Privacy Policy

MARU/EDR LIMITED, trading as The Harris Poll UK (a Stagwell Company) (“we”, “our”, and “us”) is committed to protecting and respecting your privacy. We are part of the Stagwell Group and are a UK based research agency. This privacy policy applies to the personal data that we collect for our business purposes, including through this website (and any other website on which it is posted).

This privacy policy does not apply to other “Harris Poll” entities such as Harris Poll US, whose privacy policy is available at https://theharrispoll.com/privacy/.

This policy sets out the basis on which any personal data we collect from you, or that you provide to us, or that we have received from a third party source will be processed by us.

Please read the following policy carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting this webpage (“our site”) and continuing to participate in the survey, you are accepting and consenting to the practices described in this policy.

Our site may, from time to time, contain links to and from partners’, advertisers’, affiliates’ and social network sites. If you follow a link to any of these websites, please note that these sites have their own privacy policies and that we do not accept any responsibility or liability for those policies. Please check their privacy policies before you submit any personal data to those websites as they may not be on the same terms as ours.

In accordance with the Market Research Society Code of Conduct for Internet Surveys, in order to take part in any survey or questionnaire from our website, you must be over 16 years of age.

References in this policy to “data protection law” mean (as applicable) (i) the General Data Protection Regulation (Regulation (EU) 2016/679) (“EU GDPR”) and the EU GDPR as it forms part of the law of England and Wales by virtue of section 3 of the European Union (Withdrawal) Act 2018 (the “UK GDPR”) (together, collectively or individually, the “GDPR”), the UK Data Protection Act 2018, (ii) the Privacy and Electronic Communications (EC Directive) Regulations 2003and all related data protection legislation having effect in the United Kingdom from time to time.

References in this policy to “personal data” or “personal information” include “sensitive personal data” and “special categories of data” (as defined under data protection law) where applicable.

1.0 Background: The personal data we collect and process

1.1 For the purposes of the personal data that we collect or receive in order to operate corporate, marketing and sales-related aspects of our business we are the data controller. That includes, for instance, personal information we may collect on the website(s) we operate. More specifically, those data elements may include:

  • Contact Information such as first/last name, email address, home or workplace address, or phone number. You may provide this information, for instance, by filling in forms on our website (our “site”), registering to use our site, requesting information from us, entering a competition we offer, or otherwise communicating with us.

  • Other information we may collect in our corporate capacity, such as if we receive information from webinar participants, at trade shows, or from third parties we might work with to help us identify potential corporate clients (or learn more about our actual clients),

  • Online identifiers such as cookies, device identifiers and IP address (see Section 9 for more information about these identifiers). This information may be associated with information about how you view or interact with our website. It may also be used by us (or our vendors) to analyze our site users, and to advertise to them (and to potential clients) through various channels, including on websites, devices, email and other marketing channels.

1.2 On the other hand, to the extent that we receive personal data from our clients (or from third parties on behalf of our clients) in order to perform services for them (such as to present surveys to our clients’ own customers), we do not act as the “controller” of this data. Likewise, we may receive information and responses in the course of those surveys, on behalf of our clients, in which case we are not the “controller.” Rather, in these situations, we act as a processor of that personal data for those clients. In turn, should you have questions about how those clients handle personal data, or wish to make a data subject request with respect to that personal data, you should contact those clients directly.

1.3 Our data protection officer can be reached at dataprotection@marumatchbox.com.

2.0 How we use the information we collect as a controller

We use the personal data described above for the following purposes:

2.1 to fulfil our obligations under the contracts between us and our clients;

2.2 to operate and improve our services;

2.3 to ensure that content from our site is presented in the most effective manner for you and for your computer;

2.4 to communicate with you;

2.5 to advertise and market our products and services to you;

2.6 for internal auditing and recordkeeping purposes,

2.7 for detecting, investigating, and preventing improper or fraudulent use of our Services or the Site,

2.8 to protect our rights, and comply with the law;

2.9 to collect and evaluate job applications (as applicable);

2.10 for bug detection and error reporting; and

2.11 for other uses about which we notify you.

3.0 Information we receive as a processor.

As noted above, we sometimes obtain or are provided with information from our clients, such as your name, address, email address, phone number, date of birth and gender. You may, for instance, have purchased goods or services from one of our clients, or contacted them for a commercial purpose, in which case they may work with us (as their data processor) to contact you regarding a survey. When we provide these services, our client is the “controller” and we are the “processor” of their and your personal data. Thus, if you are interested in learning more about how these clients process your personal information, you will need to contact them or view the privacy policies they have posted to their websites. Likewise, if you wish to exercise your data subject rights with respect to the personal information processed by these clients, you should contact them directly.

4.0 What are the legal bases for processing your information?

4.1 We process your data based on the following legal bases, when we act as a controller:

  • If you have previously given us your consent to the processing for the purposes stated in section 2 , above; and/or

  • If the processing is necessary for achieving our legitimate interest, such as operating, improving and protecting our website, or engaging and communicating with our customers (or prospective customers).

  • If the processing is necessary to fulfill our performance of contract, such as our obligations to a client.

5.0 Duration and further processing

5.1 When we act as a controller of personal data, we will regularly review the personal data which we are holding about you, and will delete it as appropriate. We will store your personal data for no longer than is necessary for us to fulfil the purpose for which it was obtained, provided that we have a reasonable commercial case for doing so, and that no deletion request has been made by a data subject.

6.0 Who is your information shared with?

6.1 In order to achieve the purpose(s) set out in section 2 above, we may share the personal data we collect as a data controller with service providers, affiliates, and third parties that may assist us with tasks such as marketing and communicating with our customers.

  • Our clients to whom your personal data is relevant, where they have confirmed to us that they have a legal basis to collect and process such personal data;

  • If necessary for the specific project in question, other companies within the Stagwell Group ; and

  • Accordance with our obligations under the contract between us and our clients.

  • From time to time, we may ask vendors and processors (or subprocessors) to carry out certain business functions for us, such as for IT and customer support and data hosting services, as well as web analytics, marketing and advertising, web and database security, operations and analytics, data enhancement, and billing and collections. These entities may process your personal information on our behalf. We may disclose your personal information to these parties so that they can perform those functions. Before we disclose your personal information to these providers, we will seek to ensure that they have appropriate security standards in place to protect your personal information.

  • We also may share aggregated demographic information with our partners and clients; this is not linked to any personal information that can identify any individual person or organisation.

6.2 We also may disclose your personal information for certain necessary corporate purposes, namely:

  • in the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets, and may do so for purposes of due diligence in the course of such a transaction; or

  • if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or to protect our rights, property, or safety, or that of our clients, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction; and

  • we likewise may transfer your personal information to a member of the Stagwell Group, which means our affiliated companies, including our parent holding company and its subsidiaries, located in Canada, USA, the UK and/or Latin America .

7.0 Automated decision making

7.1 We do not make automated decisions about you based on your information.

7.2 Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmission to our site; like all electronic transmissions, through any means and with any site, any transmission is at your own risk. Once we have received your information, we employ information security procedures and features designed to prevent unauthorised access, but no such features are 100 percent foolproof and you therefore should not provide us information where you do not wish to be subject to any possible or potential risk of breach.

8.0 Your Rights

8.1 Under data protection law you have the following rights:

8.1.1 the right to be informed as to what we do with your information. This includes but is not limited to the right to know what information we gather, process and store, what we do with it, who we share it with and how long we keep it for;

8.1.2 if we are processing your data on the basis of your consent then you have the right to withdraw that consent at any time. Consent can be withdrawn by and notifying us at dataprotection@marumatchbox.com. (The lawfulness of our historic processing based on your consent will not be retrospectively affected by your withdrawal of consent);

8.1.3 the right to access a copy of your information which we hold. This is called a ‘data subject access request’. Additional details on how to exercise this right are set out in section 10, below;

8.1.4 the right to object to processing of your information, such as where it is likely to cause or is causing damage or distress. You can notify us of your objection to us processing your personal data by contacting us at dataprotection@marumatchbox.com.

8.1.5 the right to prevent us processing your information for targeted online or direct marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms and banners we present when we collect your data for this purpose. You can also exercise the right at any time by contacting us at dataprotection@marumatchbox.com.

8.1.6 the right to object to decisions being made about you by automated means. We will inform you if your information is subject to automated processing;

8.1.7 the right, in certain circumstances, to have your information rectified, if it is inaccurate;

8.1.8 the right, in certain circumstances, to claim compensation for damages caused by us breaching data protection law;

8.1.9 the right to request that we erase, cease processing and/or delete your information; and

8.1.10 in certain circumstances, the right to request the information we hold on you in a machine readable format so that you can transfer it to other services. This right is called ‘data portability’. Additional details on how to exercise this right are set out in section 10, below.

8.2 For further information on your rights under data protection law and how to exercise them, you can contact Citizens Advice Bureau (www.citizensadvice.org.uk) or the Information Commissioner’s Office (www.ico.org.uk).

9.0 Cookies

Our site uses browser “cookies” to distinguish you from other users of our site. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site.

We use these “cookies” to gather statistical information that helps us understand what users find interesting and useful on both our own and our clients’ websites. Users can decline the cookies by adjusting the “accept cookies” setting on their browser, however, this may affect the functionality of our surveys on client web sites. We may also embed a piece of code into pages of certain client sites. This gives us statistical site usage information about how the site is used. We aggregate this information to provide our clients with a closer understanding of how visitors use their site. We do not use this code to collect any personally identifiable information.

We may assist clients in deploying cookies on their own sites, in the course of recruiting for or otherwise delivering surveys on those clients’ behalf. When we deploy those cookies, we do so as a “processor” and at the instruction and under the control of the particular client. For additional, detailed information on the cookies we use (whether as a controller or processor) and the purposes for which we use them see our Cookie Policy located here.

10.0 Access to Information

10.1 You have the right to access information held about you by making a written request to us. You must send us proof of your identity before we can supply the information to you, which proof may vary depending on the categories of information you are requesting. Requests should be sent to dataprotection@marumatchbox.com. In certain circumstances, you will be entitled to receive the information in a structured, commonly used and machine readable form.

10.2 We will be allowed to charge you for our reasonable administrative costs in collating and providing you with details of the requested information which we hold about you, if your request is clearly unfounded or excessive.

11.0 Access to Information Changes to our privacy policy

11.1 If you are interested in understanding how we collect and use personal information, we encourage you to periodically review this Policy to stay informed of how we manage your personal information. If any changes are made to this Policy, The Harris Poll UK will revise the “Last Updated” date that is indicated on the Policy.

12.0 Complaints

12.1 You have the general right to complain to us (in the first instance) and to the Information Commissioner’s Office (if you are not satisfied by our response) if you have any concerns about how we hold and process your information. Our contact details are set out in section 13, below. The Information Commissioner’s Office website is www.ico.org.uk.

13.0 Contact

13.1 Questions, comments and requests, including any complaints, regarding us or this privacy policy are welcomed and should be addressed to dataprotection@marumatchbox.com

Last Updated: 29.08.25