Privacy Policy


Here at HS Brands we’re committed to protecting the Personal Data and privacy rights of our Data Subjects; Mystery Shoppers, Employees, Independent Contractors, Clients or Vendors. As a global company we maintain compliance with data protection laws, rules and regulations; including EU’s General Data Protection Regulation (GDPR).

HS Brands is considered the Data Controller of a Data Subject’s Personal Data.  Your Personal Data is collected when you create a mystery shopper account or enter into a contractual agreement with HS Brands as an Employee, Independent Contractor, Client or Vendor.  By using this site and/or registering to become a mystery shopper with us, you acknowledge you’ve read, understand and accept the practices we’ve outlined for you here in this policy.

GDPR requires us to implement and adhere to strict technological and organizational controls. Our main SAS provider; SurfMerchants, has implemented state of the art IT technologies to ensure GDPR compliance. SurfMerchants adheres to a “Privacy Shield Policy” which can be reviewed by visiting  This policy allows SurfMerchants to establish and maintain an adequate level of Personal Data privacy protection.  For additional information or to view SurfMerchants certifications through Privacy Shield please visit Surf Merchants will continue to review and update the security controls necessary to protect the personal data of employees, customers, field agents and partners from unauthorized access or loss.

Data Protection Principles

Below are the six (6) GDPR principles that companies must adhere to regarding the processing of Personal Data.  The Personal Data we hold about you must be:

  1. Processed lawfully, fairly and in a transparent manner.
  2. Collected for legitimate purposes that have been clearly explained to you and not processed in a way that is incompatible with those purposes.
  3. Adequate, relevant and limited to what is necessary in relation to the purposes.
  4. Accurate and, where necessary, kept up to date.
  5. Kept in form which permits identification for no longer than is necessary for the purpose of use.
  6. Processed in a manner that ensures appropriate security of the Personal Data.

Cookie Policy

If you register as a Shopper or sign in as a Client or Vendor, we will set a temporary cookie to determine if your browser accepts cookies.  This cookie contains no Personal Data and is discarded when you close your browser.

What Personal Data do we collect?

HS Brands collects a variety of personal information which may include the following:

  1. Personal identification (Name, date of birth, gender, height, weight, sex, income etc.)
  2. Contact details (address, email, telephone number)
  3. Membership/Work card numbers
  4. Electronic (IP address)
  5. Financial (bank name, account and routing numbers)
  6. Professional competencies, and previous experience)
  7. Your photo
  8. Performance rating (based on work completed)

Special Categories of Personal Data

Special categories of Personal Data may disclose a Data Subject’s convictions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership and the processing of genetic data, biometric data, or sexual orientation, and is prohibited unless one of the allowable exceptions applies:

  1. Explicit consent is given except where Union or Member State law provides that the prohibition may not be lifted by the Data Subject.
  2. Processing is necessary for carrying out the obligations of the Controller regarding employment.
  3. To protect the vital interests of the Data Subject or another natural person if the Data Subject is physically or legally incapable of giving consent.
  4. Processing of Personal Data which was made public by the Data Subject.
  5. Legal claims
  6. Processing is necessary for preventive or occupational medicine
  7. Processing is necessary for the reasons of public health.


The Data Subject shall have the right not to be subject to a decision based solely on automated processing including profiling, which produces legal effects concerning the Data Subject. This shall not apply if the decision is:

  1. Necessary for entering into a contract between Data Subject and Data Controller
  2. Authorized by Union or Member State Law which lays down suitable measures to safeguard the Data Subjects rights.
  3. Based on the Data Subjects Consent
  4. Shall not be based on Special Categories of Personal Data

How do we collect your Personal Data?

HS Brands may collect your Personal Data in a variety of ways.  The Personal Data we collect will vary depending upon your status with us.

As a Mystery shopper, Personal Data may be collected:

  1. During the initial shopper sign-up
  2. When you request an assignment
  3. During your mystery shopping assignments and/or upon completion of an assignment

As an Employee, Personal Data may be collected:

  1. During the application and on-boarding process
  2. Throughout your employment with HS Brands to keep your personnel files accurate.

As a Client, Personal Data may be collected:

  1. When you inquire about services
  2. During the client set-up phase.

Why do we collect your Personal Data?

Your Personal Data is collected and used for a variety of legitimate business purposes.

  1. Legal obligations required by civil, fiscal and accounting roles
  2. Administrative management of the relationship
  3. Obligation fulfillment
  4. Management of archives and correspondence
  5. Gathering additional data for assigning appropriate shops
  6. Satisfying governmental reporting, tax and other requirements
  7. Verifying identity
  8. Other business-related purposes permitted or required under applicable local law and regulation
  9. As required by law

How do we protect your Personal Data?

In order to ensure we’re taking every step necessary to protect your personal data, we have implemented, and adhere to strict technological and organizational measures designed to protect any Personal Data we process.

As an example, we have the following methods of protection in place:

  1. SurfMerchants (SM); our software provider adheres to a “Privacy Shield Policy” which allows them to establish and maintain an adequate level of Personal Data privacy protection.
  2. Having documented data security procedures
  3. Clearly defined staff responsibilities; Data Protection Officer
  4. Verification, continuous monitoring and audit of the compliance
  5. Initial and refresher Data Protection training and compliance audits for Data Users

How long do we keep your Personal Data?

In general HS Brands will only keep your Personal Data as long as you are actively shopping with us or the duration of the contractual agreements.  A further retention period of up to 7-years after the last contract/request for removal from our database is required for financial reporting and fiscal accounting.

How do we process your Personal Data?

The processing of personal data is carried out by means of paper, computerized, or other telecommunications systems. In order to guarantee the security and confidentiality of data as well as full compliance with the law.

How do you update and/or correct your Personal Data?

As a Mystery Shopper you have the ability to update and/or change your Mystery Shopper profile by logging into the appropriate Sassie site and updating your data.  For any updates to Personal Data not found within your Mystery Shopper profile you may email to request updates.

As an Employee, Independent Contractor, Client or Vendor who wishes to update and/or change your Personal Data you may do so by emailing

Rights of the Data Subject

There are a variety of rights a Data Subject is entitled to regarding how their Personal Data is handled as determined by GDPR.

  1. Right of access: Data Subjects may request details about information about them, how the data was collected and the reason the data has been collected. If Personal Data is transmitted to third parties, information must begiven about the identity of the recipient or the categories of recipients, including other HS Brands companies.
  2. Right to rectification: If Personal Data is incorrect or incomplete, the Data Subject may request the information be corrected.
  3. Right to withdraw consent: Data Subjects can object to the processing at any time. Personal Data must be blocked from the processing that has been objected
  4. Right to erasure. Data Subjects may request their data be deleted if the processing has no legal basis, or if the legal basis has ceased to apply. The same applies if the purpose behind the data processing has lapsed or ceased to be applicable for other reasons. Existing retention periods and conflicting interests meriting protection must be
  5. Right to object: Data Subjects have the right to object to his/her data being processed. This does not apply if legal provisions require that Personal Data are to be processed.
  6. Right to data portability. Data Subjects have the right to request for the Personal Data provided by him/her to be made available to such Data Subject in an easily readable format, like a Word or Excel


As a Data Subject your consent is required in order for us to process your Personal Data.  You are in control of whether or not to provide consent to us to use your data in the manner requested. There will be no repercussions if you choose to withhold consent; however, without some data we may not be able to determine your suitability as a Data Subject for HS Brands.

  1. Data can only be processed upon consent of a Data Subject
  2. Consent must be provided voluntarily and may be withdrawn at any time with or without reason.
  3. If you do not consent to share certain data this may eliminate you from being a mystery shopper, Employee, Independent Contractor, Client or Vendor with HS Brands.
  4. The data provided to you must be clear, have a specifically stated purpose and involve an action on your behalf as a clear indication of your consent.

Withdrawing Consent

If you previously provided us your consent, you have the right to withdraw your consent to the processing of your personal data at any time.  If you chose to withdraw your consent you may limit or remove our ability to determine your suitability as a Data Subject for HS Brands. If you wish to withdraw consent you may do so by emailing:

Changes to this Privacy Policy

HS Brands reserves the right to update or change this privacy policy at any time.  This Policy may be amended consistent with GDPR principles and applicable data protection, privacy laws and principles. If changes are made, we will notify the involved parties and post a new privacy notice. Notifications will be made if we make changes that affect the way we handle Personal Data previously collected and allow you to choose whether your Personal Data may be used in a different manner.

Contacting HS Brands

You may contact HS Brands with questions regarding this Policy, to update any Personal Data you do not have access to, or to withdraw consent by emailing:


Below you will find a list of terms and their definitions.  These terms are mentioned throughout the Privacy Policy.

  1. Controller: Determines the purposes and means of processing personal data. They are also responsible for establishing policies that align with legal requirements.
  2. Data Users: Employees that process Personal Data. Any employee processing Personal Data has received training and understands they must handle the data in accordance with HS Brands security policy.
  3. Data Subject: Identified or identifiable natural living person. An identifiable person is one who can be identified, directly or indirectly, by reference to a name, or to one or more factors unique to his or her personal physical, psychological, mental, economic, cultural or social characteristics. Data Subjects have legal rights regarding their Personal Data rights (see “Rights of Data Subject”).
    • Data Subjects could be Mystery Shoppers, Employees, Independent Contractors, Clients or Vendors.4.
  4. Personal Data: Any data that can be identifiable directly or indirectly by referring to an identifier such as a name, id number, location, online identifier or, to one or more factors specific to: the physical, physiological, genetic, mental, economic, cultural or social identity.
  5. Processing: Any operation or set of operations which is performed on Personal Data, whether or not by automated means.
  6. Processor: A person/organization that processes Personal Data on behalf of and at the direction of the Controller. A Processor is not considered a Data User but more typically a Third Party.
  7. Third party: Any individual or entity that is neither HS Brands nor an HS Brands employee, agent, contractor, or representative.

Join Our Newsletter

    เราเป็น บริษัท ช็อปปิ้งลึกลับแห่งเดียวที่จัดการสถานที่ทั่วโลกของคุณการป้องกันการสูญเสียและการช็อปปิ้งลึกลับภายใต้ร่มเดียว กระบวนการตรวจสอบแบรนด์เชิงรุกของเรารวมชุดข้อมูลเหล่านี้เข้าด้วยกันเพื่อให้มุมมองทันทีภายในและแบรนด์ที่บอกคุณว่ามีความเสี่ยงและโอกาสในการปรับปรุงที่ไหนและช่วยให้คุณสามารถตัดสินใจเชิงกลยุทธ์ที่ชาญฉลาดขึ้นเพื่อส่งเสริมแบรนด์ของคุณ