers which operate outside the EEA. Different countries have different data protection and security laws, however we require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.
5. External Links
Our website and emails contain links to third-party websites which are not subject to this privacy notice. Please read our Terms & Conditions page for further information on these links. Please make sure you read a third party’s terms and conditions and privacy notice carefully before providing any personal information to them, as we cannot accept any responsibility or liability for those third-party websites.
6. Security
Keeping details about you secure is important to us so we store and process your personal information in accordance with the high standards required under data protection legislation. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.
In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We do our best to keep the information you disclose to us secure, however security cannot be guaranteed due to factors out of our control. By using our services you accept the inherent risks of providing information online and will not hold us responsible for any breach of security. We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
7. Retention
We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
- If we rely on your consent as a newsletter subscriber, it is assumed to be renewed upon each positive interaction you make with our services (including opening an email and/or clicking a link). You are free to request removal at any time.
- If you appear to be inactive or unresponsive after what we consider to be a reasonable period of time, we reserve the right to remove your data. This may be based on a duration such as one year without hearing back from you or other similar factors.
- If you are a customer of ours, by law we have to keep basic information about our you for six years after you cease being a customer for tax purposes.
- In some circumstances you can ask us to delete your data.
- In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
8. Rights
The General Data Protection Regulation (GDPR) offers the following rights:
- The right to be informed
- Transparency of how we collect and use your personal data is a legal requirement of ours, which is what we detail on this page.
- The right of access
- We can provide you with free access to any data we hold about you and will respond within a month.
- The right to rectification
- Accuracy is important to us, so you are able to have us amend data within a month of asking us to do so.
- The right to erasure
- We only want to store your data if you want us to. If you don’t, please ask and we will respond within a month.
- The right to restrict processing
- In accordance with this policy, you are able to tell us how you want us to use your data. Please contact us and we will respond within a month.
- The right to data portability
- If desired, you can request to move, copy or transfer your personal data in an easy to use format.
- The right to object
- Above all else, you can object to us processing your personal data as referenced in this policy. Please contact us and we will respond within a month.
- Rights in relation to automated decision making and profiling
- If we use or process your personal data for any automated decision making and profiling reasons, we must inform you.
If you would like further details about any of these rights, please contact us.
9. Removal
Having a relationship with us is voluntary and you are under no obligation to continue to receive newsletters, marketing material or follow-ups regarding your business needs. If you have previously submitted your details and agreed to us using your personal data for direct marketing purposes, you may change your mind at any time. Please use the unsubscribe feature (linked at the bottom of our emails) or email us directly on support@mysterycustomerevaluations.com to request removal.
10. Changes
We may, from time to time, make changes to this privacy notice to reflect any changes to our practices in accordance with changes to legislation, best practice or website enhancements. We will let you know what these changes are by posting them to this page. Where the changes are significant, we may also choose to email you with the new details and get your consent to make these changes where required by law. It is your responsibility as a user to make sure that you are aware of changes posted on this page, by checking for any changes on a regular basis. Changes posted on this page will become effective as soon as they are posted.
11. Contact
If you would like to know what personal data we hold about you or have any questions or feedback for us please get in touch and we will get back to you as soon as possible.
As an online service, we prefer to communicate with you by email to ensure you are put in contact with the right person and in accordance with any regulatory time frames. Please use our email support@mysterycustomerevaluations.com for any correspondence.
If you are not happy with any aspect of how we collect and use your data, please submit your complaint to us so it can be escalated accordingly. Should this not be satisfactory, you are able to complain to the Information Commissioner’s Office (ICO) which is the supervisory authority in the UK for data protection issues.