Whether or not you participate in a Survey is always voluntarily decided solely by you.
We conduct such Surveys via certain third party service providers (each a “Survey Provider” and jointly “Survey Providers”).
This Policy may be amended or updated from time to time to reflect changes in our practices with respect to the Processing of Personal Data, Personal Information or changes in applicable law. We encourage you to read this Policy carefully, and to regularly check this page to review any changes we might make in accordance with the terms of this Policy.
You may also have certain rights regarding the information we collect about you. Specifically, the rights of Data Subjects under the UK GDPR are explained in Section (N) below.
Intended Audience: The Surveys are not directed to children under the age of 13. As a result, we do not request or knowingly collect personal information from individuals under the age of 13. If you are not 13 or older, you should not take part in any Surveys.
This Policy was last updated on October 17th, 2022.
b.Collection of Personal Data
Collection of Personal Data: With respect to the Surveys, we collect or obtain Personal Data about you when those data are provided to us by either of the Survey Providers which we use to conduct the Surveys.
c.Categories of Personal Data we process
We process the data that you enter when completing a Survey, which may include the following categories of Personal Data about you:
Personal details:given name(s); preferred name
Demographic information: gender; date of birth / age; nationality/district; language preferences; income; education; occupation; marital status
Contact details: address; shipping address; telephone number; email address; online messaging details; and social media details
Consent records: records of any consents you have given, together with the date and time, means of consent and any related information (e.g., the subject matter of the consent)
Purchase information: information on past and future purchases; shopping habits
Views and opinions: any comments, views and opinions that you choose to send to us via any of the Surveys (i.a. on products, general product concepts, advertising, services or sites).
Furthermore, when using the services of SurveyMonkey as a Survey Provider (see (E)), we obtain and process your IP address collected via SurveyMonkey.
d.Purposes of Processing and legal bases for Processing
The purposes for which we Process Personal Data as described under (C), subject to applicable law, and the legal bases on which we perform such Processing (“Purposes”), are as follows:
1. Processing the data that you enter when completing a Survey:
Purposes: We process these data in order to obtain insights into consumer demands and preferences. The information given will be used for market assessment and for considerations within product development, consumer targeting and analysing advertisement strategies. Furthermore, the Processing of the data serves to reach out to you for interviews/beta testing, and keep you updated on products or other participation in research activities /surveys conducted by Anker.
Legal bases: We have obtained your prior consent to the Processing (this legal basis is only used in relation to Processing that is entirely voluntary – it is not used for Processing that is necessary or obligatory in any way). Furthermore, the Processing is also based on legitimate interests according to UK GDPR.
2. Processing your IP address:
Purposes: We process your IP address collected via SurveyMonkey (see below under (E)) which is thereafter submitted to us in order to provide Surveys via such Survey Provider. We further process your IP address in connection with the Survey data in order to evaluate additional data levels (e.g. filtering survey responses based on the geographic position) within a market assessment.
Legal bases: The Processing is based on legitimate interests according to UK GDPR.
For the conduction of Surveys, we use the following Survey Providers respectively:
- Google Forms. For conducting some of the Surveys, we use services provided by Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland (“Google Forms”). Google Forms stores a Cookie on your device which contains a unique idenficiation (NID Cookie). This Cookie stores a wide range of information, including, for example your language settings. We have no control over the amount of data collected by Google Forms, unless the data entered by you within the course of completing a Survey is concerned. The latter data are processed by Google Forms as a processor on behalf of us. We have therefore concluded a data processing agreement with Google Forms. For more information, please see:
f.Processing of Personal Data by Survey Providers outside the UK
SurveyMonkey and also Google Forms process Personal Data also on servers located in the USA. With regard to the USA, no adequacy decision exists, according to which the USA would be considered as a third country with an adequate level of data protection.
As a legal basis for the data transfer by SurveyMonkey to the USA, SurveyMonkey uses the Standard Contractual Clauses that are approved by the EU Commission (Article 46 (2) (c) GDPR) with decision (EU) 2021/915. For more information, please see:
Google Forms also uses the Standard Contractual Clauses as legal basis for data transfers to the USA. For more information, please see:
g.International transfer of Personal Data within the Anker group
Because of the international nature of our business, we transfer Personal Data within the Anker group in connection with the Purposes set out in this Policy. For this reason, we transfer Personal Data to other countries that may have different laws and data protection compliance requirements to those that apply in the country in which you are located, including China, the EU, the UK, and the US.
If an exemption or derogation applies (e.g., where a transfer is necessary to establish, exercise or defend a legal claim) we may rely on that exemption or derogation, as appropriate. Where no exemption or derogation applies, and we transfer your Personal Data from the UK to recipients located outside the UK (as applicable) who are not in Adequate Jurisdictions, we do so on the basis of Standard Contractual Clauses. You are entitled to request a copy of our Standard Contractual Clauses using the contact details provided in Section (M) below.
Please note that when you transfer any Personal Data directly to any Anker entity established outside the UK (as applicable), we are not responsible for that transfer of your Personal Data. We will nevertheless Process your Personal Data, from the point at which we receive those data, in accordance with the provisions of this Policy.
We have implemented appropriate technical and organisational security measures designed to protect your Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access, and other unlawful or unauthorised forms of Processing, in accordance with applicable law.
Because the internet is an open system, the transmission of information via the internet is not completely secure. Although we will implement all reasonable measures to protect your Personal Data, we cannot guarantee the security of your data transmitted to us using the internet – any such transmission is at your own risk and you are responsible for ensuring that any Personal Data that you send to us are sent securely.
We take every reasonable step to ensure that:
- your Personal Data that we Process are accurate and, where necessary, kept up to date; and
- any of your Personal Data that we Process that are inaccurate (having regard to the purposes for which they are Processed) are erased or rectified without delay.
We take every reasonable step to ensure that your Personal Data are only Processed for the minimum period necessary for the purposes set out in this Policy. The criteria for determining the duration for which we will retain your Personal Data are as follows:
(1) we will retain Personal Data in a form that permits identification only for as long as:
your Personal Data are necessary in connection with the lawful Purposes set out in this Policy, for which we have a valid legal basis,
(2) the duration of:
(a) any applicable limitation period under applicable law (i.e., any period during which any person could bring a legal claim against us in connection with your Personal Data, or to which your Personal Data are relevant); and
(b) an additional two (2) month period following the end of such applicable limitation period (so that, if a person brings a claim at the end of the limitation period, we are still afforded a reasonable amount of time in which to identify any Personal Data that are relevant to that claim),
(3) in addition, if any relevant legal claims are brought, we continue to Process Personal Data for such additional periods as are necessary in connection with that claim.
During the periods noted in paragraphs(2)(a) and(2)(b) above, we will restrict our Processing of your Personal Data to storage of, and maintaining the security of, those data, except to the extent that those data need to be reviewed in connection with any legal claim, or any obligation under applicable law.
Once the periods in paragraphs (1),(2) and(3) above, each to the extent applicable, have concluded, we will either:
- permanently delete or destroy the Relevant Personal Data; or
- anonymize the Relevant Personal Data.
k.Your legal rights
Subject to applicable law, you may have the following rights regarding the Processing of your Personal Data:
- the right to request access to, or copies of, your Relevant Personal Data, together with information regarding the nature, Processing and disclosure of those Relevant Personal Data;
- the right to request rectification of any inaccuracies in your Relevant Personal Data;
- the right to request, on legitimate grounds:
- erasure of your Relevant Personal Data; or
- restriction of Processing of your Relevant Personal Data;
- the right to have certain Relevant Personal Data transferred to another Controller, in a structured, commonly used and machine-readable format, to the extent applicable;
- where we Process your Relevant Personal Data on the basis of your consent, the right to withdraw that consent (noting that such withdrawal does not affect the lawfulness of any Processing performed prior to the date on which we receive notice of such withdrawal, and does not prevent the Processing of your Personal Data in reliance upon any other available legal bases); and
- the right to lodge complaints regarding the Processing of your Relevant Personal Data with a Data Protection Authority.
Subject to applicable law, you may also have the following additional rights regarding the Processing of your Relevant Personal Data:
- the right to object, on grounds relating to your particular situation, to the Processing of your Relevant Personal Data by us or on our behalf, where such processing is based on public interest or legitimate interests of the UK GDPR; and
- the right to object to the Processing of your Relevant Personal Data by us or on our behalf for direct marketing purposes.
This does not affect your other statutory rights.
To exercise one or more of these rights, or to ask a question about these rights or any other provision of this Policy, or about our Processing of your Personal Data, please use the contact details provided in Section (M) below. Please note that:
- in some cases it will be necessary to provide evidence of your identity before we can give effect to these rights; and
- where your request requires the establishment of additional facts (e.g., a determination of whether any Processing is non-compliant with applicable law) we will investigate your request reasonably promptly, before deciding what action to take.
We have appointed support team to be its representative the purposes of the UK GDPR, where applicable.
If you have questions or concerns with respect to our Policy, you may contact us at firstname.lastname@example.org.
- “Cookie” means a small file that is placed on your device when you visit a website. In this Policy, a reference to a “Cookie” includes analogous technologies such as web beacons and clear GIFs.
- “Controller ” means the entity that decides how and why Personal Data are Processed. In many jurisdictions, the Controller has primary responsibility for complying with applicable data protection laws.
- “Data Protection Authority” means an independent public authority that is legally tasked with overseeing compliance with applicable data protection laws named Information Commissioner’ Office.
- “UK GDPR” means the UK General Data Protection Regulations.
- “Personal Data” means information that is about any individual, or from which any individual is directly or indirectly identifiable, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.
- “Process”, “Processing” or “Processed ” means anything that is done with any Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- “Processor” means any person or entity that Processes Personal Data on behalf of the Controller (other than employees of the Controller).
- “Relevant Personal Data ” means Personal Data in respect of which we are the Controller.
- “Standard Contractual Clauses” means template transfer clauses adopted by the European Commission or adopted by a Data Protection Authority and approved by the European Commission.