Infocorp Ltd - Privacy Policy & Notice

 

Infocorp Ltd (“Infocorp”, “we, “us” or “our”) are committed to ensuring that your privacy is protected and respected.

This Privacy Policy & Notice applies to Infocorp Ltd (registration number: 02169806). We are a UK Market Research Agency with offices at 6 Lanark Square, London E14 9RE.  Infocorp Ltd is registered with the Information Commissioner’s Office (ICO), registration number: Z4966044. The ICO is the UK's independent body set up to uphold information rights. The ICO can be contacted at the following address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Phone: 0303 123 1113. Web: https://ico.org.uk

For the purpose of our business of market research, we may need to collect and hold data/information about you. This Privacy Policy sets out how we use and protect any information that you give us when you use:

·         this website or other websites we own

·         or if we contact you when conducting market research or quality control

This document provides key points relating to our privacy policy, followed by our full privacy policy relating to respondents and/or participants of market research we carry out, and any web sites we may host. We may change this policy from time to time by updating this page so you should check here from time to time to ensure that you are happy with any changes.

Last Updated: 23 April 2018

 

Key Points

 

Introduction

This Policy explains the types of information that we may collect and hold, how that information is used and with whom the data is shared. It also sets out how you can contact us if you have any queries or concerns about this information.  If you have any further queries, contact our Data Protection Officer (DPO) at:  dpo@infocorp.co.uk, or by writing to us using the address above, or by calling 0207 7120101 and asking for the Data Protection Officer.

We may use terms that you are not familiar with, if that is the case please try looking at the “Definitions” section at the end of this document

 

For the purposes of this document you are the Data Subject

Infocorp will act as the Data Controller, in connection with any personal information collected or received by us arising from:

·         Your use of any of our products, services, applications, public facing websites and customer support communications.

·         Any market research projects, surveys or questionnaires we carry out on our behalf, or in our name.

·         Your employment by us

·         Our use of your services under contract

For any personal information collected or received in connection with market research projects we carry out as a service, on behalf of a client, Infocorp will act as either:

·         The Data Processor only

·         Or as a Joint Data Controller

Information that we collect

 

We carry out market research using a number of methodologies including; the telephone, the Internet, face-to-face, or focus groups.  Any data we collect form you will always be with your knowledge or consent.

Specifically for market research:

·         We store and collect a wide range of personal data for the purpose of our market research projects, but only personal data that is directly relevant to the objectives of the project.

·         The personal data that we collect may include your name, address, e-mail, or any other personal data that you share with us. You may choose whether to share this personal data with us, or not.

·         In most cases, contact details of respondents are given to us by the person/organisation commissioning the market research (for example, they may give us a customer or employee list). For some studies, we purchase contact details from third party database or market research panel companies.

 

Generally, data collected for market research is only used for analysis purposes and is reported anonymously in aggregate form. You do not have to answer any of the questions we ask if you do not want to.

 

Sometimes, our clients ask for responses to be passed back to them with your name and details attached. If this is the case, we will explain to you who will see your answers and what they will be used for. This may include training, service improvement and resolving any queries that you have raised. We will only pass on your individual answers with your name if you have given us your express consent.

 

We record all our telephone market research telephone calls for training and quality control purposes. We may pass those recordings to our clients at their request, but only if you have given us your express consent.

 

How we use any personal information

 

Specifically for market research:

·         We collect personal data for market research purposes to help our clients improve their products, services or the way they conduct their business.

·         Personal data shared with us by you may be kept in its identifiable form (so that you can be identified), or in an aggregated, anonymous form (so that you cannot be identified).

·         Personal data will only be kept or used by us for the purposes listed in our privacy policy.

·         We will not share your Personal data with any other 3rd party without your knowledge and consent.

·         If we provide a report to a third party (for example, whoever has commissioned the market research, survey or questionnaire), then any personal data that you have shared with us will only be included in the report on an anonymous basis (so that you cannot be identified from the report or any of the data in it) unless we have previously requested your express consent to identify you and you have given that consent to us.

·         No marketing or sales follow-up results from you taking part in a survey unless we have previously received your express consent to such marketing or follow-up.

·         We may use your contact details to contact you for quality control purposes.

·         You may choose to obtain access to, or to correct, your personal data at any time. Similarly, you may withdraw your consent to the processing of your personal data at any time (in which case we will delete your personal data). In order to do any of these things, please contact us using the details below.

·         We will not transfer your personal data outside of the European Economic Area unless we have told you, and obtained your permission and/or checked they have at a least equal to, data protection laws.

 

Cookies

 

Generally, our web sites and surveys will not contain cookies unless clearly indicated. If cookies are used, they will be used for the following reason:

·         To ensure that you only carry out one survey

·         To allow you to restart a survey that you have previously suspended

 

Contact

 

Queries relating to this (or any) market research project carried out by us can be directed to us or the commissioning Organisation contact named in the project invite or within the market research project itself. Alternatively, you can contact us directly using the details provided in the Introduction above.

 

 

In line with data protection laws, we will use such information appropriately and retain it for no longer than is necessary. We will keep personal data (i.e. data that would allow you to be identified as a person, such as your name, telephone number, and email address) for 12 months, after which it is removed from our records. We keep recordings of market research and feedback telephone calls for four months.

 

Full Respondents Survey Privacy Policy

 

General

·         This privacy policy applies solely to the market research surveys or questionnaires that display or link to this policy. Where other Infocorp websites, services and products do not display or link to this statement then their own privacy statements apply, and these will be available via a link.

·         Our market research, surveys, questionnaires or related documents may contain links to and from the websites of our partners and affiliates. We are not responsible for the data policies, procedures or content of any third party website which may be linked from our market research, survey pages or questionnaires. Please check these policies before you submit any personal data to these websites.

·         We know that you may wish to keep your survey or questionnaire responses private. Unless you consent to us sharing your survey or questionnaire responses with third parties (such as the company commissioning the survey or questionnaire), we will not share your personal data with any third party other than as described in this privacy policy or unless we have your prior, express consent. Instead, we will only share it in aggregated, anonymous form (so that you will not be identifiable from it).

·         You may choose to participate in a survey and to share personal data with us and, if you do choose to do so, you are agreeing to the use of your personal data as described in this policy. You should therefore not complete a survey or questionnaire unless you have read this policy first and are happy to agree to its terms.

·         Your rights in relation to any personal data that we collect from you are set out in detail below.

 

Purposes for which we collect personal data
Information that we collect from you is used:

·         For market research purposes, for providing our services to you and, on your behalf, to the company who commissioned the market research, survey or questionnaire.

·         To provide you with support (including by way of telephone assistance).

·         To provide you with information you have requested.

·         To manage our service and improve our offering (be it the creation of new content or survey/questionnaire features);

·         To enforce our terms of use and to prevent any potentially illegal activity.

·         For market research purposes, we may use the market research, survey or questionnaire responses you provide for product development, to support client relationships, for work planning and strategic decision making or to undertake research and analysis for third parties. Third parties will only receive a report that contains data in aggregated, anonymous form and we will not share your personal data with them in a form, which enables you to be identified from it if we have not first obtained your express consent. We or permitted third parties will only make further contact with you if you have consented to this.

 

·         We will inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes or for any other purpose not stated in this policy. You can exercise your right to prevent such processing by telling us or checking certain boxes on the market research, survey or questionnaire. You can also exercise this right at any time (and withdraw your consent) by contacting Infocorp or commissioning Organisation contact named in the project invite or within the market research project itself. Alternatively, you can contact us directly using the details provided in the Introduction above

·         We record all our telephone market research telephone calls for training and quality control purposes. We may pass those recordings to our clients at their request, but only if you have given us your express consent.

·         Unless you agree otherwise, any personal data we hold or collect about you will be treated as confidential. For some market research, surveys or questionnaires we may ask your consent to report on your personal data in a form, which identifies you alongside your responses. If you agree, we will ensure that this information is used only for the purposes stated.

Information we collect

·         When you complete an Infocorp market research project, survey or questionnaire you may disclose personal data to us. This may be information about you as an individual (including your name, address, e-mail address, phone number, personal description and/or photograph, voice recording, or other sensitive data) or opinions you offer in response to our survey questions (including the survey or questionnaire data) or other data which you intentionally share (for example a testimonial).

·         When you complete our the market research, survey or questionnaires hosted on our website, we may also automatically collect usage data when you interact with our services (including log files about the nature of your access, such as your IP address, system versions, browser versions or time zones). We may also collect information about your visit, including Uniform Resource Locators (URL), page response times, download errors, length of visits to certain pages and page interaction information.

·         We may also receive information about you from other sources (for example, as part of an employee or a customer list given to us by our client). We may combine this information with the information you give to us.

Use of Personal Information by Third Party Partners

·         We may share your personal data with third party partners in order to enable them to provide specific services to us, such as fulfilling requests for information, receiving and sending communications, analysing data or other support tasks from time to time. In such cases, we will have a contract with the third party partner, which protects your personal data from unauthorised use or disclosure and restricts its use to purposes directed by us.

·         Those third party partners will be permitted to obtain only the personal information they need to deliver the service; are required to maintain the confidentiality of the personal information; and are prohibited from using it for any other purpose.

·         We do not share your personal data with any other entity controlling, controlled by, or under common control with Infocorp, except in some cases when you contact us for support, in which case (depending on the time) you may be put in contact with one of our associated companies who may then have access to your personal data solely to the extent necessary to provide you with the support you have requested. 

Other disclosures

·         We may disclose your personal data to third parties if required by law or to permit us to exercise our legal rights or take action regarding illegal activities or protect the rights of our clients or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection.

·         As we develop our business, there may be a change of control of our company, our divisions, subsidiaries, affiliates or portions of our business. In this situation, your personal data may be transferred along with the other assets of our business. Also, in the event that we, our divisions, affiliates or subsidiaries are purchased, personal data may be one of the transferred assets. In any such case, the person to whom the personal data are transferred will be required to continue to process it only in accordance with this policy. 

Retention of Personal Data

·         Personal data that we collect from you is retained by us for a period of 1 year after collection, unless we agree an extended period with you. After the end of the 1 year (or agreed extended) period, it will be deleted and we will no longer have a copy of it.

·         Recordings of Telephone calls of market research, surveys and questionnaire will be kept for four months.

·         If you withdraw your consent to our processing your personal data, we will delete the personal data concerned at that point and will not keep a copy of it. Your right to withdraw your consent is dealt with in more detail, below.

Security

We take the security of any data or information we hold very seriously.

·         We ensure that appropriate technical and organisational measures are taken against unauthorised or unlawful processing of your personal data and against accidental loss or destruction of, or damage to, your personal data.

·         Infocorp, is UK market research agency, and is committed to maintaining the privacy and security of your personal information according to the terms outlined in this policy. The Market Research Society (MRS) requires us to adhere to rigorous industry and professional standards which exist in part to safeguard your privacy and the security of your personal information. These include:

o   The Market Research Society Code of Conduct – We subscribe to these standards to ensure we are regulating ourselves within industry rules and guidelines.

o   The MRS Company Partnership Scheme – We consider market research to be a profession of integrity. Our membership to this scheme allows us to keep in touch with the industry, its demands and ethics.

·         The data that we collect from you will be processed within the European Economic Area (“EEA”)

·         We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this policy. However, as information transmission over the internet is inherently insecure, we cannot guarantee the security of data sent over the internet.

Cookies and Usage Tracking Information

·         We may use cookies to distinguish you from other users of our services. If we choose to do so, we will inform you.

·         Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.

Children

·         We will not knowingly collect any information from or about children without prior permission from their parents or legal guardian. A child is defined as under 16 years of age.

Your rights and contacting us

·         You may withdraw your consent to our processing your personal data at any time. To do so, you should use the contact details above. Once your consent is withdrawn, we shall not process your personal data any further and will delete it without retaining a copy. If you have previously consented to us disclosing it to a third party (other than on an aggregated, anonymous basis), we may not be able to stop them continuing to process it, in this case we will provide you with the third party contact details.

·         You have the right to access personal data that we hold about you. Your right of access can be in writing exercised by using the contact details above. We may require you to verify your identify before we provide access to the relevant personal data.

·         We want to ensure that your personal data is accurate and up to date. If any of the information that you have provided to us changes, for example if you change your email address, or if you wish to withdraw the information or consent you have provided, please let us know by contacting the Infocorp, or the commissioning Organisation contact named in the project invite or within the market research project itself. Alternatively, you can contact us directly using the details provided in the Introduction above. You may ask us, or we may ask you, to correct information you or we think is inaccurate, and you may also ask us to remove information, which is inaccurate.

·         Queries relating to particular survey(s) can be directed to us or the commissioning Organisation contact named in the project invite or within the market research project itself. Alternatively, you can contact us directly using the details provided in the Introduction above.

·         If you are unhappy with how we have handled your personal data you can contact The ICO at the following address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Phone: 0303 123 1113. Web: https://ico.org.uk

 

 

Changes to This Online Privacy Policy

We may change this policy from time to time by updating this page so you should check here from time to time to ensure that you are happy with any changes.

Last Updated: 20 April 2018

 

 

Definitions

·         Respondent” is anyone who takes part in any market research projects we carry out.

·         Site Visitor” is anyone who visits our web site(s).

·         Employee” is someone employed by Infocorp Ltd with a contract of employment and paid by PAYE

·         Supplier” is anyone contracted to perform or provide us with goods and/or services.

 

·         Data Controller / Joint Data Controller” is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

·         “Data Processor”: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

·         “Data subject”: any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.

·         “Personal data”: any information relating to an identified or identifiable natural person (“ Data Subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

·         “Recipient”: a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities, which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law, shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

·         “Third Party”: a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

·         “Processing”: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

·         “Profiling”: any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

·         “Consent”: Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

 

 

 

Legal Basis

In addition to any legal basis mentioned above, we may also possess the following legal basis for processing the data subject’s personal data where:

  • the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
  • processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
  • processing is necessary for compliance with a legal obligation to which the controller is subject;
  • processing is necessary in order to protect the vital interests of the data subject or of another natural person;
  • processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; or,
  • processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.