Privacy policy 

Revised date: July 07, 2020 


As the world around us grows more interconnected and technology-driven, protecting the proliferation of data that exists about each of us has become an important mission. Individuals expect companies to protect their personal information and to use and share such information in ways that are fair and ethical.

This Global Data Privacy Policy (the “Privacy Policy”) provides Information Resources, Inc. (“IRI”) and its subsidiaries (collectively, “IRI”, the “Company”, “we”, or “us”) a uniform process for governing the standards, procedures, and controls related to data privacy, while ensuring the proper implementation and maintenance of appropriate controls. This Privacy Policy applies to IRI, including all business units, departments, personnel, thirdparties and other service providers (non-employees) having a contractual arrangement with IRI that handle personal data.

Contact information

If you wish to contact us to exercise your data rights, or ask about our data processing, you may do so using the following methods:


Postal address:

iRI International headquarters
1 Arlington Square Downshire Way,
Bracknell Berkshire, RG12 1WA, UK

Legal Department - +1 312-474-8355, 
Privacy Office & Data Protection Officer - +1 312-474-2662,
Information Security Office - +1 312-474-2865,

If you’re based in the EU/EEA and wish to contact us via our GDPR Representative, DataRep, you may do so at: 

Sweden, DataRep, S:T Johannesgatan 2, 4th floor, Malmo, SE - 21146. Sweden 
Portugal, DataRep, Torre de Monsanto, Rua Afonso Praça 30, 7th floor, Alges, Lisbon, 1495-061, Portugal

Affiliated policies and procedures

IRI’s Global Code of Conduct

IRI’s Information Security Policy

IRI’s GDPR Privacy Notice

Various internal policies and procedures

Privacy by design

IRI assesses privacy implications while developing its products and services and incorporates appropriate privacy protections and data minimization techniques. IRI takes into account the privacy principles and regulations that may apply in a certain jurisdiction (for instance the GDPR in Europe) or by industry.

Basis for processing

In many jurisdictions organizations are required to establish a lawful basis for their use of personal data. IRI has established different lawful bases for different types of processing. In almost all cases, IRI’s basis for processing personal data will be Legitimate Interest, Performance of a Contract, or Consent.

Legitimate Interests. IRI may process personal data based on a legitimate interest in performing market research or other marketing services because the benefits of improving services to existing clients and offering services to new clients would likely outweigh the risk of any harm.

Performance of a contract. Many of IRI’s services are engaged in on the basis of a contract. IRI’s clients engage us contractually in order to perform analytics, offer access to data through our platforms, and to manage CRMs and panels on the client’s behalf.

IRI typically acts as a data processor, or service provider, to organisations known as data controllers. IRI relies on consent obtained by the data controller because it has a direct relationship with the individual and obtains consent.

Children's data

IRI is committed to complying with applicable laws regarding the collection of data about children.

Data Security

IRI has invested in and implemented a series of controls to ensure that personal information is maintained according to our overarching principles of confidentiality, integrity, and availability. Personal Information is housed in physically and electronically secure facilities with protections against intrusion. Protections include extensive physical security, multiple layers of firewalls, and intrusion detection at the network and host level. Additionally, systems, servers and networks are encrypted to prevent loss or unauthorized modification of data.