Last updated on 21 February 2022
This application is provided by NIPO Software B.V. (NIPO) which, as described in the table below, when collecting data on behalf of its customer (the Market Research Company who engaged the User to conduct the research through the CAPI App, who acts as the data controller) acts as data processor.
As further described in the table below, NIPO also collects usage and performance data for its own purposes; in this case NIPO acts as data controller. In the table a clear distinction is made between those cases where NIPO acts as the data processor and other cases where NIPO is the data controller. This distinction is relevant in case the User wishes to exercise any of its rights under GDPR, CCPA and other privacy laws.
This privacy policy explains how we collect, store and otherwise process any personal information related to User’s use of this App. In this policy we often refer to ‘personal data’, by this we mean any information which relates to and can be used to identify a natural (living) person, and/or a specific household, if you are located in California.
At NIPO we find the confidentiality and integrity of User data very important. That is why NIPO complies with California Consumer Privacy Act (CCPA) and the EU General Data Protection Regulation (GDPR), and is certified for the ISO 27001:2013 data security standard.
Data Collection, Use of Data and Legal Basis
| Data collected/ processed | Purpose | Source | Legal Basis | Data Controller |
|---|---|---|---|---|
| Location data |
|
We collect this data on behalf of the data controller directly from User’s usage of the App. |
Contractual basis – The data controller needs this data in order to verify the correct performance of the contract with the App User. Legitimate interests – the data controller has a legitimate interest in protecting his business against fraud or other prohibited behaviour. |
Market Research Company who engaged the User to conduct the research through the CAPI App. To request access to her/his data, or for the satisfaction of the other rights offered by GDPR, the User shall contact directly the Market Research Company. |
| Photos and videos |
|
We collect this data on behalf of the data controller directly from User’s usage of the App. | Contractual basis – The data controller needs this data in order to verify the correct performance of the contract with the App User. Legitimate interest – The data controller has a legitimate interest in verifying the correct performance of the assignment. |
Market Research Company who engaged the User to conduct the research through the CAPI App. To request access to her/his data, or for the satisfaction of the other rights offered by GDPR, the User shall contact directly the Market Research Company. |
| Audio recordings |
|
We collect this data on behalf of the data controller directly from User’s usage of the App. | Contractual basis – The data controller needs this data in order to verify the correct performance of the contract with the App User. Legitimate interests – the data controller has a legitimate interest in protecting his business against fraud or other prohibited behaviour. |
Market Research Company who engaged the User to conduct the research through the CAPI App. To request access to her/his data, or for the satisfaction of the other rights offered by GDPR, the User shall contact directly the Market Research Company. |
| App info and performance |
|
We collect this data directly from User’s usage of the App. | NIPO legitimate interest in receiving information on the app usage and/or performance. | NIPO. |
| App activity |
|
We collect this data directly from User’s usage of the App. | NIPO legitimate interest in receiving information on the app usage and/or performance. | NIPO. |
| Device identifiers |
|
We collect this data directly from User’s usage of the App. | NIPO legitimate interest in receiving information on the app usage and/or performance. | NIPO. |
| Crash logs |
|
We collect this data directly from User’s usage of the App. | NIPO legitimate interest in receiving information on the app usage and/or performance. | NIPO. |
N.B.The data described above is never processed by NIPO in connection to a strong personal identifier like contact details (name, last name, etc.) or email addresses.
Third Parties
NIPO collects and processes personal data through the App for the purposes described above, on behalf of the Market Research Company who engaged the User, which Company acts therefore as the Data Controller for the purposes of GDPR.
NIPO does not share or sell User’s personal data to any third parties.
NIPO may share exclusively Analytics data with Microsoft Trust Center for the purpose of improving the App; in such case the data shared is fully anonymized before any sharing takes place.
Data transfers
Personal data from EU citizens is collected and processed as described in the table above exclusively on the NIPO infrastructure, fully hosted within the European Union.
NIPO will not transfer personal data from European Users outside of the European Union.
Security Measures
NIPO has appropriate technological and organizational measures in place to protect User’s personal data and take all reasonable steps to ensure User’s personal data is processed securely. All information collected is processed and stored in secure servers and environments using only reputable suppliers. NIPO is certified for the ISO 27001:2013 data security standard.
GDPR Rights
With regards to the processing of User’s personal data, NIPO acts as the data processor on behalf of the Market Research Company who engages the User. This means that, to request access to her/his data, or for the satisfaction of the other rights offered by GDPR, the User shall contact directly the Market Research Company. NIPO will facilitate the exercise of any personal right.
User has the following rights in relation to her/his personal data:
- Right to access your personal data.
- Right to rectify your personal data.
- Right to erase your personal data from our systems.
- Right to port your personal data (portability right).
- Right to restrict processing of your personal data.
- Right to object to the processing of your personal data.
How to Contact Us
In case User has any queries or requests relating to this privacy policy, User can always submit its request to the following email address: privacy@nipo.com.
For the avoidance of doubt, to request access to her/his data, or for the satisfaction of the other rights offered by GDPR, the User shall always contact directly the Market Research Company who engaged the User for the assignment, which for the purposes of GDPR is the data controller.