Updated: March 2024 This privacy notice informs you how NielsenIQ collects and processes your personal data in connection with the Cleanfox Application.
NielsenIQ belongs to the group of companies listed
here and
here, which together form the "NIQ Group" (
"NIQ").
Where we refer to personal data below, we mean any information relating to an identified or identifiable living person. Personal data that has been anonymized in such a way that the data subject cannot be identified or can no longer be identified (anonymous data) is no longer considered personal data.
We may need to amend or update this privacy notice from time to time. Therefore, please read this privacy notice at regular intervals.
1. Controller, data protection officer
For the purposes of this privacy notice, the controller is:
NielsenIQ, which is located at 1 Rue Julius et Ethel Rosenberg, 95870 Bezons, France. We can be contacted by email at:
connect.privacy@smb.nielseniq.com NielsenIQ has appointed a data protection officer who can be contacted at :
dpo@hewardmills.com, mentioning "Cleanfox" in the email subject line.
3. Personal data categories, processing purposes, legal bases of processing and data storage periods or rules
(1) To create and manage your account;
(2) To personalize your service and user experience.
(1) Necessary for the performance of a contract (Art. 6(1)(b) GDPR).
(2) Your consent (Art. 6(1)(a) GDPR);
Stored until you delete your account or request the deletion of your data, subject to compliance requirements.
To service your email account; To communicate with you about the service
Necessary for the performance of a contract (Art. 6(1)(b) GDPR).
Stored until you delete your account. Email logs may be kept for a longer duration as per applicable law or for compliance purposes.
Data about your subscription services, newsletters, and promotions, and which may include or reveal Sensitive Personal Data as explained in section IV
To fulfill the service, including the processing of your unsubscribe requests; To analyze user interactions for improving the service and your user experience.
Necessary for the performance of a contract (Art. 6(1)(b) GDPR).
Anonymized data may be stored indefinitely; personal data stored elsewhere is removed upon conclusion of the purpose for which it is necessary, or within a timely period following account deletion.
Shopping transaction data, including item(s) purchased, price, payment type, delivery address, billing address, order number and order history, and which may include or reveal Sensitive Personal Data as explained in section IV
To produce anonymized or pseudonymized reports, including those relating to marketing, retail sales measurement and analysis, product advertising and marketing strategies and tools, consumer preferences and demands, product innovation and development, customers' purchasing decisions, histories and behaviors, competitor and market analysis and supply chain management
Your consent (Art. 6(1)(a) GDPR)
Anonymized data may be stored indefinitely; personal data stored elsewhere is removed upon conclusion of the purpose for which it is necessary, or within a timely period following account deletion or withdrawal of your consent.
As long as you are a member of the Panel, we process your transactional data from 2017 for statistical purposes and we keep on processing it until you opt out of the panel, delete your account or ask us to stop processing it.
Technical data: identification data, connection data, acceptance data and, where applicable, location data, unique device identifier, device manufacturer and model, operating system name and version, and Media Access Control (MAC) address
To ensure compatibility and improve service functionality; System administration.
Necessary for the performance of a contract (Art. 6(1)(b) GDPR); Legitimate interests (Art. 6(1)(f) GDPR) in improving service security and functionality
Stored for the duration necessary for the purposes for which it was collected, usually not exceeding your account life plus a period for system analysis and improvement.
Log and usage data (for example, IP address, MAC address, IMEI number, Mobile Advertising ID, etc.)
(1) system security measures. (2) To personalize your service and user experience.
(1) Legitimate interests (Art. 6(1)(f) GDPR) in monitoring and improving service functionality and security.
(2) Your consent (Art. 6(1)(a) GDPR);
Logs are stored for a short period necessary for troubleshooting and security, not exceeding 6 months to 1 year, then anonymized or deleted.
Location-based data (for example, we may receive data about the imprecise geolocation (latitude and longitude) of your mobile device through various means depending on the device you are using, including Global Positioning System (“GPS”), Bluetooth, or Wi-Fi signals/connections.
To personalize the service for example to adapt the language according to the user's location.
User consent (Art. 6(1)(a) GDPR); Legitimate interests (Art. 6(1)(f) GDPR) in understanding the geographical distribution of users for service improvement.
Stored for the duration necessary to provide personalized services or for audience measurements, then anonymized and/or deleted.
4. Sensitive Personal Data
The categories of personal data we process, as outlined in sec. III, may in certain instances include or reveal "sensitive personal data." Sensitive personal data is a subset of personal data under data protection laws, including the GDPR. It includes any information that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation. Our processing of sensitive personal data requires us obtaining your explicit consent or another legal basis as permitted under the GDPR.
First and last name, alias, home postal address, online identifiers (such as a cookie ID or mobile device ID), internet protocol (or IP) address, email address, account name to login to our Website,
As a quality control measure and to maintain the integrity of our digital research, we use a digital fingerprinting technology, also known as "machine identification" technology, to gather certain information about the device you use to participate in our research. This information is sent to a trusted third-party service provider that converts it into a unique serial number for your computer – the digital fingerprint – through the use of a proprietary algorithm and determines if it matches any previous digital fingerprint.
Directly from you (or another member of your household),Indirectly from you, such as when you use and/or interact with our Website and/or our App,
Data provider,
Our clients
Identifiers Demographic Information (including Protected Classification information)
Information about your unique demographic profile, including your age, state of residence, marital status or sex (such as gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions). Please note, these categories of information are dependent on the type of research in which you are invited to participate.
Directly from you
Data provider
Records or information about products or services that you have purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. This includes “behavior information,” such as when, why, or how you do things, such as how frequently you shop for groceries or use your computer, TV, or the Internet. It also includes “preference information,” which refers to the choices you make, such as which breakfast cereals you buy, which stations you listen to or watch, or the websites that you visit.
Directly from you
Data provider
Internet or Other
Similar Network
Activity Information
When you use and/or interact with our Website and/or our App, we collect certain information, including: (i) standard technical information from and about your device (e.g., your device ID, device manufacturer and model, operating system, and version, IP address); and (ii) log and usage information (e.g., our webpages that you visit, the dates and timestamps associated with your visits and certain transactions.
For more information, please see the “Cookies and Similar Technologies” section below.
Indirectly from you (i.e., passively when you visit and/or interact with our Website and/or our App
This refers to audio, electronic, visual, or similar information. This information is dependent on which survey in which you are asked to participate. Not all surveys will require this information.
Directly from you (video and sound recordings)
Professional / Employment Information
This refers to information, such as your job title, industry, and income range.
Directly from you
Data provider
Data collected via access your email account(s) and retail account(s), including subscriptions, commercial transactions, registration confirmations, and the promotions that you receive by email
Directly from you
Passively when you authorize us to collect these types of information
Other Personal Information
This refers to any physical characteristics or descriptions, such as your height and weight. This is dependent on the survey in which you are asked to participate.
This also refers to any information that you provide to us, enable us to collect, or voluntarily post or upload to our Website or our App (e.g., comments and requests).
Directly from you (video and sound recordings, photographs)
5. Recipients
We may share your personal data with other companies in the NIQ Group. Within the NIQ Group, only employees and departments with a “need to know” have access to your personal data and only to the extent necessary. Regarding the transfer of your personal data within the NIQ Group, the companies of the NIQ Group are either independent controllers, joint controllers or processors, depending on the processing activity.
We may transfer your personal data to recipients, who are usually processors, outside the NIQ Group. These third parties belong to the following categories of recipients:
- Clients in their capacity as independent controllers may receive non-sensitive personal data (transactional data) in a pseudonymized form that does not enable them to identify a Panelist;
- service providers for the operation of our application and the processing of personal data stored or transmitted by the systems (e.g. hosting or service providers for data centre services, payment processing or IT (Information Technology) security);
- consultants and service providers as independent controllers or joint controllers (for example: insurance companies or accounting service providers);
- persons who are subject to professional secrecy or are obliged to maintain confidentiality, for example lawyers, tax consultants and auditors;
- government agencies/authorities, to the extent deemed necessary to comply with legal obligations;
- persons involved in carrying out our business operations (e.g. auditors, banks, insurance companies, legal advisors, regulatory authorities, parties involved in company acquisitions or the establishment of joint ventures);
- recipients in the course of any reorganisations, mergers, disposals or other transfers of assets. We will then ensure that the recipient of your personal data agrees to handle it in a manner that complies with applicable data protection law and is compatible with the original purposes of the processing. We continue to ensure the confidentiality of your personal data and inform you about the transfer to another controller.
Where we use third party service providers (including processors), these third parties are subject to contractual obligations (e.g. a data processing agreement). These processors will only process your personal data in accordance with our prior written instructions and must take measures to protect the confidentiality and security of your personal data.
6. Transfers of Data outside the EU/EEA
Due to the international nature of our business, it may be necessary for us to transfer your personal data to other companies within the NIQ Group and to third parties outside the European Union (EU) and/or the European Economic Area (EEA) (“Third Countries”). For this reason, we may transfer your personal data to Third Countries that have different laws and data protection compliance requirements than the country in which you are located. The third countries concerned, for example, the United States of America, may not have the level of data protection that you enjoy under the GDPR. This can mean disadvantages such as an impeded enforcement of data subjects’ rights, a lack of control over further processing and access by state authorities. You may only have limited legal remedies against this.
Within the NIQ Group, we have concluded an intra-group data transfer agreement with the relevant transfer mechanisms (standard contractual clauses of the European Commission) to ensure an adequate level of protection for your personal data when it is transferred from the EU/EEA to third countries.
Insofar as we transfer your personal data from the EU/EEA to recipients in third countries that are not covered by an adequacy decision of the EU Commission, we achieve an adequate level of data protection by concluding standard contractual clauses of the European Commission or by means of binding corporate rules of our business partners and supplement these transfer mechanisms with further contractual, technical and organisational measures if necessary. Please contact
dpo@hewardmills.com, mentioning “Cleanfox” in the email subject line, to obtain a copy of transfer mechanisms.
7. Are you obliged to provide your personal data?
In principle, you are not obliged to provide your personal data. However, if you do not provide your personal data, we may only be able to provide you with limited services or not answer your enquiries. If the processing of your personal data is necessary for the fulfilment of a contract between you and us and you do not provide the required information, we may discontinue our contractual services. In this case, we will notify you in advance.
8. Your data subject rights
You have the following rights in relation to your personal data:
- right to access and right to receive a copy of your personal data: Art. 15, GDPR
- right to rectification: Art. 16, GDPR
- right to erasure: Art. 17, GDPR
- right to restriction of processing: Art. 18, GDPR
- right to data portability: Art. 20, GDPR
- right to object: Art. 21, GDPR: You have a general right to object, on grounds relating to your situation, if we process your personal data based on our legitimate interest. This means that you must always give reasons for your objection and the reasons for the objection must not result from the processing situation as such but must be justified in your person. We will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. Further, you have the right to object to the processing of your personal data for direct marketing purposes at any time.
- right to withdraw your consent, Art. 7 (3) GDPR: You can withdraw consent at any time with effect for the future by contacting us using the contact information in section 1.
- right to lodge a complaint, Art. 77 GDPR: In the event of a (suspected) infringement of applicable data protection laws, you may lodge a complaint with a supervisory authority.
We do not make decisions based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you (Art. 22 GDPR).
We will comply with your request without undue delay and in any event within one month of receipt of the request. This period may be extended by a further two months if necessary, considering the complexity and number of requests. NIQ will inform you of any such extension, together with the reasons for the delay, within one month of receipt of the request. This does not apply to right to withdraw consent, which we implement without delay within our statutory obligation.
9. Duration of the processing
We will only process your personal data for as long as is necessary to achieve the above purposes. For details, please see column “data storage periods or rules” in sec. III. Third parties engaged by us will store your personal data on their systems for as long as is necessary in connection with the provision of services to us in accordance with the relevant contract. We will delete or anonymise your personal data as soon as it is no longer required for the purposes described in this privacy notice and if we have no legal basis to further store your personal data.
In addition, the retention period may be extended if we are subject to statutory retention and documentation obligations (for France these are up to ten years). The retention period may also be based on the statutory limitation periods (for France this is up to thirty years, with the regular limitation period being three years). In certain circumstances, we may also need to store your personal data for longer, e.g. in connection with authority or legal proceedings.
Regarding the use and retention period of cookies, please note section 11.
10. Security
We protect your personal data from loss, misuse, disclosure, alteration, unavailability, unauthorised access and destruction and maintain the confidentiality of your personal data. This is also ensured using appropriate technical and organisational measures. We choose our security measures considering the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons and continuously improve them. Technical measures include, for example, the use of encryption (e.g. TSL encryption for personal data in transit), access control to our systems, monitoring of system resources and system messages, ensuring the availability and resilience of systems and services.
Organizational measures include, for example, defining roles and responsibilities, ensuring the correct and secure operation of information processing systems, regular training and awareness-raising of employees, as well as evaluating and assessing the effectiveness of the aforementioned measures.
Access to your personal data is only granted to employees, service providers or NIQ Group companies who require such access for the fulfilment of a business purpose or for the performance of their duties.
11. Cookies and other technologies we use
Our website contains cookies and other technologies (e.g. pixels, scripts) (together “Cookies”). Cookies are used to make our website user-friendly, effective and secure. Cookies are, for example, small text files that are stored on your terminal device and contain personal data such as personal settings and login information.
We use the following categories of Cookies:
- Performance Cookies: These Cookies allow us to track visits and website usage so that we can measure and improve the performance of our website. They help us understand which pages are the most or least popular, or to record error messages on the website. All analysis based on this information is aggregated.
- Functional Cookies: These Cookies allow us to improve the functionality and personalization of the website. They ensure that your website preferences (e.g., settings or filters) are maintained and help us to include third-party services on the website. Any analysis performed based on this information is aggregated.
- Advertising Cookies: These Cookies help us to better analyze the impact of our website and your interests, e.g. to show you personalized advertising or put other content on our or other websites. These may be displayed on our website or on third-party websites. In particular, the Cookie collects information about your browsing activities to understand which topics are relevant to you.
- Strictly Necessary Cookies: These Cookies are necessary for the functioning and management of the website and cannot be disabled in our systems. They are usually set based on your input, such as when you set your Cookie preferences, log in, or fill out forms. You can set your browser to block these cookies, but then some parts of the website will not work.
We use first- and third-party Cookies. First party Cookies come from our platform and send information only to us; third party Cookies are placed on our website by third parties and send information about your device to other companies that recognise the Cookie. We use session Cookies, which are only stored for individual online sessions and are deleted when you close your browser; and persistent Cookies, which are deleted when they reach their expiry date or are deleted by the user.
We place Strictly Necessary Cookies to provide you with a tele media service or other equivalent information society service expressly requested by you. The subsequent processing of Strictly Necessary Cookies is based on our legitimate interest to provide you with a technically optimized, user-friendly and appropriate website or your consent (as applicable). We use other Cookies only with your consent. Where we rely on consent, you can withdraw your consent at any time with effect for the future, e.g. by managing your Cookie settings on our site.
A list of Cookies used by our website can be found in the following:
Cleanfox.io (api web storage)
Interface language preference.
Cleanfox.io (api web storage)
Local backup of the user's choices for using the service
Cleanfox.io (api web storage)
Temporary 30-day authentication ID to prevent reconnection.
Cleanfox.io (api web storage)
Measure the performance of the site to improve it and make sure the user can connect
Cleanfox.io (api web storage)
Measure the performance of the site to improve it.
Cleanfox.io (api web storage)
Detect errors and measure the stability of the site.
Cleanfox.io (api web storage)
Change the behavior and appearance of the application without needing to update it.
Cleanfox.io (api web storage)
Receive notifications from Cleanfox when opt-in
Cleanfox.io (api web storage)
Detect errors and measure the stability of the application.
Cleanfox.io (api web storage)
Measure the site audience to improve it.
Measure the site audience to improve it.
Measure the site audience to improve it.
Measure the site audience to improve it.
Measure the site audience to improve it.
Measure the site audience to improve it.
Cleanfox.io (api web storage)
Measure the site audience to improve it.
We also use the following third party technologies:
We use the Adjust SDK to help us understand how users interact with our app. This SDK may set cookies or similar technologies on your device to collect data about your app usage, such as which features you use and how often. This data is used in an anonymized or pseudonymized form and does not directly identify you.
Adjust collects advertising information about you only if you gave your consent.
Here are some key things to keep in mind about the data collected by the Adjust SDK:
Limited data collection: The Adjust SDK focuses on app usage data and does not collect personal information like your name, email address, or phone number.
Anonymization or pseudonymization: The data collected is anonymized or pseudonymized, meaning it cannot be directly linked back to you as an individual.
You can find more information about Adjust's privacy practices on their website:
https://www.adjust.com/terms/privacy-policy/ Adjust acts as a data processor within the meaning of article 28 of the GDPR to Fox.
Third country transfer mechanism: EU Standard Contractual Clauses pursuant to Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council.
Our website uses Amplitude Analytics to better understand how you use our website. Personal data, including your IP address, collected by Amplitude Analytics may be transferred to Amplitude servers. The information collected includes the websites you visit, the time of the visit, your behaviour on our website, whether you have been to our website before and from which website you were referred to our website. For more information, please visit
https://amplitude.com/privacy. Amplitude acts as a data processor within the meaning of article 28 of the GDPR to Fox. Third country transfer mechanism: EU Standard Contractual Clauses pursuant to Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council.
Firebase Remote Config: This tool serves to detect errors and measure the stability of the site.
Firebase Crashlytics: this tool serves to detect errors and measure the stability of the application.
Firebase Messaging: this tool serves to receive notifications from Cleanfox when opt-in. Firebase acts as a data processor within the meaning of article 28 of the GDPR to Fox.
Third country transfer mechanism: EU Standard Contractual Clauses pursuant to Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council.
This tool provides anonymized video reproduction of actions taken by users to improve the application with their consent only.
Smartlook acts as a data processor within the meaning of article 28 of the GDPR to Fox.
Third country transfer mechanism: EU Standard Contractual Clauses pursuant to Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council.
We use the MoEngage SDK to understand user engagement with our app and deliver personalized experiences with your consent only. This SDK may set cookies or similar technologies on your device to collect data about your app usage, such as which features you interact with and how often. This data helps us improve our app and marketing efforts.
Moengage acts as a data processor within the meaning of article 28 of the GDPR to Fox.
Third country transfer mechanism: Adequacy decision by the European Commission pertaining to U.S. companies having self-certified under the EU/U.S. Data Privacy Framework Program (DPF).
See
here
You can also use our website without Cookies, but you might not be able to use our website to its full extent or to use certain functionalities. You can find more information about Cookies
here.
12. Questions, exercising your data protection rights, complaints
If you have any questions or complaints about the collection, use or retention of your personal data, or if you wish to exercise any of your rights in relation to your personal data, you can contact our data protection officer by emailing
dpo@hewardmills.com, mentioning “Cleanfox” in the email subject line.
We will investigate and attempt to remedy any complaint or dispute regarding the processing of your personal data. You can also lodge a complaint with the competent data protection authority.