Privacy policy

Last updated: 13 June 2022 

YOUGOV WEBSITE PRIVACY NOTICE

As a global data company and provider of research insights, we take privacy and data security very seriously, and believe that everyone’s personal data should be handled responsibly and ethically. We’ve tried to make this notice as easy to read as possible, but if anything is unclear, please contact us at dataprotection@yougov.com, and we’ll be happy to clear it up. 

What this notice covers

As an organisation that relies on the use of personal data, YouGov is responsible for collecting and using your data in a responsible and secure way, and that starts with clearly telling you how we collect, use and protect your personal data. This notice sets out our use of cookies when you visit our website. Please note that our Client & marketing privacy notice will apply should you decide to submit any information via one of our webforms, for example, a contact or download form. 

YouGov is made up of a number of companies, each of which separately controls the data provided to it by visitors to our website. YouGov America Inc (referred to as “we”, “us”, “our” or “YouGov”) is the controller of your personal data. This means we choose why and how that data is processed. We are based at 805 Veterans Blvd, Suite 202, Redwood City, California, 94063. 

Our use of cookies

When you visit our website, we collect information using cookies and similar technologies. This section tells you about the cookies that we use, what they do and your choices when it comes to cookies. 

Your choices when it comes to cookies

Managing cookies via your preferences

When you accessed this website you were presented with an alert that offered you a choice about whether to accept or reject cookies, with the exception of strictly necessary cookies (which are outlined above).  

Managing cookies on your device 

You can also choose how web browser cookies are handled by your device via your browser settings. If you choose not to receive cookies at any time, websites may not function properly and certain services will not be provided. Each browser and device is different, so use the following links to find information on how to manage cookie settings on certain browsers via the following links: 

How long we’ll keep your data

We will only retain your personal data for as long as needed to fulfil the purpose of each cookie we use, or until you change your cookie preferences in the ways outlined above. 

Who we may share your personal data with

In order to use your personal data in the ways described above, we may share it within YouGov and with trusted third parties who provide services to us. Here is some more information about the types of organisation and what we may share with them. 

YouGov Group companies

YouGov is a global organisation. This means that some of the personal data that we collect may be transferred to companies in the YouGov group that are in different countries. For example, if teams in other locations needed access to cookie data for analytics purposes. 

Our service providers 

We work with trusted service providers that carry out certain functions on our behalf so we can provide our services to you. These organisations process data on our behalf. They only have access to the personal data that they absolutely need to provide the specific service to us, and in all cases we have contractual safeguards in place to ensure that they do not disclose or use it for any other purposes. 

Our service providers fall within the following categories: 

  • Cloud & physical data storage (data storage, which is managed by YouGov Services Limited) 
  • Web application firewall (protects web applications by filtering and monitoring HTTP traffic between a web application and the Internet) 
  • Cookie consent management platform (enables us to tell you about and seek consent for our use of cookies) 

Other organisations

These circumstances are unusual, but we may share personal data with other organisations if: 

  • we have to share your information to comply with legal or regulatory requirements (or we reasonably believe that we need to disclose your information for such purposes); 
  • we need to share personal data in order to establish, exercise or defend our legal rights, including with our legal and other professional advisors; 
  • we restructure our business or if we buy or sell any business or assets we may share your data with the prospective buyer or seller; 
  • all or substantially all of our company assets are acquired by another party, your data will be one of the transferred assets. 

Transferring personal data outside the EEA

If you are based in the European Economic Area (“EEA”), or Switzerland, we take all steps possible to ensure that your personal data remains within those areas. However, in some cases we need to share data with other YouGov group companies or third parties that are in countries outside those areas. These countries may not have similar data protection laws and so they may not protect the use of your personal information to the same extent. 

In these cases, we put in place appropriate safeguards to make sure your personal data remains adequately protected. Specifically, we make use of the following: 

  • Standard contractual clauses: we use standard contractual clauses for the transfer of personal data to organisations outside the EEA. These contractual commitments have been adopted by the European Commission and ensure adequate protection for personal data transferred to countries outside the EEA by binding recipients of personal data to certain data protection standards including obliging them to apply appropriate technical and security measures. We use standard contractual clauses when we transfer data to other YouGov Group companies and for transfers to recipients that are not located in a country covered by an adequacy decision (see below). 
  • Adequacy decisions: where the European Commission, or other relevant competent authority, has determined that a country outside the EEA or Switzerland offers an adequate level of data protection, personal data may be sent to that third country without implementing any other safeguards mentioned above. YouGov may rely on adequacy decisions when transferring data to companies based in countries where such assurances have been given. 

How we store and protect your personal data

We do everything we can to protect your personal data from loss or misuse, and from unauthorised access, disclosure, alteration and destruction. This section describes some of the measures we take to ensure that your personal data is secure: 

  • We use data centres that have a high level of physical security measures to host and protect your data and our systems; 
  • We conduct independent penetration tests on an annual basis and are continuously scanning our systems and applications for vulnerabilities in our systems;
  • We use encryption to secure your personal data whilst it is in transit using TLS and in storage using AES256 encryption; 
  • We allow access to attributable data (by which we mean data that directly identifies you) only to those YouGov employees and contractors who need it to carry out their job responsibilities, for example our support team to allow them to respond to you when you contact us; 
  • We make security the responsibility of all our employees and contractors and we train our staff to identify security risks and protect your data. 

Our website may from time to time contain links to and from other websites. If you follow a link to any of those websites, please note that those websites ought to have their own privacy notices and that we do not accept any responsibility or liability for those websites. Please check those privacy notices before you submit your information to those websites. 

Your rights

You have certain rights in relation to the personal data that we hold about you, which are designed to give you more choice and control over your personal data. These rights are explained below. Please note that as this notice relates to our use of cookies, it may be difficult or even impossible for us to identify you within our systems without additional information. If you have provided information via a webform, for example, a contact or download form, please refer to our Client & marketing privacy notice

Right What does this mean?

The right to request access to personal data

You can request confirmation that we are processing your personal data, and a copy of the data we hold about you and related information (including when you gave us permission to use your data)

The right to request rectification of personal data

You can ask us to correct any inaccurate data about you and to complete any incomplete data that we hold about you. 

The right to request erasure of personal data

You can request that we delete the personal data we hold about you. 

The right to withdraw consent

Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent. 

The right to request a restriction on processing of personal data

You can request that we restrict our use of your data to storage only, that we stop using it for all other purposes or that we retain data that was due for deletion. 

The right to object to the processing of personal data 

You can object to certain types of processing of your personal data in certain specific circumstances. 

The right of data portability 

Whenever you have given us your consent to use your personal data, you have the right to receive a copy of your personal data in a structured and machine-readable format and, where possible, have this sent to another organisation. 

Automated decision making

We do not envisage that any decisions that will have a legal or other significant effect on you will be taken about you using purely automated means, however we will update this notice if this position changes and notify you of those changes. 

Exercising your rights

You can exercise any of these rights by using the contact details below. Once you have submitted your request, we may contact you to request further information to authenticate your identity (because we want to make sure it is actually you that is requesting your data) or to help us to respond to your request. Except in rare cases, we will respond to you within 1 month of receiving this information or, where no such information is required, after we have received full details of your request. While some rights apply generally, some are only available in certain circumstances, so if we feel that any right is not available to you, we will let you know along with the reason for our decision. 

Lodging a complaint with a regulator

You have the right to lodge a complaint with a data protection regulator where your legal rights have been infringed, or where your personal information has or is being used in a way that you believe does not comply with data protection regulations. You may also be entitled to seek judicial remedy. You can find the contact details of the appropriate regulator online, for example by searching for ‘Data Regulator’ and the country you live or work in. However, we encourage you to contact us before making any complaint and we will seek to resolve any issues or concerns you may have. 

How to contact us

If you have questions about this notice, or about how we collect, store, and use personal data, or wish to exercise any of the rights described in the Your rights section of this privacy notice, you can contact our Data Protection Officer –  

By email: 

dataprotection@yougov.com

By mail: 

The Data Protection Officer 

YouGov Plc 

50 Featherstone Street 
London 
EC1Y 8RT 
United Kingdom 

Updates to this notice

This notice was last updated on the date that appears at the beginning of the notice. While we reserve the right to change this notice at any time, if any material changes are made, we will let you know via email or any other appropriate means to give you the opportunity to review the changes before they become effective.