This Privacy Policy applies to all personal data processed by Veritolytics in connection with its market research, panel management, survey programming, and data analytics services. By engaging with our services or participating in our panel, you acknowledge the terms of this policy.
Data Controller Information
The data controller responsible for your personal data is:
Scope & Application
This Privacy Policy applies to personal data processed by Veritolytics in relation to the following categories of individuals:
- Survey Panelists & Research Participants — individuals who register on our proprietary panel (Veritopinion.com) and participate in market research surveys.
- Client Contacts — employees, representatives, and authorised personnel of organisations that engage Veritolytics for research services.
- Website Visitors — individuals who access veritolytics.com or any associated digital properties operated by Veritolytics.
- Prospective Clients & Partners — individuals who submit enquiries, request quotations, or interact with Veritolytics for business development purposes.
This policy is governed by the EU General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), the UK GDPR (as incorporated into UK law by the European Union (Withdrawal) Act 2018), and applicable national data protection legislation. Where Veritolytics processes data on behalf of clients, separate data processing agreements govern those arrangements under Article 28 GDPR.
Data We Collect
The categories of personal data we collect depend on your relationship with Veritolytics.
3.1 Panel Members & Survey Respondents
- Identity data: name, age, date of birth, gender
- Contact data: email address, telephone number
- Demographic data: household composition, income band, education level, employment status, occupation, geographic region
- Behavioural & attitudinal data: survey responses and opinions provided during research participation
- Profile data: product usage habits, media consumption, health conditions (where expressly consented to for healthcare research)
- Technical data: device type, IP address (anonymised), browser type, survey completion metadata
3.2 Client Contacts
- Identity & contact data: name, job title, business email, telephone number
- Company data: organisation name, industry, company size
- Transaction data: project history, invoicing records, contractual correspondence
- Communication data: email exchanges, meeting notes, brief documents
3.3 Website Visitors
- Technical data: IP address, browser type and version, pages visited, time spent, referral source
- Cookie data: as detailed in Section 10 of this policy
Veritolytics processes special category data (including health and medical information for healthcare research) only where explicit written consent has been obtained from the data subject, in accordance with Article 9(2)(a) GDPR. Such data is subject to enhanced security controls and stricter retention limitations.
Legal Basis for Processing
In accordance with Article 6 GDPR, Veritolytics relies on the following lawful bases for the processing of personal data:
Consent Art. 6(1)(a)
For the recruitment and participation of panelists in market research surveys, and for the processing of special category data (e.g., health information). Consent is freely given, specific, informed, and unambiguous. Panelists may withdraw consent at any time.
Contract Art. 6(1)(b)
For the processing of client contact data necessary to perform our contractual obligations — including project management, data delivery, invoicing, and client communications.
Legal Obligation Art. 6(1)(c)
Where processing is required to comply with applicable laws and regulations, including financial record-keeping obligations, anti-money laundering requirements, and regulatory reporting.
Legitimate Interests Art. 6(1)(f)
For business development communications with existing clients and prospective research partners, website analytics, and internal fraud prevention — where such interests are not overridden by the rights and freedoms of data subjects.
How We Use Your Data
We process personal data only for the purposes for which it was collected. The primary purposes include:
In accordance with Article 5(1)(c) GDPR, Veritolytics collects only the minimum personal data necessary for each specific processing purpose. Survey screening questions are designed to qualify respondents without collecting superfluous personal information.
Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, subject to applicable legal retention obligations. Our standard retention periods are as follows:
Upon expiry of the applicable retention period, personal data is securely deleted or irreversibly anonymised. Panelists may request early deletion of their profile data at any time (see Section 7).
Your Rights Under GDPR
Under Chapters III of the GDPR (Articles 12–22), data subjects whose personal data is processed by Veritolytics have the following rights. All requests may be submitted to business@veritolytics.com and will be responded to within 30 calendar days.
Right of Access Art. 15
You have the right to obtain confirmation of whether we process your personal data and to receive a copy of that data, along with information about the processing purposes, categories, recipients, and retention periods.
Right to Rectification Art. 16
You have the right to request correction of inaccurate personal data and completion of incomplete data held about you.
Right to Erasure Art. 17
You have the right to request deletion of your personal data where it is no longer necessary for its original purpose, where consent has been withdrawn, or where processing is unlawful. This right is subject to overriding legal retention obligations.
Right to Restriction Art. 18
You have the right to request that we restrict processing of your personal data in specific circumstances, including where you contest accuracy or have objected to processing.
Right to Portability Art. 20
Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, machine-readable format and to transmit it to another controller.
Right to Object Art. 21
You have the right to object to processing based on legitimate interests or carried out for direct marketing purposes. Where you object to direct marketing, we will cease processing immediately without requiring justification.
Rights re: Automated Decisions Art. 22
You have the right not to be subject to decisions based solely on automated processing that produce significant legal or similarly significant effects. Veritolytics does not make such automated decisions about individuals.
Right to Withdraw Consent Art. 7(3)
Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal. Panel members may withdraw by contacting us or via the panel portal.
If you believe Veritolytics has not complied with applicable data protection law, you have the right to lodge a complaint with the relevant supervisory authority. For EU residents, this is your national data protection authority. For UK residents, this is the Information Commissioner's Office (ICO) at ico.org.uk.
International Data Transfers
Veritolytics operates globally and may transfer personal data to countries outside the European Economic Area (EEA) and UK in connection with its panel operations and client services. All international transfers are governed by appropriate safeguards in accordance with Chapter V GDPR.
The transfer mechanisms we rely on include:
- Standard Contractual Clauses (SCCs) — The European Commission's approved SCCs are incorporated into data processing agreements with all sub-processors and panel partners located outside the EEA, ensuring equivalent data protection standards.
- Adequacy Decisions — Where the European Commission has issued an adequacy decision for a third country, transfers to that country are made without requiring additional safeguards.
- UK International Data Transfer Agreements (IDTAs) — For transfers from the UK, we utilise ICO-approved IDTAs or the UK Addendum to EU SCCs where applicable.
Transfer impact assessments are conducted for all data transfers to high-risk jurisdictions. You may request information about the specific transfer mechanisms applicable to your data by contacting us at business@veritolytics.com.
Third-Party Sharing
Veritolytics does not sell, rent, or trade personal data to third parties. We may share personal data only in the following circumstances:
- Research Clients (Anonymised Data Only) — Research clients receive only anonymised, aggregated survey data. No personally identifiable information about individual respondents is disclosed to clients at any time. Survey responses are presented in aggregate statistical format only.
- Technology Sub-Processors — We engage third-party technology providers (survey platforms, data hosting, quality verification tools) who process data on our behalf as data processors under Article 28 GDPR agreements. All sub-processors are contractually bound to GDPR-equivalent standards.
- Panel Network Partners — In specific studies where additional sample is required, anonymised profile attributes may be shared with vetted panel router partners to facilitate quota fulfilment. No directly identifying data is shared.
- Legal & Regulatory Authorities — We may disclose personal data where required by applicable law, court order, or regulatory authority — only to the extent strictly necessary to comply with such obligations.
- Professional Advisors — Legal, financial, and audit advisors may access personal data where strictly necessary and subject to professional confidentiality obligations.
A full list of our current data processing sub-processors is available upon written request to business@veritolytics.com.
Cookies & Tracking Technologies
Our website uses cookies and similar tracking technologies in accordance with applicable e-Privacy regulations. Cookies are small text files placed on your device to enable website functionality and improve your experience.
You may manage, restrict, or withdraw consent to non-essential cookies at any time via your browser settings or by contacting us. Please note that disabling strictly necessary cookies may affect site functionality.
ESOMAR Compliance & Market Research Ethics
As a full ESOMAR Corporate Member, Veritolytics is bound by the ICC/ESOMAR International Code on Market, Opinion and Social Research and Data Analytics and the ESOMAR Code of Standards and Ethics. These frameworks govern all aspects of our research conduct, including:
- Respondent Anonymity — Research participants are never individually identified to clients. All data delivered to research clients is in anonymised aggregate format. This is an absolute, non-negotiable commitment under the ESOMAR Code.
- Informed Consent — Panelists provide informed consent prior to participation in any research study. The purpose of the research, data usage, and privacy rights are disclosed before participation commences.
- Confidentiality of Research Results — We do not disclose the identity of research clients, proprietary study findings, or unpublished research results to third parties.
- Distinction from Non-Research Activities — Survey data is used solely for research purposes and never for sales, marketing, direct solicitation, or credit-scoring of individual respondents.
- Children in Research — Where research involves individuals under the age of 16, verifiable parental consent is obtained in accordance with ESOMAR guidelines and applicable child protection regulations (see Section 13).
- Storage and Disposal — All personal data linked to research participation is securely disposed of in accordance with ESOMAR and GDPR retention guidelines.
The full ESOMAR International Code is publicly available at esomar.org.
Data Security
Veritolytics implements appropriate technical and organisational measures in accordance with Article 32 GDPR to ensure a level of security appropriate to the risk of processing. Our security measures include:
Encryption
All personal data in transit is encrypted using TLS 1.2 or higher. Stored data is encrypted at rest using industry-standard AES-256 encryption protocols.
Access Controls
Access to personal data is restricted on a strict need-to-know basis. Role-based access controls and multi-factor authentication are enforced for all staff with data access.
Monitoring & Auditing
System access and data processing activities are logged and subject to regular internal security audits. Anomalous access patterns trigger automated alerts.
Staff Training
All personnel with access to personal data receive mandatory data protection training and are bound by confidentiality obligations as part of their employment terms.
Breach Response
In the event of a personal data breach, we are committed to notifying the relevant supervisory authority within 72 hours (Article 33 GDPR) and affected individuals where required (Article 34 GDPR).
Sub-Processor Controls
All data processing sub-processors are subject to security assessments and contractual obligations equivalent to those applicable to Veritolytics under GDPR Article 28.
Children's Privacy
Veritolytics does not knowingly collect personal data directly from children under the age of 13 without verifiable parental or guardian consent. Our standard panel membership requires applicants to be aged 18 or over.
For research studies specifically targeting respondents between the ages of 13 and 17 (where such research is necessary and legally permissible):
- Written verifiable consent from a parent or legal guardian is obtained prior to any data collection.
- Study materials are reviewed to ensure age-appropriateness and that no harm could arise from participation.
- Data collected from minors is subject to enhanced security measures and is retained for the minimum necessary period.
- All such studies comply with applicable national child data protection provisions, including Article 8 GDPR and ESOMAR guidelines on research with children.
If you believe that a child's personal data has been collected without appropriate consent, please contact us immediately at business@veritolytics.com.
Policy Changes & Version History
Veritolytics reviews this Privacy Policy at least annually and updates it whenever material changes occur to our data processing activities, applicable legal requirements, or operational practices.
In the event of material changes that affect your rights or the way we process your personal data, we will:
- Publish the revised policy on this page with an updated effective date;
- Notify active panelists via the registered email address associated with their panel account;
- Notify active clients via their designated contact email where the changes are relevant to their data processing arrangements.
Contact & Data Protection Enquiries
For any questions, requests, or complaints related to this Privacy Policy or the processing of your personal data by Veritolytics, please contact us through any of the following channels. All data protection requests will be acknowledged within 5 working days and resolved within 30 calendar days.
Data Protection Email
business@veritolytics.comPreferred channel for subject access requests, erasure requests, and formal complaints.
Telephone
+91-870-012-7257Available 24×7. For urgent data protection matters, please call directly.
Registered Address
Veritolytics, Navi Mumbai, Maharashtra, IndiaFor written correspondence and formal legal notices.
EU Residents: Your national Data Protection Authority (DPA) — find details at edpb.europa.eu.
UK Residents: Information Commissioner's Office (ICO) — ico.org.uk — Tel: 0303 123 1113.