MARU/EDR LIMITED, trading as MARU/MATCHBOX UK LIMITED, (“we”, “our”, and “us”) is committed to protecting and respecting your privacy. We are part of the MARU Group and are a UK based research agency.
This policy sets out the basis on which any personal data we collect from you, or that you provide to us, or that we have received from a third party source will be processed by us.
Please read the following policy carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting this webpage (“our site”) and continuing to participate in the survey, you are accepting and consenting to the practices described in this policy.
Our site may, from time to time, contain links to and from partners’, advertisers’, affiliates’ and social network sites. If you follow a link to any of these websites, please note that these sites have their own privacy policies and that we do not accept any responsibility or liability for those policies. Please check their privacy policies before you submit any personal data to those websites as they may not be on the same terms as ours.
In accordance with the Market Research Society Code of Conduct for Internet Surveys, in order to take part in any survey or questionnaire from our website, you must be over 16 years of age.
References in this policy to “data protection law” mean (as applicable) the Data Protection Act 2018, the General Data Protection Regulation (Regulation (EU) 2016/679) and all related data protection legislation having effect in the United Kingdom from time to time.
References in this policy to “data” or “information” include “sensitive personal data” and “special categories of data” (as defined under data protection law) where applicable.
1. Our details
1.1 For the purposes of our business we are the data controller of our own business information and data including our employee data.
1.2 In respect of processing that we undertake on behalf of our clients we are the data processor and our client is the data controller who determines the purpose and means of the processing of personal data which they provide us with.
1.3 Our data protection officer can be reached at firstname.lastname@example.org
2. How we use your information
2.1 The following sections set out why we are processing your information, what information we collect, the legal basis for and duration of our processing of your information and (if applicable) who your information will be shared with and where those recipients are based.
Which information do we process and for what purpose?
2.2 We process the following information from you:
2.2.1 Information you give us. This is information about you that you give us by filling in forms on our site. It includes information you provide when you register to use our site, request marketing information, use our online chat feature, enter a competition, promotion or survey and when you report a problem with our site. The information you give us may include your name, address, email address, phone number, date of birth and gender.
2.2.2 Surveys and Panels. Where information is volunteered and subsequently collected that can identify you this is used to provide insights and information that allow our clients to create more efficient and effective products and services for their customers. You will not be contacted by us unless you have specifically consented to us doing so.
2.2.3 Competitions and Draws. Where your information is required to identify whether you are the winner of a competition or draw this may be revealed to the appropriate client. Please refer to the individual competition rules which will refer to the requirements for publicity of winners’ names.
2.2.4 Information we collect about you. Like most other website operators, we collect non-personally identifying information of the sort that web browsers and servers typically make available. This includes technical information and information about your visit, such as records of how you navigate the pages on our site and how you interact with the pages.
2.2.5 We process information you give us and that we collect about you for the following purposes:
184.108.40.206 to fulfil our obligations under the contracts between us and our clients;
220.127.116.11 to improve our services;
18.104.22.168 to ensure that content from our site is presented in the most effective manner for you and for your computer;
2.2.6 Information obtained from or provided by third parties. We obtain or are provided with information, such as your name, address, email address, phone number, date of birth and gender which we have been supplied by third parties from whom you have recently purchased or used goods or services (“our clients”). We will also receive information about you if you use any of the other websites we operate, which include eMysteryShopper.com, eCustomerOpinions.com, eGlobalPanel.com, eDigitalCommunities.com, eDigitalForums.com, ePanelManager.com and eProductRating.com.
2.2.7 We process information we obtain from or are provided by third parties in order to fulfil the contractual obligation between us and our clients the purpose of which is to understand and improve the service provided by our clients.
What are the grounds for processing your information?
2.3 We are processing your data on the following ground(s):
2.3.1 you have previously given your consent to our client to the processing for the purposes stated in section 2.2, above; and/or
2.3.2 the processing is necessary for achieving our clients’ legitimate interest of receiving your feedback in respect of the goods or services you have used or purchased from them. In accordance with data protection law, we have carefully weighed your interests and fundamental rights and freedoms against our clients’ interest to process your information and are satisfied that we are justified in processing your information for this purpose
Duration and further processing
2.4 We will regularly review the personal data which we are holding about you, and will delete it as appropriate. We will store your personal data for no longer than is necessary for us to fulfil the purpose for which it was obtained, provided that we have a reasonable commercial case for doing so, and in any event for no longer than 2 years after the project has completed. If we need to keep your information for a longer period then we will notify you of the reason and grounds for doing so.
2.5 To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. We maintain a data processing register for each project we undertake.
Who is your information shared with?
2.6 In order to achieve the purpose(s) set out in section 2.2 above, we will share your data only with the following people or group of people:
2.6.1 our clients to whom your personal data is relevant;
2.6.2 if necessary for the specific project in question, other companies within the Maru Group; and
2.6.3 in the case of telephone interviews undertaken on our behalf, to The Telemarketing Company Ltd (“TTMC”), a company incorporated in England and Wales with company registration number 2475469. TTMC conduct telephone interviews on our behalf for the purpose of gathering your feedback in relation to goods or services you have purchased from our clients. Telephone interviews will be recorded and stored for monitoring purposes.
2.6.4 in the case of SMS surveys undertaken on our behalf, to Dynmark International Limited trading as Comapi (“Comapi”), a company incorporated in England and Wales with company registration number 4343332, or OpenMarket Ltd, a company registered in England and Wales with company registration number 04009908. Comapi and OpenMarket send SMS messages on our behalf for the purpose of gathering your feedback in relation to goods or services you have purchased from our clients, in accordance with our obligations under the contract between us and our clients. These organisations have no autonomy and carry out tasks only under MARU's clear instructions which is explicit within agreed contracts between both parties.
2.6.5. We might ask third parties to carry out certain business functions for us, such as IT support and data hosting services. Any third parties involved will provide sufficient guarantees to implement appropriate technical and organisational measures for data protection. However, MARU, as a data processor, will engage with other processors only under the written authorisation of the data controller and will be held liable for their non-fulfilment of obligations.
2.8 We share aggregated demographic information with our partners and clients; this is not linked to any personal information that can identify any individual person or organisation.
2.9 We will disclose your personal information to third parties:
2.9.1 if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or to protect our rights, property, or safety, or that of our clients, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
2.10 We may transfer your personal information to a member of the Maru Group, which means our affiliated companies, including our parent holding company and its subsidiaries, located in Canada, USA, the UK and/or Latin America. Selected third parties including: business partners and customers (as described in 2.6 above); Except as described above, the data that we collect from you will not be transferred to or stored at a destination outside the European Economic Area (“EEA”) without your prior consent Automated decision making
2.11 We do not make automated decisions about you based on your information.
2.12 Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmission to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
3. Your Rights
3.1. Under data protection law you have the following rights:
3.1.1 if we are processing your data on the basis of your consent then you have the right to withdraw that consent at any time. Consent can be withdrawn by and notifying us using the details set out in section 8 below. The lawfulness of our historic processing based on your consent will not be retrospectively affected by your withdrawal of consent;
3.1.2 the right to access a copy of your information which we hold. This is called a ‘subject access request’. This includes but is not limited to the right to know what information we gather, process and store, what we do with it, who we share it with and how long we keep it for. Additional details on how to exercise this right are set out in section 5, below;
3.1.3 the right to prevent us processing your information for direct marketing purposes and other situations prescribed by law. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us using the details set out in section 8, below;
3.1.4 the right to object to decisions being made about you by automated means. We will inform you if your information is subject to automated processing;
3.1.5 the right, in certain circumstances, to have your information rectified, blocked, erased or destroyed if it is inaccurate;
3.1.6 in certain circumstances, the right to request the information we hold on you in a machine readable format so that you can transfer it to other services. This right is called ‘data portability’. Besides that, you can also ask us to directly transfer the personal data to another data controller at your choice, when technically feasible. This right is called ‘data portability’ and shall not be exercised to affect the rights and freedoms of others.
3.2 For further information on your rights under data protection law and how to exercise them, you can contact our Data Protection Officer: email@example.com or the Information Commissioner’s Office (www.ico.org.uk).
4.2 We use “cookies” to gather statistical information that helps us understand what users find interesting and useful on both our own and our clients’ websites. Users can decline the cookies by adjusting the “accept cookies” setting on their browser, however, this may affect the functionality of our surveys on client web sites. We may also embed a piece of code into pages of certain client sites. This gives us statistical site usage information about how the site is used. We aggregate this information to provide our clients with a closer understanding of how visitors use their site. We do not use this code to collect any personally identifiable information.
5. Access to Information
5.1 You have the right to access information held about you by making a written request to us. You must send us proof of your identity, or proof of authority if making the request on behalf of someone else, before we can supply the information to you. Requests should be sent to firstname.lastname@example.org. In certain circumstances, you will be entitled to receive the information in a structured, commonly used and machine readable form.
5.2 We will be allowed to charge you for our reasonable administrative costs in collating and providing you with details of the requested information which we hold about you, if your request is clearly unfounded or excessive. We are also entitled to do so if you request further copies of your data.
7.1 You have the general right to complain to us (in the first instance) and to the Information Commissioner’s Office (if you are not satisfied by our response) if you have any concerns about how we hold and process your information. Our contact details are set out in section 8, below. The Information Commissioner’s Office website is .
9. Changes to this Policy
MARU encourages you to periodically review this Policy to stay informed of how we manage your personal information. If any changes are made to this Policy, MARU will revise the “Last Updated” date that is indicated on the Policy.
Last Updated: October, 2021