Privacy Policy

1. Introduction

TMD Panel ("TMD Panel," "we," "our," or "us") is a market research panel operated by TMD Research, India. We provide market research and consumer insights services to clients globally. We are committed to protecting the personal information of our panel members and to handling all personal data responsibly, transparently, and securely.

This Privacy Policy describes how we collect, use, process, store, transfer, disclose, and protect your personal information when you visit our website, register as a member of our panel community, participate in surveys or research activities, communicate with us, or otherwise use our services.

By accessing our website, creating an account, participating in surveys, or otherwise using our services, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and processing of your information as described herein. If you do not agree with the practices described, you should discontinue use of our services immediately.

2. Scope and Applicable Privacy Frameworks

TMD Panel operates internationally and conducts research activities across multiple jurisdictions. Our privacy program is built to align with globally recognised data protection principles and applicable regulatory frameworks relevant to the jurisdictions where our panel members reside and where research projects are conducted.

The following regulatory frameworks inform and govern our privacy practices:

2.1 EU General Data Protection Regulation (GDPR) — Regulation (EU) 2016/679

Where personal data of individuals located within the European Economic Area (EEA) is collected or processed, TMD Panel applies the standards of the EU GDPR. This includes maintaining a lawful basis for processing, upholding data subject rights (Articles 15–22), applying the principles of data minimisation, purpose limitation, accuracy, storage limitation, and confidentiality (Article 5), ensuring secure processing (Article 32), and implementing breach notification obligations (Articles 33–34). TMD Panel acts as a data controller and/or data processor depending on the context of each research engagement.

2.2 UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018

Where personal data of individuals located within the United Kingdom is collected or processed, TMD Panel applies the standards of the UK GDPR as implemented by the Data Protection Act 2018. The substantive rights and obligations under UK GDPR mirror those under EU GDPR and are applied correspondingly to UK-based data subjects.

2.3 California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)

Where personal information of California residents is collected or processed, TMD Panel aligns its practices with the CCPA as amended by the CPRA. This includes providing required disclosures regarding categories of personal information collected and their purposes, upholding applicable consumer rights, and refraining from the sale of personal information. A dedicated summary of California-specific rights is provided in Section 11 of this policy.

2.4 India — Digital Personal Data Protection Act (DPDPA) 2023

As TMD Panel's primary operations are based in India, we monitor and align our practices with the Digital Personal Data Protection Act (DPDPA) 2023. This includes compliance with obligations relating to lawful processing of digital personal data, obtaining valid consent, enabling data principal rights, and meeting obligations applicable to significant data fiduciaries as relevant provisions come into force.

References to any regulatory framework in this policy describe the principles and standards that inform our data handling practices. Such references do not constitute a representation of formal certification, accreditation, registration with a supervisory authority, or regulatory endorsement by any governmental body. TMD Panel will review and update its compliance posture as regulatory requirements evolve.

3. Our Privacy Principles

All personal information collected and processed by TMD Panel is handled in accordance with the following core principles:

Transparency — We are clear and open about what information we collect, why, and how it is used.
Informed Consent — We obtain consent prior to collecting personal information and ensure it is freely given, specific, informed, and unambiguous.
Purpose Limitation — Personal information is collected only for defined, legitimate purposes and is not further processed in a manner inconsistent with those purposes.
Data Minimisation — We collect only the personal information that is necessary to fulfil the stated purpose.
Accuracy — We take reasonable steps to ensure that personal information is accurate, complete, and kept up to date.
Storage Limitation — We retain personal information only as long as is necessary for the stated purpose or required by law.
Confidentiality and Security — We protect personal information against unauthorised access, loss, misuse, alteration, or destruction.
Accountability — We are responsible for compliance with these principles and are prepared to demonstrate that compliance.

4. Information We Collect

4.1 Registration and Profile Information

When you register as a panel member or update your profile, we may collect: your name, email address, postal address, telephone number, date of birth, age, gender, language preferences, country of residence, employment information, educational background, household information, demographic characteristics, and payment information required to administer incentives and rewards.

4.2 Survey and Research Participation Data

When you participate in surveys or research activities, we may collect your opinions, preferences, behaviours, purchasing habits, product usage patterns, professional experiences, and responses to survey questions. Certain projects may involve collection of information that may be considered sensitive. Participation in such activities is always voluntary, and specific consent will be sought where required.

4.3 Technical and Device Information

We may automatically collect technical information including your IP address, browser type and version, operating system, device identifiers, internet service provider, referral source, website interaction data, session information, and approximate geographic location derived from technical signals.

4.4 Quality and Fraud Prevention Data

To protect the integrity of our panel, we collect information relating to account activity, participation history, device characteristics, response patterns, quality indicators, duplicate account signals, and fraud prevention indicators.

5. How We Collect Information

5.1 Directly From You

We collect information directly from you when you register for a panel account, complete profile questionnaires, participate in surveys, contact our support team, respond to communications, redeem rewards, or otherwise interact with our services.

5.2 Automatically

We may collect information automatically through cookies, web beacons, log files, analytics tools, and similar technologies. This enables us to maintain security, detect fraudulent activity, and improve user experience. See Section 13 for our Cookies Policy.

5.3 From Third Parties

In certain circumstances, we may receive information from identity verification providers, fraud prevention providers, research partners, and other lawful sources that support our operations.

6. How We Use Your Information

We use the information we collect for the following purposes:

Establishing, maintaining, and administering your panel account
Verifying your identity, eligibility, and age at registration and on an ongoing basis
Matching you with relevant surveys and research opportunities
Sending targeted survey invitations based on your pre-registered profile attributes
Administering research projects on behalf of our clients
Processing and administering incentives, rewards, and payments
Communicating with you about your account, survey opportunities, and policy updates
Conducting quality assurance, fraud prevention, and panel integrity monitoring
Improving our services, systems, and processes
Complying with applicable legal and regulatory obligations
Protecting our rights, property, and the security of our systems

We may also use aggregated, anonymised, or de-identified information for statistical analysis, business intelligence, research reporting, and service improvement. Such information cannot reasonably identify individual participants.

7. Legal Basis for Processing

Depending on the jurisdiction and the nature of the processing activity, TMD Panel processes personal information on one or more of the following legal bases:

Consent — Where you have given your explicit, informed consent to the processing. You may withdraw consent at any time without affecting the lawfulness of prior processing.
Contract — Where processing is necessary to perform our agreement with you as a panel member, including matching you with surveys and administering rewards.
Legal Obligation — Where processing is required to comply with applicable laws or regulatory requirements.
Legitimate Interests — Where processing is necessary for our legitimate interests, such as maintaining panel quality, preventing fraud, and improving our services, provided those interests are not overridden by your rights and interests.

For EEA and UK residents: where consent is the stated legal basis, you have the right to withdraw it at any time by contacting us at the details in Section 15. Withdrawal of consent does not affect the lawfulness of processing that occurred before withdrawal.

8. Disclosure of Information

We do not sell personal information. We may share personal information only in the following circumstances:

Service Providers — With contractors, technology providers, payment processors, communication providers, and others who assist us in operating our business, under strict confidentiality obligations.
Research Clients — Research findings provided to clients are aggregated, anonymised, or de-identified. Personally identifiable information is not disclosed to clients unless specifically required for a project and expressly consented to by the participant.
Legal Requirements — Where required to comply with applicable law, court orders, governmental requests, or regulatory investigations.
Business Transactions — In connection with a merger, acquisition, restructuring, or sale of assets, subject to equivalent confidentiality and data protection obligations.
Protection of Rights — Where disclosure is reasonably necessary to protect our rights, prevent fraud, maintain security, or safeguard individuals and property.

9. International Data Transfers

TMD Panel operates globally, and personal information may be transferred to, processed in, and stored in countries outside your country of residence. The data protection laws of these countries may differ from those in your home jurisdiction.

Where such transfers occur, we implement appropriate safeguards to protect personal information in accordance with applicable legal requirements. These safeguards may include contractual protections, technical controls, and organisational measures designed to maintain confidentiality and security during cross-border transfers.

For EEA and UK data subjects: where personal data is transferred outside the EEA or UK to countries not recognised as providing an adequate level of protection, we rely on appropriate transfer mechanisms such as Standard Contractual Clauses (SCCs) or equivalent safeguards as permitted under applicable law.

10. Data Security and Protection Measures

TMD Panel has implemented administrative, technical, and organisational security measures appropriate to the nature of the personal information we process. These measures include:

Secure servers and encrypted data storage
Firewall protections and secure communication protocols (HTTPS/TLS)
Role-based access controls limiting access to authorised personnel only
Multi-factor authentication for system access
Pseudonymisation — panellist identifiers are separated from survey response data
Photo identity verification at registration
Secure authentication via trusted identity providers (Google Sign-In, Apple Sign-In, and Magic Link)
Regular monitoring, logging, and review of access and activity

While we implement these controls, no method of transmission over the internet or electronic storage can be guaranteed as completely secure. In the event of a personal data breach that poses a risk to individuals, we will notify relevant supervisory authorities and affected individuals in accordance with applicable legal requirements.

11. Fraud Prevention and Research Integrity

Maintaining the integrity of our panel and research activities is essential to the quality of insights we deliver to clients and the fairness of the panel for genuine members. We employ a multi-layered set of quality assurance and fraud prevention measures throughout the panellist lifecycle:

11.1 Registration Controls

Photo identity verification to confirm panellist identity at registration
CAPTCHA challenge at registration and survey entry
Email verification (double opt-in)
Secure authentication via Google Sign-In, Apple Sign-In, and Magic Link — reducing bot-generated account risks by leveraging trusted identity providers
Age-validation logic preventing underage users from completing registration
Duplicate account detection across device and account parameters
IP address monitoring and rate limiting
Device and browser fingerprinting
Traffic source validation

11.2 Pre-Survey Quality Controls

Targeted survey invitations sent directly by our system to eligible panellists based on pre-registered profile attributes — reducing the risk of unqualified or fraudulent respondents
Screener questions administered prior to survey entry to verify eligibility against specific study criteria
Panellist profile validation and demographic consistency verification
Geo-location verification against registered country
Device and IP screening
Historical quality performance review

11.3 Ongoing Monitoring

Response consistency checks and participation behaviour monitoring
Periodic account reviews and profile audits
Automated fraud screening throughout participation lifecycle

Accounts found to be engaged in fraudulent activity, automated participation, misrepresentation, or conduct that compromises research integrity will be investigated and may be restricted, suspended, or permanently removed from the panel.

12. Data Retention

We retain personal information only for as long as is reasonably necessary to fulfil the purposes for which it was collected and to comply with our legal, regulatory, contractual, and operational obligations. Retention periods may vary depending on the nature of the information and the requirements of specific projects or jurisdictions.

When personal information is no longer required, we securely delete, anonymise, or de-identify it in accordance with our internal data retention procedures and applicable legal requirements.

13. Your Privacy Rights

Depending on your country of residence and applicable law, you may have the following rights regarding your personal information:

Right of Access — Request a copy of the personal information we hold about you
Right to Rectification — Request correction of inaccurate or incomplete information
Right to Erasure — Request deletion of personal information in applicable circumstances
Right to Restriction — Request that we limit how we use your information
Right to Object — Object to processing based on legitimate interests
Right to Portability — Receive your personal information in a structured, machine-readable format
Right to Withdraw Consent — Withdraw consent at any time where processing is consent-based
Right to Lodge a Complaint — Complain to your relevant data protection supervisory authority

To exercise any of these rights, please contact us using the details in Section 15. We will respond to verified requests in accordance with applicable regulatory timelines. Certain rights may be subject to legal exceptions, identity verification requirements, and limitations permitted under applicable law.

14. California Privacy Rights — CCPA / CPRA

Where applicable, residents of the State of California have specific rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). These rights include:

The right to know the categories of personal information collected, used, shared, or sold about you
The right to know the business or commercial purposes for which your personal information is collected and used
The right to know the categories of third parties with whom your personal information is shared
The right to request deletion of personal information we have collected, subject to applicable exceptions
The right to request correction of inaccurate personal information
The right to opt out of the sale or sharing of personal information
The right not to be discriminated against for exercising any of the above rights

TMD Panel does not sell personal information for monetary consideration. We do not engage in discriminatory practices against individuals who exercise their applicable California privacy rights. To submit a request, contact us at the details in Section 15 and state your specific request and California residency. We will respond within the timeframe required by applicable law.

15. European and United Kingdom Privacy Rights — GDPR / UK GDPR

Where applicable, individuals located within the European Economic Area and the United Kingdom have the following rights under the EU GDPR and UK GDPR respectively:

Right of access (Article 15 GDPR) — to obtain confirmation of whether your personal data is being processed and to receive a copy
Right to rectification (Article 16 GDPR) — to have inaccurate personal data corrected without undue delay
Right to erasure (Article 17 GDPR) — to have personal data erased in circumstances where it is no longer necessary, consent is withdrawn, or processing is unlawful
Right to restriction of processing (Article 18 GDPR) — to restrict how your data is used in certain circumstances
Right to data portability (Article 20 GDPR) — to receive your personal data in a structured, commonly used, and machine-readable format
Right to object (Article 21 GDPR) — to object to processing based on legitimate interests or direct marketing
Right to withdraw consent — at any time, without affecting the lawfulness of prior processing
Right to lodge a complaint — with your national data protection supervisory authority (e.g., the ICO in the UK, or your EU Member State DPA)

We will respond to all verified data subject requests within one calendar month of receipt. In complex cases, this period may be extended by a further two months, subject to notification to the data subject within the initial one-month period, as permitted under applicable law.

16. Cookies and Tracking Technologies

Our website may use cookies, pixels, web beacons, and similar technologies to improve functionality, maintain security, remember your preferences, analyse website performance, detect fraudulent activity, and enhance user experience.

You may manage or withdraw cookie preferences at any time through your browser settings or through our cookie consent tool where provided. Disabling certain cookies may affect the availability or functionality of some features of our services.

17. Children's Privacy and Minimum Age Requirements

Important Notice: The minimum age for TMD Panel membership and participation is 18 years of age in all countries and jurisdictions globally. No lower age threshold applies. We do not permit participation by individuals below the age of 18 under any circumstances.

Our services are intended exclusively for adults who have attained the age of 18 years or the applicable age of majority in their country of residence, whichever is higher. In India, the primary jurisdiction of our operations, the age of majority is 18 years under the Indian Majority Act 1875, and this is the minimum age we apply universally across all geographies.

We acknowledge that certain data protection laws, including the EU GDPR (Article 8), permit the processing of personal data of individuals aged 16 or over for information society services in some Member States. However, TMD Panel has made a deliberate decision to apply a uniform minimum age of 18 across all operations and jurisdictions. We do not accept registrations from, or process the personal data of, individuals below the age of 18 for any purpose.

17.1 Age Verification at Registration

We collect date of birth from all prospective panel members at the point of registration. Automated age-validation logic is applied and prevents any individual below the age of 18 from completing registration, regardless of their country of residence. This control cannot be bypassed or overridden by the applicant.

17.2 Ongoing Monitoring and Remediation

Periodic profile reviews are conducted to identify accounts where age misrepresentation may have occurred. Any account found to belong to an individual below the age of 18 is promptly suspended and removed from the panel. Personal information collected from such accounts is deleted in accordance with applicable legal requirements.

17.3 No Knowing Collection from Minors

TMD Panel does not knowingly collect, use, or retain personal information from individuals below the age of 18. If you believe that personal information has been inadvertently collected from a person below the age of 18, please contact us immediately at the details provided in Section 18 and we will take prompt corrective action.

18. Governance and Policy Updates

TMD Panel maintains dedicated compliance, operations, and management functions responsible for monitoring regulatory developments, changes in industry guidance, and evolving client requirements. Internal privacy policies and procedures are reviewed regularly and updated to reflect material changes in applicable law, technology, or operational practice.

We may revise this Privacy Policy periodically. Material changes will be communicated through our website, account notifications, or email as appropriate. The effective date at the top of this document will reflect the date of the most recent revision. Your continued use of our services following notification of a material change constitutes acceptance of the updated policy.

19. Contact Us

If you have any questions, concerns, requests to exercise your privacy rights, or complaints regarding this Privacy Policy or our data handling practices, please contact us:

TMD Panel / TMD Research

Email: privacy@tmdpanel.com

Website: https://tmdpanel.com

Privacy Policy URL: https://tmdpanel.com/privacy-policy.html

We will acknowledge your enquiry promptly and will make reasonable efforts to review and respond in accordance with applicable legal requirements and our operational procedures.