Introduction
Your privacy matters to us. This Privacy Policy explains how TGM Research Pte. Ltd. ("TGM", "we", "us", or "our") collects, uses, and shares personal information when you use our services, including:
- The TGM Panels website at tgmpanel.us and related panel websites ("Website")
- The TGM Panels mobile application ("App")
- Participation in surveys and market research programs ("Services")
This Privacy Policy applies to all users worldwide. We are committed to protecting your privacy and complying with applicable data protection laws, including:
- GDPR (EU/UK General Data Protection Regulation)
- CCPA/CPRA (California Consumer Privacy Act / California Privacy Rights Act)
- PDPA (Singapore Personal Data Protection Act)
TGM Research Pte. Ltd.
6001 Beach Road, #22-01 Golden Mile Tower
Singapore 199589
TGM Research Pte. Ltd. is the sole controller of your personal data. We determine how and why your personal data is processed in connection with the TGM Panel platform.
Contact for all privacy matters: privacy@tgmpanel.com
Participation in surveys requires registration. During registration, you will see information about data processing and a link to this Privacy Policy before submitting your data.
1. Information We Collect
We collect different types of information depending on how you use our Services.
A. Data You Provide Directly
| Data Type | Examples | When Collected |
|---|---|---|
| Account data | Email address, password, country | Registration |
| Profile data | Name, date of birth, gender, postcode | Profile completion |
| Demographic data | Education, employment, household, income | Profile surveys |
| Contact data | Phone number (optional) | For phone-based rewards only |
| Survey responses | Answers, completion status, timestamps | Survey participation |
| Support messages | Communications via email or chat | When you contact us |
| Verification data | Phone number for SMS verification; linked social accounts (LinkedIn, Facebook); verification result received from third-party identity verification provider (verified/not verified status, confirmed name, country, and age 18+ confirmation) | When requested for identity verification or when you voluntarily request verified status |
B. Special Category (Sensitive) Data
Some profile categories and surveys may involve sensitive personal data, including:
- Health-related information
- Ethnicity or racial origin
- Political opinions
- Religious or philosophical beliefs
We use a granular consent mechanism in your Privacy Settings that allows you to separately control:
- Whether to share sensitive data for market research purposes
- Whether to share profile information with third parties
- Cookie and identifier preferences
Access to sensitive profile categories (such as Health, Ethnicity) is only available if you have provided explicit consent for sensitive data processing. You can change these settings at any time in your account under Privacy Settings.
- Surveys are provided by our research partners (Cint, PureSpectrum, and other clients).
- Survey providers may collect additional sensitive data and are responsible for obtaining appropriate consent within their surveys.
- You may always skip sensitive questions or exit any survey without penalty.
C. Data We Collect Automatically
See also Section 1D below for data we receive from third-party sources (Art. 14 GDPR).
| Data Type | Examples | Purpose |
|---|---|---|
| Device data | Device model, operating system, app version | Compatibility, troubleshooting |
| Network data | IP address, approximate location from IP | Fraud prevention, survey eligibility |
| Usage data | Pages visited, features used, timestamps | Service improvement |
| Login data | Login times, IP at login, derived country | Security, fraud detection |
| Advertising identifiers | Google Advertising ID (GAID) on Android, Apple Identifier for Advertisers (IDFA) on iOS | Survey partner attribution, respondent deduplication, fraud prevention |
D. Data We Receive from Third Parties (Art. 14 GDPR)
We may receive personal data about you from the following third-party sources:
| Source | Data Received | Purpose | Legal Basis |
|---|---|---|---|
| Survey partners (Cint, PureSpectrum, Lucid) | Survey completion status, eligibility confirmations, quality scores | Crediting points, preventing duplicate participation | Contract (Art. 6(1)(b)) |
| Payment providers | Payment confirmation status, transaction IDs | Processing reward redemptions | Contract (Art. 6(1)(b)) |
| Ip2Location (IP geolocation service) | Country and city derived from IP address | Survey eligibility, fraud prevention | Legitimate Interest (Art. 6(1)(f)) |
| Identity verification provider (third-party) | Verification result (verified/not verified), confirmed name, country, age 18+ confirmation | Identity verification (fraud-triggered or voluntary) | Legitimate Interest or Consent (see Section 3) |
| Social login providers (LinkedIn, Facebook) | Account link confirmation | Identity verification via social account linking | Legitimate Interest (Art. 6(1)(f)) |
Where we receive data from third parties, we inform you of that data no later than the point at which it is first used. Third-party data is subject to the same retention periods and rights as data collected directly from you.
2. Platform-Specific Data Collection
Some data collection differs between our Website and App:
| Data Type | Website | App |
|---|---|---|
| Cookies | ✓ | ✗ |
| Browser data | ✓ | ✗ |
| Push notification tokens | ✓ | ✓ |
| App crash reports | ✗ | ✓ |
| Advertising identifiers (GAID / IDFA) | ✗ | ✓ |
Advertising Identifiers (GAID / IDFA)
Our mobile App collects the Google Advertising ID (GAID) on Android and the Apple Identifier for Advertisers (IDFA) on iOS. These identifiers are used exclusively for:
- Survey partner attribution — enabling our research partners (Cint, PureSpectrum) to match survey completions
- Respondent deduplication — preventing the same user from being invited to the same survey across multiple panels
- Fraud prevention — detecting automated or fraudulent survey responses
- Collect precise GPS location without explicit consent
- Use advertising identifiers (GAID/IDFA) for advertising, ad targeting, or remarketing
- Share advertising identifiers with advertising networks
- Display advertisements within the App
- Transmit advertising identifiers for users under the age of 18
3. How We Use Your Information
| Purpose | Legal Basis (GDPR) |
|---|---|
| Create and manage your account | Contract (Art. 6(1)(b)) |
| Match you with relevant surveys (profiling) | Legitimate Interest (Art. 6(1)(f)) |
| Process rewards and payments | Contract (Art. 6(1)(b)) |
| Send service communications (account confirmations, payment receipts, policy updates) | Contract (Art. 6(1)(b)) |
| Send survey invitations | Legitimate Interest (Art. 6(1)(f)) — you may opt out at any time via account settings or by contacting privacy@tgmpanel.com |
| Prevent fraud and ensure security (including IP logging at each login) | Legitimate Interest (Art. 6(1)(f)) |
| Identity verification — phone (SMS) and social account linking | Legitimate Interest (Art. 6(1)(f)) — fraud prevention |
| Identity verification — document (fraud-triggered, via third-party provider) | Legitimate Interest (Art. 6(1)(f)) — fraud prevention |
| Identity verification — voluntary verified status (via third-party provider) | Consent (Art. 6(1)(a)) — user-initiated |
| Share profile data with third-party survey providers (Cint, PureSpectrum, etc.) | Consent (Art. 6(1)(a)) — via Privacy Settings |
| Process sensitive personal data (health, ethnicity, etc.) | Explicit Consent (Art. 9(2)(a)) — via Privacy Settings |
| Website analytics (Google Analytics) | Consent (Art. 6(1)(a)) — via cookie consent |
| App analytics (Firebase Analytics) | Consent (Art. 6(1)(a)) — via in-app privacy settings |
| Customer support | Contract (Art. 6(1)(b)) — necessary to respond to your support requests |
| Transactional emails (Postmark) | Contract (Art. 6(1)(b)) |
| Advertising attribution (Facebook Pixel) | Consent (Art. 6(1)(a)) — via cookie consent |
| Survey partner attribution and respondent deduplication (Advertising ID) | Consent (Art. 6(1)(a)) — via Privacy Settings (Android) / ATT prompt (iOS) |
| Bot protection and spam prevention (Google reCAPTCHA) | Legitimate Interest (Art. 6(1)(f)) — website security |
| Comply with legal obligations | Legal Obligation (Art. 6(1)(c)) |
- Selling your data to advertisers or third parties
- Cross-context behavioral advertising
- Selling to data brokers
The TGM Panel App does not display advertisements to users. We do not serve ads, use ad networks, or monetise our users through advertising. The App is a market research tool — not an advertising platform.
TGM Panel is a market research platform, not a gambling service. The Service does not involve betting, wagering, games of chance, or any form of gambling. Points earned through survey participation are not currency, have no cash value, and do not constitute money or a financial instrument. Points are non-transferable loyalty incentives that may be redeemed for rewards in accordance with our Terms of Service.
4. Data Sharing
We Do Not Sell Your Data
We do not sell, license, or share your personal data with advertising networks, data brokers, or for advertising measurement purposes.
Service Providers We Use
| Provider | Purpose | Platform | Location |
|---|---|---|---|
| Amazon Web Services | Cloud hosting, storage | Both | EU/US |
| Firebase Analytics | App usage analytics | App only | USA |
| Firebase Crashlytics | App crash reporting | App only | USA |
| Firebase Cloud Messaging | Push notifications | Both | USA |
| Google Analytics | Website analytics | Website only | USA |
| HelpScout | Customer support | Website only | USA |
| Postmark | Transactional emails | Both | USA |
| Meta (Facebook Pixel) | Advertising attribution | Website only | USA |
| Ip2Location | IP geolocation | Both | Singapore |
| Google reCAPTCHA | Bot protection, spam prevention | Website only | USA |
| [Identity Verification Provider] | Identity document verification | App + Website | [EU / Provider location] |
All US-based service providers are certified under the EU-US Data Privacy Framework. All providers are bound by data processing agreements.
Google reCAPTCHA
We use Google reCAPTCHA (v3) on our website forms to protect against automated spam and bot attacks. reCAPTCHA analyses your interaction with our website (including IP address, browser characteristics, mouse movements, and time spent on page) to determine whether the request comes from a human or a bot. This data is transmitted to Google LLC in the USA.
Legal basis: Legitimate Interest (Art. 6(1)(f)) — protecting the security and integrity of our website forms is necessary to prevent automated abuse that could compromise user data and service availability. reCAPTCHA cookies (_GRECAPTCHA, rc::*) are classified as strictly necessary security cookies under ePrivacy Directive Art. 5(3).
Your right to object: You may object to this processing under Art. 21 GDPR by contacting privacy@tgmpanel.com. However, disabling reCAPTCHA may prevent you from submitting forms on our website. For more information, see Google's Privacy Policy.
5. Profiling and Automated Decision-Making
We use profiling to match you with relevant surveys based on your demographic profile and participation history. This helps reduce irrelevant invitations and improves research quality.
Legal Basis: We process your data for survey matching under Legitimate Interest (GDPR Art. 6(1)(f)). Our legitimate interest is to provide you with relevant survey opportunities and to deliver quality research to our clients. We have conducted a Legitimate Interest Assessment confirming that this processing does not override your rights and freedoms.
Your Right to Object: Under GDPR Art. 21, you have the right to object to profiling based on legitimate interest. To exercise this right, contact privacy@tgmpanel.com.
What happens if you object: If you object to profiling, we will stop using your profile data for automated survey matching. You will still be able to use your account, but this may result in fewer or no survey invitations, as we will not be able to match you with relevant opportunities.
Explanation: You may request an explanation of why specific surveys were or were not offered to you. We will provide a meaningful summary of the profile factors that influenced the matching decision. To request an explanation, contact privacy@tgmpanel.com.
Profile factors used for matching: Survey matching uses the following profile categories: age group, gender, country, region/postcode, household composition, employment status, and education level. Matching does not use sensitive personal data (health, ethnicity, political views) unless you have separately consented to sensitive data processing.
- Profiling does NOT produce legal effects
- Profiling may have a practical impact on survey availability and earning potential
- Basic demographic matching only (age, gender, location, household composition, employment, education)
- You may object to profiling or request human review at any time
- You may request an explanation of matching decisions
How We Share Your Data with Survey Partners
TGM Panel works with external survey marketplace partners to provide you with survey opportunities. When we match you with a survey from one of these partners, we share limited data about you so the partner can confirm you are eligible for the survey.
What data we share
| Data element | Shared? | Purpose |
|---|---|---|
| Internal panelist ID (not your name or email) | Yes | Identifies you within the survey system |
| Country | Yes | Geographic targeting for surveys |
| Age range | Yes | Demographic quota matching |
| Gender | Yes | Demographic quota matching |
| Region / state | Sometimes | When a survey requires regional targeting |
| Household size, employment status, education level | Sometimes | When a survey has specific demographic requirements |
| Device type (mobile/desktop) | Yes | Technical compatibility |
| IP address | Yes | Fraud prevention and geographic verification |
| Email address | No | Never shared with survey partners |
| Name | No | Never shared with survey partners |
| Phone number | No | Never shared with survey partners |
| Government ID or verification documents | No | Never shared with survey partners |
Who are our survey partners
| Partner | Location | Role | Their privacy policy |
|---|---|---|---|
| Cint AB | Stockholm, Sweden | Independent controller for surveys conducted through their marketplace | cint.com/participant-privacy-notice |
| Lucid Holdings LLC (Cint affiliate) | New Orleans, USA | Independent controller for surveys conducted through their marketplace | luc.id/privacy-policy |
| PureSpectrum Inc. | USA | Independent controller for surveys conducted through their marketplace | purespectrum.com/privacy-policy |
This list may change. We will update this section when we add or remove partners. You can request the current list at any time by contacting privacy@tgmpanel.com.
Who controls what
When you participate in a survey through one of our partners, two separate organisations process your data:
TGM Research Pte. Ltd. (us) controls:
- Your panel account and profile data
- The decision to invite you to a specific survey
- The limited data shared with the partner for matching purposes
- Your incentive points for completing the survey
The survey partner controls:
- The survey content and questions
- Your survey responses
- How long they keep your responses
- Who they share the survey results with (typically their research client, in anonymised or aggregated form)
Once you click through to a partner's survey, the partner's privacy policy governs how they handle your survey responses. We do not have access to your individual survey responses held by partners.
Legal basis for sharing
We share your data with survey partners on the basis of Legitimate Interest (Article 6(1)(f) GDPR). Our assessment:
- Our interest: Operating the panel requires connecting respondents with surveys from partner marketplaces. Without this sharing, we cannot provide the service.
- Your reasonable expectation: You joined TGM Panel to participate in surveys. Survey matching through marketplace partners is a core part of the service described in our Terms.
- Data minimised: We share only the minimum data needed for quota matching. We never share your email, name, or phone number with survey partners.
- Your right to object: You can object to this sharing by contacting privacy@tgmpanel.com. Please note that if you object, we will be unable to match you with partner surveys, which will significantly reduce the number of surveys available to you.
International transfers in this context
When your data is shared with a partner located outside the EU/EEA:
| Partner | Location | Transfer safeguard |
|---|---|---|
| Cint AB | Sweden (EU) | No transfer — within EU |
| Lucid Holdings LLC | USA | EU-US Data Privacy Framework |
| PureSpectrum Inc. | USA | EU-US Data Privacy Framework |
If the Data Privacy Framework is invalidated, we will implement Standard Contractual Clauses or suspend transfers until an alternative safeguard is in place.
6. International Transfers
Your data may be transferred to countries outside your residence, including the United States and Singapore.
Transfers to the United States
Most of our service providers are based in the USA. All our US-based service providers are certified under the EU-US Data Privacy Framework (DPF):
- Google LLC (Google Analytics, Firebase) — Google DPF certification
- Amazon Web Services — AWS DPF certification
- Help Scout PBC — Help Scout DPF certification
- ActiveCampaign (Postmark) — ActiveCampaign DPF certification
- Meta Platforms (Facebook Pixel) — Meta DPF certification
The DPF provides a valid transfer mechanism under GDPR following the European Commission's adequacy decision of July 2023 (C(2023) 4745). In addition, we maintain EU Standard Contractual Clauses (SCCs) with all US-based service providers as a fallback transfer mechanism. Should the DPF adequacy decision be invalidated or suspended, our data transfers will continue to be covered by SCCs supplemented by appropriate technical and organisational measures, including encryption in transit and at rest, access controls, and data processing agreements.
Transfers to Singapore
TGM Research Pte. Ltd. is based in Singapore. For personal data transferred from the EU/UK to Singapore, we rely on EU Standard Contractual Clauses (SCCs) as the transfer mechanism, as Singapore does not have an EU adequacy decision.
Safeguards We Apply
- EU Standard Contractual Clauses (SCCs) with all relevant providers
- Adequacy decisions where applicable
- Data processing agreements with all service providers
- Technical measures including encryption in transit and at rest
7. Data Retention
| Data Category | Retention Period |
|---|---|
| Account and profile data | Duration of account + 12 months after deletion |
| IP addresses and login history | Duration of account + 12 months |
| Survey responses | Anonymised within 24 months of collection. Anonymisation removes all direct and indirect identifiers so that responses can no longer be linked to you. |
| Points and rewards | Points expire after 6 months of inactivity. Points are non-monetary loyalty incentives with no cash value. |
| Verification results | Verification status (verified/not verified), confirmed name, country, and age confirmation received from the verification provider are retained for the duration of the account + 12 months. TGM does not receive or store identity documents. |
| Error logs | 90 days |
| Analytics data (Google Analytics, Firebase) | Raw analytics data: retained by Google for 14 months (our configured retention setting). We do not retain identifiable analytics data beyond this period. Aggregated statistical reports (containing no personal data) may be retained indefinitely. |
| Marketing cookies (Facebook Pixel) | 90 days (cookie expiry). Attribution data held by Meta per their retention policy. |
| Support messages (HelpScout) | Duration of account + 12 months after deletion. Deleted upon account deletion request. |
When document-based identity verification is required (for fraud-flagged accounts) or voluntarily requested (for verified status), the verification is conducted entirely by a specialised third-party identity verification provider. You submit your identity document directly to the provider's secure platform. TGM does not receive, process, view, or store your identity documents at any stage. The provider processes the document, performs verification, and returns only the result to TGM: verification status (verified/not verified), confirmed name, confirmed country, and age confirmation (18+). The provider deletes the source document after processing in accordance with their data processing agreement with TGM.
For phone (SMS) and social account verification, TGM processes the verification directly and retains only the verification status.
Legal basis: SMS and social account verification: Legitimate Interest (Art. 6(1)(f)). Document verification for fraud-flagged accounts: Legitimate Interest (Art. 6(1)(f)). Voluntary document verification for verified status: Consent (Art. 6(1)(a)).
9. Your Privacy Rights
Depending on your location, you may have the following rights:
| Right | Description | GDPR | CCPA |
|---|---|---|---|
| Access | Request a copy of your data | ✓ | ✓ |
| Correction | Correct inaccurate data | ✓ | ✓ |
| Deletion | Request deletion of your data | ✓ | ✓ |
| Portability | Receive data in portable format | ✓ | ✓ |
| Objection | Object to certain processing | ✓ | - |
| Withdraw consent | Withdraw consent at any time (does not affect prior processing) | ✓ | - |
| Lodge a complaint | Complain to a supervisory authority (Art. 77 GDPR) | ✓ | - |
If you believe our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the EU/EEA Member State of your habitual residence, place of work, or place of the alleged infringement. This right is without prejudice to any other administrative or judicial remedy. A list of EU data protection authorities is available at edpb.europa.eu.
How to Exercise Your Rights
- Email: privacy@tgmpanel.com
- In-app: Settings > Privacy
- Website: Profile settings > Privacy
We respond within 30 days (GDPR) or 45 days (CCPA).
Obligation to Provide Data (Art. 13(2)(e) GDPR)
The provision of your personal data is neither a statutory nor a legal requirement. However:
| Data | Requirement | Consequence of Not Providing |
|---|---|---|
| Account data (email, country) | Contractual — necessary to create and maintain your account | You cannot register or use the Service |
| Profile data (age, gender, etc.) | Contractual — necessary for survey matching | You may receive fewer or no survey invitations |
| Sensitive data (health, ethnicity) | Voluntary — based on your explicit consent | No penalty; you will not be matched with surveys requiring this data |
| Identity verification data | May be required if your account is flagged for suspicious activity; voluntary for verified status | Fraud-triggered: failure to verify may result in account restriction. Voluntary: no penalty for declining |
| Cookies (non-essential) | Voluntary — based on your consent | No impact on Service functionality; analytics and marketing features will not operate |
10. Account Deletion
You can delete your account:
- In-app: Settings > Account > Delete Account
- Website: Profile > Account Settings > Delete Account
- Email: privacy@tgmpanel.com
- We will remind you of your current points balance
- You may redeem eligible points before confirming final deletion
- Forfeiture of remaining unredeemed points (after opportunity to redeem)
- Removal from all panels
- Data deleted within 30 days
This process ensures that exercising your data protection rights does not result in unfair loss of earned rewards.
11. Children's Privacy
Age Verification
We implement the following measures to prevent underage access:
- Registration gate: Users must confirm their date of birth during registration. Accounts cannot be created by users under 18 years of age.
- Age validation: Date of birth is verified against profile data and may be cross-checked during survey participation.
- Account review: Accounts suspected of belonging to underage users are flagged for review and may be suspended pending verification.
COPPA Compliance (Children Under 13)
In compliance with the Children's Online Privacy Protection Act (COPPA) and equivalent international laws:
- We do not knowingly collect personal information from children under the age of 13
- We do not knowingly collect persistent identifiers (including Advertising IDs) from children under 13
- We do not use any SDKs or APIs that are not compliant with child safety requirements in a manner accessible to children
- Our App is not listed in the "Family" or "Kids" category on Google Play or Apple App Store
Users Aged 13–17
While our age threshold is 18, if we discover a user between the ages of 13 and 17 has registered:
- The account will be suspended immediately
- No advertising identifiers (GAID/IDFA) will be transmitted for the account
- No data will be shared with third-party survey partners
- The user (and parent/guardian where possible) will be notified
- All personal data will be deleted within 30 days unless a parent/guardian provides verifiable consent
Discovery of Underage Data
If we discover that we have inadvertently collected personal data from anyone under the age of 18:
- We will cease all processing of that data immediately
- We will delete the data and associated account within 30 days
- We will notify any third parties with whom the data may have been shared to delete it
- We will document the incident in our internal records
If you believe a child has provided us with personal data, please contact us immediately at privacy@tgmpanel.com.
Google Families Policy & Apple Kids Safety
TGM Panel is not a children's app and is not subject to Google's Families Policy or Apple's Kids Category requirements. However, we voluntarily adhere to the following principles:
- No advertising identifiers are collected or transmitted for any user known or suspected to be under 18
- No behavioural advertising or interest-based profiling is conducted on minors
- No personal data of minors is sold or shared for commercial purposes
- The App does not contain content inappropriate for any audience
12. Data Security
We implement appropriate security measures:
- Encryption in transit (HTTPS/TLS) and at rest
- Access controls limiting who can access data
- Security monitoring and logging
- Regular security assessments
- Employee training on data protection
13. Region-Specific Disclosures
California Residents (CCPA/CPRA)
Your California rights include:
- Right to know what data we collect
- Right to delete your data
- Right to correct inaccurate data
- Right to opt-out (we don't sell data)
- Right to non-discrimination
To exercise rights: Email privacy@tgmpanel.com with subject "California Privacy Request"
EU/UK Residents (GDPR)
To lodge a complaint, contact your local supervisory authority:
- UK: Information Commissioner's Office (ico.org.uk)
- EU: Your local data protection authority
Contact Us
TGM Research Pte. Ltd.
6001 Beach Road, #22-01 Golden Mile Tower
Singapore 199589
General privacy inquiries: privacy@tgmpanel.com
Response time: Within 30 days
TGM Research has designated Marcin Kaleta as Data Protection Officer in accordance with GDPR Article 37. The DPO is an external legal counsel provided by IT Law Solutions Sp. z o.o. and exercises his supervisory function independently of TGM Research management in accordance with Article 38(3) GDPR.
Data subjects may contact the DPO directly, without going through TGM Research management, on any matter relating to the processing of their personal data or the exercise of their rights under the GDPR.
Email: privacy@tgmpanel.com
Post: Data Protection Officer — Marcin Kaleta
c/o IT Law Solutions Sp. z o.o.
ul. Taneczna 78
02-829 Warszawa, Poland