This depends on two things: the people invited to participate in a survey, and the type of research.

Where the people invited to participate in a survey are members of YouGov’s research panel, YouGov will either be the sole data controller (for syndicated insights from products like BrandIndex or Profiles and some custom projects), or a joint data controller with the client commissioning the research (for some custom research projects, depending on the involvement of our client). YouGov and our clients together determine the controllership of custom projects on a case-by-case basis.

Where the people are invited to participate in a survey have been provided by our client, we will be a data processor (or, service provider) acting on the instruction of our client.

Our business is built on delivering anonymous research results. Survey responses are combined so we can deliver insights in easy to understand and use formats, such as statistical spreadsheets or aggregated reports, to our clients. Before we deliver any insights, we remove data we consider to be ‘directly identifiable’, such as an individual’s name or social media handle, and ‘indirectly identifiable’ data that we think could make it easier for an individual to be identified, such as a full postcode or date of birth.

While most of the insights we provide to our clients are aggregated and / or anonymous, there are some circumstances where we may be able to provide insights in an identifiable form.

• If you are using our proprietary panel– The first step is understanding what you would like to do with the information because there are certain scenarios in which we will not share personal data, for example if you want to contact our panellists for follow-up research or marketing purposes. Even if you intend to use the data for a permitted purpose, we will only provide identifiable insights if we have our panellists’ permission. Speak to your YouGov contact to find out more about this, or contact our Data Protection team at dataprotection@yougov.com.

If you are using your own sample– Because you are the data controller of this information, we are able to provide identifiable research insights – we would just need to work with you to ensure that we provide an appropriate privacy notice that clearly tells participants that their data will be made available to you in an identifiable form.

Yes, we share certain data with trusted third-party service providers that help us to provide our research services; for example, we share panel member email addresses with those companies that provide the technology we use to send survey invitations. We have appropriate contractual safeguards in place with all of the service providers to ensure that they have adequate security measures and do not disclose or use the personal data for any other purposes.

If you are a client and we are using your own sample for a project then it is important that you review and approve the sub-processors we use to help us provide our services to you.

When we work with you, we need to collect certain information about your employees so we can provide our services to you – for example, log-in details for our YouGov Profiles and YouGov BrandIndex tools, or the contact information for our key contacts. We are a data controller for this information because we use it so that we can provide our services – this means we are responsible for using the data in accordance with any applicable laws and regulations. You can find out more about the data we collect from our clients, and how we use it, in our Client Privacy & Cookies Notice.

The security of the data we hold is a top priority for us. We take a multi-layered approach for ensuring that data is secure, and are proud to be certified to the ISO27001 framework.

You can find out more on our security practices here.

This means, for example, when using a sample that you have provided, we:

• Make sure the data is saved in secure folders, and put appropriate access controls in place so that access is provided only to those that need it
• Delete the data once it is no longer needed (as agreed with you) or on your request

In addition, all YouGov staff are required to undertake training in data protection and security.

Yes, we encrypt the data we hold, both at rest and in transit.

All data on YouGov’s infrastructure, mobile devices, laptops and backup media is encrypted using industry standard encryption at rest. Data is also encrypted in transit over public networks using TLS which is an industry standard to protect against unauthorised disclosure or modification.

We use a combination of co-located, cloud and offline data storage providers to hold the data that we use to provide our services. The providers currently used are located in the European Union (EU) and the United States, and we ensure that any data originating from the EU is only stored in the EU.

You can find out about the data storage providers we use on our list of sub-processors.

YouGov plc is certified to ISO27001:2013. The co-located data centres, cloud and offline data storage providers used by YouGov are also ISO27001 certified.

YouGov plc is also certified against Cyber Essentials Plus which is a UK Government backed scheme that provides external assurance of the existence of security defences to protect against the most comment cyber threats.

YouGov carries out weekly vulnerability testing on its external infrastructure as part of its vulnerability management program. YouGov also uses a third-party CREST accredited organisation for carrying out penetration testing on its infrastructure and applications.

Relevant summaries of penetration testing reports can be provided to clients upon request.

We may allow customer initiated testing upon request but this is subject to approval from our Information Security and Application teams.

YouGov purchases a program of insurance appropriate for the business and our activities. If you have questions about insurance at YouGov, please contact us at governance@yougov.com.

YouGov purchases a program of insurance appropriate for the business and our activities. If you have questions about insurance at YouGov, please contact us at governance@yougov.com.

No, YouGov does not have a health and safety management system certified to a particular standard. YouGov takes the health, safety and welfare of our employees and those effected by our activities very seriously. We operate a management system that is commensurate with the level of risk raised by our activities and the size of our business. Our approach is defined in our Group Health and Safety Policy Statement.

No, YouGov does not currently hold a recognised environmental management system certification. The company appreciates the impact which it has on its environment and takes appropriate measures to manage this, commensurate with the size of our business.

YouGov does not currently hold one recognised quality management system certification globally. The company maintains internal standards that are in keeping with the ISO 9000 (quality management) and has an ISO 27001 certified information security management system. The data centres where YouGov hosts its data servers have ISO 27001 and PCI DSS certification.​​

YouGov Australia holds an ISO 20252:2019 certification. To view its Statement of Applicability please click here.

YouGov has a Group Anti-Bribery Policy. You can read a policy summary here. The full policy is available for panellists, clients and suppliers on request. If you require a copy of the Policy, please contact compliance@yougov.com. Our policies are made available to employees by the Company’s global intranet.

YouGov has a Group Anti-Fraud Policy. You can read a policy summary here. The full policy is available for panellists, clients and suppliers on request. If you require a copy of the Policy, please contact compliance@yougov.com. Our policies are made available to employees by the Company’s global intranet.

In accordance with the International Labour Organization expectations, YouGov supports the human right of all staff to associate freely, join or form a trade union, and bargain collectively. This commitment is outlined in the Group Freedom of Association Policy, which is available internally to employees by the Company's global intranet.

The policy can be made available for panel members, clients and suppliers on request. If you require a copy of the Policy, please contact compliance@yougov.com.

Yes, YouGov has a Group Whistleblowing Policy. You can read a policy summary here. The full policy is available for panellists, clients and suppliers on request. If you require a copy of the Policy, please contact compliance@yougov.com. Our policies are made available to employees by the Company’s global intranet.

YouGov is committed to respecting and and protecting human rights throughout our operations, including our supply chain. The Group Human Rights policy is available here.

YouGov’s statement on modern slavery and human trafficking is available here. The Group Human Rights Policy is available here.

All YouGov Suppliers are required to comply with a Business Partner Code of Conduct (the “Code”). This Code applies to any individual or business that provides YouGov with products or services – including all suppliers, sub-contractors, and business partners, and their officers, subsidiaries, affiliates, employees, sub-contractors, agents, representatives, and consultants.

If you have any concerns or would like to report an incident that violates this Code, please refer to our Whistleblowing Policy for the appropriate contacts.

Details of all registered offices are available here.

You can view the publicly filed records of YouGov plc or any of our UK companies via Companies House (https://www.gov.uk/get-information-about-a-company). Companies House is the Register of Companies in the UK and shares most information free of charge. If you are unable to find the information you require, please contact governance@yougov.com.

You can view our latest regulatory news service (RNS) announcements here.