The Muster Ltd would like to commission K Ltd, known for its expertise in market research, to conduct customer surveys. Before K Ltd can start with its surveys, Muster Ltd must first ask itself the following questions:
Does K Ltd need access to Muster Ltd’s customer
- Does K Ltd need access to Muster Ltd’s customer data?
- Does K Ltd process the customers’ data?
- Is this data personal data?
For all these questions, the answer is “yes“.
In order to be able to conduct customer surveys, K Ltd needs to know who Muster Ltd’s customers are.
Even if K Ltd conducts a supposedly anonymous survey, it should be noted that a survey is no longer anonymous but personalised as soon as it contains even one detail that allows conclusions to be drawn about the person surveyed. Not only name and date of birth are personal data, but also, for example, the IP address and the car registration number.
Consequently, a data processing agreement must be concluded with K Ltd. In this contract, K Ltd is obligated to, among other things,
- to process personal data exclusively within the framework of the agreements made and according to the instructions of Muster Ltd
- not to use the processing of the data provided for any other purposes, in particular not for its own purposes
- to strictly separate the data processed for Muster Ltd from other data stocks.