Confidentiality and data protection

Last update: July 2019

We are grateful to you for agreeing to join our community of testers. Testapic offers its clients the opportunity to select users/testers based on their consumer preferences regarding products/services and product/service concepts.

Our clients use your feedback and comments to decide which platform/media to use, how to communicate, design and improve, or how to make it available to you. By participating in our community, you will be among those whose opinions influence our customers' decisions.

The purpose of this charter is to define the commitments of Testapic (which includes PANISERO's subsidiaries or partners) to all members of its community of testers in terms of confidentiality, anonymity and protection of personal data in order to respect and protect the privacy of the testers.

General information

About Testapic

The name Testapic belongs to SAS PANISERO, a simplified joint stock company whose head office is located at 23 Bis Rue Godefroy Cavaignac - 75011 Paris - FRANCE and registered with the RCS of Paris.

Your personal information will remain confidential

When joining our community of testers, you will be asked to provide us with personal information about yourself or other members of your household. For as long as you remain a member of our community, this information will be kept in our database and will only be used to the extent necessary for statistical analysis and customer-relevant reports, and on an anonymous basis. No information identifying you personally is communicated to our customers in any document without your explicit prior consent.

Use of personal data

We use the information that you and other members have provided to us to help evaluate and improve existing and future products and services, while maintaining your anonymity.
We use this information to conduct research and to prepare statistical reports and analyses regarding consumer preferences in your country and around the world regarding products/services and ideas for new products/services. None of this information used by Testapic will in any way identify the tester concerned by name. This information will only be used within the strict framework of the tests in which you will participate.

Persons responsible for data processing

SAS PANISERO
Represented by Jean-Baptiste DUBUISSON (Panel Manager), Sébastien TANGUY (Director of Operations) and Marie MORVAN (Office Manager)
23 Bis Rue Godefroy Cavaignac – 75011 Paris – France
Telephone +33 (0)147 009286
dpo@testapic.com
Main contact for questions concerning your personal data:
Jean-Baptiste DUBUISSON
dpo@testapic.com
You can also use the Contact section. We will get back to you as soon as we can.

We may amend this charter

We reserve the right to update or modify this policy regarding the privacy of your personal data. In the event that we need to modify our personal data processing policy, the changes will be notified to you by posting the new Charter online at least 30 days before the changes come into force.

Collection of Personal Data - Direct Collection

Mandatory data

The personal data requested when you register as a Testapic tester are said to be "mandatory". You cannot register if you do not fill in the required data.
For Testapic, these data constitute the minimum information necessary to establish your tester profile and thus offer you tests in line with your profile.

Data of a non-mandatory nature

The additional personal data that you can fill in your tester space are not mandatory but allow you to enhance your profile. The completion of this personal data increases your chances of being awarded paid tests.
Also, during your "tester's life", you will receive (subject to your consent) quick online questionnaires called "Eligibility for future paid tests" allowing us to refine your profile according to the specific and occasional requests of our clients.
These questionnaires generally concern your knowledge of or your consumption habits concerning certain brands or certain types of products. Completion of these questionnaires is not mandatory but is a condition for receiving the related paid tests. If you decide not to answer them, your profile cannot be selected for these paid tests.

Retention period for personal data

All the personal data you provide, whether that is when you register, in your tester space or in the so-called "eligibility" questionnaires, are kept by Testapic throughout your "tester's life".
When you delete your account, all personal information that could identify you by name is permanently deleted from our databases; namely: your e-mail, name, postal address, telephone number and, if applicable, your IBAN.
Your other profile information, i.e. socio-demographic and consumer information, is kept completely anonymised for scientific research and statistical purposes (Art. 89, paragraphs 1 and 2 of the General Data Protection Regulations of 27 April 2016); the anonymisation of this data ensures that it is no longer possible to identify the persons concerned.

General collection of data when you consult our services - Indirect collection

When you register or connect to our services (tester area, mobile application, web application or online testing tool) we collect technical data about you; this includes your browser type and version, your operating system and version and your device type (computer/smartphone).
This technical data enables us to optimise the presentation of our website and services and to ensure their smooth operation.

Cookies

To manage our community and to improve your experience as a Testapic tester, some of our tools and services use cookies. A cookie is a small amount of data, often containing a unique and anonymous identifier, sent to your browser by a web server and stored on your computer's hard drive. The information collected through this cookie may be combined with other cookies you have on your computer and used to supplement the information we have about you. This cookie does not contain any information that can identify you personally.
Some of our services and tools available to you use cookies:

Processing of personal data

Lawfulness of processing

The processing carried out by Testapic on personal data is lawful insofar as the persons registering as Testapic testers have consented to the processing of their personal data (art. 6, paragraph 1, point a).
People registering as Testapic community members are also informed that they can withdraw their consent at any time and are informed of all their rights concerning their personal data.

Purpose of the collection of personal data

In no case does Testapic sell, transfer or loan your personal data to any third party for prospecting purposes.
No nominative information can be used for the purpose of analysing the results of the tests. Your name, full address, e-mail and telephone number are only used to contact you. Your IBAN is used only to transfer your earnings to your bank account; no withdrawals are made.
As mentioned above, the main purpose of the collection of personal data by Testapic is to facilitate the targeting of the testers profiles corresponding to the tests requested by our customers.
This personal data is also used for internal statistical purposes (tracking the type of profiles, available tester numbers per type of profile, etc.) as well as for scientific research purposes (to find out more about the scientific research programme conducted by Testapic, please visit the "R&D" section of our website).
These personal data, in anonymised and aggregated form, also allow us to obtain a statistical overview of the tests carried out (male/female distribution; average age of the testers; geographical distribution, etc.).

Recipients and categories of recipients of personal data

Your personal data is strictly confidential; only the data controllers, mentioned above, have access to all your personal data.

Persons in charge of processing

Specifically, only the aforementioned data controllers have access to sensitive data that can identify you (e-mail, name, postal address, IBAN if applicable). This information is used by the data controllers only to contact you if necessary or, if applicable, to transfer your earnings to your bank account.

Researchers

Researchers working for Testapic have access to some of the personal data of the testers (socio-demographic and consumer information only), completely anonymously, and with the agreement of one of the above-mentioned data controllers. Consulting these data allows the study managers to select the testers whose profile is suitable for the tests to be attributed.

Customers

Testapic's customers only have access to certain of your personal data (socio-demographic and consumer information), always in anonymised form and in a limited number (generally five pieces of information on average) to allow the targeting of testers on the tests they wish to launch. This information provides them with a statistical overview of the testers carrying out the tests (male/female distribution; average age; geographical distribution, etc.).
In exceptional cases and for technical reasons when carrying out certain tests, Testapic may have to ask for your consent to transmit your e-mail address to certain customers so that they can authorise your e-mail to consult their online platform. In any case, if you do not give your consent, your e-mail is not transmitted. Every time this type of situation arises, Testapic will automatically ask for your consent for the test in question. The consent you give is valid only for a specific test.

Rights of data subjects and exercise of rights

Concerning the personal data held by Testapic, each data subject has the right of access, the right of rectification, the right of deletion, the right to limit the processing and the right of opposition, as well as the right to the portability of these data.
These rights are explained below.

Right of access and right of rectification

In the interests of transparency, clarity and efficiency, Testapic gathers your personal data in your tester space, the My profile section.
This allows you to freely access at any time the personal data that we hold about you and, if necessary, to rectify them.

Right to limit processing and right of opposition

Your personal data are not used by Testapic for prospecting purposes and are neither transferred nor sold to any third party whatsoever.
Your personal data are not transmitted to service providers for processing.
Testapic only uses the personal data that you provide during your registration and in your tester space; we do not collect personal data through external third party sources.
Moreover, only Testapic processes your personal data, and through the above-mentioned data controllers.
Your rights to the limitation of the processing of your data and of opposition can thus only be exercised in the following ways:

  • by withdrawing your consent to the processing of your data by Testapic (in this case, you risk receiving fewer tests, as these are allocated on the basis of the testers' profile),
  • by deleting your tester account (in this case, your data is permanently lost).
Right to erasure ("right to be forgotten”)

To exercise your right of deletion, you must necessarily delete your account. This option is available in your tester space.
All personal information allowing you to be identified will be permanently deleted from our databases (e-mail, surname, first name, postal address, telephone number, IBAN).
Your socio-demographic information and consumer profile are kept in a completely anonymous manner for scientific research and statistical purposes, in accordance with Article 89, paragraph 1 of the General Data Protection Regulation (GDPR) of 27 April 2016

Right to data portability

An export feature for your personal data is available in the Personal data management tab in your tester area ("My profile" section).
Following your request, you will receive your data by e-mail as a file in "Comma-separated values" (.csv) format.

Right to withdraw consent

You may, at any time revoke any consent you have given and oppose the processing of your personal data.
To do so, you must log on to your tester space ("My profile" section, Personal data management tab) where you can set your preferences about this.
Processing operations that were carried out prior to the opposition are not affected.

Information concerning the possibility of lodging a claim (complaint) with the CNIL

You have the right to make a claim to the competent authority, namely the CNIL, concerning the processing of your personal data by us.
To find out more, visit the CNIL website

Information Systems Security Policy

Testapic makes it a point of honour to respect the standards in force and to follow the advances in this field.

Services & Security

Testapic currently uses one of the most important Cloud providers in the world, GOOGLE, whose reputation is well established, especially in the quality of their own services that they offer worldwide. This Cloud is used for all the services related to the TESTAPIC tool that we make available to our customers and tester users.
Intrinsically, it brings a very high quality of service as well as a very good level of security for the data as well as for the different technological uses.

Security level

Google adheres to the standards in force in the areas of access, privacy and security. In particular, the Google Cloud Service, also known as the Google Cloud Platform or GCP, complies with the General Data Protection Regulation (GDPR).
For more information, please refer to the official documentation provided by Google:

Security of transactions

The data is transmitted securely with TLS 1.2 to our services distributed by Google Cloud Platform.

SSL Certification

Web Certificates are signed for all services by GlobalSign .

Data Location

The data coming from collection (video, verbatim) as well as the analysis data are currently hosted on GCP services located in Europe. The instances are placed in three possible areas in Europe (Belgium, United Kingdom, Germany).

Testapic Web & Mobile Applications

The apps that are used to collect the data and to perform the analyses all originate from Testapic's services.

WEB application / API

WEB applications and APIs rely solely on GCP services.

Chrome Application for Desktop Video Testing

The Chrome extension we use for computer video testing is certified and hosted on Google Store.

iOS & Android application for Mobile Video testing

The iOS and Android applications are certified and accredited by Apple and Google, respectively. Only the iOS application is hosted on our services; this is for ease of deployment.

Web & Mobile Client Applications

Testapic declines all responsibility for its clients' Web & Mobile applications that fall within the scope of sponsored analyses.

Technical contributors

Testapic has an access policy with respect to application environments. That is to say, a small number of trustworthy people, within the Testapic company, are accredited for access to the production environment. The other technical contributors only have access to the development environment; the latter environment does not allow access to customer and user data.
Access to our databases is also protected by a firewall which filters IPs.

FB Twitter LinkedIn