Effective Date: May 20th, 2018
Last Revised: May 20th, 2018
1. Introduction and definitions
Brainactive Pte Ltd, a company registered at 30 Petain Rd, 208099 Singapore, hereinafter referred to as “BrainActive“, “we“, “our“, “us” or the “company“, builds and manages online communities made of people who agree to fill out surveys and share opinions on products, services, politics and other topics in exchange for monetary rewards. These communities include individuals from around the world and will further be referred to as “online panels“, “online panel“, “panels” or “panel“.
“You“, “your“, “yours” and “yourself” refer to you as an individual and member of our online panel.
The software that we use to manage our panels will be further referred to as “platform“.
By registering on our platform you become a member of our online panel and, as a consequence, you will be required to provide some personal data to us. Your membership in our panels makes you eligible for participating in our opinion surveys, however your participation is voluntary.
The email address of our Data Protection Officer is firstname.lastname@example.org.
If you are not happy with the way we collect and use your data, we would be grateful if you would contact us first when you have a complaint so that we can try to resolve it.
It is very important that the information we hold about you is accurate and up to date. Please let us know whenever your personal information changes by sending us an email at email@example.com.
We require your explicit consent for processing sensitive data.
2. How we use your personal data
We will only use your personal data when we are legally permitted. The most common uses of your personal data are:
(a) where we need to perform the relation between us (becoming a member of our platform, participating in our opinion surveys and sharing your data with the clients who ordered the opinion surveys that we conduct).
(b) where it is necessary for our legitimate interests (or those of a third party) and when your interests and fundamental rights do not override those interests.
(c) where we need to comply with a legal or regulatory obligation.
Generally, we do not rely on consent as a legal ground for processing your personal data. It is the essence of our collaboration that by registering into our panel we are allowed to process your personal data. It is possible that sometimes you provide us with sensitive data about you. Sensitive data refers to information that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data (e.g. tracking your eye movements or facial coding). The reason you may choose to provide us with any of the above information is to give your consent to include you in a wider range of opinion surveys, so that you can generate higher rewards. We do not collect any information about criminal convictions and offences. When processing your sensitive data, we will rely on your consent.
At any time you have the right to opt-out from our collaboration or only to withdraw your consent for processing your sensitive data by sending us an email at firstname.lastname@example.org.
3. Purposes for processing your personal data
Below you can find a description of the ways we intend to use your personal data and the legal grounds on which we will process such data. We have also explained what our legitimate interests are.
We may process your personal data for more than one lawful ground, depending on the specific purpose for which we are using your data. Please email us at email@example.com if you need details about the specific legal ground we are relying on to process your personal data in those cases where more than one legal ground has been mentioned in the table below.
Type of data
Lawful basis for processing
To register you as a new member of our online panel
(d) Email address
Performing the relation with you – registering as a member of our panel.
To process and deliver your incentives:
(a) Manage payments and fees
(b) Contact data
(c) Financial data
(a) Performing the relation with You
(b) Necessary for our legitimate interests to recover payments delivered to you in lack of a grounded reason
To manage our relationship with you which will include:
(b) Asking you to leave a review or fill out a survey
(b) Contact data
(d) Marketing and Communications
(a) Performing the relation with you
(b) Necessary when we must comply with a legal obligation
(c) Necessary for us to keep our records updated and to study how our products/services are used
To administer and protect our business and our site (including fixing any technical issue, data analysis, testing, system maintenance, support, reporting and hosting of data)
(b) Contact data
(c) Technical data
(a) Necessary for our legitimate interests of running our business, providing administration and IT services, network security, preventing fraud and in the context of a business reorganization or a group restructuring exercise
(b) Necessary when we must comply with a legal obligation
To use data analytics to improve our website, our products/services, marketing, customer relationships and experiences
(a) Technical data
(b) Usage data
Necessary for our legitimate interests to define types of customers for our products and services, to keep our site updated and relevant, to develop our business and to implement our marketing strategy
To make suggestions and recommendations to you about goods or services that may be of interest to you
(b) Contact data
(c) Technical data
(d) Usage data
Necessary for our legitimate interests to develop our products/services and grow our business
To share your contact details with our sub-contractors so that you can directly participate to their surveys
(a) Contact data
Necessary for your participation to polls directly conducted by our sub-contractors
4. Email communication
You will receive email communications from us:
(a) when we invite you to participate in a survey;
(b) when we provide you relevant information regarding the functioning of our platform (e.g. public holidays, changes about our Terms and Conditions, payments related information etc.).
We will ask for your express consent before we start sending you marketing emails (other than relevant information based on our collaboration) or before sharing your personal data with any third party for marketing purposes.
5. Disclosures of your personal data
We might have to share your personal data with the parties mentioned below for the purposes detailed in the table above:
(a) service providers who offer IT and system administration services.
(b) professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, insurance and accounting services.
(c) tax authorities, regulators and other similar institutions based in Singapore as well as in other relevant jurisdictions who require reporting of data processing activities in certain circumstances.
(d) third parties to whom we sell or transfer or with whom we merge parts of our business or our assets, or to contractors for your participation in detailed surveys.
We require all third parties that receive your data to respect the security of your personal data and to treat it in accordance with the law. Such third parties are allowed to process your personal data for the specified purposes only and in accordance with our instructions.
When participating to certain surveys, you may be asked if you want some of your personal data to be shared with the beneficiaries of the surveys that we conduct, so that you can participate to the next stages of these surveys. We will share your personal data only if you consent to such actions.
6. International transfers
We share your personal data within a group of companies, which involves transferring your data outside the European Economic Area (EEA).
Countries outside of the European Economic Area (EEA) do not always offer the same levels of protection to your personal data, so European law has prohibited transfers of personal data outside of the EEA unless the transfer meets certain criteria.
Many of our third parties service providers are located outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA.
Whenever we transfer your personal data outside the EEA, we do our best to ensure a similar degree of security of data by implementing at least one of the following safeguards:
(a) we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission; or
(b) where we use certain service providers, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe; or
(c) where we use providers based in the United States, we may transfer data to them if they are part of the EU – US Privacy Shield, which requires them to provide similar protection to personal data shared between the Europe and the US.
If none of the above safeguards is available, we may request your explicit consent to the specific personal data transfer. You have the right to withdraw your consent at any time by sending us an email at firstname.lastname@example.org. Also, please email us at email@example.com if you want further information on the specific mechanism we use when we transfer your personal data outside the EEA.
7. Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, their unauthorised usage or access, as well as their altering or disclosing. In addition, we limit access to your personal data to those employees, agents, sub-contractors and other third parties who have a specific need to know such data. They will only process your personal data based on our instructions and they are subject to a duty of confidentiality.
Moreover, we have put in place procedures to deal with any possible personal data breach; we will inform you about a data breach and we will also notify any applicable regulator where we are legally required to do so.
8. Data retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we take into account the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and the possibility to achieve those purposes through other means, as well as the applicable legal requirements.
By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for 10 years after they cease being customers for tax purposes.
You can ask us to delete your data: please see more information at point 9 below.
Also, we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without a further notice to you.
9. Your legal rights
Under certain circumstances, you have rights in relation to your personal data under data protection laws. In short, you have the right to:
(a) request the access to your personal data.
(b) request the correction of your personal data.
(c) request the erasure of your personal data.
(d) refuse the processing of your personal data.
(e) request the restriction of processing your personal data.
(f) request the transfer of your personal data.
(g) withdraw your consent.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to any legitimate request within one month from receiving it. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.