Privacy Policy
1. Introduction
Mediaprobe is committed to international compliance with data protection laws, regulation, and rules.
In this document are described all the procedures of how data is processed, collected, handled and stored by Mediaprobe, following the EU General Data Protection’s recommendations. The principles and rules described in this document must be known, accepted and applied by all employees, customers and suppliers.
Mediaprobe’s operations demand that several kinds of data are collected – employees, suppliers, and client’s personal data, and panelist’s physiological data and (in cases when the panel is owned by Mediaprobe) personal data. This information is collected, treated, stored and destroyed, when justified, following the principles of this privacy policy.
This Privacy Policy applies to the website, apps, services, operations of Mediaprobe and comprises all Mediaprobe services, offerings, operations and mobile apps (MP MediaTest and MP OpenView).
2. Application of National Laws, Codes of Conduct and Guidelines
The privacy policy adopted by Mediaprobe is complying with Portuguese Legislation, and the Oporto District (“Comarca”) Courts shall have jurisdiction to determine any questions arising from the general conditions herein announced.
Mediaprobe also acts according to the international requirements and guidelines of market research – ICC/ESOMAR International Code on Market, Opinion and Social Research and Data Analytics – and the ESOMAR data protection checklist.
3. Privacy by Design and Default
Mediaprobe implements technical and organizational measures at the earliest stages of the design processing operations and IT development, in such a way that safeguards privacy and data protection principles from the start (‘data protection by design’). By default, Mediaprobe ensures that personal data is processed with the highest privacy protection (for example only the data necessary should be processed, short storage period, limited accessibility) so that by default personal data is not made accessible to an indefinite number of persons (‘data protection by default’).
Privacy design is a key consideration at every stage of project design and lifecycle.
4. Records and Data Retention
By default, individual raw data is stored for 12 months, which may include physiological data or declarative data. The metrics calculated from individual data, as required by clients to be included in the session reports, are stored for 5 years, unless another data retention period is specified on the Master of Service agreement established between Mediaprobe and the client.
5. Principles for processing Personal Data
Lawfulness, Fairness, and Transparency – personal data is processed in a legal, fair, and transparent manner. The way in which personal data is processed must be clear and easily understood. Therefore, all data subjects must be aware that their (personal) data is collected, the reason for that collection and how it is used. Data subjects must also freely and explicitly consent to have their data collected and processed. Moreover, data subjects must be aware of their rights, such as requesting access to their information and changing or deleting it.
Limitation of use and conservation – the data are collected for specific, explicit, and legitimate purposes and will not be further processed in a manner incompatible with those purposes.
Additional treatment for purposes of public interest archiving, scientific or historical research or for statistical purposes is permissible.
Data minimization – the personal data collected and processed must be adequate, relevant, and not too extensive in relation to the purpose. Never should more personal data be collected and processed than strictly necessary, and the collection must be closely linked to a clearly defined objective. When designing a data collection and processing pipeline, researchers should be able to justify the reason why each piece of data was collected. In case more data than necessary was received, this should be filtered and deleted.
Accuracy – the data is accurate and, whenever necessary, updated.
Storage Limitation – data will not be kept for longer than necessary for this purpose.
Integrity and confidentiality – the data is treated in a manner that ensures proper security, including protection against unauthorized or illegal processing and against accidental loss, destruction, or damage, using technical and organizational measures.
Restrictions on transfers – Mediaprobe does not transfer personal data to any third party. All data transferred to third parties is in the form of aggregated statistical information.
6. Rights of Subjects’ Data
Mediaprobe reserves the right to exercise its rights related to the collection and processing of personal data in accordance with the law in force, namely:
-
Right of rectification of personal data – data subjects have the right to request the correction of the data that Mediaprobe stores about them if they are not correct or have undergone changes.
-
Right of access to personal data – data subjects have the right to request a copy of their personal data.
-
Right to data portability – data subjects have the right in certain circumstances to request the personal data they have provided.
-
Right to oppose the processing of personal data – data subjects have the right to object to the processing of personal data.
-
Right to limit the processing of personal data – if data subjects consider that their data is incorrect or if they believe that we should not process it, they have the right to withdraw the right to process it.
-
Right to forget – data subjects have the right to permanently erase their data from our databases whenever they request it. Once this right has been exercised, and after all due diligence (including the return of the physiological sensor), data will be deleted from our databases, following Mediaprobe’s procedures for handling these requests.
7. Legal grounds for data processing
7.1. Respondent Data – Mediaprobe community and platform
Mediaprobe works remotely with hundreds of people (panellists) who agree to participate in remote psychophysiological monitoring studies and who are rewarded for it. These participants are thoroughly explained on the data that is being collected (demographic, physiologic, declarative and audio fingerprints) in the platform’s Terms and Conditions. The participants’ phone camera may be needed for the unique purpose of QR code (displayed at the Web App’s login page) reading and thus, grant access to the panellist area in the Web App. Users should explicitly read and accept these terms in the Mediaprobe apps (MP MediaTest and MP OpenView), before being allowed to run any monitoring session.
The type of information collected depends on whether the panellists belong to a Mediaprobe owned community or a community owned by an external client or field agency (third parties).
7.1.1. Mediaprobe owned communities
Members of Mediaprobe owned communities agree to provide Mediaprobe with personal data, such as: name, address, age, email, telephone contact (requested in extraordinary conditions, only for direct contact in case of clarification of doubts or collection / shipping of the sensor).
This data is treated, ensuring its protection and safety, for sample definition purposes, technical support, and to manage the delivery and retrieval of the sensors.
To all effects, the fieldwork for Mediaprobe owned communities acts as an external supplier: access to personal data databases is only granted to fieldwork operational staff and in any circumstances there is the possibility of crossing personable identifiable information with the data collected during monitoring sessions. The master file linking subjects’ Personal Information to internal user ID’s (aka pseudonymized data and referred to as “Common Id” in client-facing technical documentation) is only accessible to the sample management staff.
The data collected during monitoring sessions (physiological data, declarative dial data, survey responses and audio fingerprints) are collected, stored, and treated completely in pseudonymised format. Audio fingerprints are hash-coded representations of audio (non-reversible and nonaudible) that do not allow to identify the participant and are used to identify the TV channel participants are watching and synchronize the physiological data with the content. This information is discarded immediately after synchronization, during the monitoring session. Physiological, declarative and survey responses are accessed and treated pseudo-anonymously by the research staff and in any circumstances, there is the possibility of crossing personable identifiable information with this data.
The detection of faulty sensors is an automatic process (the data processing pipeline detection records with 3 or more compromised signals). This detection triggers a process for the research/technical staff to validate if the signal is faulty. If this is confirmed, the research/technical staff flags this participant to the fieldwork operational staff using the Common Id.
7.1.2. Communities managed by third parties
A significant number of participants in Mediaprobe studies belong to third party communities and are managed by fieldwork agencies external to Mediaprobe.
In this case, Mediaprobe does not collect or store any personal data, unless required by the client (e.g. in case the client requires automatic password recovery for participants, then Mediaprobe will store e-mail addresses). In case the client requires Mediaprobe to store e-mail data, this data shall only be used for automatic reset and retrieval of password. The client should explicitly agree in written form to consent that Mediaprobe stores this data and should communicate this fact to the participant. This information will not be stored for longer than required (information is stored while the participant is active in the community) and is subject to the same security requirements applicable to Mediaprobe personal data.
All information about participants is exchanged between the fieldwork partner and Mediaprobe in pseudo anonymous format, using user ID’s (referred to as “Common Id” in technical documentation) and in any case there is the possibility of crossing personal data with the data collected during sessions. The master file linking data subjects Personal Information to user ID’s (Common Id) is kept on the side of the fieldwork partner. Mediaprobe does not provide subject level identified results.
Although fieldwork partners are usually contracted by the end-client, Mediaprobe must assure that all fieldwork partners meet the requirements of this data privacy and protection policy, offer adequate level of data protection, and follow applicable national guidelines and regulations.
The data collected during monitoring sessions (physiological data, declarative dial data, survey responses and audio fingerprints) are collected, stored, and treated completely in pseudo anonymous format. Audio fingerprints are hash-coded representations of audio (non-reversible and nonaudible) that do not allow to identify the participant, are used to identify the TV channel participants are watching and synchronize the physiological data with the content. This information is discarded immediately after synchronization, still during the monitoring session. Physiological, declarative and survey responses are accessed and treated anonymously by the research staff and in any circumstances, there is the possibility of crossing personable identifiable information with this data.
The detection of faulty sensors is an automatic process (the data processing pipeline detection records with 3 or more compromised signals). This detection triggers a process for the research/technical staff to validate if the signal is faulty. If this is confirmed, the research/technical staff flags this participant to the third-party fieldwork using the Common Id.
7.2. Personal Data provided by clients
The Mediaprobe client databases are saved on the Mediaprobe AWS account, accessible only to those responsible for the sales, financials and accounting departments. Moreover, databases are stored in password-protected cloud-based CRM’s (e.g., Salesforce). This data should only be used for budget proposals and billing services.
Once the partnership is terminated, the data should be deleted from our database. The documents resulting from work with the client, remain stored for the minimum time stipulated by the Portuguese law, only for accounting purposes.
Mediaprobe tracks, for security reasons, the IPs of the users of the client-side platform. This data should never be cross-reference to specific clients, except in acknowledged cases of security breaches.
All aspects of data (including, but not limited to, personal data transfer between Mediaprobe and clients) should be regulated by specific MSAs, and follow the general guidelines delineated in this document.
7.3. Personal Data provided by employees
In employment relationships, Personal Data can be processed to initiate, carry out and terminate the employment contract. All personal data provided by employees must serve a specific purpose. This information is properly stored in the Mediaprobe AWS account, accessible only to those responsible for the accounting and human resources departments. All data collected must be provided freely and must correspond to the truth.
If the candidate is not accepted his/her data will be deleted observing the required retention period unless the applicant agrees to remain on file for future selection processes. In case of dismissal, the data must be deleted or stored for the period stipulated in Portuguese Law. Personal data may also be processed, if necessary, to enforce a legitimate interest of Mediaprobe, where applicable laws allow for the processing of Personal Data based on legitimate interest.
The work material provided to each employee to perform their duties at Mediaprobe, as well as email or cellphones, are owned by Mediaprobe and may not be used for personal use. Yet, they cannot be consulted by anyone other than employees or without their authorization and supervision. Providing passwords or personal access is strictly prohibited.
Business data, contacts, or other information about the company, are strictly confidential, and no employee should use this information for personal or extra business purposes. In case of non- collected through the website compliance, legal steps will be taken.
7.3.1. HR Recruitment
Mediaprobe guarantees the safeguarding of the right to data protection, which are provided voluntarily and authorized by the Data Subject, and will be treated confidentially, in accordance with the law in force.
The information and personal data contained in the Curriculum Vitae or other similar document sent by any candidate to a job, by mail or other support, are processed with the purpose of recruiting and selecting candidates.
By providing such information and personal data to the company, the applicant gives his or her consent to have his/her information and personal data processed by the company.
Such information and personal data will not be marketed or assigned to third parties.
The provision of any sensitive data will be processed for the purpose of recruitment and selection of candidates if they are relevant for such purposes, considering that the data are provided based on the consent of the data subject.
Candidates are entitled at any time, in accordance with the law in force, to access, rectification, erasure, limitation or opposition to the processing of data concerning them and must therefore use the space available for that purpose on the company’s website or by mail to info@mediaprobe.com, if they wish to exercise these rights. Applicants are also entitled to withdraw their consent at any time under the Act and to submit a complaint to a supervisory authority.
The company will keep the personal data of the candidates for the time needed to achieve the purposes for which they were collected. The data collected under this privacy policy does not constitute compliance with a legal or contractual obligation. However, if the candidate is selected the personal data will be used to prepare the respective contract. The data can be used to define profiles for the sole purpose of determining the candidate to be selected. If the applicant does not authorize to be subject to a decision based on the profile, he / she must expressly declare it or refrain from sending an application. The company has implemented appropriate technical and organizational measures to protect personal data against accidental, unlawful destruction, tampering, unauthorized access and disclosure and against any form of wrongful treatment.
Employees authorized to access personal data are bound by the duty of confidentiality.
7.4. Data collected through the commercial website (www.mediaprobe.com)
The policy regarding the data collected through the website can be found at https://www.mediaprobe.com/website-terms-conditions/ . The document assures that all users of the website:
- Users understand the information we collect.
- Users understand the reasons why we gather that information, as well as its utilization.
All personal data collected through the website is protected by the procedures published in Portuguese legislation (Law 67/98 de 26, October 26, complying with European Regulations (EU) 2016/679 of the European Parliament and of the Council, dated from April 27th, 2016.
8. Transmission of personal data
Mediaprobe does not transfer personal data to recipients outside the company.
During live monitoring sessions, Mediaprobe may transmit audio fingerprints to third party Audio Content Recognition (ACR) providers. However, audio fingerprints are hash-coded representations of audio (non-reversible and non-audible) that do not allow to identify the participant.
The company may receive personal data (e-mail address) from third party partners (like a fieldwork agency). In this case the supplier must agree in written form to consent that Mediaprobe stores this information and it must be assured that the Personal Data can only be used for the intended purpose (password recovery). This exception should be clearly indicated in the Statement of Work of Master Service Agreement to be signed with the end-client.
9. Confidentiality of Processing
All data processed in Mediaprobe, including, but not limited to Personal Data is subject to strict data secrecy. Employees should access the data on a need-to-know basis and the extent to which they access the data is stipulated within the functional description for their role and responsibilities. Any unauthorized processing of data is strictly forbidden.
Employees are forbidden to use companies’ data for their own private or commercial processes, to discuss them with unauthorized third parties or to share them in any format. Data secrecy obligations must be included in the work contract, stressed by managers during the hiring process and enforced in all-hands team meetings. This obligation is maintained after the employment has ended.
10. Data Processing Security and Audit
Data (including, but not limited to, Personal Data) must be protected from external or internal unauthorized access. Data processing security concerns should be present at every stage of IT development and the planning of every internal or external operational procedures.
The technical measures to grant data processing security should be agreed by the management (including the CTO and CEO). The measures for protecting data are part of the Information Security Policy and should be adjusted and audited on a continuous basis.
Compliance with this Data Protection Policy and the applicable data protection laws is checked regularly with data protection audits and other controls. The CTO oversees, reviews and changes this policy whenever justified, keeping in compliance with national and European laws (RGPD). Whenever necessary, external audit services can be hired to ensure that we are complying.
Mediaprobe’s performance on data security is the responsibility of the CTO. Mediaprobe clients may have audit rights when appropriate. External data protection audits may be made available when appropriate.
11. Data Protection Incidents
All employees must inform the CTO or the CEO immediately about cases of violations of this Data Protection Policy or other regulations on the protection of Personal Data, and the procedures of management crisis should be activated, according to the Incident Management Manual.
In case of unauthorized or improper transmission of Personal data to third parties or across borders, improper access or loss of Personal Data, a data breach incident should immediately be created, and all steps should be undertaken to assure that all lawful reporting duties and communication with clients or other stakeholders are managed.
12. Responsibilities and Sanctions
It is the responsibility of Mediaprobe’s management (CEO and CTO) to assure the policies in this Data Protection Policy are met.
Managers are responsible for implementing and enforcing the policies in each operational or technical team and all employees should comply with these policies.
Improper processing of Personal Data or violations of this policy and data protection laws might be criminally prosecuted and result in claims for compensation. Violations by employees may further be subjected to sanctions under employment law.
Updated in November 2022.
Also read our Social Media Disclaimer.