Caledonia Market Research Ltd is an independent market research company, incorporated and registered in Scotland with company number 250815 and registered company address at C/O Wm Duncan & Co, The Old Surgery, School Road, Tarbert, Argyll. PA9 6UL.
We respect the privacy of all our clients, research participants, suppliers and users of our website and are committed to protecting your personal information. We are committed to compliance with data protection laws, regulation and rules. This policy adopts the fundamental principles of the EU’s General Data Protection Regulation (“GDPR”) as the minimum standard to which Caledonia Market Research, its employees, associates and suppliers will have to adhere to.
2. WHAT PERSONAL DATA WE COLLECT ABOUT YOU
Personal data means any information capable of identifying an individual. It does not include anonymised data.
The personal data we collect about you will vary depending on the purpose of our interactions with you (e.g. as a new client, as a research participant, as a supplier to our business). We may collect information such as:
• Contact data such as name, telephone, postal address, email address
• Demographic data such as your age, gender, job title, company
• Image and/or voice captured through authorised video or audio recording (as part of a research project)
Occasionally, for certain research projects, we might require additional personal information, and sometimes sensitive personal information (e.g. disability and health information or details about your race, ethnicity, religious or philosophical beliefs, sexual orientation) if this is necessary for specific client research work.
We require your explicit consent for processing sensitive data, so when you submit your details, we will send you a further communication asking for you to confirm your consent to this processing.
3. HOW WE COLLECT INFORMATION ABOUT YOU
There are various channels through which we might collect information about you:
• When you provide us with information directly via email or telephone or in person
• Through our website, if you decide to get in touch through our ‘contact us’ form
• Through information from our clients where they require us to contact you on their behalf for a market research project (with your permission)
• Through market research projects we conduct which you take part in, such as online surveys, focus groups or interviews.
• Through publicly available sources inside the EU, for example, Companies House, the Electoral Register and LinkedIn
Please note that any person under the age of 16 should not disclose any personal information to us without the prior permission of a parent or guardian.
4. WHAT WE DO WITH THIS INFORMATION
Your personal data will be treated as strictly confidential and used only by us to contact you in relation to the business services we offer, for potential or actual participation in a market research project and to respond to any queries you may have.
The personal data we collect from you may be used as part of specific research projects we conduct, usually for external clients. Your consent will be explicitly obtained as part of this process. When we collect your personal data during the course of a research project, any personal identifiers, will be removed before any analysis and reporting is done.
From time to time, we may contact you after you have participated in a research project to ensure our researchers have met the required standards. Please note that we are Market Research Society Company Partners and work to their professional Code of Conduct, in addition to adhering to the Data Protection Act 2018 and the General Data Protection Regulation (GDPR).
5. DISCLOSURES OF YOUR PERSONAL DATA
We do not sell or lease any personal information you give us to third parties.
We may have to share your personal data with the parties set out below:
• Government bodies that require us by law to report processing activities.
• Research associates or subcontractors with whom we might work on specific market research projects, such as companies we use to recruit participants for research projects
• We require all associates and subcontractors to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such associates to process your personal data for specified purposes and in accordance with our instructions.
• Suppliers of survey/research incentives where express consent has been given by the research participant.
• Service providers who provide our company with IT and system administration services.
• Professional advisers including lawyers, bankers, auditors and insurers.
6. THE LEGAL BASIS FOR PROCESSING YOUR INFORMATION
As part of the General Data Protection Regulation (GDPR), one or more of the following lawful bases will be relied upon for using your data:
• Your consent: where you have provided your consent for us to use your personal information in a certain way (for example, if you have taken part in an online survey we have conducted and you then provide your contact details and your permission for us to contact you about participation in further, specified research we are conducting).
• Legitimate interest: where there is a legitimate interest in us doing so if it is reasonably necessary in order to achieve our or others’ legitimate interests (as long as that processing is fair, balanced and does not unduly impact your rights).
• To comply with a legal obligation: if we are required to share your personal information with regulatory bodies which govern our work and services.
7. HOW WE KEEP YOUR PERSONAL DATA SAFE
We take data security risk very seriously and have put in place security measures to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed without authorisation.
We will only allow access to your personal data to those employees and partners who have a business need to know such data. They will only process your personal data on our instruction and they must keep it confidential.
We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach if we are legally required to.
We have put managerial procedures in place to ensure all internal staff and associates safeguard and secure any personal information we obtain, use and store.
We have also taken considerable measures to protect our electronic handling of personal data, for example, using:
• Bitlocker device encryption
• Cybersecurity software to protect against online threats to our corporate computer and data systems
• Automatic software updates
• Encryption and/or password protection for any data transfers or use of secure sites for data/document uploads.
8. HOW LONG WE KEEP YOUR PERSONAL INFORMATION FOR
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
When deciding what the correct time is to keep the data for we look at its amount, nature and sensitivity, potential risk of harm from unauthorised use or disclosure, the processing purposes, if these can be achieved by other means and legal requirements.
In some circumstances we may anonymise your personal data for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
For tax purposes the law requires us to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they stop being customers.
Please see our Data Retention Policy for specific details.
9. YOUR LEGAL RIGHTS
Under data protection laws you have rights in relation to your personal data that include the right to request access, correction, erasure, restriction, transfer, to object to processing, to portability of data and (where the lawful ground of processing is consent) to withdraw consent.
You can see more about these rights on the ICO website.
If you wish to exercise any of the rights set out above, please email us at: email@example.com or call us on 020 8541 4692.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive or refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you.
If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We should be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you. Please contact Lynne Guthrie at firstname.lastname@example.org.
“Cookies” are small text files that allow websites to store and retrieve information about you from your computer system.
For more information from the ICO on cookies click here
11. LINKS TO OTHER WEBSITES
Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
©Caledonia Market Research LTD