DEMREF WEBSITE PRIVACY NOTICE

DemRef is a global data company and provider of polling insights, we take privacy and data security very seriously, and believe that everyone’s personal data should be handled responsibly and ethically. We’ve tried to make this notice as easy to read as possible, but if anything is unclear, please contact us at dataprotection@demref.com, and we’ll be happy to clear it up.

What this notice covers

As an organisation that relies on the use of personal data, DemRef is responsible for collecting and using your data in a responsible and secure way, and that starts with clearly telling you how we collect, use and protect your personal data. This notice sets out our use of cookies when you visit our website

DemRef is made up of a number of companies, each of which separately controls the data provided to it by visitors to our website. DemRef Ltd (referred to as “we”, “us”, “our” or “DemRef”) is the controller of your personal data. This means we choose why and how that data is processed.

Our use of cookies

When you visit our website, we collect information using cookies and similar technologies. This section tells you about the cookies that we use, what they do and your choices when it comes to cookies.

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Performance Cookies

These cookies allow us to count visits and traffic sources, so we can measure and improve the performance of our site. They help us know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies, we will not know when you have visited our site.

Functional Cookies

These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third-party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

Targeting Cookies

These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Your choices when it comes to cookies

Managing cookies via your preferences

When you accessed this website you were presented with an alert that offered you a choice about whether to accept or reject cookies, with the exception of strictly necessary cookies (which are outlined above).

Managing cookies on your device

You can also choose how web browser cookies are handled by your device via your browser settings. If you choose not to receive cookies at any time, websites may not function properly and certain services will not be provided. Each browser and device is different, so use the following links to find information on how to manage cookie settings on certain browsers via the following links:

  • Cookie settings in Chrome
  • Cookie settings in Firefox
  • Cookie settings in Internet Explorer
  • Cookie settings in Safari

How long we’ll keep your data

We will only retain your personal data for as long as needed to fulfil the purpose of each cookie we use, or until you change your cookie preferences in the ways outlined above. 

Who we may share your personal data with 

In order to use your personal data in the ways described above, we may share it within DemRef and with trusted third parties who provide services to us. Here is some more information about the types of organisation and what we may share with them. 

DemRef Group companiesDemRef is a global organisation. This means that some of the personal data that we collect may be transferred to companies in the DemRef group that are in different countries. For example, if teams in other locations needed access to cookie data for analytics purposes. 
Our service providers We work with trusted service providers that carry out certain functions on our behalf so we can provide our services to you. These organisations process data on our behalf. They only have access to the personal data that they absolutely need to provide the specific service to us, and in all cases we have contractual safeguards in place to ensure that they do not disclose or use it for any other purposes. 

Our service providers fall within the following categories: 
  • Cloud & physical data storage (data storage, which is managed by DemRef Services Limited)&
  • Web application firewall (protects web applications by filtering and monitoring HTTP traffic between a web application and the Internet)
  • Cookie consent management platform (enables us to tell you about and seek consent for our use of cookies) 
Other organisationsThese circumstances are unusual, but we may share personal data with other organisations if: 
  • We have to share your information to comply with legal or regulatory requirements (or we reasonably believe that we need to disclose your information for such purposes)
  • We need to share personal data in order to establish, exercise or defend our legal rights, including with our legal and other professional advisors
  • We restructure our business or if we buy or sell any business or assets we may share your data with the prospective buyer or seller
  • All or substantially all of our company assets are acquired by another party, your data will be one of the transferred.

Transferring personal data outside the EEA 

If you are based in the European Economic Area (“EEA”), or Switzerland, we take all steps possible to ensure that your personal data remains within those areas. However, in some cases we need to share data with other DemRef group companies or third parties that are in countries outside those areas. These countries may not have similar data protection laws and so they may not protect the use of your personal information to the same extent

In these cases, we put in place appropriate safeguards to make sure your personal data remains adequately protected. Specifically, we make use of the following: 

  • Standard contractual clauses: we use standard contractual clauses for the transfer of personal data to organisations outside the EEA. These contractual commitments have been adopted by the European Commission and ensure adequate protection for personal data transferred to countries outside the EEA by binding recipients of personal data to certain data protection standards including obliging them to apply appropriate technical and security measures. We use standard contractual clauses when we transfer data to other DemRef Group companies and for transfers to recipients that are not located in a country covered by an adequacy decision (see below). 
  • Adequacy decisions: where the European Commission, or other relevant competent authority, has determined that a country outside the EEA or Switzerland offers an adequate level of data protection, personal data may be sent to that third country without implementing any other safeguards mentioned above. DemRef may rely on adequacy decisions when transferring data to companies based in countries where such assurances have been given. 

How we store and protect your personal data

We do everything we can to protect your personal data from loss or misuse, and from unauthorised access, disclosure, alteration and destruction. This section describes some of the measures we take to ensure that your personal data is secure: 

  • We use data centres that have a high level of physical security measures to host and protect your data and our systems; 
  • We conduct independent penetration tests on an annual basis and are continuously scanning our systems and applications for vulnerabilities in our systems; if you ever think that you have found a security issue or vulnerability in one of our systems, please let us know at security@demref.com; 
  • We use encryption to secure your personal data whilst it is in transit using TLS and in storage using AES256 encryption
  • We allow access to attributable data (by which we mean data that directly identifies you) only to those DemRef employees and contractors who need it to carry out their job responsibilities, for example our support team to allow them to respond to you when you contact us; 
  • We make security the responsibility of all our employees and contractors and we train our staff to identify security risks and protect your data. 

Our website may from time to time contain links to and from other websites. If you follow a link to any of those websites, please note that those websites ought to have their own privacy notices and that we do not accept any responsibility or liability for those websites. Please check those privacy notices before you submit your information to those websites. 

Your rights 

You have certain rights in relation to the personal data that we hold about you, which are designed to give you more choice and control over your personal data. These rights are explained below. Please note that as this notice relates to our use of cookies, it may be difficult or even impossible for us to identify you within our systems without additional information. If you have provided information via a webform, for example, a contact or download form, please refer to our Client & marketing privacy notice. 

RightWhat does this mean?
The right to request access to personal data You can request confirmation that we are processing your personal data, and a copy of the data we hold about you and related information (including when you gave us permission to use your data). 
The right to request rectification of personal data You can ask us to correct any inaccurate data about you and to complete any incomplete data that we hold about you. 
The right to request erasure of personal data The right to request erasure of personal data 
The right to withdraw consentWhenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent. 
The right to request a restriction on processing of personal data You can request that we restrict our use of your data to storage only, that we stop using it for all other purposes or that we retain data that was due for deletion. 
The right to object to the processing of personal data You can object to certain types of processing of your personal data in certain specific circumstances.
The right of data portabilityWhenever you have given us your consent to use your personal data, you have the right to receive a copy of your personal data in a structured and machine-readable format and, where possible, have this sent to another organisation. 

How to contact us 

If you have questions about this notice, or about how we collect, store, and use personal data, or wish to exercise any of the rights described in the Your rights section of this privacy notice, you can contact our Data Protection Officer –  

By email: dataprotection@DemRef.com

Updates to this notice 

This notice was last updated on the date that appears at the beginning of the notice. While we reserve the right to change this notice at any time, if any material changes are made, we will let you know via email or any other appropriate means to give you the opportunity to review the changes before they become effective.