Personal data used for projects are processed in accordance with GDPR Data Protection Legislation and the professional standards and practices as set out by EphMRA, ESOMAR, BHBIA and other international code of conducts. Opinion Health undertakes to ensure that, data subjects rights and requests such as rights for information, data deletion, data correction and data portability is adhered to.
Compliance with this policy is checked from time to time to ensure that all requirements are adhered to and that any non-compliant issues are identified and rectified efficiently and effectively.
The Policy is applicable globally and will form the minimum standard to which all employees and suppliers have to adhere to, regardless of what regulations apply directly to any specific activity or region.
Everyone working for Opinion Health Ltd has some responsibility for ensuring personal data are collected, stored and handled appropriately and processed in line with this Policy and its data protection principles.
Opinion Health Ltd also expects and verifies that its suppliers/vendors comply with the principles as set out within this document
3. Collection and Use of Personal Data
We collect personal data from you when you communicate with us by any media (our website, social media, telephone, mobile, email, WhatsApp, face-to-face and other activities) This data is for market research purposes only and we always collect data in a way, which is entirely lawful. Under UK Data Protection Act 2018 and GDPR regulations we need to have a valid lawful basis in order to process your personal data. In processing your personal data we rely mainly on two lawful bases: processing is necessary for our legitimate interest and the consent given by you to process your personal data.
We define personal data as any identifiable data relating to a natural person that is directly or indirectly collected, by us or a third party. We collect your personal data on a voluntary basis. When you register with us and each time you use or access the interactive parts of this Site or of our survey and research and email platforms we will collect information and data from you.
This will include:
3.1 Your personal details, such as name. email and other personal contact details (this may include also mobile number to receive SMS or WhatsApp survey invitations and reminders) you give us when you register to use the interactive parts of this site or access our survey and research platforms and any updated personal information which you provide us with from time to time.
3.2 The personal information and data you submit about yourself or on behalf of any third party in participating in any surveys, questionnaires, interviews, polls or participating in or using the other interactive parts of this site each time you use or access the interactive parts of this site and of our survey and research platforms. That personal information and data may include sensitive personal information relating to such matters as health and socio-demographic information.
3.3 We will also collect any other personal information, which you send us by email or letter from time to time.
3.4 Opinion Health Ltd may also obtain personal data from other database/panel owners or recruiters who have assured us that their databases only contain information from individuals who have consented to have their personal data shared with other parties.
3.5 To prevent fraudulent survey participation behaviour and guarantee data quality we also collect IP address, browser and device specifications
3.6 Other data we may collect depending on the specifications of the project may include opinion, images, voice and proof of diagnosis.
3.7 We also collect data for Pharmacovigilance adverse even reporting. This will include contact details e-mail address, mobile number, disease, treatment product taken and adverse event. You may choose not to disclose your name and contact details in the adverse event forms and fill it in anonymously.
3.8 For all of the above we will obtain these directly from you
4. How We Use Personal Data.
Opinion Health Ltd undertakes all types of qualitative and quantitative market research activities in the healthcare sector but does not have access to medical or health records nor recruits for or directly conduct clinical trials. We do not sell our database of personal information to others for the purposes of promotional activities or carrying out direct marketing. We only publish survey information or data or make it available to clients who commission research, reports or other information from us only in an aggregated, anonymised and non-personal form.
We only collect data directly from individuals and not by tracking, combining data sets or inferring by using algorithms to analyse sets of data.
Opinion Health will not share your personal data with any third party without your consent. If a research activity requires for your personal data to be shared with a third party for example in the case of a qualitative research activity, we will seek your consent. Demographics or postcode data will only be used for statistical analysis and only for market research purposes and never for marketing or promotional activities.
Opinion Health will retain your personal data no longer than necessary to fulfil the purpose we collected it for, including the purpose to satisfy any pharmacovigilance requirements as far as adverse events reporting is concerned.
In order to achieve our objectives, our staff will need to store, process, reproduce, collate, adapt, use, analyse and modify the personal information and data you submit to us from time to time and to take any other steps in relation to that personal information and data we need to (in all cases whilst that personal information and data remains in personally identifiable form) in order to do the following:
4.1 To meet the specific requirements of any research, survey, poll or other interactive activity you participate in any such activity which we carry out in the future using data you have previously submitted to us.
4.2 To carry out profiling statistical analysis, market research and testing (whether or not for the purposes set out in the previous paragraph),
4.3 To meet the specific requirements of any other activity we carry out from time to time.
4.4 To retain that personal information and data on our database for use in relation to future activities of the type described in the first paragraph of this section.
4.5 To put that personal information and data into non-personal form for us to make available to others or to publish or disseminate in any form.
4.6 We will also need to store your personal information and data in a personalised form to do the following (by email to the email address or by mail to the address that you have registered with us from time to time):
4.6.1 Send you the results of the surveys, polls and questionnaires you have participated in from time to time
4.6.2 Invite you to participate in our surveys and other research activities including referring people you may know to participate in our studies or sign up to our community
4.6.3 Respond to any requests for information from you
4.6.4 Notify you occasionally about important changes or developments to this Site and our research platforms
4.6.5 Request your permission to use your personal information for a purpose that was not explained to you when your personal information was first collected
4.6.6 Record the points earned on your account
4.6.7 Validate your profiling information or check consistency and validity of your survey answers
4.6.8 Notify you of the points you have earned
4.6.9 Manage the incentives program and send you cheques/vouchers for any rewards payable to you via Amazon or other electronic vouchers platform or PayPal
4.6.10 Investigate suspected fraudulent activities
4.6.11 To comply with all applicable laws and regulations and respond to authorised information requests of government or other public authorities
5. Legal Disclosure.
We may provide your personal information in response to a search warrant or other legally valid inquiry or order, or to an investigative body in the case of a breach of an agreement or contravention of law, or as otherwise required by law.
6. Respondents Rights
You have the right to access, review, correct, restrict or delete your personal data
6.1 The right to not to be contacted again
UK Data Protection Act 2018 and GDPR regulations, if you exercise your right not to be contacted for the purpose of market research you are exercising your right to restrict processing. When processing is restricted, Opinion Health is permitted to store the personal data, but not further process it.
6.2 The right to be forgotten (erasure)
UK Data Protection Act 2018 and GDPR regulations, you will have the right to request the deletion or removal of personal data where there is no compelling reason for its continued processing. If an individual specifically asks that their personal data is deleted and that they are not contacted again, the conflict between the two requests should be pointed out and their consent to hold their personal data for the purpose of making sure they are not contacted for market research should be requested.
6.3 The Rights of Access of the Data Subject (SAR)
UK Data Protection Act 2018 and GDPR regulations ,all participants will have the right to get confirmation of all the information that Opinion Health has about them, access to this information and any other supplementary information within 30 days from request.
6.4 Right to rectification
You have the right to have any incorrect, incomplete or out of-date information about your personal data to be corrected or supplemented.
6.5 Right to data portability
You have the right to have your personal data provided by you transferred to another party and be made available in an easily readable format, like a Word or Excel document
6.6 Childrenís Data
Opinion Health does not normally conduct research studies with children. However, if it is necessary and appropriate to a particular project (mainly qualitative telephone interviews) to directly involve children we will never contact children directly and we will always go through parents and/or legal guardians after conducting a data privacy impact assessment. We will provide parents and/or legal guardians information about the study topic, any personal or sensitive information which may be collected from the children, the way the data will be used and whether and with whom Opinion Health may share such information. We will always seek the presence of the parent or of the guardian during the interview to assess if this is appropriate and decide to withdraw at any time.
Opinion Health has put in place technical, physical and administrative measures to protect your personal data and the information we collect.
8.1 We employ security measures to protect your personal information and data from access by unauthorised persons and against unlawful processing, accidental loss, destruction and damage.
We process data and store it on servers managed by our hosting provider. Those servers are located in the EU in Germany and the UK. The data centre operates in a suitable computer centre environment to prevent data on the online platform from being damaged, lost or compromised as a result of unauthorized access or natural disasters.
8.2 Your Account Information and Profile are password-protected. We recommend that you do not divulge your password to anyone. We will never ask you for your password in an unsolicited phone call or in an unsolicited email. Also remember to sign out of your panel account and close your browser window when you have finished your work. This is to ensure that others cannot access your personal information and correspondence if you share a computer with someone else or are using a computer in a public place like a library or Internet cafe.
8.3 An employee who has data protection and information security responsibilities will be appointed.
8.4 Physical access to the office buildings limited by video and code-entry and various access control mechanisms like alarm keypad.
8.5 The data centre operates in a suitable computer centre environment to prevent data on the online platform from being damaged, lost or compromised as a result of unauthorized access or natural disasters. All data will be fully backed up overnight on a dedicated hard drive on the server. The data will also be copied to a central server in a separate fire area over night. The data will be encrypted and transferred securely. Backups can be restored to the day for the last seven days. Furthermore, a backup for the last four weeks is available accurate to the week.
8.6 Only authorised IT personnel are allowed in. Data centre visitation is only available by pre-requested appointment, requires current ID, and to be on an authorised list of visitors. Server racks are locked.
8.7 All employees are instructed on data protection and information security matters upon commencing employment and are subject to confidentiality obligations.
8.8 Employees are not permitted to record Personal Data on a storage medium (e.g. disk) to enable them to re-access the information in premises that are not controlled by Opinion Health.
8.9 A business continuity plan and an information security incident management system are in place.
8.9.1 Monthly standard vulnerability tests are performed on our survey and panel management system. Penetration tests are conducted by external vendors on a regular basis. If there are recommendations as a result they evaluate the impact and schedule the remediation with regards to criticality.
8.9.2 We employ appropriate operational and technological measures, processes and procedures to keep the Personal Data safe from unauthorized use or access, loss, destruction, theft or disclosure. Such measures include:
- the pseudonymization and encryption of Personal Data
- the ability to ensure the ongoing confidentiality, integrity, availability and resilience of relevant Processing systems and services;
- the ability to restore the availability and access to the Personal Data in a timely manner in the event of a physical or technical incident, including a Personal Data Breach;
- a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the Processing of Personal Data
9. Data Transfer and Storage
Opinion Health takes all reasonable steps as appropriate for the type and sensitivity of the data to keep the data secure in whatever form (e.g. digital, paper, recordings), that the data will only be used for the purpose stated at the time it was collected. Email addresses may be stored in one or more digital platforms (e.g. SendInBlue) and are fully compliant with the UK Data Protection Act 2018 and GDPR regulations.
10. Data retention
We take all necessary steps to keep personal data accurate, complete and current, based on the most recent information we have from you by completing and answering our questions truthly and honestly. You are responsible for ensuring that you notify us of any changes to your personal data.
Opinion Health keeps adequate documentation of processes and how they are evaluated under the UK Data Protection Act 2018 and GDPR regulations Opinion Health will retain data for a limited period of time following completion of a project as is appropriate for its intended and lawful use. We shall not retain Personal Data longer than the duration of retention agreed with the client and, in any case, shall not retain those data longer than the authorized duration of the service agreement and or also depending on the pharmacovigilance requirements as far as adverse events reporting are concerned. We store data provided on a server that is physically secured and is only accessed by authorized staff is protected behind a firewall and properly patched with the latest OS and Security. Opinion Health regularly asks participants to reaffirm their consent to be part of the community.
Opinion Health shall retain your personal data for as long as you are a member of the community. In the event that you unsubscribe from the community, we shall retain data for no longer than 1 month after you unsubscribe, unless otherwise required by law. Personal data that is no longer required shall be disposed of in a manner that ensures that the confidential nature is not compromised.
As part of the Company Business Continuity Plan our electronic systems are backed up and archived. These archives are retained for a defined period of time in a strictly controlled environment. Once expired, the data is deleted and destroyed to ensure the data is erased completely
If you have any comments, complaints, queries and requests relating to our use of your personal information and data or if you believe the information we hold is inaccurate or out-of-date or if you decide you no longer wish to participate in our research, please contact the data manager at firstname.lastname@example.org