Data privacy statement for our mystery shoppers
As a provider of mystery shopper
services, MSM Germany works with project data from individual clients, internal
information, but also with the personal data of our mystery shoppers.
Because these data are so central
for all our business areas, the management and all MSM employees attach the
utmost priority to data protection and data security. All the data of our
mystery shoppers are subject to high-quality data protection measures that are
continuously reviewed for their security. The trust of our mystery shoppers is
of fundamental importance for us.
MSM Germany implements modern
technical and organisational measures to protect the data we manage against
manipulation, loss, destruction and access by unauthorised persons. Our
security measures are continuously improved in line with technological
progress. Below you will find a list of the measures taken by MSM Germany to
protect your personal data (in accordance with the GDPR).
What are personal data?
‘Personal data’ means any information relating
to a specific natural person. This person can be identified directly or
indirectly by means of an attribute, which could be a name, an identification
number, location data or a registration name / account. It can also include
information on the physical, economic, cultural or social attributes of a
natural person. Data that has been anonymised or amalgamated and can no longer
be used to identify a particular person does not count as personal data,
whether or not this is in combination with other data or in other ways. If you
work together with MSM Germany we will collect your personal data in different
places and for various purposes.
What data does MSM collect?
In your mystery shopper profile, MSM
Germany collects personal data for recruitment, administration and paying you
for your checks.
For participation in test purchases,
we record your full name, date of birth, gender, home address, email, phone
numbers and your occupation. When we are awarding particular test purchase
projects we might collect additional information on your marital status,
children, physical characteristics (e.g. clothes size), hobbies, photo, proof of
identity, model of car or existing agreements (e.g. phone providers).
For settling your remuneration, we
need your bank account details and if applicable your VAT number.
As soon as you visit our websites,
similar technologies to offer you a better, faster and more secure user
experience. Data such as your IP address and the browser used are also logged.
How does MSM use your data?
Your personal data are used exclusively for specific
purposes. This means that all the data we collect from you will be exclusively
used for a stated purpose:
We need your name and address for administration and recruitment
We need your contact details for contacting you
We need characteristics such as your age, occupation etc. for allocating a
suitable test purchase
We need your contact details for paying you for your test purchases
We use your personal data to pursue our
legitimate interests insofar as your rights and freedoms do not override this. We
have introduced corresponding control mechanisms to reconcile our interests
with your rights. On this basis we use your data for the following steps:
Contacting you by email or phone, e.g. to offer you assignments, collect
recruitment information, ask questions about your test purchases
Monitoring web platforms
Does MSM pass your data on?
MSM uses your mystery shopper profile
internally for administration, accounting, allocating test purchases and
Data can be passed on to our clients in
categorised form (metadata) (for example: 40 test buyers live within a radius
of 100 km). It is not possible for specific conclusions to be drawn as to your
It can also be necessary during the test
purchase process for us to pass on your basic data (name, date of birth,
gender, place of residence or occupation) to the clients involved.
If you have queries during a test purchase,
your communication partner is MSM. We will not pass your contact details on.
If personal data are collected within a test
purchase (e.g. model of car or shoe size), these data can be processed during
quality assurance and in customer reports.
How does MSM protect your personal
Your personal data are hosted on MSM’s own
systems and servers in Münster (North Rhine-Westphalia, Germany). The computing
centre has ISO-27001, ISO-9001, ISO-20000-1 and TÜViT Trusted Site
certification. Your personal data are protected by suitable technical and
organisational security measures in order to minimise risks in connection with
loss, misuse, unauthorised access and unauthorised transmission and
modification. For this for example we use firewalls and data encryption, but
also physical access restrictions for our computing centres and authorisation
controls for data access. In this way only MSM employees who are authorised to
do so can access your personal data. All these MSM employees are trained and
made aware of the subject of data protection. Customers or partner agencies
cannot access your personal data or MSM systems.
How long does MSM retain your
MSM will store your personal data for as long
as you work together with MSM. If you have your account with us deleted, we
will delete your personal data and anonymised references to the collected data.
Statutory retention periods apply within the context of the retention times
required by the legislator.
Can you find out what personal data
MSM has stored?
Simply ask us. We respect your legal right to
information, correction and deletion or restriction of the use of your personal
data. We also take steps to ensure that the personal data we have collected are
correct and up to date.
You have the right to find out what personal
data about you we store. On request we will provide you with a copy of your
personal data in electronic and machine-readable format. If your personal data
are incorrect or incomplete, you have the right to request that we correct or
complete them accordingly.
Can MSM delete personal data?
You have the right at any time to object to the
processing of your personal data by MSM Germany. You can also ask us to delete
your personal data or restrict their use. In this case we will delete your
personal data from your test customer profile and the anonymised test purchases
you have undertaken. Please note that your account will also be deleted so you
will not be able to accept or undertake any further orders via MSM.
address of the controller
MSM Germany GmbH
An der Alten Ziegelei 32
address of the data protection officer
MdatIQs Data Solutions GmbH
An der Alten Ziegelei