HELION MYSTERY SHOPPERS PRIVACY NOTICE
Before you read the small print
We may need to share your personal data with other parties, such as our client, but we will do so with caution and within your reasonable expectations. In any case, we will not sell your personal data without your consent.
If any data is shared with us, we will make sure that it is locked and secure. We have several internal security protocols that staff members have to follow to get access to any system. Our technology platforms are only accessible to trained personnel and via secure protocols.
If we can be more responsible, we will do it. We spend a lot of time and resources, making sure that our services are up to current privacy standards. We are a member of Esomar, the MRS and MSPA, who guard the privacy of participants of online and offline research.
In case of any questions related to our Privacy Statement for Mystery Shoppers, please contact us by e-mail: firstname.lastname@example.org.
------------ And now the small print:
This Privacy Statement for Mystery Shoppers governs the collection and use of personal data that you, the (candidate or active) mystery shopper (hereinafter: “Mystery Shopper”, “you” or “your”), provide to us (i.e. Helion Market Research CVBA; hereinafter: “Helion”, “we”, “us”, “our”) when you:
a. register as a mystery shopper on our website www.helionresearch.com (hereinafter: “Website”); and
b. as a consequence of providing mystery shopping services on our behalf to our customers (hereinafter: “Customers”).
Your personal data are mainly collected when you create a mystery shopper account on our Website and when you go on active missions for our Customers. We at Helion respect the right to privacy and protection of personal data of our Mystery Shoppers. All our processing of personal data done on or via the Website will comply with the rules set out in this Privacy Statement.
By registering as a Mystery Shopper, you acknowledge to have read this Privacy Statement for Mystery Shoppers. This statement applies to your registration on our Website as Mystery Shopper and for all personal data processing activities taking place as a consequence of you going on mystery shopping missions for our Customers.
1.1 Your personal data are collected and processed by Helion Market Research CVBA, with registered offices at 2018 Antwerp, Quellinstraat 6, registered with RPR/RPM Antwerp, Antwerp division, under the number 0817.352.088. Helion processes your personal data in its capacity as controller.
1.2 Customers may be also responsible for the collection and processing of your personal data. This will be the case when you go on mystery shopping missions for our Customers on the basis of your services agreement with us, and the Customer processes your personal data while on the mission. The contact details of the Customer will be communicated to you by the Customer itself. Helion and its Customers are independently responsible for the processing of your personal data, meaning that you should address only your questions related to the processing activities as outlined in this Privacy Statement for Mystery Shoppers to us. For all processing activities undertaken by Customers, you should contact the respective Customer directly.
1.3 Your questions regarding the processing of your personal data as outlined in the Privacy Statement for Mystery Shoppers can be addressed via e-mail to email@example.com.
1.4 The terms and concepts in this Privacy Statement for Mystery Shoppers have the same meaning as defined by the General Regulation on Data Protection (Regulation (EU) 2016 of 27 April on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing directive 95/46/EC).
1.5 We reserve the right to modify and adapt this Privacy Statement for Mystery Shoppers. Those modifications will be communicated to you by e-mail or through the Website.
2. What sort of personal data do we process?
2.1 When you register on the Website as a Mystery Shopper, we collect the following categories of personal data:
a) personal identification data (e.g. names);
b) electronic identification data (e.g. IP addresses);
c) financial identification data (e.g. bank account number);
d) agreements and settlements (e.g. your agreement with the Customer);
e) personal particularities (e.g. age, gender, date of birth);
f) current employment (e.g. function title and employer details);
g) professional activities (e.g. references);
h) professional competences (e.g. professional skills, highest level of education);
i) questions relating to your personal transportation (e.g. driving licence);
j) performance rating;
k) your image (photograph);
l) your answers to the questions we ask you in our questionnaires;
m) all personal data associated with you performing your mystery shopping mission, which you have uploaded to your Mystery Shopper account or which we have received from our Customers. This includes bills, interactions, video images, sound recordings or photographs;
n) any information you choose to share with us via supplemental documents and communications;
o) for certain missions it may be required that we ask questions which relate to special categories of personal data, such as data concerning your health, personal data revealing racial or ethnic origin. Special attention will be paid by Helion when registering these sensitive data.
3. Why do we process your personal data?
3.1 Purposes for processing your personal data (we also indicate which categories of personal data listed under article 2.1 we process for each purpose):
a) to inform you about our services and new mystery shopping opportunities, we process the personal data listed in article 2.1, a) and b);
b) to allow you to register as a Mystery Shopper and become a part of our Mystery Shopper database, we process the personal data listed under article 2.1, a), b), e), f), g), h);
c) to allow you to go on mystery shopping missions for our Customers we process all personal data listed under article 2.1;
d) for administration purposes (i.e. invoicing, payment related administration and internal reporting) we process all personal data listed under article 2.1, a) and c);
e) for statistical reasons and to improve our Website and our services we process all personal data listed under article 2.1 a) to m);
f) to expand our business, we process all personal data listed under article 2.1, a) to n);
g) for security reasons and misuse detection, prevention and reporting about safety and security measures and incidents we process all personal data listed under article 2.1, a) to n);
h) to inform any third party in the context of a possible merger with, acquisition from/by or demerger by that third party, even if that third party is located outside the EU, we process all personal data listed under article 2.1, a) to n);
i) to be able to defend ourselves against legal claims or to engage in legal proceedings to protect our own interests;
j) to comply with our legal obligations as well as with any valid request from policy, judicial or governmental authorities, we process all personal data listed under article 2.1.
k) As mentioned in article 2.1 o), for certain missions it may be required that we collect and process special categories of personal data. We will only do so if necessary to fulfil the mission. We will communicate this necessity and the purpose of processing special categories of personal data to you at the time we ask your explicit consent to process such personal data as referred to in article 4.2.
4. What makes the processing of your personal data legitimate?
4.1 The data protection laws require us to precisely indicate to you which legal option we rely on to make the processing of your personal data legitimate. We need to clarify this for each of the purposes listed in Article 3 above.
a) For purpose (a) we rely on your consent. We will only send you e-mails with your prior consent, which you may withdraw at any time. You can use the option to unsubscribe in the e-mails we send you.
b) For the purposes (b) to (d) we process your personal data because it is necessary to perform the agreement that we have with you for the use of our Website and connected mystery shopping services or because it is necessary to come to such an agreement. Please note that if you do not provide us with your personal data for the purposes mentioned in this clause, it will not be possible to execute or perform our agreement with you.
c) For the purposes (e) to (i) we process your personal data because it is necessary for purposes of our legitimate interests, which in this case concern:
- gaining insights in how the Platform and our services are used as well as in our user base;
- our commercial interests to improve and expand our business and services;
- our security, safety and legal interests;
- being able to conclude corporate transactions.
d) For purpose (j) we need to process your personal data to comply with our legal obligations.
4.2 As mentioned in article 2.1 o), for certain missions it may be required that we collect and process special categories of personal data. We will always ask for your explicit consent for the processing of those special categories of personal data. You may withdraw your consent at any time, but then you will not be able to participate to the mission.
5. Retention Period (how long we store your personal data)
5.1 Your personal data are only processed for as long as needed to achieve the purposes listed in article 3 above (with a maximum of 10 years starting of the date of the last mystery visit conducted for Helion). We will de-identify your personal data when they are no longer necessary for these purposes, unless there is:
a) an overriding interest of Helion or any other third party in keeping your personal data identifiable;
b) a legal or regulatory obligation or a judicial or administrative order that prevents us from de-identifying them.
6. Recipients of the personal data
6.1 Your personal data may be sent to the following categories of recipients:
b) your contacts or business relations;
c) our partners, clients and service providers as well as our affiliates;
d) our shareholders and potential acquirers;
e) governmental, judicial and other competent bodies.
6.2 Your personal data are transferred outside the European Economic Area, if such is required for a particular mission. The legal basis on which we rely in such an instance is the necessity of the transfer for the performance of the agreement that we have with you for a particular mission. If your personal data are shared more structurally with entities outside the European Economic Area which are established in a country that does not benefit from an adequacy decision of the European Commission, we will put in place appropriate safeguards for the transfer such as the model contract clauses of the European Commission.
6.3 We may send your pseudonymised data to our clients in the performance of our agreements and assignments with our clients. We shall make our best effort that your identity cannot be discovered. However, you understand that depending on the nature of the mystery shop assignment and the results that have to be provided, our client or third parties, using means beyond our control, could retrieve your identity. Hence, we cannot completely guarantee that your identity will be kept secret at all times.
6.4 We do not send your personal data in an identifiable manner to any other party than the ones mentioned in articles 6.1 to 6.3. However, we may send anonymised data to other organisations that may use those data for improving products and services as well as form marketing purposes.
7. Your rights
7.1 You have the right to request access to all personal data processed by us insofar it pertains to you. You can exercise this right first and foremost via the Website itself. We reserve the right to refuse multiple requests for access that are clearly submitted for causing nuisance or harm to us or others.
7.2 You have the right to ask that any personal data pertaining to you which are inaccurate, are corrected free of charge. A lot of your personal data you can correct yourself via the Website. If a request for correction is submitted, such request must be accompanied with proof of the flawed nature of the data for which correction is asked.
7.3 You have the right to request that personal data pertaining to you will be deleted if they are no longer required in light of the purposes outlined above. However, you need to keep in mind that a request for deletion will be evaluated by us against:
a) our own or a third party’s overriding interests;
b) legal or regulatory obligations or administrative or judicial orders which may contradict such deletion.
7.4 Instead of deletion you can also ask that we limit the processing of your personal data if and when (a) you contest the accuracy of that data, (b) the processing is illegitimate or (c) the data are no longer needed for the purposes which are outlined above, but you need them to defend yourself in judicial proceedings.
7.5 You have the right to object to the processing of personal data for the purposes (e) to (i) in article 3.1, but you are required to explain your particular circumstances on which your request for objection is based.
7.6 When articles 4.1, a), b) or d) applies, you have the right to receive from us in a structured, commonly used and machine-readable format all personal data you have provided to us.
7.7 At any time, you have the right to withdraw your consent to send you e-mails or for processing your data.
Each request addressed to us can be send via e-mail to firstname.lastname@example.org.
An e-mail requesting to exercise a right will not be construed as consent with the processing of your personal data beyond what is required for handling your request. Such request should clearly state and specify which right you wish to exercise and the reasons for it, if such is required. It should also be dated and signed, and accompanied by a digitally scanned copy of your valid identity card proving your identity.
Without prejudice to the allocation of responsibilities as outlined in section 1, we will promptly inform you of having received this request. If the request proves valid, we will notify you as soon as reasonably possible and at the latest thirty (30) days after having received the request.
If you have any complaint regarding the processing of your personal data by Helion, you may always contact us via the e-mail address mentioned in the first paragraph of this clause. If you remain unsatisfied with our response, you may file a complaint with the competent data protection authority, i.e. the Belgian data protection authority.
© Helion. All rights reserved.