Revised date: July 07, 2020
As the world around us grows more interconnected and technology-driven, protecting the proliferation of data that exists about each of us has become an important mission. Individuals expect companies to protect their personal information and to use and share such information in ways that are fair and ethical.
Any questions concerning the material presented in this document can be addressed to the contacts listed below. General inquiries may also be submitted through the IRI privacy inbox, which can be found at Privacy@IRIworldwide.com
Legal Department - +1 312-474-8355, General.Counsel@IRIWorldWide.com
Privacy Office & Data Protection Officer - +1 312-474-2662, Privacy@IRIworldwide.com
Information Security Office - +1 312-474-2865, InfoSecTeam@IRIWorldWide.com
Affiliated policies and procedures
IRI’s Global Code of Conduct
IRI’s Information Security Policy
IRI’s GDPR Privacy Notice
Various internal policies and procedures
Privacy by design
IRI assesses privacy implications while developing its products and services and incorporates appropriate privacy protections and data minimization techniques. IRI takes into account the privacy principles and regulations that may apply in a certain jurisdiction (for instance the GDPR in Europe) or by industry.
Basis for processing
In many jurisdictions organizations are required to establish a lawful basis for their use of personal data. IRI has established different lawful bases for different types of processing. In almost all cases, IRI’s basis for processing personal data will be Legitimate Interest, Performance of a Contract, or Consent.
Legitimate Interests. IRI may process personal data based on a legitimate interest in performing market research or other marketing services because the benefits of improving services to existing clients and offering services to new clients would likely outweigh the risk of any harm.
Performance of a contract. Many of IRI’s services are engaged in on the basis of a contract. IRI’s clients engage us contractually in order to perform analytics, offer access to data through our platforms, and to manage CRMs and panels on the client’s behalf.
IRI typically acts as a data processor, or service provider, to organisations known as data controllers. IRI relies on consent obtained by the data controller because it has a direct relationship with the individual and obtains consent.
IRI is committed to complying with applicable laws regarding the collection of data about children.
IRI has invested in and implemented a series of controls to ensure that personal information is maintained according to our overarching principles of confidentiality, integrity, and availability. Personal Information is housed in physically and electronically secure facilities with protections against intrusion. Protections include extensive physical security, multiple layers of firewalls, and intrusion detection at the network and host level. Additionally, systems, servers and networks are encrypted to prevent loss or unauthorized modification of data.