Privacy & Cookies Policy

This policy was last updated on 27 April 2018.


About this policy

This policy explains how we collect and use personal data from and about visitors to our website and app and OnePoll panel members.

This policy does not apply to the website, apps, products or services of any other organisations that you may access through links on our website or app or how any third party organisations which advertise products and services on our website and app collect and use your personal data to offer relevant online advertising to you (see Cookies).

Our objective is to ensure that you are never surprised by how your personal data has been used by us. You are therefore encouraged to read this policy, which sits alongside our Terms and Conditions.

As we make changes to our website and app, we may need to update this policy. If we make any important changes that affect your rights and interests, we will make sure we bring this to your attention and explain what this means for you.

If you have any questions in relation to this policy or wish to exercise any of Your rights under data protection law, you should email members@onepoll.com.

Who we are

This website and app is operated by 72 Point Limited trading as OnePoll (we/us). We are a private limited company registered in England and Wales under company number 4092908. We are registered as a data controller with the UK Information Commissioner's Office under number Z8020853.

The data we collect about you

Personal data means any data that identifies or can be used to identify a person. It does not include data where the identity has been removed (anonymous data).

You may provide the following kinds of data to us:

  • your name and contact details when you contact us, sign up as a panel member, or enter any prize draw, competition or promotion offered by us
  • your login details when you sign up as a panel member
  • your responses to survey questions which may be composed of yes/no or single choice questions, multiple choice questions and text fields
  • your sort code and account number or email address linked to your PayPal account
  • the content of any messages you exchange with us by email and any posts and messages directed to us on social media
  • the email addresses of friends and family you want to refer to us

We may collect the following kinds of data about you:

  • the IP address assigned to you or to someone who provides you with Internet access
  • technical data about the device used by you to visit our website or access our app including the type of device, operating software, browser and browser plug-ins and the screen resolution and time zone setting of your device
  • data about how you browsed and searched our website or used our app including how you arrived at our website or downloaded our app, the time and frequency of your visits, the time spent by you on each page, how you interacted with the website or app, the links that you click, documents you download and content that you view
  • your location (the IP address assigned to you or to someone who provides you with Internet access may indicate the country or city from which you have visited our website or app)

We may also collect and use data that is derived from your personal data but which does not directly or indirectly reveal your identity. This data may be combined with data collected about other visitors to our website or app to calculate the percentage of visitors that view a particular page or the most popular time of day when our website is viewed or our app is used, for example. This is not considered personal data under the law unless we combine it with other data that can be used to directly or indirectly identify you.

Sensitive personal data and data about criminal convictions and offences

Some surveys may require you to provide responses which reveal or could reveal details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and information about criminal convictions and offences.

These 'special categories of personal data' require a higher level of protection and we must obtain your explicit consent to process such personal data. Where any survey contains questions that require the collection of special categories of personal data, you will be asked to confirm that you consent to the processing by us.

How your data is collected

The data that you may provide to us will generally be collected when you fill in a form or complete a survey through our website or app.

How we use your data

We will only use your personal data when the law allows us to. We will generally rely on one of three legal grounds for using your personal data:

  • where we need to perform the contract we are about to enter into or have entered into with you (see our Terms and Conditions)
  • where necessary for our legitimate interests or those of a third party, provided those interests do not override your fundamental rights and interests
  • where we need to comply with a legal or regulatory obligation

Generally, we do not rely on consent as a legal ground for using your personal data, except where any survey requires you to provide responses that may include Special categories of personal data and data about criminal convictions and offences or in relation to sending you marketing by email or text message.

You have the right to withdraw your consent to our holding or processing any special categories of personal data and data about criminal convictions and offences and to receive marketing from us by email or text at any time either by contacting us, clicking the unsubscribe link in an email or replying to a text message with the required words notified to you in each text message.

Specifically, we will use your personal data as follows:

Purpose(s) Type(s) of data Legal ground(s) for use

Registering you as a new customer/user

Contact details

Username and password

Performance of our contract with you

Contacting you about surveys that may be of interest to you or which match any demographic data that you have provided to us

Contact details

Performance of our contract with you (or explicit consent, where special categories of personal data or data about criminal convictions and offences is requested)

Contacting you with news about us and our service

Contact details

Consent

Paying any credits and rewards due to you

Email address (linked to PayPal)

Sort code and account number

Performance of our contract with you

Collecting responses to surveys on behalf of our customers

Survey responses including demographic data

Performance of our contract with you

Understanding how you use our website or app

Technical data about your interactions with our website or app

Legitimate interests

Who we share your data with

We do not sell any personal data for commercial purposes. All survey responses are aggregated and anonymised before being shared with our customers so that the data cannot be used to directly or indirectly identify you.

We may have to share your personal data with:

  • service providers including our hosting provider, email marketing platform and analytics provider
  • HM Revenue & Customs, the tax authority in the UK who require reporting of our processing activities in certain circumstances
  • any third parties to whom we may choose to sell, transfer or merge parts of our business or assets or third parties we may seek to acquire or merge with (if any change happens to our business, the new owners may use your personal data in the same way as set out in this policy)

Where your data is stored

Some of the service providers that we use in connection with our website, the app and the services provided through it are based outside the European Economic Area (EEA), which means that your personal data may be transferred outside the EEA. Whenever we transfer your personal data outside the EEA, we ensure that a similar degree of protection applies to your personal data in one or more of the following ways:

  • the country to which your personal data is transferred is deemed by the European Commission to provide a similar degree of protection for your personal data
  • we have entered into a specific contract with our service providers that has been approved by the European Commission as providing a similar degree of protection for your personal data
  • where any service provider is based in the US and they have self-certified under the EU-US Privacy Shield Framework which requires them to provide a similar degree of protection for your personal data

How we keep your data secure

We have put in place appropriate security measures (for example, access to our website and the app and the transmission of survey responses is secured using 'https' technology which encrypts data by Transport Layer Security (TLS)) to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

We also limit access to your personal data to those within our organisation that have a need to access it. They will only process your personal data on our instructions and they are required to keep your personal data confidential.

We have put in place procedures to deal with any suspected personal data breach and will notify you and the Information Commissioner's Office or any other relevant regulator where we are legally required to do so.

How long we keep your data for

We will only keep your personal data for as long as necessary in connection with the purposes we collected it for and to comply with any legal, accounting or reporting requirements. To determine how long we keep your personal data for, we consider the amount, nature and sensitivity of the personal data, the purposes for which it was collected and the potential risk of harm from us continuing to keep it.

If we have paid you any money in return for completing surveys on our website or app, we will retain details of such payment for a period of six years from the date of payment for tax purposes.

Where you have completed a survey to help us identify surveys that may be of interest to you, or which match any demographic data you have provided us, we will retain such data until you tell us that you no longer wish to be a panel member by email to members@onepoll.com.

We will retain personal data relating to email marketing data (see Marketing) until you unsubscribe or your email address has become permanently unavailable.

If you have referred any friends and family to us, we will delete their details after 90 days if they have not signed up as a panel member.

We will retain the analytical data collected about your use of our website and app for a period of 25 months before 25 May 2018 and 14 months on and after 25 May 2018 [1].

We may retain any data that does not identify you indefinitely.

Cookies

This website and app use cookies and similar technologies (such as beacons and pixels).

Cookies are small text files that are stored on your device and contain a uniquely generated reference which is used to distinguish you from other people each time you visit our website or app, even if the IP address of the device used by you to visit our website or app changes. None of the cookies used on our website or appstore data that can directly identify you.

You can read more information on cookies and how they work at All About Cookies.org and information about how online advertising works at Your Online Choices (these are third party website or apps that we do not control).

The cookies used by our website and app fall into the following categories:

  • Strictly necessary cookies: these are required for the effective and secure use of our website and app to include enabling you to send messages to us securely, log into secure areas of our website and app and to make payments securely
  • Analytical cookies: these are used to recognise when you visit our website and app and how you interact with it so that we can improve the way our website and app works
  • Functionality cookies: these are used to recognise when you visit our website and app so that we can personalise our content for you and remember your preferences
  • Targeting cookies: these are used to ensure that the advertising displayed on our website and app is more relevant to you and your interests. We may share this data with third parties for this purpose

We are required to obtain your consent to all cookies except those that are strictly necessary. You will be asked to confirm your consent when you first visit our website and you can change your cookie settings for our website at any time.

Alternatively, you can clear cookies after you visit our website, use a tracking blocker such as Privacy Badger or, for the analytical cookies stored by Google, install the Google Analytics opt-out extension.

The specific cookies used by our website or app are as follows:

Cookie Type Duration Further details
01PHPSESSID Strictly necessary End of session Creates a unique identifier for your browsing session on our website or app which is used to store user preferences and for security purposes.
SRVNAME Strictly necessary End of session Creates a unique identifier for the current survey you are completing which is used to remember your responses from one question to the next.
onepoll Strictly necessary 1 minute Creates a unique identifier for your browsing session when you have signed into the panel members' area on our website or app which is used to store user preferences and for security purposes.
_unam Targeting 1 year Used by the ShareThis service to monitor 'clickstream activity' such as the pages you viewed and time spent on each page. According to ShareThis, this data will only identify you if you have signed up for an account with them and consented to this. See the ShareThis privacy policy (where you can also opt-out of tracking).
_ga Analytical 2 years Used to distinguish you from other visitors to our website and or app. See Google Privacy Policy.
_gid Analytical 24 hours Used by Google Universal Analytics to identify new visits to our website or app.
_gat Analytical 1 minute Used by Google Universal Analytics to throttle the request rate.
devicePixelRatio Functionality 1 week Used to identify and record your device's resolution.
_utma Analytical 2 years Used to distinguish you from other visitors to our website or app. See Google Privacy Policy.
_utmb Analytical 30 minutes Used by Google Analytics to identify new visits to our website or app.
_utmc Analytical End of session Used by Google Analytics in conjunction with _utmb to identify new visits to our website or app.
_utmt Analytical 10 minutes Used by Google Analytics to throttle the request rate.
_utmz Analytical 6 months Used by Google Analytics to identify how you reached our website or app.

If you block or restrict cookies, you may not be able to use certain features of our website or app.

Email marketing

We use Dotmailer to manage our email marketing campaigns. This tool is formatted so that we can track whether you click any of the links contained in our emails. This helps us to understand what the recipients of our emails have found interesting and to personalise the content of emails that we may send to you in the future.

Dotmailer also uses tiny invisible images called 'pixels' that are contained within emails to enable us to see:

  • whether you opened an email
  • where in the world the device used to open the email was located (based on your device's IP address)
  • the type of email client used to open the email
  • whether you shared the email on any social media platforms
  • whether you marked the email as spam
  • your overall level of engagement with our email marketing campaigns

We use this data to improve the format and quality of our email marketing campaigns.

You have the right to withdraw your consent to marketing at any time either by contacting us or clicking the unsubscribe link in any email.

Your rights

You have a number of rights in relation to the personal data we hold about you:

  • Access: You have the right to request access to and be provided with a copy of the personal data held about you together with certain information about the processing of such personal data to check that are holding it lawfully
  • Correction: You have the right to ask us to correct any inaccurate or incomplete personal data held about you
  • Deletion: You have the right to ask us to delete or remove any personal data held about you where there is no good reason for us to continue holding it or where you have exercised your right to object
  • Restriction: You have the right to ask us to restrict how we hold your personal data, for example, to confirm its accuracy or our reasons for holding it
  • Objection: You have the right to object to our holding of any personal data about you which is based on our legitimate interests or those of a third party based on your particular circumstances. You also have the right to object to our holding your personal data for direct marketing purposes
  • Portability: You have the right to receive or request that we transfer a copy of the personal data we hold about you in an electronic format where the basis of our holding such information is your consent or the performance of a contract and the information is processed by automated means
  • Complaints: You have the right to complain to the Information Commissioner's Office (ICO) or any other EU supervisory authority in relation to how we collect and use your personal data

You will not have to pay any fee to exercise any of the above rights though we may charge a reasonable fee or refuse to comply with your request if any request is clearly unfounded or excessive. Where this is the case, we will let you know.

To protect the confidentiality of your personal data we will ask you to verify your identity before fulfilling any request in relation to your personal data.

Your feedback on this policy

Did you find this policy clear and easy to read? We would love to hear from you!



[1] With effect from 25 May, Google Analytics gives the option to change the default retention period for analytics data from 25 months to 14, 26, 38 or 50 months. The storage limitation principle (Article 5(1)(e) of the GDPR) requires that personal data should not be retained for longer than is necessary in connection with the purposes for which it was obtained. The retention period should therefore be set by reference to the purposes for which you use analytical data and when you no longer consider it relevant for analytical purposes.