Opinium (“we”, “us”, or “our”) is committed to protecting and respecting the personal data that we hold. We take care to protect the privacy of our panellists, clients, suppliers, and website visitors. We have therefore developed this privacy notice to inform you of the data that we collect, what we do with your information, what we do to keep it secure, as well as the rights and choices you have over your personal information. We may use personal data provided to us for the purposes described in this privacy notice or as made clear before collecting personal data.
The personal data we collect is provided either directly by yourself or may be provided by a third party such as your employer. Where we receive personal data that relates to you from a third party, we request that this third party inform you of the necessary information regarding the use of your data. Where necessary, reference may be made to this privacy notice.
Throughout this document we refer to Data Protection Legislation which means the Data Protection Act 2018, GDPR (United Kingdom General Data Protection Regulation) (UK GDPR), the Privacy and Electronic Communications (EC Directive) Regulations 2003 and any legislation implemented in connection with the aforementioned legislation.
Where we process personal data as a controller or processor of people in the European Union, it also includes the EU General Data Protection Regulation (EU GDPR). This includes any replacement legislation coming into effect from time to time.
Data Controller and contact information
Opinium Research LLP is the controller for the personal information that we process unless otherwise stated. We are registered with the Information Commissioner’s Office (the ICO) in the United Kingdom with registration number Z9969987.
Opinium Research consists of the parent company, Opinium Research LLP (a limited liability partnership company registered in England with the company number OC331181) and subsidiary companies Opinium Research Inc and Opinium Research B.V.
Opinium Research Inc is a company registered in New York, USA (company number 5715380) and its registered office is 425 Madison Avenue, Suite 1701, New York, NY, United States, 10017.
Opinium Research B.V. is a company registered in The Netherlands (company number 89216423) and its registered office is Nieuwezijds Voorburgwal 162, 1012SJ Amterdam.
This privacy notice applies to Opinium Research LLP and all subsidiaries irrespective of location or jurisdiction.
If you have any questions about this privacy notice or how and why we process personal data, please contact us at:
- By email: firstname.lastname@example.org
- Online: https://www.opinium.com/contact-us/
- By post: 58 Great Sutton Street, London, EC1V 0DG
- By email: email@example.com
- Online: https://www.opinium.com/us/contact-us/
- By post: 425 Madison Avenue, Suite 600, New York, NY 10017
Our Data Protection Officer is:
The DPO Centre Ltd., 50 Liverpool Street, London, EC2M 7PY
Phone: 0203 797 1289
Data that we process
We only collect personal data that we know we will genuinely use and in accordance with the Data Protection Legislation. The type of personal data we will collect about you, and the purposes for which we process it, will differ depending upon your relationship with us.
Below, we outline how we process the personal data of our clients, suppliers, and website visitors.
If you are considering signing up to become, or are already, one of our panel members, you can find our panellist privacy notice on our Panellist Portal.
If you are looking to apply for a job with Opinium, you can find our recruitment privacy notice on our careers page.
What data do we hold?
Generally, we will only collect the following information from our suppliers, subcontractors, and their representatives:
- Email Address;
- Phone number;
- Company; and
- Job title.
You are under no statutory or contractual requirement or obligation to provide us with your personal information; however, we require at least the information above in order for us to deal with you as a supplier or subcontractor in an efficient and effective manner.
How we use your data and the lawful basis we rely on
We rely on legitimate interests to process your data for the following purposes:
- To provide services to our clients – where a supplier is helping us to deliver professional services to our clients, we process personal data about the individuals involved in providing the services in order to administer and manage our relationship with the supplier and the relevant individuals and to provide such services to our clients;
- To manage our relationship with our suppliers via email and on the phone;
- To maintain the security of our and our clients’ information – we have security measures in place to detect, investigate and resolve security threats. Personal data may be processed as part of this. For example, automated scans to identify harmful emails.
- To monitor the quality of our services and suppliers; and
- To manage risk in relation to suppliers through our due diligence process for onboarding suppliers.
We are subject to legal, regulatory and professional obligations that mean we need to keep certain records to show we comply with those obligations and those records may contain personal data.
We rely on legitimate interests to deploy cookies that are essential for the running of our websites. Where non-essential cookies (such as marketing or analytics cookies), are deployed, we rely on consent. You can withdraw your consent to such cookies at any time.
We may collect additional information about you if you fill in one of our website forms, including your name, email address, company, and your message. We process this data under legitimate interests in order to communicate with you about your enquiry.
Sharing personal data
We may share your personal data with other organisations in the following circumstances:
- If the law or a public authority says we must share the personal data;
- If we need to share personal data in order to establish, exercise or defend our legal rights (this includes providing personal data to others for the purposes of preventing fraud and reducing credit risk);
- If Opinium or one of its subsidiaries is acquired by a third party, any personal data that you have provided will, where it is relevant to the part of the business being acquired, be transferred along with that part and the new owner or controlling party will, under the terms of this privacy notice, be permitted to use that data only for the purposes for which it was originally collected by us; and
- Where we use third party data processors to process your personal data on our behalf.
Third party processors
We use third party processors to support us in providing our services and to help provide, run and manage our internal IT systems. For example, providers of information technology, cloud-based software as a service providers, identity management, website hosting and management, data analysis, data back-up, security and storage services.
We also contract with freelancers and other research agencies within our group as well as external agencies to carry out research on our behalf.
We will only share personal data with others when we are legally permitted to do so. When we share data with others, we put contractual arrangements and security mechanisms in place to protect the data and to comply with our data protection, confidentiality and security standards.
Where we share your personal data with organisations located in third countries that are not covered by an adequacy decision, we rely on standard contractual clauses (SCCs), with the UK Addendum where required, as our mechanism to safeguard the transfer.
The right to be informed about our collection and use of personal data;
You have the right to be informed about the collection and use of your personal data. We ensure we do this with our internal data protection policies and through our various privacy notices. These are regularly reviewed and updated to ensure these are accurate and reflect our data processing activities.
Right to Access Your Personal Information
You have the right to access the personal information that we hold about you. This is sometimes termed a ‘Subject Access Request’. If we agree that we are obliged to provide personal information to you (or someone else authorised to receive it on your behalf), we will provide it to you or them free of charge and in most instances do so within one month unless we rely on an extension or exemption available to us under Data Protection Legislation, in which case we will notify you accordingly.
We would ask for proof of identity and sufficient information about your interactions with us that we can locate your personal information.
Right to Correct Your Personal Information
If any of the personal information we hold about you is inaccurate, incomplete or out of date, you may ask us to correct it.
Right to Stop or Limit Our Processing of Your Data
You have the right to object to us processing your personal information for particular purposes, to have your information deleted if we are keeping it too long or have its processing restricted in certain circumstances.
You have an absolute right to object to the processing of your personal data for direct marketing purposes. You can do so by clicking the unsubscribe button that the bottom of any marketing email we send you, or by emailing firstname.lastname@example.org.
Right to Erasure
You have the right to have personal data erased. This is also known as the ‘right to be forgotten’. The right is not absolute and only applies in certain circumstances.
Right to Portability
The right to portability gives you the right to receive personal data you have provided to a controller in a structured, commonly used and machine-readable format. It also gives you the right to request that a controller transmits this data directly to another controller.
If you wish to exercise any of these rights, please send an email to email@example.com. We typically have one calendar month to fulfil your rights request.
How long do we hold data for?
We retain the personal data processed by us for as long as is considered necessary for the purpose(s) for which it was collected. There may also be occasions which will require data to be kept for longer, however this will typically be for legal purposes.
In addition, personal data may be securely archived with restricted access and other appropriate safeguards where there is a need to continue to retain it. We will periodically review this data, to ensure that it is still relevant and necessary.
Data security is of great importance to Opinium and to protect your data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure your collected data.
We take security measures to protect your information including:
- Limiting access to our buildings to those that we believe are entitled to be there by use of passes;
- Implementing access controls to our information technology; and
- Implementing appropriate procedures and technical security measures (including strict encryption, anonymisation and archiving techniques) to safeguard your information across all our computer systems, website and offices.
We hope that you won’t ever need to, but if you do want to complain about our use of personal data, please send an email with the details of your complaint to firstname.lastname@example.org. We will look into and respond to any complaints we receive.
You also have the right to lodge a complaint with your local supervisory authority, which in the UK is the ICO. For further information on your rights and how to complain to the ICO, please refer to the ICO website https://ico.org.uk/concerns.
Changes to our privacy notice
Updates to this privacy notice will appear on this website. This privacy notice was last updated in February 2023.