Who we are?
Research Oxford (“We”) are committed to protecting and respecting your privacy. This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
We conduct market and social research and impact evaluation. We are an accredited company partner of the Market Research Society (MRS), an organisation focused on upholding and developing research best practice. We adhere to the MRS Code of Conduct and, as such aim to fully protect the safety and privacy of research and evaluation participants and our clients.
For the purpose of the Data Protection Act 2018, our data controller is: Louise Wheeler, 2 Oxford Road, Farmoor, Oxford, OX2 9NN.
What are personal data?
Personal data are information that directly or indirectly identifies you as an individual, indirectly meaning when combined with other information, for example, your name, postal address, email address and phone number, or a unique device identifier.
Use of personal data
We will use your personal data with your consent and only to allow us to undertake our work effectively:
- To deal with requests or queries from you;
- To invite you to take part in research or evaluation activities on behalf of ourselves and/or our clients;
- To gather information from you for research or evaluation purposes;
- To analyse aggregated data and report results anonymously;
- To provide personalised communications to you regarding our work;
- To inform you that we are planning to delete/retain your personal data after a given period;
What personal data do we collect?
- Personal data: We may collect and process the following: your name, email address, postal address, and telephone number(s);
- Sensitive data: We may, in certain cases, process special categories of personal data concerning you (“sensitive data”). Sensitive data refer to personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health or a natural person & sex life or sexual orientation. We may for example process your sensitive data if you have freely given your prior, express and separate consent in a specific context for a specific purpose, such as in the course of your participation in a market, social or evaluation research activity. We may also process sensitive data that you manifestly have made public.
Who has access to your information?
Louise Wheeler (the data controller) is the main person with access to personal data. Access is only granted to Research Oxford personnel and trusted associates, strictly on a business need-to-know basis, so as to perform their duties. We do not sell or rent your personal data or information to any third party or share it with third parties for any purpose. We will only disclose your data or information if required by law, for example by a court order or for the prevention of fraud or other crime. However we will always
aim to seek your permission where appropriate.
Processing of personal data of children
We will not collect or process personal data of children under 16 years of age unless with parental/guardian consent, pursuant to applicable local law. If we become aware that personal data from a child were inadvertently collected, we will delete such data without undue delay.
Where we store your data
All information you provide to us is stored on secure local or cloud-based IT systems. Personal information stored in the European Economic Area (EEA) is protected by data protection laws, but other countries do not necessarily protect your personal information in the same way. The EEA covers all countries in the EU plus Norway, Liechtenstein and Iceland. We aim to use on-line servers and web-based tools that store research and impact evaluation project data within the EEA whenever possible, although we cannot
guarantee this. We hold contact details for those in our business network, including potential, current and past clients, on our secure cloud-based GSuite account which may use data centres outside the EEA.
How we protect your information
When you give us personal information we take steps to ensure that it is treated securely and strive to protect it. Relevant files and accounts are password protected and encryption is used where possible.
How long we hold your data for
In line with Research Oxford Ltd’s data retention and disposal policies (available on request from the data controller) we hold personal data collected for research and evaluation projects for up to 24 months, often less. We keep our contact details for those in our business network, including clients, until further notice.
Your legal rights
deal with your questions as required. Your specific legal rights relating to the personal data we hold about you are set out on the ICO website here: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
How you can update and delete your information
If you change your contact details or if you want us to update or delete any of the information we hold on you, please email us at: firstname.lastname@example.org
How you can access your personal information
You have the right to ask for a copy of the personal information we hold relating to you. To do this please contact email@example.com
We may collect statistics about the behaviour of visitors to our website. However, this does not include personally-identifying information.
Updates to this policy
We review this privacy notice from time to time. This privacy notice was last updated on 05/07/18