You are here: HomePrivacy

PRIVACY POLICY

1. Introduction

This privacy policy explains how Opinion Health Ltd is committed to preserving your privacy and maintaining the confidentiality of any information that you provide us with. Opinion Health is a healthcare market research company headquartered in London. This policy explains how we collect, store, use and protect that information. This policy is written to ensure that we protect all the personal data that you share with us, whether you are a member of a panel, or a participant in a survey.

This privacy policy has been developed to ensure that Opinion Health Ltd complies with the requirements set out in the European Union General Data Protection Regulations (2016/679) which comes into force in May 25th, 2018. However, this policy will be applied on a worldwide basis to ensure a consistent approach.

Personal data used for projects are processed in accordance with GDPR Data Protection Legislation and the professional standards and practices as set out by Ephmra, BHBIA and other international code of conducts. Opinion Health undertakes to ensure that, data subjects rights and requests such as rights for information, data deletion, data correction and data portability is adhered to.

In this privacy policy, when we refer to your "personal information and data" we mean all the personal details, information and data that you send or submit to us at any time of your own free will. We do not, however, collect nor store bank account or credit card or any other financial information, security numbers or similar.

Compliance with this policy is checked from time to time to ensure that all requirements are adhered to and that any non-compliant issues are identified and rectified efficiently and effectively.

Any changes we may make to our privacy policy in the future will be posted on our website. Changes may also be notified to you by e-mail.


2. Scope

The Policy is applicable globally and will form the minimum standard to which all employees and suppliers have to adhere to, regardless of whether GDPR directly applies to any specific activity or region.

Everyone working for Opinion Health Ltd has some responsibility for ensuring personal data are collected, stored and handled appropriately and processed in line with this Policy and its data protection principles.

Opinion Health Ltd also expects and verifies that its suppliers/vendors comply with the principles as set out within this document


3. Collection and Use of Personal Data

We collect personal data from you when you communicate with us by any media. This data is for market research purposes only and we always collect data in a way, which is entirely lawful. Under GDPR regulations we need to have a valid lawful basis in order to process your personal data. In processing your personal data we rely mainly on two lawful bases: processing is necessary for our legitimate interest and the consent given by you to process your personal data.

We define personal data as any identifiable data relating to a natural person that is directly or indirectly collected, by us or a third party. We collect your personal data on a voluntary basis. When you register with us and each time you use or access the interactive parts of this Site or of our survey and research platforms we will collect information and data from you.

This will include:

  • 3.1 Your personal details, such as the name and the contact details you give us when you register to use the interactive parts of this site or access our survey and research platforms and any updated personal information which you provide us with from time to time.

  • 3.2 The personal information and data you submit about yourself or on behalf of any third party in participating in any surveys, questionnaires, interviews, polls or participating in or using the other interactive parts of this site each time you use or access the interactive parts of this site and of our survey and research platforms. That personal information and data may include sensitive personal information relating to such matters as health and socio-demographic information.

  • 3.3 We will also collect any other personal information, which you send us by email or letter from time to time.

  • 3.4 Opinion Health Ltd may also obtain personal data from other database/panel owners or recruiters who have assured us that their databases only contain information from individuals who have consented to have their personal data shared with other parties.


4. How We Use Personal Data.

Opinion Health Ltd undertakes all types of qualitative and quantitative market research activities in the healthcare sector. Opinion Health does not have access to medical or health records nor recruits for or directly conduct clinical trials. We do not sell our database of personal information to others for the purposes of promotional activities or carrying out direct marketing. We only publish survey information or data or make it available to clients who commission research, reports or other information from us only in an aggregated, anonymised and non-personal form.

We only collect data directly from individuals and not by tracking, combining data sets or inferring by using algorithms to analyse sets of data.

Opinion Health will not share your personal data with any third party without your consent. If a research activity requires for your personal data to be shared with a third party for example in the case of a qualitative research activity, we will seek your consent. Demographics or postcode data will only be used for statistical analysis and only for market research purposes and never for marketing or promotional activities.

Opinion Health will retain your personal data no longer than necessary to fulfil the purpose we collected it for, including the purpose to satisfy any pharmacovigilance requirements as far as adverse events reporting is concerned.

In order to achieve our objectives, our staff will need to store, process, reproduce, collate, adapt, use, analyse and modify the personal information and data you submit to us from time to time and to take any other steps in relation to that personal information and data we need to (in all cases whilst that personal information and data remains in personally identifiable form) in order to do the following:

  • 4.1 To meet the specific requirements of any research, survey, poll or other interactive activity you participate in any such activity which we carry out in the future using data you have previously submitted to us.

  • 4.2 To carry out profiling statistical analysis, market research and testing (whether or not for the purposes set out in the previous paragraph),

  • 4.3 To meet the specific requirements of any other activity we carry out from time to time.

  • 4.4 To retain that personal information and data on our database for use in relation to future activities of the type described in the first paragraph of this section.

  • 4.5 To put that personal information and data into non-personal form for us to make available to others or to publish or disseminate in any form.

  • 4.6 We will also need to store your personal information and data in a personalised form to do the following (by email to the email address or by mail to the address that you have registered with us from time to time):

  • 4.6.1 Send you the results of the surveys, polls and questionnaires you have participated in from time to time

  • 4.6.2 Invite you to participate in our surveys and other research activities

  • 4.6.3 Respond to any requests for information from you

  • 4.6.4 Notify you occasionally about important changes or developments to this Site and our research platforms

  • 4.6.5 Request your permission to use your personal information for a purpose that was not explained to you when your personal information was first collected

  • 4.6.6 Record the points earned on your account

  • 4.6.7 Validate your profiling information or check consistency and validity of your survey answers

  • 4.6.8 Notify you of the points you have earned

  • 4.6.9 Manage the incentives program and send you cheques/vouchers for any rewards payable to you via Amazon or other electronic vouchers platform or Paypal

  • 4.6.10 Investigate suspected fraudulent activities

  • 4.6.11 To comply with all applicable laws and regulations and respond to authorised information requests of government or other public authorities

  • 4.7 If we enter into a joint venture with or sell or merge our business to or with another company, entity or business, we will need to disclose and/or provide any personal information or data that you have provided to us to our new business partners or owners in a form which is personally identifiable. We will only do so on the basis that such new partners or owners agree to treat such personal information and data in accordance with data protection laws and this privacy notice; such business partners or owners shall be entitled to do everything with your personal information and data that we would be entitled to with it under this privacy policy.


5. Legal Disclosure.

We may provide your personal information in response to a search warrant or other legally valid inquiry or order, or to an investigative body in the case of a breach of an agreement or contravention of law, or as otherwise required by law.

Nothing in this privacy policy affects your right to decline to provide us with any personal information or data and you should not provide us with any personal information or data if you do not agree to us collecting, using and transferring it in accordance with this policy.


6. Respondents Rights

You have the right to access, review, correct, restrict or delete your personal data


6.1 The right to not to be contacted again

Under the GDPR regulations that come into force in May 2018, if you exercise your right not to be contacted for the purpose of market research you are exercising your right to restrict processing. When processing is restricted, Opinion Health is permitted to store the personal data, but not further process it.


6.2 The right to be forgotten (erasure)

Under new GDPR regulations that come into force in May 2018, you will have the right to request the deletion or removal of personal data where there is no compelling reason for its continued processing. If an individual specifically asks that their personal data is deleted and that they are not contacted again, the conflict between the two requests should be pointed out and their consent to hold their personal data for the purpose of making sure they are not contacted for market research should be requested.


6.3 The Rights of Access of the Data Subject (SAR)

Under new GDPR guidelines that come into force in May 2018, all participants will have the right to get confirmation of all the information that Opinion Health has about them, access to this information and any other supplementary information within 30 days from request.


6.4 Right to rectification

You have the right to have any incorrect, incomplete or out of-date information about your personal data to be corrected or supplemented.


6.5 Right to data portability

You have the right to have your personal data provided by you transferred to another party and be made available in an easily readable format, like a Word or Excel document


7. Cookies

Cookies are small text files stored on one's computer by a website that assigns a numerical user ID and stores certain information about one's online browsing. Unless you have indicated your objection by emailing panel@opinionhealth.com, our system will issue cookies to your computer when you log on to this site or our survey and research platforms. Cookies are used to help us provide you with a better experience for market research purposes and control participation depending on the requirements of a specific research survey or activity and to provide quality control and validation functions. No personal information is stored on any cookie and you can adjust your browser’s privacy settings to delete cookies upon exiting this website or when you close your browser. By continuing to browse our sites, you’re agreeing to our use of cookies


8. Security

Opinion Health has put in place technical, physical and administrative measures to protect your personal data and the information we collect.

8.1 We employ security measures to protect your personal information and data from access by unauthorised persons and against unlawful processing, accidental loss, destruction and damage.

We process data and store it on servers managed by our hosting provider. Those servers are located in the EU in Germany and the UK. The data centre operates in a suitable computer centre environment to prevent data on the online platform from being damaged, lost or compromised as a result of unauthorized access or natural disasters.

8.2 Your Account Information and Profile are password-protected. We recommend that you do not divulge your password to anyone. We will never ask you for your password in an unsolicited phone call or in an unsolicited email. Also remember to sign out of your panel account and close your browser window when you have finished your work. This is to ensure that others cannot access your personal information and correspondence if you share a computer with someone else or are using a computer in a public place like a library or Internet cafe.

8.3 An employee who has data protection and information security responsibilities will be appointed.

8.4 Physical access to the office buildings limited by video and code-entry and various access control mechanisms like alarm keypad.

8.5 The data centre operates in a suitable computer centre environment to prevent data on the online platform from being damaged, lost or compromised as a result of unauthorized access or natural disasters. All data will be fully backed up overnight on a dedicated hard drive on the server. The data will also be copied to a central server in a separate fire area over night. The data will be encrypted and transferred securely. Backups can be restored to the day for the last seven days. Furthermore, a backup for the last four weeks is available accurate to the week.

8.6 Only authorised IT personnel are allowed in. Data centre visitation is only available by pre-requested appointment, requires current ID, and to be on an authorised list of visitors. Server racks are locked.

8.7 All employees are instructed on data protection and information security matters upon commencing employment and are subject to confidentiality obligations.

8.8 Employees are not permitted to record Personal Data on a storage medium (e.g. disk) to enable them to re-access the information in premises that are not controlled by Opinion Health.

8.9 A business continuity plan and an information security incident management system are in place.

8.9.1 Monthly standard vulnerability tests are performed on our survey and panel management system. Penetration tests are conducted by external vendors on a regular basis. If there are recommendations as a result they evaluate the impact and schedule the remediation with regards to criticality.

8.9.2 We employ appropriate operational and technological measures, processes and procedures to keep the Personal Data safe from unauthorized use or access, loss, destruction, theft or disclosure. Such measures include:

  1. the pseudonymization and encryption of Personal Data
  2. the ability to ensure the ongoing confidentiality, integrity, availability and resilience of relevant Processing systems and services;
  3. the ability to restore the availability and access to the Personal Data in a timely manner in the event of a physical or technical incident, including a Personal Data Breach;
  4. a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the Processing of Personal Data


9. Data Transfer and Storage

Opinion Health takes all reasonable steps as appropriate for the type and sensitivity of the data to keep the data secure in whatever form (e.g. digital, paper, recordings), that the data will only be used for the purpose stated at the time it was collected.


10. Data retention

Opinion Health keeps adequate documentation of processes and how they are evaluated under GDPR. Opinion Health will retain data for a limited period of time following completion of a project. We shall not retain Personal Data longer than the duration of retention agreed with the client and, in any case, shall not retain those data longer than the authorized duration of the service agreement and or also depending on the pharmacovigilance requirements as far as adverse events reporting are concerned. We store data provided on a server that is physically secured and is only accessed by authorized staff is protected behind a firewall and properly patched with the latest OS and Security. Opinion Health regularly asks participants to reaffirm their consent to be part of the community.


11. Contact

If you have any comments, complaints, queries and requests relating to our use of your personal information and data or if you believe the information we hold is inaccurate or out-of-date or if you decide you no longer wish to participate in our research, please contact the data manager at panel@opinionhealth.com