Here at w3dL we take matters of data protection and privacy very seriously. This page explains our position regarding data that we collect through web and mobile survey websites using the Decipher software system.
Should you require any additional clarification or reassurance, then please email us at: firstname.lastname@example.org.
Our Data Controller and Data Protection Officers
- In general, we do not hold data which can uniquely identify an individual. When we collect and analyse data, this is typically held securely on our clients’ servers. On the rare occasions where we do hold data identifying individuals (for example email addresses and telephone numbers) we are committed to protecting the anonymity and privacy of these individuals.
- Our Data Protection Officer is Julia Moore. If you have any questions about how we handle data in general, or how your data is being managed, please email Julia.moore@w3dL.com.
- For clients who have commissioned data collection or analysis projects with us, the Data Controller will vary from project to project and will typically be the data analyst with overall control of the project. You will be informed of the identity of the Data Controller when you are assigned a data analyst to work with.
What personal information do we hold on individuals?
As mentioned above, w3dL typically do not hold data that can identify individuals. We normally hold and process only aggravate data which is stripped of identifying information such as email addresses, geographical addresses etc. Any information which can uniquely identify an individual is typically stripped from data records before we handle the aggravate data.
On the rare occasions we do hold personal data, this might typically include:
- Full name, email and phone number. This is collected so the research team and recruiters can liaise with respondents to communicate details of the project (e.g. timing, payment and requirements. Participants may also receive email notifications about the project where this has been previously agreed.
- Answers to the questions that respondents are asked as part of the survey, including demographic questions about age, gender and geographical location
- IP addresses of respondents are not collected by default, these would only be collecting if there was a research need to do so.
Data which can be attributed to a unique individual will generally be anonymised after the project is completed. In some cases, and with permission of the individuals taking part, data identifying individuals may be kept longer (e.g. to facilitate follow-up studies)
How do we use individuals' data?
- w3dL only uses personal data to email or otherwise contact research participants. These participants will only be contacted for the duration of, and for the purposes of, the specific market research project they are taking part in, except by explicit agreement beforehand (e.g. when a follow-up study is likely)
- w3dL will not keep, share or use individuals’ personal data beyond the completion of the market research project into which they were recruited. Where w3dL work with an end client, that client will not receive personal data.
- w3dL will not share individuals’ personal data with any parties not directly involved in the management of the market research project for which they have been recruited
- Participanting individuals’ personal data will be deleted by w3dL within 6 months of the end of the project, unless by prior explicit agreement with participants.
How do we keep data safe?
- Where we hold identifying personal data, it is stored securely by w3dL (and, where applicable and where authorised, clients) on secure devices and servers. Data is transferred securely using password protected spreadsheets and in accordance with the principles of the General Data Protection Regulations (GDPR).
What is the legal basis of the processing?
- The legal basis for using personal data is consent. w3dL ask for consent at the point of data collection. Individuals have the right to withdraw their consent at any point, and in accordance with the regulations of the Market Research Society’s Code of Conduct. Individuals also have the right to complain to the supervisory authority at any point if they feel that the security of their personal data has been breached by us.