Introduction

As a provider of mystery shopper services, MSM Germany works with project data from individual clients, internal information, but also with the personal data of our mystery shoppers.

Because these data are so central for all our business areas, the management and all MSM employees attach the utmost priority to data protection and data security. All the data of our mystery shoppers are subject to high-quality data protection measures that are continuously reviewed for their security. The trust of our mystery shoppers is of fundamental importance for us.

MSM Germany implements modern technical and organisational measures to protect the data we manage against manipulation, loss, destruction and access by unauthorised persons. Our security measures are continuously improved in line with technological progress. Below you will find a list of the measures taken by MSM Germany to protect your personal data (in accordance with the GDPR).

What are personal data?

‘Personal data’ means any information relating to a specific natural person. This person can be identified directly or indirectly by means of an attribute, which could be a name, an identification number, location data or a registration name / account. It can also include information on the physical, economic, cultural or social attributes of a natural person. Data that has been anonymised or amalgamated and can no longer be used to identify a particular person does not count as personal data, whether or not this is in combination with other data or in other ways. If you work together with MSM Germany we will collect your personal data in different places and for various purposes.

What data does MSM collect?

In your mystery shopper profile, MSM Germany collects personal data for recruitment, administration and paying you for your checks.

For participation in test purchases, we record your full name, date of birth, gender, home address, email, phone numbers and your occupation. When we are awarding particular test purchase projects we might collect additional information on your marital status, children, physical characteristics (e.g. clothes size), hobbies, photo, proof of identity, model of car or existing agreements (e.g. phone providers).

For settling your remuneration, we need your bank account details and if applicable your VAT number.

As soon as you visit our websites, apps or news functions, or interact with them, we can use cookies and other similar technologies to offer you a better, faster and more secure user experience. Data such as your IP address and the browser used are also logged.

How does MSM use your data?

Your personal data are used exclusively for specific purposes. This means that all the data we collect from you will be exclusively used for a stated purpose:

- We need your name and address for administration and recruitment

- We need your contact details for contacting you

- We need characteristics such as your age, occupation etc. for allocating a suitable test purchase

- We need your contact details for paying you for your test purchases

We use your personal data to pursue our legitimate interests insofar as your rights and freedoms do not override this. We have introduced corresponding control mechanisms to reconcile our interests with your rights. On this basis we use your data for the following steps:

- Contacting you by email or phone, e.g. to offer you assignments, collect recruitment information, ask questions about your test purchases

- Monitoring web platforms

- Identification

Does MSM pass your data on?

MSM uses your mystery shopper profile internally for administration, accounting, allocating test purchases and quality assurance.

Data can be passed on to our clients in categorised form (metadata) (for example: 40 test buyers live within a radius of 100 km). It is not possible for specific conclusions to be drawn as to your identity.

It can also be necessary during the test purchase process for us to pass on your basic data (name, date of birth, gender, place of residence or occupation) to the clients involved.

If you have queries during a test purchase, your communication partner is MSM. We will not pass your contact details on.

If personal data are collected within a test purchase (e.g. model of car or shoe size), these data can be processed during quality assurance and in customer reports.

How does MSM protect your personal data?

Your personal data are hosted on MSM’s own systems and servers in Münster (North Rhine-Westphalia, Germany). The computing centre has ISO-27001, ISO-9001, ISO-20000-1 and TÜViT Trusted Site certification. Your personal data are protected by suitable technical and organisational security measures in order to minimise risks in connection with loss, misuse, unauthorised access and unauthorised transmission and modification. For this for example we use firewalls and data encryption, but also physical access restrictions for our computing centres and authorisation controls for data access. In this way only MSM employees who are authorised to do so can access your personal data. All these MSM employees are trained and made aware of the subject of data protection. Customers or partner agencies cannot access your personal data or MSM systems.

How long does MSM retain your personal data?

MSM will store your personal data for as long as you work together with MSM. If you have your account with us deleted, we will delete your personal data and anonymised references to the collected data. Statutory retention periods apply within the context of the retention times required by the legislator.

Can you find out what personal data MSM has stored?

Simply ask us. We respect your legal right to information, correction and deletion or restriction of the use of your personal data. We also take steps to ensure that the personal data we have collected are correct and up to date.

You have the right to find out what personal data about you we store. On request we will provide you with a copy of your personal data in electronic and machine-readable format. If your personal data are incorrect or incomplete, you have the right to request that we correct or complete them accordingly.

Can MSM delete personal data?

You have the right at any time to object to the processing of your personal data by MSM Germany. You can also ask us to delete your personal data or restrict their use. In this case we will delete your personal data from your test customer profile and the anonymised test purchases you have undertaken. Please note that your account will also be deleted so you will not be able to accept or undertake any further orders via MSM.

Name and address of the controller

MSM Germany GmbH

An der Alten Ziegelei 32

D-48157 Münster

gdpr@msm-group.com

Name and address of the data protection officer

Sebastian Heining-Boes

MdatIQs Data Solutions GmbH

An der Alten Ziegelei 32

DE-48157 Münster

gdpr@msm-group.com