Research on ordering takeaway food online Privacy Notice

Food Standards Scotland has asked Ipsos Scotland, an independent research company, to carry out some research to understand more about how people order takeaway food online.

What information do we hold?

• Food Standards Scotland and Ipsos are joint “data controllers” for this research. This means that they decide what personal data needs to be collected for the project.

• Ipsos is also a “data processor” for this research. This means that Ipsos will be handling and using your personal data.

• Ipsos is responsible for collecting and securely storing your personal data. They are also responsible for securely deleting your personal data. They will not share your personal data with Food Standards Scotland.

The data collected will cover things like people’s experiences of using apps or websites to order takeaway food online; the types of food that people order, and broader topics such as the types of foods that participants and their families like to eat in general.

Where we get this information from?

The research will involve two stages:

• Four weeks using an app called Indeemo, to record takeaway orders on phones and tablets, and answer question.

• A follow-up one hour interview with one of the Ipsos research team (usually via Zoom or Teams).

Why we need it

• Ipsos will only collect and use your personal data with your consent.

• Ipsos must have a “legal basis” for collecting personal data. This means that Ipsos need to have a good reason to be allowed to do this.

• The legal basis for collecting your personal data for this research is consent.  Taking part in this study is entirely voluntary. If you wish to withdraw your consent at any time, please see the section below covering ‘Your Rights’.

• Food Standards Scotland must also have a legal basis for commissioning this work. This is “public interest” as part of their role in advising the Scottish Government on food policy matters.

What we do with it

• The information collected from research discussions will be used for research purposes only. This will include writing a final report based on our findings, which we will deliver to Food Standards Scotland and will later be published on the Food Standards Scotland website. Quotes included in the report will be anonymised and it will not be possible to identify you in the report. Your personal data is protected by data protection legislation (see below).

• We use third-party service providers, known as sub-processors, to help us operate and improve our services. In this project these are Indeemo, FieldMouse and a transcription service. These sub-processors process your personal data on our behalf and are subject to strict data protection obligations.

• Ipsos takes its information security responsibilities seriously. It takes many steps to make sure your information is kept safe. This includes security to protect their office space as well as secure computer systems.

• The data used for this research will be stored securely in a protected electronic folder that only the research team have access to. The data is stored on a UK server and will not leave the UK.

• The steps Ipsos takes to protect information it holds are regularly checked. This means it has a certificate to prove that it has good information security. This is called is the International Standard for Information Security, ISO 27001.

Who your personal information will be shared with 

Ipsos will treat the information you give them confidentially. This means they will not share this information with anybody outside the research team and selected supplier organisations.

Ipsos will be using three supplier organisations to assist us in running the project and we will need to disclose your personal data to these supplier organisations for that purpose. These are: 

• FieldMouse (recruitment agency)

• Indeemo (research app company)

• A transcription company (still to be appointed) 

All of these organisations have been proved to Ipsos that they follow data protection legistlation. This includes them storing your data securely and deleting it within three months of the end of the project. 

How long is your information stored for?

• Ipsos will only keep your data in a way that can identify you for as long as necessary for the research project.

• Ipsos are required to keep the ‘raw data’ gathered for a year after the end of the project. This includes audio recordings, notes and transcripts from interviews, and information you upload into the Indeemo app (e.g. videos of screen recordings). This is done in case anyone has questions about a report we have published, and we need to go back to the data. They will then be securely destroyed.

• Any other personal data (such as your name and contact details) will be securely destroyed three months after the end of the research project. This is kept for this length of time in case there are any queries from participants after the end of the project.

What are your rights? 

It is up to you whether you take part in the research. There are no consequences if you change your mind about taking part. You do not have to answer every question if you do not want to.

Ipsos follows General Data Protection Regulation (GDPR) regulation. GDPR is designed to give you more control over your personal data. This means you have the right to:

• access a copy of the information an organisation holds about you;

• correct any information that you think is inaccurate or incomplete;

• restrict the use of your information in certain circumstances;

• object to use of data that is likely to cause or is causing damage or distress;

• ask for your personal data to be deleted;

• complain to a supervisory authority if you are unhappy with how your data has been used

Contact Kate Glencross if anything in this privacy notice is unclear. Kate is the Project Manager in charge of this research at Ipsos. You can email her at: kate.glencross@ipsos.com

If you have questions or concerns about how your personal data is being collected or used, you can contact their Data Protection Officer at the following email address: compliance@ipsos.com . Please put ‘24-15162-01 OOH Food Research’ in the email subject line. Or contact them by post at the following address: 

24-15162-01 OOH Food Research, Data Protection Officer, Compliance Department, Ipsos (market research) Limited, 3 Thomas More Square, London, E1W 1YW

Ipsos will not share your personal data with Food Standards Scotland. However, you can contact their Data Protection Officer at the following email address: dataprotection@fss.scot.

Complaints

The Information Commissioner’s Office (ICO) is an organisation that makes sure data protection laws are followed. If you are unhappy with the way your personal data is being used as part of this research then you can report it to them.

• Information Commissioner’s Office website: https://ico.org.uk/concerns

• Information Commissioner’s Office helpline: 03031 231113

Last updated: 5 August 2024