Privacy Policy


Mystery Shopper Jobs (the “website“) is wholly owned and operated by Preach Group Ltd (company number 07546402) which is registered in England and Wales at 124 City Road, London, EC1V 2NX and referred to in this policy as “we“, “us” and “our“). We are registered as a data controller at the Information Commissioner’s Office (ICO) with registration number Z3032067.

Please read this policy in addition to our Cookie Policy and Terms & Conditions in full as we want you to understand how we use your data and be confident that the information you give us is safe and secure. Important points to note are that we may use aggregate data for analytical and research purposes. Where we collect an email from you, we won’t send marketing to you without consent and will never give third parties permission to email you. You can easily opt out of our processing at any time.

Last updated: 25th May 2018


  1. Categories (types of data we collect)
  2. Collection (how we collect data)
  3. Use (how we use data)
  4. Sharing (how we share data)
  5. External Links (limitations of this notice)
  6. Security (how we secure data)
  7. Retention (how long we store data)
  8. Rights (rights of the data subject)
  9. Removal (how data can be removed)
  10. Changes (updates to this policy)
  11. Contact (get in touch)

You can return to this list by using the ‘Back to Top’ link at the end of every section.

1. Categories

During the course of your relationship with us, we may collect personal data about you. Personal data means any information capable of identifying you as an individual – it does not include anonymised data. Personal data we collect includes:

  • Identity (name, age, gender)
  • Contact (email address, town or city location)
  • Technical (date of registration, registration IP address, local time zone, operating system and browser)
  • Usage (how you interact with our website, emails and services)

We may process aggregated data from your personal data but this data does not reveal your identity and as such in itself is not personal data. An example of this is where we review your usage data to work out the percentage of website users using a specific feature. If we link the aggregated data with your personal data so that you can be identified from it then it is treated as personal data.

We do not collect any sensitive data about you. Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, genetic and biometric data, criminal convictions or offences.

Back to Top

2. Collection

We collect data about you through a variety of methods including:

Direct Interactions
You may provide data directly to us by filling in forms on our website or otherwise communicating with us by email, phone or similar methods. This includes when you subscribe to our service and request marketing be sent to you; enter a competition, prize draw, promotion or survey; or give us feedback.

Automated Technology
As you use our website and services, we may automatically collect technical data about your device, actions and usage patterns. We collect this data by using cookies, server logs and similar technologies. We may also receive technical data about you if you visit other websites that use our cookies. Please see our Cookie Policy for further details.

Third Parties & Public Sources
We may receive personal data such as identity, contact or technical details about you from various third parties and public sources where necessary.

Back to Top

3. Use

There are a number of ways we process your data, all of which relate to a legal ground for processing. We may process your personal data for more than one legal ground depending on the specific purpose for which we are using your data.

This includes where you have given us clearly informed consent to process your personal data for a specific purpose. The specific purpose of our website registration feature is to be able to provide you with research opportunities by email, which we require your informed consent for. We only collect information that we deem to be relevant and obtain your informed consent to ensure you agree to receive emails from us. We provide a clear consent statement and ask you to agree to both our privacy notice and terms and conditions. You are free to unsubscribe at any time.

If we have a contract we have with you, or you have asked us to take specific steps before entering into a contract, we may need to use your personal data. If you take part in research with a brand operated by our company, we may need you to provide responses directly to us. We will also need to process your details to arrange payments and rewards owed to you. This also applies if we need to award you with a prize if you have won a competition.

Legal Obligation
If we are required to do so by law, we may need to collect and process your data as a legal obligation. As an example, if we suspect you are involved in fraudulent or criminal activity of any kind we reserve the right to process your details and share them with relevant authorities.

Legitimate Interests
This processing is necessary for our own legitimate interests. This includes things which may reasonably be expected as part of us offering our service and which does not materially impact your rights, freedom or interests. You are free to object to any of our legitimate interests, please contact us. Our legitimate interests include:

  • Email communications which are not referred to under ‘Consent’ above (e.g. responding to queries, discussing research opportunities or payment, informing you about changes to our services). Service updates can be unsubscribed from at any time (other messages will only be sent as a reply if you email us first).
  • Ensuring we avoid communicating with you by email through the use of a ‘do not contact’ (suppression) list after you have requested not to be contacted. You are free to request deletion from our suppression list.
  • Preventing fraud and system abuse by monitoring suspicious activity (we reserve the right to suspend access to our services in accordance with our terms and conditions). You can request we stop associating your personal data with these suspected activities, however our legitimate interests may be compelling enough to override your rights.
  • Analysing usage of how you interact with our website, emails and offers (including whether you decide to open an email, click on a link or register for a particular offer). This helps us to understand your interests and improve our services. You are free to request removal from our database and have this data anonymised.
  • Segmentation of our database based on details you have provided such as age, gender or location. This ensures you receive offers to take part in research which you are eligible for. You are free to request removal of all or part of the personal data we hold for you (it may result in missing out on targeted offers which we cannot match you with).
  • Personalisation of your experience based on details you have provided such as your name, age or location. You are free to request removal of all or part of the personal data we hold for you.

Back to Top

4. Sharing

We pride ourselves on being fair and reasonable with your data, so none of the ways we share it below should be a surprise. We may share your data with:

  • Service providers who provide IT support, data, communication and system administration services.
  • Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
  • HM Revenue & Customs, regulators and other authorities based in the United Kingdom and other relevant jurisdictions who require reporting of processing activities in certain circumstances.
  • Buyers, agents and advisers of a merger, acquisition or sale of any part of our business. Use of data would only be authorised on the same basis as it was collected.
  • Clients, media contacts and other organisations in an aggregated format only (for clarity, we will not share any of your personal data and associated research responses together to any third party). This means the third party would not be able to identify you from the information provided, e.g. “5% of people in the UK enjoy going to the gym”.
  • Others only where we have your consent.

Due to the global nature of the internet, from time to time and for operational reasons the personal information we collect from you may be transferred to and stored in countries outside of the European Economic Area (“EEA”). Your information may also be processed by some of our service providers which operate outside the EEA. Different countries have different data protection and security laws, however we require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.

Back to Top

5. External Links

Our website and emails contain links to third-party websites which are not subject to this privacy notice. Please read our Terms & Conditions page for further information on these links. Please make sure you read a third party’s terms and conditions and privacy notice carefully before providing any personal information to them, as we cannot accept any responsibility or liability for those third-party websites.

Back to Top

6. Security

Keeping details about you secure is important to us so we store and process your personal information in accordance with the high standards required under data protection legislation. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.

In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We do our best to keep the information you disclose to us secure, however security cannot be guaranteed due to factors out of our control. By using our services you accept the inherent risks of providing information online and will not hold us responsible for any breach of security. We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Back to Top

7. Retention

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

  • If we rely on your consent as a member, it is assumed to be renewed upon each positive interaction you make with our services (including opening an email and/or clicking a link). You are free to request removal at any time.
  • If you appear to be inactive or unresponsive after what we consider to be a reasonable period of time, we reserve the right to remove your data. This may be based on a duration such as one year without hearing back from you or other similar factors.
  • If you are a customer of ours, by law we have to keep basic information about our you for six years after you cease being a customer for tax purposes.
  • In some circumstances you can ask us to delete your data.
  • In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

Back to Top

8. Rights

The General Data Protection Regulation (GDPR) offers the following rights:

  1. The right to be informed
    Transparency of how we collect and use your personal data is a legal requirement of ours, which is what we detail on this page.
  2. The right of access
    We can provide you with free access to any data we hold about you and will respond within a month.
  3. The right to rectification
    Accuracy is important to us, so you are able to have us amend data within a month of asking us to do so.
  4. The right to erasure
    We only want to store your data if you want us to. If you don’t, please ask and we will respond within a month.
  5. The right to restrict processing
    In accordance with this policy, you are able to tell us how you want us to use your data. Please contact us and we will respond within a month.
  6. The right to data portability
    If desired, you can request to move, copy or transfer your personal data in an easy to use format.
  7. The right to object
    Above all else, you can object to us processing your personal data as referenced in this policy. Please contact us and we will respond within a month.
  8. Rights in relation to automated decision making and profiling
    If we use or process your personal data for any automated decision making and profiling reasons, we must inform you.

If you would like further details about any of these rights, please contact us.

Back to Top

9. Removal

Registering with us is voluntary and you are under no obligation to continue to be a member or take part in any opportunities. If you have previously submitted your details and agreed to us using your personal data for direct marketing purposes, you may change your mind at any time. Please use the unsubscribe feature (linked at the bottom of our emails) or email us directly on to request removal.

Back to Top

10. Changes

We may, from time to time, make changes to this privacy notice to reflect any changes to our practices in accordance with changes to legislation, best practice or website enhancements. We will let you know what these changes are by posting them to this page. Where the changes are significant, we may also choose to email you with the new details and get your consent to make these changes where required by law. It is your responsibility as a user to make sure that you are aware of changes posted on this page, by checking for any changes on a regular basis. Changes posted on this page will become effective as soon as they are posted.

Back to Top

11. Contact

If you would like to know what personal data we hold about you or have any questions or feedback for us please get in touch and we will get back to you as soon as possible.

As an online service, we prefer to communicate with you by email to ensure you are put in contact with the right person and in accordance with any regulatory time frames. Please use our email for any correspondence.

If you are not happy with any aspect of how we collect and use your data, please submit your complaint to us so it can be escalated accordingly. Should this not be satisfactory, you are able to complain to the Information Commissioner’s Office (ICO) which is the supervisory authority in the UK for data protection issues.

Back to Top