Our Privacy Principles
PRIVACY BY DESIGN
Consumer privacy is a top priority for Nielsen. We rely primarily on demographic and aggregated data from which we cannot directly identify people, and we maintain appropriate limits on access to data about specific individuals where we hold it. Our internal policies and procedures conform to applicable laws and industry standards around the globe. They also incorporate the principle of Privacy by Design—a commitment to include appropriate privacy protections in the design and implementation of our products and services.
The practices described in this Privacy Statement are undertaken by Nielsen’s group of companies operating together around the world. Learn more about Nielsen’s family of companies, and contact Nielsen’s Privacy Department for more information.
We deploy consumer-friendly privacy controls that are easy to find and easy to use. In addition, for EU residents and as applicable in other countries, you may have the following rights with respect to our use of your data:
- A right to lodge a complaint with a supervisory authority if you believe your data has been processed in a way that does not comply with applicable laws and regulations.
- A right of access to data we may have collected about you. Please note that in exceptional cases, we may charge a reasonable, administrative fee, if further copies of information are requested.
- A right to correct inaccuracies in data we collect about you.
- A right to object to certain types of data processing.
- A right to have personal data we collect about you erased or de-identified, or to restrict processing of such data.
- A right to withdraw consent for future data processing.
We believe in responsible stewardship of data, and we are continually striving to improve our own practices and maintain a high standard for our industries.
Take a look at the Privacy Information sidebar to the right to learn more about specific practices followed by different areas of Nielsen’s business.
Nielsen’s privacy principles include:
While developing our products and services, we assess their potential impact on personal data and embed appropriate privacy protections into our data processing activities, taking into account the other privacy principles described below.
TRUST AND ACCOUNTABILITY
We are committed to responsible stewardship of the data under our control and to compliance with all applicable data protection laws that regulate the collection, use and disclosure of data about individual people. Nielsen’s internal privacy team oversees compliance with applicable privacy laws, self-regulatory programs that we participate in, and our internal privacy policies. We use tools and methods designed to prevent individuals from being identifiable in our reports and insights, and we take steps to prevent the data we collect from being reused in ways that have not been communicated to individuals and/or could negatively affect them.
Nielsen participates in the following self-regulatory programs for our integrated Nielsen Marketing Cloud platform:
- The Digital Advertising Alliance (DAA): We adhere to the DAA’s self-regulatory principles for online behavioral advertising, including the DAA’s application of self-regulatory principles to the mobile environment.
- The European Interactive Digital Advertising Alliance (EDAA): We adhere to the European Principles.
- The Network Advertising Initiative (NAI): We adhere to the NAI Code of Conduct.
Learn more about Nielsen Marketing Cloud’s privacy practices.
If you have a question about Nielsen’s collection or use of your personal data, or wish to exercise any of your legal rights in regard to your personal data (including, where applicable, rights of access, erasure, or portability), please contact us. You can also contact the data protection authority in your home country, where applicable.
THE DATA NIELSEN COLLECTS
Nielsen collects personal data from:
- Our panelists—individuals and households who agree contractually to participate in one or more of Nielsen’s panels. We also process personal data in order to recruit for panels that accurately represent the “total audience.”
- People we contact in regard to Nielsen surveys conducted online, in person, by telephone, email, or postal mail.
- Browsers or mobile devices that are measured by our digital and mobile products, or segmented into audiences for online or mobile advertisements by the Nielsen Marketing Cloud.
- Visitors to our websites and people who contact us via our websites, via email, or other means.
- Public sources—about the public activities of certain public figures, such as professional athletes.
- Publicly available social media posts, for products that measure online reaction to video content, products, and brands.
- Our employees, contractors, and business contacts at other companies in the course of conducting our business.
MEANINGFUL NOTICE AND CHOICE
We provide clear notice about what data we collect and how we use it. We offer choices about our data collection at a time and in a context that reflect the sensitivity of the data being collected. Panelists and survey respondents agree to the collection and processing of their data and may withdraw their participation at any time. Individuals also have the ability to opt out of our online and mobile data collection at any time.
We are continually working to maintain the personal data we collect so that it is complete, accurate, relevant and up to date.
BASIS FOR PROCESSING
Many privacy laws require companies to establish a lawful basis for their uses of personal data. While Nielsen has established different lawful bases for different types of processing, in almost all cases our basis for processing personal data will be one of the following:
- Performance of a contract—Nielsen operates its research panels and conducts surveys on the basis of a contract—a panel membership or market research agreement between Nielsen and our research subjects. For many panels, these agreements cover all members of a household, because market research practices often require analysis of data at a household level.
- Consent—Where Nielsen bases its processing of personal data on consent, we may seek consent directly from individuals or, where Nielsen acts as a data processor (a service provider to another company), we may rely on consent obtained by the data controller (a third party who [typically] has a direct relationship with the individual and obtains consent).
- Legitimate Interests—In some cases, we may base the processing of personal data on our legitimate interest in performing market research or other services, because of its benefits in improving the efficiency of our clients and the markets in which they operate. Where we rely on this as our basis for processing, we make sure our activity is appropriately balanced by strong privacy protections designed to minimize the risks to data subjects.
DATA MINIMIZATION AND COLLECTION LIMITATION
Following the concept of data minimization, we limit the collection of personal data to the extent possible while still enabling us to derive meaningful and accurate measurements and insights.
- When we use direct identifiers, we limit access to such information both internally and externally and rely on our data security measures, which are designed to protect individuals’ privacy.
- Before we obtain third-party data, we review the third party’s data collection practices and the privacy notices that are made available to individuals to make sure that our use of the data is consistent with the commitments those companies have made to individuals.
- When we have removed identifying elements from the data that we collect, we take steps to prevent the data from being re-associated with identifiable data.
LIMITED USE AND RETENTION
We restrict access to and use of personal data to Nielsen associates and service providers with a legitimate business purpose. We have established records retention policies to limit how long we keep personal data.
ACCESS, CORRECTION, ERASURE AND PORTABILITY
We provide individuals with reasonable opportunities to access the personal data Nielsen holds about them and correct it if it’s inaccurate. Where applicable law allows, we also provide individuals with opportunities to request that the personal data Nielsen holds about them be deleted or permanently de-identified or that a copy of their data be provided to them or transferred to another party.
We comply with applicable laws regarding the collection of data about children. When we collect personal data from children, we do so with parental consent, which can be withdrawn at any time.
We respect applicable local laws regarding cross-border transfers of and access to personal data.
DISCLOSURES OF DATA TO THIRD PARTIES
We do not sell data that directly identifies individuals, and we contractually prohibit our clients from re-identifying de-identified data that we provide them (e.g., audience statistics). Furthermore, we contractually prohibit recipients of our data from using it to make decisions regarding credit, insurance, housing, employment or other legal effects on individuals. We contractually require service providers that have access to our data to keep it secure and use it to perform only the services they have been engaged to provide. We will provide data to government and law enforcement entities to the extent required by applicable law, to protect Nielsen’s legal interests and, where needed, to protect the health or safety of others.
We implement multi-layered organizational, technical and administrative measures that are designed to protect the personal data under our control. These include, among other things: limiting access to data; using technology measures like firewalls, encryption, malware protection and intrusion detection; maintaining policies that are aligned to a wide variety of legal requirements; and holding our associates accountable for maintaining safe data-handling practices and adhering to our internal policies. We have a global organization of qualified data security professionals and engage in regular system testing and updating of our controls to keep pace with changing technology and security threats.
GLOBAL REACH, LOCAL TOUCH
We are committed to respecting the diverse cultures and local laws of the countries in which we operate.
If you have any comments or questions regarding this Privacy Statement, or wish to contact our EU Data Protection Officer, please contact us. You can also send us a letter at the following addresses:
From EU Countries:
Attn: Legal Dept.
Oxford Business Park South
John Smith Drive
Oxford OX4 2WB
From Other Countries:
85 Broad Street
New York, NY 10004
Privacy questions can also be submitted by email to: