PRIVACY STATEMENT

Introduction – general information 

InSites Consulting undertakes to respect the applicable data protection legislation as specified in Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, (hereafter “General Data Protection Regulation” or “GDPR”).   Furthermore we are a member of the European Society for Opinion and Marketing Research (“ESOMAR”), an international organisation that focuses on developing better market research methods. In addition we adhere to the professional standards which ESOMAR sets out for its members.  This Privacy Statement explains how we process personal data at InSites Consulting, consisting of: (i) InSites Compages NV, with registered office at Evergemsesteenweg 195, 9032 Ghent (Belgium) and registered with the Crossroads Bank for Enterprises under the number BE0837.297.070; and (ii) its subsidiaries and affiliates (see contact details below or click here) (jointly and each hereafter “InSites Consulting”, “InSites Group”, “our”, “us” or “we”).   Who are we? InSites Consulting is a group of consumer insight agencies that runs online communities and panels in which we invite consumers to share their view on our clients’ businesses, products and services. We offer our clients ancillary services to these communities such as analysis on global consumer trends.  At InSites Consulting we believe in protecting the privacy and the confidentiality of the Personal Data we hold of you. We acknowledge that you may have privacy and security concerns with respect to the Personal Data we collect, use, and possibly disclose to third parties for the purpose of allowing us to provide our products and services to our clients, and more in general, to conduct our business as a group of market research companies. To this end, we have developed this Privacy Statement (hereafter “Statement”).   It should be clear that this Statement only applies to the processing of Personal Data by InSites Consulting (I) acting on behalf of our clients when carrying out our Market Research Activities as a data processor; and/or (II) acting on our own behalf when carrying out our Business Activities as a data controller.  All processing of Personal Data by InSites Consulting will be treated in accordance with applicable data protection legislation and this Privacy Statement.  

Who are we?

InSites Consulting is a group of consumer insight agencies that runs online communities and panels in which we invite consumers to share their view on our clients’ businesses, products and services. We offer our clients ancillary services to these communities such as analysis on global consumer trends.  At InSites Consulting we believe in protecting the privacy and the confidentiality of the Personal Data we hold of you. We acknowledge that you may have privacy and security concerns with respect to the Personal Data we collect, use, and possibly disclose to third parties for the purpose of allowing us to provide our products and services to our clients, and more in general, to conduct our business as a group of market research companies. To this end, we have developed this Privacy Statement (hereafter “Statement”).   It should be clear that this Statement only applies to the processing of Personal Data by InSites Consulting (I) acting on behalf of our clients when carrying out our Market Research Activities as a data processor; and/or (II) acting on our own behalf when carrying out our Business Activities as a data controller.  All processing of Personal Data by InSites Consulting will be treated in accordance with applicable data protection legislation and this Privacy Statement.  

Why this Statement?

This Statement sets out how InSites Consulting processes Personal Data collected via:   (I) the market research products and services we offer to our clients, e.g. the collection of information through surveys, panels, communities (such as “Square”), interviews or any other form of market research tools (hereafter “Market Research Activities”);  Some examples: 

  • your participation in one or several of our Market Research Activities (e.g. questionnaires, panels, surveys, polls, communities or any other market research tool); 
  • your participation in one or several of our prize competitions; and 
  • all information you actively provide us with during such participations.  
  • when you contact us via our Websites, by e-mail, post, telephone, by exchanging business cards, by submitting a request to exercise your rights,…;  
  • when you engage or maintain a contractual relationship with us;  
  • when you apply for a job with us;  
  • when you subscribe to our newsletter;  
  • when you leave a comment on our Websites;  
  • when you request a download;  
  • Via the use of strictly necessary cookies on our Websites, or non-strictly cookies with your consent. 

(II) the different websites we use, such as http://www.insites-consulting.com/https://www.futuretalkers.com/http://www.howcoolbrandsstayhot.com/ (jointly and each hereafter “Websites”) and all activities and services relating to conducting our business in general (e.g. administrative, technical, financial or either commercial activities and services) (hereafter “Business Activities”).   If necessary a distinction will be made between our Market Research Activities and Business Activities.   This Statement addresses our practices regarding the use of such information, the steps we take to protect it, as well as the choices and rights that you, as data subjects (“you” or “your”) have regarding the processing of your Personal Data. Data subjects involved can vary from:  (I) consumers/participants when carrying out our Market Research Activities; and/or  (II) every user of our Websites, recruitment applicants, subscribers to our newsletters, personal or corporate clients (and individuals associated with our corporate clients), suppliers (including subcontractors and individuals associated with our suppliers and subcontractors), business contacts (existing and potential clients and/or individuals associated with them), or any other individuals who get in touch with us when carrying out  our Business Activities.

What is our position?

Unless we may otherwise communicate to you, and depending on the specific situation, we act in the capacity of controller, processor or joint controller when processing your Personal Data.   This distinction is relevant because it determines our responsibilities towards you, as a data subject and our obligations towards possible other actors involved, such as our clients. Our qualification also determines to what extent this Statement applies to the activities we carry out when processing your Personal Data, as explained hereafter.  (I) Market Research Activities   Where we carry out our Market Research Activities and we obtain Personal Data of you as a participant involved in such activities, we process your Personal Data on behalf of our clients. Our clients always act as controller of your Personal Data.   InSites Consulting processes your Personal Data in accordance with the instructions of our clients in our principal position of processor of our clients. As regard this situation, our clients conclude a contract and data processing agreement under Article 28 GDPR with InSites Consulting.   Where InSites Consulting, together with our clients, exceptionally would determine the purposes and/or the essential means of the processing of your Personal Data in the course of carrying out the requested Market Research Activities, we will, together with our clients, qualify as joint controller with regard to your Personal Data. As regard this situation, our clients conclude a contract and together with our clients we concluded a so-called joint controller arrangement under Article 26 GDPR.    (viii) Information about the processing of Personal Data according to Articles 13 and 14 GDPR is provided jointly by both controllers to data subjects through privacy policies published on their official websites, and in particular this Statement.   (II) Business Activities   Where we carry out our Business Activities and we obtain Personal Data from you as a visitor to our Websites, an applicant, a subscriber to our newsletter, a client, a supplier, a business contact or as another individual who gets in touch with us, we process your Personal Data on behalf of the InSites Group. The entity of the InSites Group to who you initially disclose your Personal Data acts as (initial) controller of your Personal Data.   However, in general most of our administrative, technical, financial, commercial and/or legal processing activities and services are performed centrally, at the level of our ultimate parent company (InSites Compages NV) via so called centralized units. As regard this situation, InSites Compages NV and its subsidiaries and affiliates act as joint controller with regard to your Personal Data and within the InSites Group an Intra-Group Agreement is concluded of which a joint controller arrangement under Article 26 GDPR is part.   (viii) Information about the processing of Personal Data according to Articles 13 and 14 GDPR is provided jointly by both controllers to data subjects as per this Statement.    Furthermore it remains possible for an entity of the InSites Group to receive services directly or indirectly from one or more of the other entities of the InSites Group (other than the ultimate parent company) via so called project services units or client services units. This is specifically the case, but not necessarily limited to, the situation where a local entity is carrying out Market Research Activities on behalf of our clients and requests the help of another local entity with regard to such Market Research Activities. As regard this situation, the entity of the InSites Group providing its services to the other entity of the InSites Group acts as (sub)processor with regard to your Personal Data and within the InSites Group an Intra-Group Agreement is concluded of which a data processing agreement under Article 28 GDPR is part.  

Who to contact?

In accordance with Articles 13 and 14 GDPR this Statement provides you with information about the processing of Personal Data by InSites Consulting on behalf of our clients (when carrying out Market Research Activities) and on behalf of the InSites Group (when carrying out Business Activities).   Should you have any comments or questions about this Statement, or the processing of your Personal Data related hereto, you can contact the InSites Consulting DPO via the contact information provided below in section 8.2 or click here.  In particular, with regard to our Market Research Activities, we provide the information as per this Statement on behalf of our clients and as part of our services to our clients. However, where InSites Consulting acts as processor, we cannot be held accountable if this information would not be sufficiently providing you with the necessary information. Our clients as controller remain individually responsible to inform you about their specific use of your Personal Data. Such information will be provided to you separately in so far this would deviate from the Market Research Purposes as set out hereunder.   We will identify our clients, in their capacity of controller, at the beginning of each Market Research Activity we carry out on behalf of our clients, and we will provide you with all relevant contact details of our clients. However, in the exceptional case where identifying our client at the beginning of a specific Market Research Activity would have significant consequences on the results of such Market Research Activity we can decide to name our client at the end of such activity. In such an event, and before processing your Personal Data, we will make clear to you that our client will be named at the end of the Market Research Activity and we will provide necessary assurances that your Personal Data will be deleted if at the point our client is revealed you object, wish to withdraw your consent and/or no longer wish to participate. In any case InSites Consulting, regardless of its qualification and as part of its services to our clients, is mandated to handle or respond all your privacy related questions, request and/or complaints on behalf of our clients.   If after reading this Statement you still have any questions about how our clients use your Personal Data (including via us), you can contact the InSites Consulting DPO via the contact information provided below in section 8.2 or click here. We will  in any case forward all necessary information to our clients and make sure your questions, requests and/or complaints are handled and responded correctly.  

Processing of Personal Data  

A) Market Research Activities:  The Personal Data collected and processed by InSites Consulting is generally received from you voluntarily and directly. In relation to the Market Research Activities we carry out on behalf of our clients it is possible that we receive your Personal Data from other sources, such as our client’s database, list brokers, our panel website or via advertising.  

Personal Data  Legal Grounds + Purpose  Retention Period 
Electronic identification data:   Eg: IP address, user ID, unique identifier assigned to your device, geographic location, information derived from content of a web page.  Legal grounds: explicit consent.   Purpose: invitation, registration and participation in our activities (eg. Specific market, social and satisfaction research). Verification of your use of confidential material submitted by us. Operational purposes (managing our websites, systems and application).  The term of the agreement with our client or until withdrawal of your consent afterwards the data will be held for maximum 2 years. 
Contact information:  Eg. Name, e-mail address, phone number or any other relevant contact details.  Legal grounds: explicit consent and legitimate interests.  Purpose: invitation, registration and participation in our activities (eg. Specific market, social and satisfaction research). To inform and contact you. Direct marketing, advertising and raising brand awareness.    The term of the agreement with our client or until withdrawal of your consent afterwards the data will be held for maximum 2 years. 
Personal identification details:  Eg. Age, date of birth, place of birth, gender, civil status, nationality.  Legal grounds: explicit consent.  Purpose: for research and statistical goals, draw up collective profiles, profiling.  The term of the agreement with our client or until withdrawal of your consent and afterwards the data will be held for maximum 2 years. 
Contact history.   Eg. Sent and received communication.    Legal grounds: explicit consent.  Purpose: contact and inform you. Direct marketing, advertising and raising brand awareness.  The term of the agreement with our client or until withdrawal of your consent and afterwards the data will be held for maximum 2 years. 
Educational and professional background information.  Eg. CV, education, degree, certificates, professional skills and activities,   Legal grounds: explicit consent.  Purpose: for research and statistical goals, draw up collective profiles, profiling.   The term of the agreement with our client or until withdrawal of your consent and afterwards the data will be held for maximum 2 years. 
Lifestyle, interest and preferences.  Eg. Social activities, hobbies, personality, community involvement, habits.    Legal grounds: explicit consent.  Purpose: for research and statistical goals, draw up collective profiles, profiling, processing your answers to surveys and provide results to the client.  The term of the agreement with our client or until withdrawal of your consent and afterwards the data will be held for maximum 2 years. 
Public information.  Eg. Publicly available information, information on social networks.  Legal grounds: legitimate interest.  Purpose: for research and statistical goals, draw up collective profiles, profiling, processing your answers to surveys and provide results to the client.  18 months as of any objection has been filled.  
Financial details.  Eg. Bank details, (branch identifiers, sort code, IBAN, BIC, account number.  Legal ground: explicit consent.  Purpose: to send you your price money.  The term of the agreement with our client or until withdrawal of your consent and afterwards the data will be held for maximum 7 years.   
Photos, images or sound recording.  Eg. When participating in video recordings, by posting material in the community or uploading of photos.    Legal ground: explicit consent.  Purpose: for research and statistical goals, processing your answers to surveys and provide results to the client.    The term of the agreement with our client or until withdrawal of your consent and afterwards the data will be held for maximum 2 years. 
Special categories of Personal Data:  Eg. Information on race and origin, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, genetic data, biometric data, sexual life or sexual orientation. Legal ground: explicit consent.  Purpose: for research and statistical goals, draw up collective profiles, profiling, processing your answers to surveys and provide results to the client.   The term of the agreement with our client or until withdrawal of your consent and afterwards the data will be held for maximum 2 years. 
Unique ID’s:  Eg. Information that we collect in questionnaires or panels, participants unique identification number.  Legal ground: explicit consent.  Purpose: for research and statistical goals.  The term of the agreement with our client or until withdrawal of your consent and afterwards the data will be held for maximum 2 years. 
Children’s Personal Data:  Eg. We allow children under the age of 16 – or lower age depending on the applicable legislation.  Legal ground: explicit consent of the child and explicit consent of an individual with parental responsibility for the child.  Purpose: for research and statistical goals, draw up collective profiles, profiling, processing your answers to surveys and provide results to the client.  The term of the agreement with our client or until withdrawal of your consent and afterwards the data will be held for maximum 2 years. 

B) Business Activities  If we carry out our Business Activities and we obtain Personal Data, we process and disclose this information as follows:   

Personal Data  Legal Grounds + Purpose  Retention Period 
Contact information:  Eg. Name, e-mail address, phone number or any other relevant contact details.  Legal grounds: explicit consent and legitimate interests.  Purpose: To inform and contact you. Direct marketing, advertising and raising brand awareness, CRM, log-in on our websites. The term of the agreement with our client or until withdrawal of your consent and afterwards the data will be held for maximum 3 years. 
Personal identification details:  Eg. Age, date of birth, place of birth, gender, civil status, nationality.  Legal grounds: explicit consent.  Purpose: job applications, for research and statistical goals, draw up collective profiles, profiling, processing your answers to surveys and provide results to the client.  The term of the agreement with our client or until withdrawal of your consent and afterwards the data will be held for maximum 3 years. 
Contact history:   Eg. Sent and received communication.    Legal grounds: explicit consent.  Purpose: contact and inform you. Direct marketing, advertising and raising brand awareness.    The term of the agreement with our client or until withdrawal of your consent and afterwards the data will be held for maximum 3 years. 
Educational and professional background information.  Eg. CV, education, degree, certificates, professional skills and activities.  Legal grounds: explicit consent.  Purpose: job applications, for research and statistical goals, draw up collective profiles, profiling, processing your answers to surveys and provide results to the client.  The term of the agreement with our client or until withdrawal of your consent and afterwards the data will be held for maximum 3 years. 
Public information.    Eg. Publicly available information, information on social networks.  Legal grounds: legitimate interest.    Purpose: job applications.  18 months as of any objection has been filled. 
Financial details.  Eg. Bank details, (branch identifiers, sort code, IBAN, BIC, account number.    Legal ground: explicit consent.  Purpose: accounting, invoicing, CRM.  The term of the agreement with our client or until withdrawal of your consent and afterwards the data will be held for maximum 7 years. 
Special categories of Personal Data:  Eg. Information on race and origin, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, genetic data, biometric data, sexual life or sexual orientation.    Legal ground: explicit consent.  Purpose: for research and statistical goals, draw up collective profiles, profiling, processing your answers to surveys and provide results to the client.    The term of the agreement with our client or until withdrawal of your consent and afterwards the data will be held for maximum 3 years. 
Unique ID’s:  Eg. Information that we collect in questionnaires or panels, participants unique identification number.    Legal ground: explicit consent.  Purpose: for research and statistical goals.  The term of the agreement with our client or until withdrawal of your consent and afterwards the data will be held for maximum 3 years. 

C) Additional information  In case we obtain your Personal Data from other sources we will inform you, at the moment of first contact with you (e.g. when inviting you to participate to a Market Research Activity) and by bringing your attention to this Statement, of the fact that we hold Personal Data of you, the source your Personal Data originates from and whether it came from publicly accessible sources, and for what specific purposes we intend to retain and process your Personal Data.   If we have contacted you and you would like your Personal Data to be removed from our database we will remove you from our database as soon as reasonable practicable. In addition, we will inform any other sources and/or recipients of your Personal Data about such request and request them to do the same.   Unless we may otherwise communicate to you and under the condition we have a legal ground for doing so, InSites Consulting will only use your Personal Data for these above mentioned purposes.  If we intend to use your Personal Data for other purposes other than communicated to you, we will inform you in advance. For example: we will not use your Personal Data for advertising purposes unless you have freely given your explicit and prior consent.  Where InSites Consulting relies on your consent for the processing of your Personal Data we shall make sure our client, or we on behalf of our client, have obtained your proper informed, specific, active and unambiguous consent. Please note that you can withdraw your consent at any time. For more information on how you can do this, see section on “Your Rights” or click here.  Where InSites Consulting relies on our legitimate interest as a legal ground, we will mitigate the effect(s) this processing of your Personal Data might have on your privacy by appropriately minimising our use and putting in place adequate access and security safeguards to prevent unauthorised use.   In case of profiling as a purpose, it is not intended to have legal effects that would significantly affect the data subject. The consequences of this purpose is to categorize individuals in a general way for marketing purposes.  Please note that all retention periods related to the Personal Data we process on behalf of our clients, when carrying out the requested Market Research Activities, are determined by our clients. InSites Consulting can only keep such Personal Data during the term of the data processing agreement with our clients after which we must return or erase all Personal Data, as our clients may choose. Our default is to remove personal data 2 years after the work has ceased, or 7 years for financial data/transaction purposes. 

What measures do we take to secure your Personal Data

InSites Consulting takes the security of all Personal Data we process  (e.g. when carrying out our Business Activities or in connection to our Market Research Activities) seriously. Therefore we have implemented appropriate technical and organisational measures to secure the processing of Personal Data. These safeguards will vary depending on the sensitivity, format, location, amount, distribution and storage of the Personal Data, and include measures designed to keep Personal Data protected from unauthorized access. If appropriate, the safeguards include the encryption of communications via for example SSL, encryption of information during storage, firewalls, access controls, separation of duties, and similar security protocols. We restrict access to Personal Data to our staff members and third parties that require access to such information for legitimate and relevant business purposes.  InSites Compages NV (via its affiliate InSites NV) is ISO 27001 certified for Information Security Management (certificate number IS 71404) and can therefore demonstrate appropriate technical and organisational measures that are equivalent across all jurisdictions whether within or outside the EU. The same technical and organisational measures, which are centrally organised and managed by InSites Compages NV, are also implemented in the organisation of the other entities of the InSites Group. Each entity of the InSites Group has made contractual guarantees to comply with those same technical and organisational measures at all times.  All our staff members, contractors and third parties who will have access to your Personal Data on InSites Consulting’ instructions will be bound to confidentiality and we use security measures and access controls to limit access to individuals that require such access for the performance of their responsibilities and tasks.

Transfers of Personal Data

We will only share your Personal Data with others when we are legally permitted to do so and where it’s necessary to fulfil the purposes related to those described above. When we disclose Personal Data to others, we put contractual arrangements and security mechanisms in place to protect the Personal Data and to comply with our own data protection, confidentiality and security standards.   Personal Data we hold could be transferred:  

  • to our clients  

By carrying out our Market Research Activities on behalf of our clients we obtain and process information of you as a participant. If you participate in online surveys, polls or discussions or post material in the community, your screen name and the information you post will only be visible to us, the other participants in the community and to our clients. Any posts you make to a survey, poll or discussion in the community will in principle only be associated with your screen name. If you post any personally identifiable information yourself, we may at our discretion remove this for your own security. We recommend that you choose a screen name which does not resemble your real name.   We process this information on behalf of our clients and sharing this information with our clients is necessary for delivering our products and services to our clients. In this context it is possible that we share photos, image recordings, sound recordings or full datasets (e.g. answers to survey questions to help inform them about specific elements of their offer) we hold of you. However, we will only do so when we have obtained your explicit consent to such transfer.   Our Client may combine data collected from the Market Research Activity carried out by us on behalf of our clients with other data that they may hold about you. This Statement does not describe our client’s specific uses of your personal data, which information will be provided to you separately if this would deviate from the Market Research Purposes as set out above, but if you are not happy with your responses being used in this way, you should notify us prior to agreeing to participating to one of the Market Research Activities for which you are invited and for which you need to accept this Statement and any relevant terms and conditions of use. We can then determine with the client whether the use of your data can be limited and in that case whether it is possible to take part in the specific Market Research Activity.   We will not share Personal Data obtained in connection with providing our products and services to one client, with another client. We will also not sell, rent or lease this information to other third parties nor will we enrich our own database with such information or allow a third party to do so. 

  • within the InSites Group 

We may share your Personal Data within our global network of corporations when this is necessary for carrying out our Market Research Activities and/or Business Activities and for the purpose for which your Personal Data was collected as set out above. For details of our subsidiaries and affiliates, please see contact details below or click here 

  • to our Service Providers  

Where necessary we usethird partiesto support us in providing our services and to help provide, run and manage our internal IT systems or (internal) business processes and ask them to perform certain tasks on behalf of us. We use services of providers of information technology, cloud based software as a service provider, Website hosting and management, data analysis, recruiting software, data back-up, security and storage services. Please find a list of our sub-processors via this link: https://info.insites-consulting.com/sub-processors/  We will only disclose or make accessible such Personal Data to these service providers to the extent required for the respective purpose. This data may not be used by them for any other purposes, in particular not for their own or third party purposes. In addition, our service providers are contractually bound to respect the confidentiality of your personal data through a so called “Data Protection Agreement”.  When you participate to our incentive system, we may have to share your Personal Data (e.g. name, e-mail address, …) with third parties that help us take care of our incentive handling.

  • law enforcement or other government and regulatory agencies or to other third parties as required by, and in accordance with, applicable law or regulation:  

We reserve the right to disclose any and all pertinent information to law enforcement or other third parties with the authority to acquire Personal Data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, to establish, exercise or defend legal rights. We will only fulfil requests for Personal Data where this is necessary and appropriate and where we are permitted to do so in accordance with applicable law or regulation. 

  • inside and outside the European Economic Area (“EEA”) 

We are a global network of corporations with entities established inside and outside the EEA and we can make use of third party service provides based outside the EEA to help us run our business. As a result, your Personal Data may be transferred outside the EEA. Under certain conditions the GDPR allows InSites Consulting to transfer Personal Data to such third countries.   In the context of international research projects InSites Consulting may also invite you to take part in research projects of both national and international business clients or partners, again including possible transfers outside the EEA .   In any case, we have taken steps to ensure all Personal Data is processed respecting adequate levels of security and that all transfers of the Personal Data outside the EEA take place in accordance with applicable data protection legislation and that there will be an appropriate level of protection. We will implement legal safeguards governing such transfer, such as standard contractual clauses, individuals’ consent, or other legal grounds permitted by applicable legal requirements. We evaluate each transfer and if necessary we conclude a SCC with the third party. Within the group we have concluded an intragroup agreement.  

Your rights  

The GDPR provides you with certain rights in relation to your Personal Data. These rights are listed below. Please contact us if you wish to exercise any of the rights below. You can find our contact information below or click here .   Please be aware that certain exceptions apply in exercising these rights which means you may not be able to exercise these in all situations:   

  • Right to access and copy: You have a right to have access to your Personal Data held by us.  
  • Right to amendment or rectification: You can ask us to have inaccurate Personal Data corrected.  
  • Right to erasure (‘Right to be forgotten’): You can ask us to erase your Personal Data in certain circumstances and we will take reasonable steps to inform data processors that are processing the Personal Data on our behalf that you have requested the erasure of any links to, copies or replication of your Personal Data. 
  • Right to restriction (‘limit the processing’): You can require certain Personal Data to be marked as restricted and also restrict processing in certain other circumstances. 
  • Right to portability: You can ask us to transmit the Personal Data of you to a third party electronically insofar as permitted under the GDPR.  
  • Right to complaint: If you have a complaint about the processing of your Personal Data by InSites Consulting we will do our utmost best to resolve this complaint. In addition, you have the right to raise a complaint about our processing with our lead supervisory authority and/or your local supervisory authority. You can find relevant contact details below or click here.   

In addition, under certain conditions, you have the right to: 

  • Right to withdraw consent: Where processing is based on your consent, you have the right to withdraw your consent at any time. All our newsletters contain an unsubscribe button in the footer of that e-mail. Please note that the withdrawal of your consent does not affect the lawfulness of the processing of your Personal Data prior to your withdrawal.  
  • Right to object: You have the right to object to any processing of Personal Data that InSites Consulting justifies on the “legitimate interests” legal ground, unless our reasons for undertaking that processing outweigh any prejudice to the individual’s privacy rights; and to object to direct marketing (including any profiling for such purposes) at any time. 

Exercising your rights is in principle free of charge. If your request appears to be unfounded or frivolous, we may charge you a reasonable fee in order to cover our own administrative costs. In such cases, however, we may also simply opt to decline your request. You will then be notified of the reasons for this.   In any case, we will always notify you within a period of four weeks (for simple requests) or 3 months (for complex or multiple requests) of the response to your request 

Updates to this Statement  

InSites Consulting reserves the right to revise and update this Statement at any time. The date of the last update can be found at the top of this Statement and the most recent version will always be made available on our Websites. Therefore, you should review our Websites periodically so that you are up-to-date on our most current policies and practices.  

Cookies on our Websites 

We use cookies, and other online identification technologies such as web beacons, or pixels to provide users with an improved user experience. See link. https://www.insites-consulting.com/cookie-policy/ 

Relevant Contact Details 

InSites Consulting entities

Each entity of the InSites Group can be contacted via the following contact details. However should you have any comments or questions about this Privacy Statement or the processing of your Personal Data by InSites Consulting, we advise you to contact the InSites Consulting DPO acting on behalf of the InSites Group.  

  InSites Consulting entity  Registered office  Corporate registration number 
EEA based entities  MC InSites NV  Evergemsesteenweg 195  9032 Wondelgem   Belgium   BE0708.926.379 
InSites Compages NV  Evergemsesteenweg 195  9032 Wondelgem   Belgium   BE0837.297.070 
InSites NV  Evergemsesteenweg 195   9032 Wondelgem – Belgium   BE0465.109.357 
InSites DE GMBH  Factory Campus -Erkrather Strasse  401 40231 Düsseldorf   Deutschland  DE314171417 
Eyeka SA  79 Rue la Boetie   Paris 75008   France  488 120 916 R.C.S.  
InSites Consulting BV  Watermanweg 40-423067 GG RoterdamThe Netherlands  NL822.105.469.B01 
ISC Research SRL  2 Strada Dr. LiviuGabor   300057 Timisoara   Romania  RO28395601 
Non –EEA based entities  InSites Consultants Ltd  27/31 Clerkenwell Close, Unit G20  EC1R 0AT London  United Kingdom  GB994.9938.26 
Direction First Pty Limited   Level 5, 241 Castlereagh Street  Sydney NSW 2000  Australia  ACN 078 348 320 
Columinate Pty Ltd  Glasgow House –Building G, 54  Peter Place Sandton   South-Africa  2008/020648/07 
InSites Marketing Consulting Inc  30 East 39th Street, 3rd floor, NY  10016 New York   United States   61-1661807 
Join the Dots (Holdings) Ltd  The Hive, 51 Lever Street  Manchester M1 1FN   United Kingdom  10723179   
Join the Dots (Research) Ltd  The Hive, 51 Lever Street  Manchester M1 1FN   United Kingdom   03546594   
Join the Dots (USA) Inc  Bressler, Amery & Ross PC, 17 State Street, 24thfloor  NY 10004   Unites States   82-1495868   
Joint the Dots (Singapore) Pte Ltd   110 MiddelRoad, #05-03  Chiat Hong Building   Singapore  201539019N   
  ABN Impact Holdings Ltd.  31-32F Hysan Place  500 Hennessy Road  Cause Way Bay  Hong Kong  2046166 
  ABN Impact HK Ltd.  31-32F Hysan Place  500 Hennessy Road  Cause Way Bay  Hong Kong  1773173 
  ABN Research HK Ltd.  Room 3602, Level 36, Tower 1  Enterprise Square Five  38 Wang Chiu Road  Kowloon Bay, Kowloon  1510279 
  InSites Consulting (China) Ltd.  Room 1101, 2 Maji Road  Shanghai Free Trade Zone  Pudong District  Shanghai  91310115301794430F 
  ABN Impact Pte. Ltd  71 Robinson Road, #14-01  Singapore 068895  201324090K 
  ABN Impact Korea Ltd;   27 Wausan-ro 29 ma)gil  Mapo-gu  Seoul  Korea  393-81-00482 
  P.T. ABN Impact Indonesia  Revenue Tower  Iantai 28, Jl. Jendral Sudirman 52-53  SCBD lot 13  Jakarta Selatan 12190  8120017172625 
  Asia Business Network (Thailand) Ltd.  1-7 Zuellig House 6/F, Unit 1B  Silom Road, Bangrak  Bangkok 10500  010555300236 
  ABN Impact (Philippines) Inc.   Unit 1805 Cityland 10 Tower 1  156 H.V. Dela Costa Street  Bel-air, Makati City,   NCR Fourth District  CS201822384 
  AGMR Co Ltd.  4F, No. 102, Sec. 2 CienKuo North Rd.  Taipei, Taiwan, R.O.C. 10483  42850664 

InSites Consulting DPO and representative

We have appointed a data protection officer which is internally supported by a number of persons responsible for data protection related issues in general. We also use external legal advisors in this respect. Any privacy related questions, data subject requests and/or complaints can be addressed to the InSites Consulting DPO: 

  • Via e-mail:  dpo@insites-consulting.com 
  • Via telephone:  +32 (0)9 2691500 
  • Via postal mail:  attn.16 Wilbury Grove Hove BN3 3JQ

For the avoidance of any doubt the InSites Consulting DPO acts on behalf the InSites Group. Where InSites Consulting acts as processor or joint-controller with our clients, when carrying out our Market Research Activities on behalf of our clients, and as part of our services to our clients, the InSites Consulting DPO is appointed as single contact point. At your choice you may address your questions, request and/or complaints to the InSites Consulting DPO who is mandated to handle such requests or complaints on behalf of our clients or to our clients directly.   In accordance with Article 27 GDPR we have designated InSites Compages NV as the representative for the entities of the InSites Group established outside the EEA. InSites Compages NV, and in particular InSites Consulting DPO acting on behalf of the InSites Group, shall act as middleman between you as a data subject and the entities of the InSites Group outside the EEA that may process your Personal Data when carrying out Market Research Activities and/or Business Activities. 

Supervisory authority contact information

In accordance with Article 56 GDPR we have appointed the Belgian data protection authority as our Lead Supervisory Authority, considering the main establishment of the InSites Group is based in Belgium. The Lead Supervisory Authority will be primary responsible for dealing with our cross-border data processing activities. We therefore advice you to address any complaint you may have about the processing of your Personal Data by InSites Consulting to this authority. Notwithstanding the foregoing you have the right to raise a complaint about our processing with your local data protection authority.   For contacts details of any other local data protection authority (not provided hereunder) we would like to refer you to: https://edpb.europa.eu/about-edpb/board/members_en   

Country   Contact information 
Belgium    (Lead Supervisory Authority)        Autorité de la protection des données - Gegevensbeschermingsautoriteit (APD-GBA)  Rue de la Presse 35 – Drukpersstraat 35  1000 Bruxelles – Brussel  Tel. +32 2 274 48 00  Fax. +32 2 274 48 35  Email: contact@apd-gba.be Website:  

France  Commission Nationale de l’Informatique et des Libertés – CNIL  3 Place de Fontenoy  TSA 80715 – 75334 Paris, Cedex 07  Tel. +33 1 53 73 22 22  Fax. +33 1 53 73 22 00  Email: /  Website: http://www.cnil.fr/ 
Germany  Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit Husarenstraße 30 53117 Bonn Tel.. +49 228 997799 0 Fax. +49 228 997799 5550 Email: poststelle@bfdi.bund.de Website: http://www.bfdi.bund.de/ 
Romania  The National Supervisory Authority for Personal Data Processing  B-dul Magheru 28-30  Sector 1, BUCUREŞTI  Tel. +40 31 805 9211  Fax +40 31 805 9602  Email: anspdcp@dataprotection.ro Website: http://www.dataprotection.ro/ 
The Netherlands   Autoriteit Persoonsgegevens Bezuidenhoutseweg 30 P.O. Box 93374 2509 AJ Den Haag/The Hague Tel. +31 70 888 8500 Fax. +31 70 888 8501 Email: / Website: https://autoriteitpersoonsgegevens.nl/nl 
Australia   The Office of the Australian Information Commissioner  Level 3, 175 Pitt Street Sydney NSW 2000  GPO Box 5218  Sydney NSW 2001  Tel. 1300 363 992 (or +61 2 9284 9749 from outside Australia)   Fax. +61 2 9284 9666  Email: /  Website: https://www.oaic.gov.au/ 
South-Africa   The Information Regulator (South Africa)  33 Hoofd Street  Forum III, 3rd Floor Braampark  P.O Box 31533  Braamfontein, Johannesburg, 2017  Tel No. +27 (0) 10 023 5207  Cell No. +27 (0) 82 746 4173  Email: inforeg@justice.gov.za  Website: https://www.justice.gov.za/inforeg/ 
United Kingdom   The Information Commissioner’s Office   Wycliffe House  Water Lane  Wilmslow Cheshire SK9 5AF  T +0303 123 1113 (or +44 1625 545745 if calling from overseas)  F 01625 524510  Email: /  Website: www.ico.org.uk