1. Who we are
myOpinion.com.cy is a brand name operating in the name of Pulse Market Research Limited.
Pulse Market Research Limited (‘PMR’, ‘We’, ‘us’) is a limited liability company incorporated in Cyprus under company number HE148203 and is located at 52 Archagelou Michael, Flat 201, Egkomi , 2410 Nicosia, Cyprus.
PMR is a market research company and a member of ESOMAR, an international organization focusing on developing better research methods, of MSPA, a representative Trade Association for companies participating in the Mystery Shopping Industry focusing to improve and stimulate the acceptance, performance, reputation and use of Mystery Shopping services worldwide, of WAPOR an international organization for companies practicing in public opinion surveys and SEDEAK, the Cyprus organization of opinion poll and market research companies. We adhere to the professional standards and codes of ethics which the above association and organizations set out for their members.
myOpinion.com.cy provides panel members (“Panellists”) with the opportunity to voluntarily participate in online surveys. By registering and becoming a panel member you will receive invitations to participate in online surveys.
2. Policy Scope
PMR is strongly committed to protecting the privacy of all Panellists participating in our online surveys as well as the website visitors (“data subjects” “you”). Our priority is to ensure the confidentiality, integrity and availability of the personal data we process.
PMR is the ‘Data Controller’ of all personal data that is collected and used by us for the purposes described in this Policy and in accordance with the applicable Data Protection Law, including but not limited to General Data Protection Regulation 2016/679 (“GDPR”), the Cyprus Data Protection Law 125(I)2018 and the Cyprus Regulation of Electronic Communications and Postal Services Law of N.112(I)/2004.
3. What personal data are
Personal data are information that directly or indirectly identifies a natural person. By indirect identification we mean the identification of a natural personal through the combination of various information.
4. How we use your personal data
For survey purposes: We use your personal data in order to conduct the survey for which the client has engaged us. The information gathered during the survey in form of questionnaires is collected and analysed, with the aim of delivering credible research data to our customers. Moreover, the data is then translated into useful representations, such as graphs, charts etc.
For statistical purposes: We may process data submitted by the you (interviewees) to carry out statistical processes on behalf of our clients to whom we provide our services. The usage data may vary in accordance to the research.
For market research purposes: From time to time, we may also use your information to contact you for market research purposes. We may contact you by phone, by email or by SMS. We may use the information to customize the website according to your interests.
For website purposes: We process personal data concerning website users, even those users do not intend to participate in a survey. For example, we may process analytical cookies when you are simply browsing our website or process your contact details when you chose to contact us, regardless of whether you have registered on our website.
5. What information we collect
a. Survey Respondent identity data, such as survey Responses, full name, date of birth;
b. Contact details, such as . email address, postal address, and phone number;
c. Demographic data, such as age, gender, professional or educational background etc;
d. Bank details and associated address when required to allow the Survey Responders to redeem their awards.
e. Any other data may be necessary depending on the nature of the survey we conduct. Such data may be health related, political, ethnicity data, religious beliefs, sexual life,
f. Website data, such as cookies and your IP address
6. How we collect your personal data
We collect your personal data either from the client, who engaged us to conduct the survey and with whom you may already maintain a consuming or business relationship or directly from you.
We may also collect your personal data in the course of a survey. If case of a response, the survey is conducted with the subjects’ prior consent.
7. Which is the legal basis we use for processing your personal data
7.1. We rely on your freely given and informed consent that you have given to us:
7.1.1. prior to the creation of your profile for the purpose of participating to our surveys.
7.1.2. When you chose to allow us to store cookies on your device for the purpose of ensuring a smooth and use-friendly experience, in accordance with our Cookies Policy. Your consent will be needed for cookies other than strictly necessary cookies.
7.1.3 When you chose to receive direct marketing from us either via email or SMS.
7.2 We may also process your personal data when:
7.2.1. this is necessary for the purposes of performing our obligations under the terms and conditions,
7.2.2 this is necessary the legitimate interests which we pursue i.e. protecting and improving our services, securing our systems, monitoring our system administration and quality controls and investigating/defending on potential legal claims, complains and disciplinary proceedings.
7.2.3 this is necessary to comply with legal/regulatory requirements to which we are subject.
8. With whom we share your personal data
We may appoint subcontractors who process personal data on our behalf (“data processors”), based on our legitimate business interest as required to deliver and protect our services such as IT systems or software providers, IT support services, external advisors and consultants.
In addition, we may allow the access of Survey response statistical data to our third-party trusted partners for the purpose of collecting and analysing the data but without disclosing the corresponding personal data of the Survey Respondents.
Furthermore, in other cases where, for example, a third-party partner requests a more in-depth follow-up and assessment of the response data or a direct communication with the Survey Respond. we may ask for the Survey Respondent’s specific consent before we authorise this sharing of personal data.
We conduct an appropriate level of due diligence and put in place contractual documentation in relation to any processors to ensure that they process personal data appropriately and according to applicable law.
9. How long we keep your personal data
We will not retain your data for longer than is necessary to fulfil our purposes as described in this policy. To determine the appropriate retention period, we consider the amount, nature and sensitivity of the personal data, the purposes for which we process it and whether we can achieve those purposes through other means.
We must also consider periods for which we might need to retain personal data in order to meet our legal obligations or to deal with complaints, queries and to protect our legal rights in the event of a claim being made.
When we no longer need your personal data, we will securely anonymise, delete or destroy them.
In order to protect your privacy and protect your personal data against unauthorised access, improper use or disclosure, unauthorised modification, accidental loss, destruction or damage we have implemented appropriate information security policies, rules and technical measures such as without limitation:
10.1. Pseudonymisation, along with encryption of personal data. This measure is recommended, where appropriate and feasible, as provided under Article 32(1)(a) of the GDPR.
Moreover, ‘pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person. It is a technique that is used to reduce the chance that personal data records and identifiers lead to the identification of the natural person (data subject) whom they belong too. Furthermore, our business has adopted this policy in order to ensure enhanced privacy, making it easier to process personal data beyond the original personal data collection purposes or to process personal data for survey purposes. The personal data of the subjects is pseudonymized for a period of time. This period is not predefined, and it extends as long as the company fulfils its main process. In other terms, the period is prolonged until a particular survey is completed.
10.2. Anonymization, is the process by which the already existing “pseudonymized” data, will reach its final state on our database. Our company has adopted the policy of anonymization, in order to ensure that personal data is kept for as long as it is needed by the us in order to carry its main process. Thereby, after this process is completed there is no way to identify a particular data subject and only raw data is left to be stored on our servers.
10.3 Encryption is a broadly used process whereby data gets turned into an encoded and unintelligible version, using encryption algorithms and an encryption key, and whereby a decryption key (which in some forms of encryption is the same as the encryption key) or code enables others to decode it again.
Pulse has adopted its Encryption Policy by ensuring that all databases on the servers are encrypted. The hosting facilities for our data are situated locally, on our servers in Nicosia, Cyprus.
11. Data Protection Officer
We have appointed a Data Protection Officer (“DPO”) to oversee compliance with this policy. You have the right to make a complaint at any time to a supervisory authority.
Our DPO’s contact details are:
Telephone number: +357 22447000
12. Data transfers
We do not normally transfer personal data to third countries outside the EEA. If required to do so, we will make sure that such transfers are lawful, and we will implement all appropriate transfer mechanisms and security standards required under Cyprus and EU data protection law.
13. Your legal rights
You have the following rights in relation to the personal information we hold about you:
- Request information about whether we hold personal data about you, and, if so, what that information is and why we are holding/using it.
- Request access to your personal data. This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason or legal ground for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Object to automated decision-making including profiling, that is not to be subject of any automated decision-making by us using your personal information or profiling of you. Please note that we do not currently use any method of carrying out automated decision-making without human intervention, including profiling, in a way that produces legal effects concerning you. In case we decide to do so, we will inform you accordingly prior to such processing taking place.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request transfer of your personal information in an electronic and structured form to you or to another party (commonly known as a right to “data portability”). This enables you to take your data from us in an electronically useable format and to be able to transfer your data to another party in an electronically useable format.
- Withdraw consent. In circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
Lodge a complaint with the supervisory authority. If you have a concern about any aspect of our privacy practices, including the way we have handled your personal data, you can report it to the relevant Supervisory Authority.
Please note that some of the above rights are not absolute and therefore may be limited where we have an overriding interest or legal obligation to continue to process the data or where data may be exempt from disclosure due to professional secrecy obligations. The applicability of your rights also depends on the legal basis on which we rely in each case.
If you want to exercise any of these rights, then please contact our DPO by E mail. We will take all appropriate steps to respond within the legal timeframe, that is 30 days from day we receive your request or additional 2 months in the case of receiving an excessive request in which case we will keep in touch and informed about the progress and status of your request.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
If you are unsatisfied with the Company’s actions or wish to make an internal complaint, you may contact the Company’s DPO, at firstname.lastname@example.org.