Mystery Shopper's Agreement

This agreement applies between you, the Mystery Shopper/Subcontractor and Customer Perceptions Ltd., the provider of this website.

This agreement applies to our use of any and all data collected by us in relation to your use of the website and any systems and services therein. Please read this agreement carefully to understand our practices regarding your personal data and how we will treat it.

If you disagree with any of the terms of this agreement, you should immediately cease the use of the site. You can avail of the option on your Shopper Profile to delete account in order to remove all personal data.

This agreement does not cover data from which individual persons cannot be identified or situations in which pseudonyms are used. (The use of pseudonyms involves the replacement of names or other identifiers with substitutes so that identification of individual persons is not possible.)

This privacy notice applies to all current and former Mystery Shoppers/Subcontractors. It is non-contractual.

Introduction

Customer Perceptions Ltd., a company registered in Ireland and having its registered office at The Business Centre, Blackthorn Business Park, Coe’s Road, Dundalk, Co. Louth, Ireland A91 KR59 is committed to protecting and respecting your privacy.

Customer Perceptions Ltd. collects and processes personal information, or personal data, relating to its mystery shoppers to manage the working relationship. This personal information may be held by Customer Perceptions Ltd. on paper or in electronic format.

Customer Perceptions Ltd. complies with the General Data Protection Regulation (GDPR) (EU) 2016/679 and any other locally applicable data protection legislation. This agreement explains how the information we collect from you is used, processed and stored.

Customer Perceptions Ltd. is committed to being transparent about how it handles personal information, to protecting the privacy and security of your personal information and to meeting its data protection obligations under the General Data Protection Regulation and the Data Protection Act 2018.

Under GDPR, there are six data protection principles that Customer Perceptions Ltd. must comply with. These maintain that the personal information Customer Perceptions Ltd. hold about you must be:

1. Processed lawfully, fairly and in a transparent manner.
2. Collected only for legitimate purposes that have been clearly explained to you and not further processed in a way that is incompatible with those purposes.
3. Adequate, relevant and limited to what is necessary in relation to those purposes.
4. Accurate and, where necessary, kept up to date.
5. Kept in a form which permits your identification for no longer than is necessary for those purposes.
6. Processed in a way that ensures appropriate security of the data

What Data do we collect?

In our capacity as a service provider, Customer Perceptions Ltd. will receive, store, and/or process Personal Data. In such cases, we are acting as a data processor and will process the personal information on behalf of and under the direction of our clients.

The information and Personal Data we collect from our Mystery Shoppers/Subcontractors may vary depending on client’s needs and the individual projects.

As a general matter, Customer Perceptions Ltd. Collects, uses and processes the following types of Personal Data from its Mystery Shoppers: contact information, including, a contact person’s name, email address, mailing address, telephone number, as well as payment information (which will include bank account information).

For certain projects, Customer Perceptions will be required to collect additional information such as Personal Identification for verification purposes.

How do we collect Data and how do we use it?

Customer Perceptions Ltd. collects personal data from Mystery Shoppers/Subcontractors when they register with our website, complete projects for us, request information or otherwise communicate for us. Your Personal Data may be stored in different, secure places, including Sassie and in other IT systems, such as our e-mail system.

Customer Perceptions may contact you from time to time in relation to potential assessments/jobs we have available that may suit and/or be of interest to you. This contact can/will be made through email, phone, or text. You can opt out of contact at any time by deactivating or deleting your account.

Please note that once you deactivate your account, you cannot conduct any mystery shopping assignments with us. Should you choose to delete your account, all records relating to your account, including any work due for payment will also be deleted.

Customer Perceptions offers the following services to our clients in order to measure aspects of the customer journey, such as the overall journey, sales process and the staff/customer interaction.

Our services include:

• Mystery Shopping (covert shopper visits, compliance checks, announced and unannounced audits, video mystery shopping and telephone recorded mystery shopping).
• Customer Satisfaction surveys (online, face to face or telephone interviews, some of which may be recorded with the consent of the interviewee).
• Competitor mystery shopping programmes
• Website and Online assessments.
• GIS location-based surveys.
• Staff Climate Surveys.
• Client-specific consumer research projects.

We advise our clients that mystery shopping and other services provided by Customer Perceptions Ltd. should be used for the sole purpose of measuring their customer journey, experience and quality of training. If clients opt for our services, they are advised to inform their staff that they are using our services for these purposes.

The information you, as a Mystery Shopper/Subcontractor, provide to us in the form of completed mystery shopping reports, surveys, or any other work you conduct for us, will be provided to our clients in order to help improve the quality of the service they provide to their customers.

This information can/will include your feedback on your customer experience and the service you received. The information we provide to our clients will not include any of your personal data that you supply to us on sign up, however, in certain limited circumstances, there may be a requirement to share some Personal Data where there is a legitimate business reason to do so.

Sharing of Personal Data

There may be instances where Customer Perceptions have a requirement to share personal data of a Mystery Shopper/Subcontractor with our clients and/or trusted external parties. Customer Perceptions may be required to share Mystery Shopper/Subcontractor personal data for a variety of reasons, including but not limited to:

1. Legal Obligation Basis: Customer Perceptions may be required to share Mystery Shopper/Subcontractor personal data in order to comply with the law.
2. Contract Basis: Customer Perceptions may be required to share Mystery Shopper/Subcontractor personal data in order to fulfil a contract in which this requirement is specified and agreed to. We may be required to share Subcontractor personal data for verification purposes. The sharing or transmission of this data may be necessary to ensure that that a project or programme is being conducted in the way that was originally agreed. In these instances, personal data is only being shared for its original purpose.
3. Legitimate Interests Basis: Customer Perceptions may be required to share Subcontractor personal data in order to use this data for legitimate business interests. Legitimate interests can be applied to situations whereby Customer Perceptions use Subcontractor personal data in ways which can be reasonably expected, are low-risk and will not have a significant impact on the Subcontractor. Furthermore, legitimate interests can be applied if Customer Perceptions have a compelling reason for the impact.
4. Vital Interest Basis: Customer Perceptions may be required to share Subcontractor personal data in order to protect the Mystery Shopper/Subcontractor’s life or the life of someone else.

How long do we store your information?

Customer Perceptions Ltd. will only retain personal information for as long as is necessary to fulfil the purposes for which it was collected and processed, including for the purposes of satisfying any legal, reporting or accounting requirements.

Any personal data you submit will be retained for as long as you use the services and systems provided on the website.

Mystery shopping reports remain on the system, SASSIE, for the longevity of the client relationship.

Data which you submit through any communication system that we may provide may be retained for a longer period of up to 24 months.

Video mystery shopping is available to our clients, via the system, SASSIE, directly as an upload, or via a secure ‘YouTube’ link on our business account. Only clients with the direct link will have access to the footage. Customer Perceptions is not responsible for links that are sent to other 3rd parties by the client or their employees. Video mystery shops are deleted from our server after a 12-month period and are deactivated within a 90-day period from YouTube.

Submitted CVs are deleted from our system within 180 days of your application being processed. If applying via a third party, the information retained by that site is subject to that party’s own privacy policy.

Personal information which is no longer to be retained will be securely and effectively destroyed or permanently erased from our IT systems and we will also require third parties to destroy or erase such personal information where applicable. In some circumstances we may anonymise your personal information so that it no longer permits your identification. In this case, we may retain such information for a longer period.

If your account has been dormant for a period of 24 months or longer, your personal data will be deleted. Should you wish to keep your account active, please be in contact to let us know. If you have never completed an audit with us, your account will be deleted 12 months after your initial sign-up date.

How to access, change or delete personal data:

It is imperative that the personal information Customer Perceptions Ltd.  hold about you is accurate and up to date. Please keep your online profile up to date and review the information regularly. Customer Perceptions Ltd. is not responsible for any errors in your personal information in this regard.

Should you wish to submit a Subject Access Request to establish what personal data is included in the data base or to ensure that such data is accurate and relevant for the purposes for which Customer Perceptions Ltd collected it, you have the right to do so under the General Data Protection Regulation (GDPR) (EU) 2016/679. The process for this is as follows:

You must submit a request to see your data, in writing, to the following address:

Subject Access Requests

Customer Perceptions Ltd.

The Business Centre,

Blackthorn Business Park,

Coe’s Road,

Dundalk,

Co. Louth

Customer Perceptions Ltd. will endeavour to respond in a timely manner to all reasonable written requests to view, modify, or inactivate Personal Data. Customer Perceptions will provide you with the information you have requested within 30 days of receipt of the Subject Access Request. If this is a more complex request, it may take longer. However, the office will be in contact with you to advise you of this.

Who has access to and how do we protect your data?

Customer Perceptions Ltd. endeavour to take all reasonable steps to protect your personal data or information including the use of encryption technology. We endeavour to keep your personal data/ information confidential.

Our website may link to other websites and we are not responsible for the data policies, procedures of other websites or their content.

Regarding the use of video mystery shopping, mystery shoppers endeavour to take reasonable steps to avoid capturing the general public.

Customer Perceptions Ltd. has implemented appropriate technological and organisational measures, policies and procedures to prevent unauthorised or unlawful processing of Personal Data and also, the accidental loss or destruction of personal data.

We have taken appropriate steps to ensure our staff members are subject to a duty of confidence and are trained to process data in accordance with GDPR. Personal information may be shared internally within Customer Perceptions Ltd, including payroll staff. We limit access to your personal information to staff who have a business need to know in order to successfully perform their job duties.

It is a requirement for all staff of Customer Perceptions Ltd. to be aware of the basic requirements of Irish Data Protection legislation and GDPR. In this regard, Customer Perceptions Ltd:

1. Only collect information needed for a specific purpose.
2. Keep all data fully secure.
3. Actively ensure data is relevant and up to date.
4. Only hold as much data as necessary for the length of time necessary.
5. Allow the subject of the information to see it on request.

Good information handling makes good business sense and provides our business with several benefits. By exercising professional standards in the way in which we manage our mystery shopper’s information, we can not only be fully compliant with the law but also enhance our business’ reputation by ensuring the information we keep is accurate and safe.

Any personal information provided to us by our Mystery Shopper/Subcontractor is treated as being strictly confidential and managed in accordance with the requirements of Data Protection legislation and the Company’s policies, Quality Standards, systems & procedures.

This includes acquiring names, address, telephone number and e-mail address and these will not be released, sold, or rented to any entities or individuals outside of our organisation other than if we are specifically required to do so by An Garda Síochána or a directive of the Irish or European Courts, or if there is a legitimate business requirement to do so as outlined in the Sharing of Data section above.

It is an important part of all staff members’ job contracts with Customer Perceptions Ltd. that all information relating to the personal information of our mystery shoppers and clients is treated in strict confidence and, in addition, a separate Confidentiality Agreement is signed by all staff members.

Any breach of our Privacy Policy is regarded as gross misconduct and therefore, disciplinary action will follow, most likely culminating in dismissal.

If, as part of your mystery shopping assignment, it is required that any of your personal information needs to be shared with the Client – this will be clearly noted on the Shopper Brief/Guidelines and it is up to you to decide whether you would like to take part in that assignment or not.

Handling Data Breaches:

In the event of a data breach, Customer Perceptions Ltd. will notify the Information Commissioner’s Office and any other applicable supervisory authority or regulator and the data subject where we are legally required to do so within 72 hours of becoming aware of the breach. We will provide reasonable assistance in facilitating the handling and resolution of the breach.

Changes to Shopper Agreement:

Customer Perceptions Ltd. reserves the right to amend or amend this Shopper Agreement and implement any changes to our processing activities, consistent with the applicable data protection and privacy laws and principles at any time. This agreement will be reviewed annually. If Customer Perceptions make changes that materially affect the way Personal Data previously collected is handled or if we intend to process new types of Personal Data, we will notify our shoppers the system, email, or other means.

Contacting Us:

If you have any questions about this Shopper Agreement or how we handle your personal information, please contact us in writing to: ‘FAO DPO, Customer Perceptions Ltd. The Business Centre, Blackthorn Business Park, Coe’s Road, Dundalk, Co. Louth.’