Privacy Policy.
Last updated: 10 April 2026
On this page
- 1. About this policy
- 2. Who we are (Data Controller)
- 3. Personal data we collect
- 4. How we use personal data
- 5. Lawful bases for processing
- 6. Who we share data with
- 7. International transfers
- 8. How long we keep data
- 9. Security
- 10. Your rights
- 11. Children's privacy
- 12. Changes to this policy
- 13. Contact us
1. About this policy
This Privacy Policy explains how MSG Opinion ("we", "us", "our") collects, uses, discloses and safeguards personal data when you visit our website at msgopinion.ai, enquire about our services, participate in our research panels or studies, or otherwise interact with us.
We are committed to protecting your privacy and to processing personal data in accordance with the EU General Data Protection Regulation (GDPR), the UK GDPR and Data Protection Act 2018, the California Consumer Privacy Act (CCPA/CPRA), and all other applicable data protection and privacy laws.
2. Who we are (Data Controller)
MSG Opinion is the data controller of the personal data we collect through our website and corporate operations. For research studies conducted on behalf of clients, MSG Opinion may act as a data processor or joint controller; the specific arrangement will be set out in each study's consent notice.
For any privacy questions, you may contact our Data Protection Officer (DPO) at privacy@msgopinion.ai.
3. Personal data we collect
Data you provide directly
- Contact details (name, email address, phone number, company, job title) when you complete a contact form, request a proposal or subscribe to our communications.
- Panel profile data (demographic, professional, health or trade-related information) when you join one of our research panels. This is collected with your explicit consent and only to the extent required to match you to relevant studies.
- Survey and interview responses when you take part in a research project.
- Correspondence you send to us, including emails and support messages.
Data collected automatically
- Device and usage data such as IP address, browser type and version, operating system, referring URL, pages visited and time spent on our site.
- Cookies and similar technologies — see our Cookie Policy for details.
Data from third parties
- Credentialing and verification data (for example, NPI validation for healthcare professionals or trade licence checks) obtained from authoritative public registries.
- Business contact data from publicly available sources and reputable B2B data providers, used strictly for legitimate business outreach.
4. How we use personal data
We use personal data for the following purposes:
- To respond to enquiries and provide requested information or proposals.
- To recruit, manage and communicate with members of our research panels.
- To design, conduct and report on market research studies for our clients.
- To verify respondent identity and prevent fraud (for example, deduplication and credential checks).
- To operate, maintain and improve our website and services.
- To send service communications and, with your consent, marketing updates about our services.
- To comply with legal, regulatory and professional obligations (including ESOMAR, MRS, Insights Association and BHBIA codes of conduct).
- To protect our rights, property and safety and those of our clients and respondents.
5. Lawful bases for processing (GDPR Article 6)
Under the GDPR and UK GDPR, we rely on the following lawful bases to process your personal data:
- Consent — for participation in research studies, marketing communications, and non-essential cookies. You may withdraw consent at any time.
- Contract — where processing is necessary to perform a contract with you or to take steps at your request prior to entering into a contract.
- Legal obligation — to comply with applicable law, including tax, accounting and pharmacovigilance reporting where relevant.
- Legitimate interests — to operate and grow our business, provided these interests are not overridden by your rights and freedoms. Typical legitimate interests include B2B business development, fraud prevention and site security.
For special-category personal data (such as health data within patient research), we rely on your explicit consent in line with GDPR Article 9.
6. Who we share data with
We do not sell your personal data. We only share it with:
- Clients — in aggregated or anonymised form as the output of research studies. Personally identifying responses are only shared with the client where participants have expressly consented (for example, in recruited qualitative studies).
- Service providers and processors — hosting providers, survey platform vendors, translation partners, payment and incentive providers, and IT support. All are bound by written data processing agreements and confidentiality obligations.
- Professional advisors — auditors, lawyers, insurers and accountants.
- Authorities — where required by law, court order or to protect legal rights.
- Successors — in the event of a corporate merger, acquisition or sale of assets, subject to equivalent data protection obligations.
7. International data transfers
As a global research business, we may transfer personal data outside your country of residence, including to countries that may not provide an equivalent level of data protection. Where we transfer personal data from the EEA, UK or Switzerland to a third country, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (SCCs), the UK International Data Transfer Agreement (IDTA), or an adequacy decision. A copy of the safeguards in place is available on request.
8. How long we keep data
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying legal, accounting or reporting requirements. Typical retention periods are:
- Business enquiries: up to 24 months after last contact.
- Panel member profile data: for the duration of your panel membership plus 12 months.
- Survey responses (identified): as per client contract, typically no longer than 24 months.
- Anonymised research data: may be retained indefinitely.
- Financial records: 7 years, as required by law.
9. Security
We implement appropriate technical and organisational measures to protect personal data, including ISO 27001-aligned information security controls, encryption in transit and at rest, role-based access controls, regular penetration testing, background checks for staff with access to personal data, and documented incident response procedures. In the event of a personal data breach likely to result in a high risk to affected individuals, we will notify you and the relevant supervisory authority without undue delay.
10. Your rights
Depending on where you live, you have the following rights regarding your personal data:
- Access — request a copy of the personal data we hold about you.
- Rectification — ask us to correct inaccurate or incomplete data.
- Erasure ("right to be forgotten") — request deletion of your personal data.
- Restriction — ask us to limit processing of your data.
- Portability — receive your data in a structured, machine-readable format.
- Objection — object to processing based on legitimate interests or for direct marketing.
- Withdraw consent — where processing is based on consent, withdraw it at any time.
- Lodge a complaint — with a supervisory authority such as the UK Information Commissioner's Office (ICO), Ireland's Data Protection Commission, or another EU data protection authority.
- Rights under US state laws — including the right to know, delete, correct and opt out of the sale or sharing of personal information under CCPA/CPRA (California) and equivalent laws in Virginia, Colorado, Connecticut, Utah and other states.
To exercise any of these rights, contact us at privacy@msgopinion.ai. We will respond within 30 days.
11. Children's privacy
Our website and research services are not directed to children under the age of 16. We do not knowingly collect personal data from children without verified parental consent. Research involving minors is only conducted with explicit parental/guardian consent and under the protections required by applicable law (including COPPA in the United States).
12. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in law or our practices. The "Last updated" date at the top of this page indicates when it was last revised. Material changes will be communicated by a prominent notice on our website or by email where appropriate.
13. Contact us
For any questions about this Privacy Policy or to exercise your rights, please contact:
MSG Opinion — Data Protection Officer
Email: privacy@msgopinion.ai
General: hello@msgopinion.ai