PROOF Insight Privacy Notice
This privacy notice explains how PROOF Insight will collect, use and store your personal data. It also gives you information about your legal rights granted under data protection laws. If you participate in our research projects we’ll provide you with further ‘just in time’ privacy information when necessary, to explain any processing of your personal data that isn’t covered here.
PROOF Insight is a trading entity of the data controller, Matthew Clark Bibendum Limited, Whitchurch Lane, Whitchurch, Bristol, BS14 0JZ, a subsidiary of C&C Group plc.
If you have any questions about this privacy notice, or how your personal data is processed by PROOF Insight, please contact our Group Data Protection Officer (DPO) at:
C&C Group plc
161 Duke Street
Email – email@example.com
This privacy notice was last updated in June 2022. We may revise this notice at any time. The latest version will be made available on this site, and we’ll contact you if we make any significant changes to it.
Please note that we won’t be able to respond to your queries, complaints or provide certain services if you fail to provide your personal data.
1. Summary of this privacy notice
Personal data is information that relates to an identified or identifiable individual. We use your personal data for purposes including to manage our relationship with you, to promote and market our products and services including the use of profiling and social media, to operate our business effectively, and so we can comply with our legal obligations. You can find out more about each of these purposes in Section 2 of this notice.
We only share your information with other organisations or transfer it outside the UK or European Economic Area (EEA) when this is necessary, and we require these third parties to respect the security of your data and treat it lawfully. Further information is found in Sections 3 and 4.
We’ll only retain your personal data for as long as it’s needed to meet our operational, legal or reporting requirements, or to defend our legal rights. Section 5 provides more detail.
The rights you’re granted in relation to our use of your personal data and information on how to make a rights request can be found in Section 6.
2. Why we use your personal data, and our lawful bASIS
- Your personal data is used so we can provide services to you. Any such processing is a contractual requirement so we can, for example, fulfil a research brief you submit to us or provide information you request.
- It’s used to process payments and to prevent fraudulent transactions. We do this as part of our contractual obligations to you, and our legitimate interests to help protect our customers from fraud.
- We’ll respond to your queries and any complaints using the contact details you provide. We do this as part of our contractual obligations to you, and our legitimate interests to provide you with the best possible service.
- Our core business is to undertake research and studies to improve our products and services, and to produce information of relevance to our industry. This may include combining information with third party datasets and information. Any research findings or final reports do not generally identify individuals, but where this is planned, and as part of the research consent process, we’ll provide you with further privacy information to explain exactly what your personal data will be used for.
- We’ll only send our newsletter or electronic direct marketing to you where we have your consent to do so.
- If you change your mind about receiving our newsletter or electronic direct marketing, simply click the unsubscribe link in any emails we send you or contact our DPO at the contact details above.
- When we send you a direct marketing email or newsletter, we may track how you respond to it using a ‘pixel’. We do this so we can see whether the email was opened and if any content was clicked, so that we can understand how effective our marketing strategies are and make improvements, where necessary. You can find out more about our use of pixels and cookies, and how to amend your settings, in our cookie notice.
- We conduct profiling so we can identify opportunities to promote our products and services to customers and prospective customers. This may include reviewing previous purchases made by customers and consumers of C&C Group entities and combining this information with other datasets and information. This profiling allows us to better understand which of our products and services are likely to be of interest to you and develop our marketing campaigns accordingly. The lawful basis for profiling is our legitimate interest to promote our brands and help ensure our customers receive information which is likely to be of most interest. You can contact us if you don’t want us to use your personal data for this purpose. For more information, see the ‘right to object’ held in the ‘Your rights’ section below.
The purposes outlined in this section are primarily carried out under the lawful basis of our legitimate interests.
- We’ll use your personal data to make sure we give you and other customers the best possible service, and to run effective and efficient systems and processes. This includes developing, testing and improving our systems, sites and services.
- It’s used for business management, decision-making and planning purposes, to effectively operate and protect our business.
- We may send you survey and feedback requests to help improve our products and services. You’re under no obligation to respond or take part if you receive these from us.
- We monitor our network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution.
- We monitor visits to this website including, but not limited to, traffic data, location data, web logs and other communication data. You can find out more information about this in our cookie notice.
- Your personal data will be used to handle service issues or legal disputes involving you, other customers and suppliers, or our own employees, workers and contractors.
- We may use it during our accounting and auditing processes and for any regulatory or legal reporting purposes which we’re required to comply with.
3. Passing your information to others
We may share your data:
- With the other entities within C&C Group plc, as part of our regular reporting activities on company performance, as part of research findings conducted about our brands and products, in the context of a business reorganisation or group restructuring exercise, or for system maintenance support and hosting of data.
- If you agree to participate in a research project, your personal data may be shared with the client and third parties working with the client for their market research and other related business purposes, such as meetings and briefings. Where any such sharing is planned, and as part of the research consent process, we’ll provide you with further privacy information to explain exactly what your personal data will be used for.
- With companies that help us provide our products and services, for example companies that source participants for our research panels.
- With marketing and media agencies who help us with our promotional activities, such as competitions or incentive fulfilment.
- With IT system providers, including data storage providers and their technical support teams, if necessary.
- With governmental bodies, regulators, law enforcement agencies, insurers, our accountants, auditors, legal advisors, debt collection agencies, or court or tribunal services where we are required to do so to comply with legal obligations, exercise or defend our legal rights, to prevent and detect crime or prosecute offenders, or to safeguard and protect our employees, customers or other individuals.
- If we sell or buy any business or assets, we may disclose your information to the prospective seller or buyer of such business or assets. If we’re acquired by a third party, customer information will be one of the transferred assets so they can continue to provide services to you.
We require these parties to respect the security of your data and to treat it in accordance with the law. Where a third party is acting as a data processor, they’ll act solely on our instructions and will only use your information for that specific purpose.
4. International transfers
Your personal data may be transferred to and stored in locations outside the UK and the European Economic Area (EEA). This will typically occur when we use service providers located outside of these areas. These data transfers require us to follow certain rules under data protection law to ensure that your data will be adequately protected, so we’ll only transfer data to countries that have been confirmed as protecting personal data to UK standards, or where we have put contractual commitments in place which make sure the data is protected to these standards.
Please contact our DPO if you want to find out more about where personal data is transferred to, or the safeguards we have in place.
5. How long we keep your personal data
Your personal data is only kept for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any operational, legal or reporting requirements, and in order to defend our legal rights. To decide the right retention period, we consider the purposes for which the data is processed, the amount, nature, and sensitivity of it, the potential risk of harm from unauthorized use or disclosure, and any applicable legal requirements.
Your personal data is deleted once it’s no longer needed for these purposes.
6. Your rights
Under data protection law you have the right to:
- Request access to your personal information (commonly known as a data subject access request). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request the correction of incomplete or inaccurate personal information that we hold about you.
- Request erasure of your personal information in certain circumstances. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information in certain circumstances. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party, known as data portability.
- Withdraw your consent. In circumstances where your consent is the lawful basis for the processing, you have the right to withdraw your consent at any time.
If you want to exercise any of these rights please contact GDPR@proofinsight.com.
Your right to complain to a data protection regulator
We aim to collect, use and safeguard your personal information in line with data protection laws and guidance. If you do not believe we have handled your personal data appropriately, please get in touch with our Data Protection Officer using the contact details above so that we can try to resolve your concerns.
While we hope that we can resolve your concerns, you do have the option to complain to a data protection authority regardless of whether you have exhausted our internal procedure.
- For UK residents:
You have the right to lodge a complaint with the Information Commissioner’s Office (ICO). You can find further information and contact details at https://ico.org.uk.
- For ROI residents:
You have the right to lodge a complaint with the Data Protection Commission (DPC). You can find further information and contact details at https://www.dataprotection.ie
Cookies are small text files that are placed on your computer or other internet-enabled devices, like a smartphone or tablet, by websites that you visit. They are widely used to make websites work properly, ensure site security, and to allow us to understand how people are using our sites. This policy provides information about the cookies we use.
We use the following cookie types. Some of these are ‘session’ cookies which expire at the end of your browser session. Others are ‘persistent’ cookies which remain on your device for the period of time specified in the cookie
Also known as ‘necessary’ cookies, these are required to enable basic website functionality. You can’t turn these cookies off.
These are used to deliver advertising that is more relevant to you and your interests. They may also be used to limit the number of times you see an advertisement and measure the effectiveness of advertising campaigns.
Also known as ‘functionality’ cookies, these allow the website to remember choices you make (such as your language, or the region you are in) and can provide enhanced, more personal features.
Also known as ‘performance’ cookies, these help us understand how the website performs, how you interact with the site, and whether there may be technical issues.
You can change your cookie preferences at any time by clicking on the cookie icon found in the corner of the screen.
Alternatively, most web browsers allow some control of cookies through browser settings. To find out more about cookies visit www.aboutcookies.org
To find out how to manage cookies on popular browsers use these links:
To opt out of being tracked by Google Analytics across all websites, visit http://tools.google.com/dlpage/gaoptout
The cookie manager tool we use to record your cookie preferences.
Used to collect information about how visitors use this website. We use the information to conduct website analysis and to help us improve it.