SnapMyEats Privacy Notice
Last Updated: October 2018
PLEASE READ CAREFULLY
The NPD Group, Inc. and its corporate affiliates, including The NPD Group Canada Corp. (together, "NPD") provide consumer and retail information and insights for a wide range of industries. We have been conducting market research for over 50 years. Our clients encompass over 2,000 businesses, including many Fortune 500 companies. SnapMyEats is a consumer receipt panel of NPD, with members who have opted to participate in the SnapMyEats program offered in Canada by downloading the free SnapMyEats mobile application (the "App") and completing a registration survey. Terms and Conditions for participation in the SnapMyEats Rewards program may be accessed here. Participants in the SnapMyEats Rewards program take pictures of receipts of their food and/or beverage purchases and answer a few short questions in connection with each receipt/purchase and then submit their responses within the App to receive rewards.
In addition to being a committed leader in market research, we are committed to protecting the privacy and security of your information. This privacy notice sets forth your privacy rights and describes our privacy practices, including how NPD collects, protects, uses and shares your personally identifiable information and demographic information (together,"personal data") when you are a member ("Member") of our panel, and when the processing of your personal data is governed by the EU General Data Protection Regulation and related national legislation or any successor legislation ("GDPR"). This privacy notice applies to personal data collected and used in connection with the App.
NPD collects and uses your personal data in accordance with the GDPR. For the purposes of the GDPR, the NPD Group, Inc., with its principal place of business located at 900 West Shore Road, Port Washington, New York 11050, U.S.A., is the data controller and may share your personal data within NPD, and this notice describes how your personal data is used and protected within NPD.
NPD collects and uses personal data you provide us, and that we collect about from other sources, in order to provide you services through the App, manage your rewards, and send you marketing messages regarding similar services. We collect your location data if activated on your device, but you may deactivate transmission of location data and still use the App. We store your personal data in the UK and in the US. You have rights in your personal data, including the right stop receiving marketing messages, which you can exercise by clicking here.
What is Personal Data?
Personal data means any information relating to an identified or identifiable person, such as your name, phone number, email address, or mailing address in addition to demographic information such as your age, gender, household size, whether you have children, etc.
What types of information does NPD collect about me?
Personal Data That You Submit Actively:
1. Personal and Demographic Information:
In order to become a Member, participate in surveys and access certain portions of the App, you must first complete our Member registration process. This requires you to provide personal information (e.g., email address, first name, last name, postal address) and demographic information (e.g., gender, date of birth, income level). In addition to information collected during registration, we collect personal and demographic information after registration in multiple ways, including via surveys and profiles, and failure to provide that information will result in our inability to provide you the App services. We also ask you to provide photos as part of your survey response, which may include personal data.
We do not knowingly collect and do not intend to collect personal data from users who are under the age of 13, and you must be 16 years or older to participate in the Rewards Program. If you are under 18 years old, we strongly encourage you to use this App only under the supervision of your parents or guardians.
In addition, if applicable, we may collect your mobile phone number. In these cases, this information is used to contact you to let you know a survey is available for you, to provide instructions about how to participate in a study, or for Member notices. We do not sell or share mobile phone numbers. For instructions on opting out from mobile communications, see How do I opt out? below.
2. Social Media Data:
Our App may include social media features, such as the Facebook Like button and widgets, such as the Share button or interactive mini-programs that run on our site. These features may, on behalf of the company providing them, collect your IP address, indicate which page you are visiting on our site, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our site. Your interactions with these features are governed by the privacy notice of the company providing it and you should read that privacy notice to find out how the relevant third party uses your data.
3. Location Data:
If you enable your location to be accessed while using the App, we will collect certain location information of your mobile device, (e.g., latitude and longitude). This information is collected to provide clients and commercial partners with anonymised market research information. Even if you do not enable your location to be accessed, you will still be able to use the App without limitations. Your location is only captured if you respond when the survey requests your specific location at the time you submit a receipt.
Automatically Tracked Data:
We collect certain tracking data automatically and store it in log files for the purposes of improving the App and data validation. This is set out in more detail below:
1. Log Files
Our server log, which records all transactions and the IP addresses that request them, is used to monitor traffic flow on the App in order to manage it more effectively and resolve technical problems related to the App's operation.
2. Clear Gifs
From time to time, we employ a software technology called clear gifs (a.k.a. Web Beacons/Web Bugs). Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of App users. In contrast to cookies, which are stored on a user's hard drive, clear gifs are embedded invisibly in the App.
We use clear gifs in our HTML-based emails to let us know which emails have been opened by recipients. This allows us to gauge the effectiveness of certain communications and the effectiveness of our marketing campaigns. If you would like to opt-out of these emails, see How do I opt out? below for opt-out instructions.
3. Data Validation
NPD may engage one or more third parties to validate panel and non-panel Members. The purpose of the data validation is to assist in ensuring the integrity of survey results. For panel Members, validation may occur during and/or after registration, including, without limitation, prior to, during, or after participation in a survey. For non-panel Members, validation may occur prior to, during, or after participation in a survey. The data validation process involves NPD disclosing or transferring personal data to such third party and the third party performing validation services and returning the personal data to NPD with any updates or corrections and, if applicable, with a validation score. NPD reserves the right to reject, deny, or terminate panel membership, or to deny or reject survey participation, if personal information is not validated to NPD's satisfaction.
Receipt Information and Surveys
We collect purchase transaction information from your receipts (the "Receipt Information") that you submit through our App. Receipt information includes, for example, details of what was purchased, the merchant from which the goods were purchased, any loyalty card information on the receipt, the transaction amount and the date of purchase. However, while it may be on the receipt, we do not need or want any information regarding your credit card or other payment method that may appear, even in truncated form and we request that you don't provide it to us. We will present you with surveys within the App. If you participate in these surveys, we will collect your answers to the surveys.
Lawful Grounds and Purposes for Processing your Personal Data
As is standard practice within the market research industry, the personal and demographic information that you provide is used for market research purposes.
All processing and use of your personal data is justified by a ‘lawful ground' for processing. The lawful grounds and the purposes of processing your personal data are set out below.
Your personal information is used:
to provide you the App service pursuant to the App terms and notably:
to send you a confirmation email when you register;
to send you notifications, SMS messages, and reminders, for example to send you reminders to submit receipts;
for Member communications (for example, Member newsletters or data validation);
for rewards communication and fulfilment as described in "What about rewards?";
corresponding with you to resolve queries or complaints;
to give you the opportunity to participate in interactive features in the App;
as necessary for the purposes of NPD's legitimate interests to use Member data to improve the App for you and for other Members. Those purposes include:
NPD research and analytical purposes, generally to provide clients and commercial partners with anonymised and aggregated market research information (for example, "what percentage of women over the age of 50 purchase salads at fast food restaurants in your country?");
to tailor the content and information that we may send or display to you, and personalized help and instructions, and to otherwise personalize your experience while using the App;
to better understand how users access and use the App, both on an aggregated and individualized basis;
to improve the App and respond to user desires and preferences;
administering App functions, including for troubleshooting, data analysis, testing, research and statistical purposes;
deploying resources aimed at keeping the App safe and secure;
displaying content in the App in a manner most effective for you and your device;
operating, evaluating, maintaining, improving and developing the App (including by monitoring and analysing trends, access to, and use of the App for advertising and marketing);
managing, protecting against and investigating fraud, risk exposure, claims and other liabilities, including but not limited to violation of the App terms or laws or regulations;
sharing your personal data with third parties in the event NPD is involved in a merger, acquisition, or sale of all or a portion of its assets relating to SnapMyEats, or its online survey business, in which case personal data held by us about our users may be one of the transferred assets; the information we have collected from you will be among the acquired assets and you will be notified via email and/or a prominent notice in the App of any change in control over or uses of your personal information, as well as any choices you may have regarding your personal information; your personal information will remain subject to restrictions no less stringent than permitted under the privacy notice in effect at that time. Please see How will you notify me if this notice changes? for information on how we will contact you.
to comply with a relevant legal obligation, such as keeping accounting records.
Sharing your Personal Data with Third Parties
NPD may disclose your personal data to a third party for any of the following reasons:
we are required to by law, such as to comply with a subpoena, or similar legal process;
when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety or legal rights of others, investigate fraud, or respond to a government request;
to facilitate co-sponsored surveys with strategic partners bound by this privacy notice; provided, however, that such strategic partners will not utilize your personal information to send any marketing or promotional materials to you; and your data will be processed only as described in this privacy notice;
to authorized, consultants, vendors, and subcontractors, and other agents which are providing services to NPD and/or NPD's client(s), as data processors acting on NPD's behalf, including, without limitation, extracting and processing information from receipts, data append services, data validation services, and incentive fulfilment services (prior to disclosing personal information in this way, NPD requires the third party to enter into a written agreement restricting their use of personal information only for the purpose of providing services to NPD and/or NPD's client(s) and requiring the third party to ensure the appropriate security and confidentiality of the personal data); and
to commercial partners and other third parties such as retailers or brands for marketing research and analytics purposes (for example, to create models that estimate consumer preferences in the total population or to inform market segments). We may notably disclose demographic information (e.g., gender, household size, and number of children) in "singular summary" form. A singular summary includes providing demographic information about a person without specifically identifying the person. For example, this summary does not contain a name or e-mail address, nor does the combination of demographic Information provided by NPD make it possible for such third parties to identify the person. In that case, we will take steps to ensure that such information is handled securely and is treated at least as protectively as under our privacy notice in effect at that time. We will not, however, allow any third parties to use this information for the purposes of individually marketing to you or to contact you. If you wish to opt-out of our sharing your personal information as permitted by this paragraph, please click here. Please keep in mind that it may take up to ten business days to complete this process.
NPD reserves the right to share any information that you provide which is not deemed personal data or is not otherwise subject to contractual restrictions.
What happens when I click on a link in the App to other websites?
Our App may contain links to other sites that are not owned or controlled by NPD. NPD is not responsible for the privacy practices of sites other than the websites we own and operate. We encourage you to read the privacy policies of any web site that collects personal data.
What about rewards?
After downloading the App and completing the registration survey you will be given the opportunity to participate in our Rewards Program. By participating in the Rewards Program you can earn eGift Codes by completing the SnapMyEats Receipt Survey located within the App. Participation in the program is optional. However, if you choose to participate, and earn a reward, information such as your email address and name are shared with our independent third party rewards administrator, in order to deliver your reward to you.
By participating in our Rewards Program, you acknowledge NPD will share your contact information with this independent third party rewards administrator. To receive your reward you will be required to submit and/or verify certain information to the administrator (e.g. name and email address). This information is used to email your reward to you. If you do not provide us with such information, we may not be able to email your reward to you.
For complete Terms and Conditions of the Rewards Program please click here.
How long do you retain my data?
We will retain your information for as long as your account is active and up to one (1) year thereafter, or as needed to provide you surveys and/or rewards, and more generally as necessary to fulfill the App terms. We retain personal data for other periods of time where we are required to do so in accordance with legal, tax and accounting requirements, or if required to do so by a legal process, legal authority, or other governmental entity having authority to make the request, for so long as required If you wish to cancel your membership or request that we no longer use and retain your information, please click here. However, we will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Where We Store Your Personal Data
In furtherance of the performance of the terms and conditions of the Rewards Program, the Personal Data That You Submit Actively and the Automatically Tracked Data (as described above) will be transferred to, and stored at destinations outside the European Economic Area ("EEA"), specifically, the United States of America and Vietnam, countries that do not benefit from an adequacy decision of the European Commission. Staff in those countries work for us or for one of our vendors will process personal data for the purposes described above in Sharing your personal data with third parties. This includes staff engaged in, among other things the verification of your survey responses and the coding of receipts by retailer, retailer destination and item.
NPD collects and transfers to the United States personal data only to perform the App terms.
When your personal data is transferred outside the EU to other NPD affiliates or to third party service providers, we will take steps to ensure that your personal data receives the same level of protection as if it remained within the EU, including by entering into data transfer agreements using the European Commission approved Standard Contractual Clauses, or by relying on certification schemes such as the EU - US Privacy Shield. For transfers of personal data among NPD affiliates we have put in place European Commission approved Standard Contractual Clauses.
You have a right to obtain details of the mechanism under which your personal data is transferred outside of the EU by clicking here.
How do you protect my personal data?
NPD and its agents comply with their legal obligations, including their obligations under the GDPR, when applicable, by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorized access and disclosure and by employing physical, technical and administrative protections and procedures to help prevent unauthorized access to, disclosure, misuse, or loss of the data NPD collects on the App and through its surveys, in accordance with generally accepted, appropriate standards in the research industry. The data is stored on secure servers, and only specific, authorised employees of NPD, its agents and third parties have access to non-aggregated data. NPD employees work on password-protected computers and are subject to NPD's confidentiality and security policies and procedures. We update and test our security technology on an ongoing basis. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees' privacy responsibilities. If you have any questions concerning the steps taken by NPD to protect the security of the data you provide to us, please contact us. See How Do I Contact SnapMyEats? below.
Right to Correct or Update My Personal Data (Rectification)
You have the right to correct inaccurate personal information relating to you. If incorrect information is stored despite our efforts to ensure that data is accurate and up to date, we will correct it at your request. We also encourage our Members to keep their information as accurate and up-to-date as possible. To change your email address, mobile phone number, or make changes to the demographic and other profile information provided during the registration process, please click here.
Right to Access to Personal Data
You have the right to request access to the personal data held about you.
Right to Withdraw Consent
Where we process your personal data on the basis of your consent, you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
Right to Erasure
You have the right to have your personal data erased under specific circumstances, such as where you have withdrawn your consent, where you object to processing based on legitimate interests and we have no overriding legitimate grounds or where personal data is unlawfully processed.
Right to Data Portability
Where we are relying (as the legal basis for processing) upon your consent, or the fact that the processing is necessary to perform the App terms, and the personal data is processed by automatic means, you have the right to receive all such personal data which you have provided to NPD in a structured, commonly used and machine-readable format, and also to require us to transmit it to another controller where this is technically feasible.
Right to Object to Processing (Including Profiling) Based on Legitimate Interest Grounds
Where we are relying upon legitimate interests to process personal data, you have the right to object to that processing. If you object, we must stop that processing unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or we need to process the personal data for the establishment, exercise or defense of legal claims. Where we rely upon legitimate interest as a basis for processing we believe that we can demonstrate such compelling legitimate grounds, but we will consider each case on an individual basis.
Right to Object to Direct Marketing (Including Profiling)
You have the right to object to our use of your personal data (including profiling) for direct marketing purposes.
Right to Restriction
You may object to further processing of your personal data in the following circumstances:
where you object to the accuracy of your personal data, until we have taken sufficient steps to correct your personal information or verify its accuracy;
where the processing is unlawful but you do not want us to erase the personal data;
where NPD no longer needs your personal data for the purposes of the processing but you require such personal data for the establishment, exercise, or defense of a legal claim;
where you have objected to processing based on legitimate interest grounds, pending verification as to whether NPD has compelling legitimate grounds to continue processing;
Should your personal data be subject to restriction (which means that we will only store the data), we will only process restricted data with your consent or for the establishment, exercise or defense of legal claims.
Right to Lodge a Complaint
You have the right to lodge a complaint with the supervisory authority of your habitual residence, place of work or place of alleged infringement. The authority in the UK is the ICO.
To exercise your right of access or make a request concerning your personal data please contact us using the details provided below. We do not charge for this service but do require evidence of your identity. Once we have received evidence of your identity we will commence fulfillment of your request and respond within 30 calendar days.
How do I opt out?
Participation in our surveys is completely voluntary. You can elect to remove your email address or, if applicable, mobile phone number, from our mailing list at any time by clicking here.
We may send periodic promotional or informational emails to you. You may opt-out of such communications by following the opt-out instructions contained in the email. If you opt-out of receiving emails about recommendations or other information we think may interest you, we may still send you emails about your account or any services you have requested or received from us. Please note that it may take up to 10 business days for us to process opt-out requests.
How will you notify me if this notice changes?
If we decide to change our privacy notice, we will post those changes to this privacy notice, the App, or other places we deem appropriate so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. We reserve the right to modify this privacy notice at any time, so please review it frequently. If we make material changes to this notice that materially affect our practices with regard to the personal data we have previously collected from you, we will provide you with notice in advance of such change by pushing a notice to the App or sending you an email to the address you have provided.
How do I contact SnapMyEats? How do I exercise my rights?
If you have any questions about our privacy practices, this web site, your rights, or wish to exercise your rights described above, you can click here or contact:
900 West Shore Road
Port Washington, NY 11050