PRIVACY NOTICE
Last amended: 19th
November 2019
People O City LLP is an independent market research firm based in
Mumbai, India. We take the privacy of all users of our website and research
participants very seriously. We developed this Privacy Policy to inform you of
the principles governing our use of personal data and help you understand who
we are and how we work.
This Policy applies to the data collected by the People O City LLP website
and to the data we collect and hold for you for and from market research
studies online and over the phone – either as a one-time research participant
or a member of our panels. For your convenience, this Policy includes links to
resources that may aid you in understanding how our Policy applies to you. This
Policy does not extend to these external resources and we have only included
these links for information and reference purposes. If you go to these external
resources which may include 3rd-party sites, you will become subject to their privacy policies. Please
refer to them for guidance on your data.
1. Our work
What is market research?
We conduct telephone and online market research all over the world from
our India office to service the needs of our clients and their clients in
understanding you, as current or potential customers (or as a person
representative of their potential customers), the market you live and work in,
and the products and services that you use – that is market research.
2. Our clients
Who do we work for?
Our research is conducted on behalf of a range of clients, such as small
businesses hoping to develop products and services to better suit your needs,
research agencies contracted by pharmaceutical manufacturers that need to know
how their products are doing, government agencies that need to find out how to
shape future policy – and everything in between. We may run projects for other
sponsors like consultancies and business owners.
We only carry out market research projects. Your participation in our studies will never result in sales or
marketing communication from us, our clients, or any linked third-party. Market
research is an important function that lets businesses thrive, offer better
service, and where healthcare market research is concerned even lets us report
instances of adverse events in patients to support the efforts of pharma covigilance departments worldwide.
3. Why we contact you
You heard from us.
Any communication you receive from us, such as e-mail invitations or
phone calls, will clearly identify us and explain the purpose(s) of our
contact.
When we contact you, it will generally be for one of the following
purposes:
· To invite you to take part in a market research or customer
satisfaction survey
· To conduct a telephone interview as part of a market research
survey
· To verify the answers you recently provided in a market research
survey
· To validate your registration to our panel
· If you are part of our panel, to update and ensure our records are
accurate
We may occasionally contact you for other purposes; we would have asked
for your permission upfront before contacting you again. If we contact you for
any other reason, we will always ensure the purpose is compatible with your
previous consent.
In nearly all cases, we will only process your data based on your
informed consent to do so. The only exception to this will be in case we share
your contact details with a carefully-selected third party we commission to
carry out a validation on your information, like confirming that you took part
in a recent survey. This is to ensure that we meet our strenuous quality
requirements and because it would not be practical to seek for your specific
consent when doing so. This is a legitimate interest for a business such as
ours, but we will always do so in accordance with this Policy and will only do
this after carefully assessing how this will impact your privacy. If the
assessment is not satisfactory, we will not proceed.
4. How we contact you and where our
contact details come from
Helping you understand how we reach you
The contact details we have for you can come from a variety of sources.
We will always let you know what the source of your contact details were when
you speak to us.
· By e-mail If we are contacting you by e-mail,
you had spoken to us previously and you indicated an interest in taking part in
further and similar types of research. At this point, you would have shared an
e-mail address we can use for this purpose. Alternatively, we may be contacting
you on behalf of our client. If they provide you with products and services,
they could have asked us, as an independent research agency, to speak with you
to understand how satisfied you are with them. Sometimes, employers also ask us
to run internal staff surveys to understand how satisfied you are with them,
too. The privacy notice of our client will mention they sometimes share your
details and work with companies such as ours for market research purpose.
· By phone If we are contacting you by phone,
the above still applies but we may also have found your phone number on
publicly available databases, because we think you meet the criteria of our
research. This process is called ‘desk research’ and helps us reach appropriate
research candidates by phone, based on country of residence, job title, or
industry sector. We sometimes also work with third-party vendors that build
lists of publicly available information to help us reach the right individuals.
· Other methods We sometimes send documentation about
our work to your workplace, so that you can reach out to register your
interest, like a ‘register your interest’ poster. You might see some posts from
us on social media. Alternatively, if you’re on LinkedIn, you may have been the
recipient of one of our campaigns. Whenever this happens, we’ll ask you to
submit some details about you and contact you directly to confirm that you meet
the criteria for a specific survey.
5. The data we collect
What information do we get from you?
On our website Our contact form will collect the
following information from you: a name, e-mail address, the name of your
company and a telephone number. This allows us to help you with your query and
provide any feedback we may have.
If you are applying to join our telephone research teams, we’ll ask for
the same kind of information, but we’ll also ask for your address so that we
can check whether you’d find it easy to reach us for work, and of course we’ll
need to know which languages you speak. You can also choose to include a CV to
your submitted form for our team to review.
Over the phone As we will tell you whenever
speaking with you over the phone, we record all of our calls to ensure our
teams are treating you fairly, working in a professional and courteous manner,
and delivering a level of service that meets our internal standards and those
of the relevant Codes of Conduct. We will always confirm this is fine with you
before proceeding with the call, and these recordings will never be shared with
anyone other than individuals whose role at People O City LLP includes
responsibility for quality control – unless there is a separate purpose for
which these recordings are needed, such as analysis, in which case we will ask
you to consent to this separately before proceeding with the call.
6. Incentive payments
Earn money by taking part in valuable research
If you successfully completed one of our surveys, it is possible that
you are entitled to receive an incentive (also referred to as honorarium or
payment). The value of this incentive will vary depending on the length,
complexity, and topic of the survey. We will always tell you upfront what the
value, currency and method of this incentive payment will be.
We handle all the incentive payments for our surveys, but on occasion we
recruit participants to take part in the surveys of third parties. When this is
the case, the 3rd-party may be administering the incentive. We will make this clear to
you when contacting you about taking part in any survey.
For you to receive an incentive, we will need your e-mail address to
send you an Amazon voucher or PayPal payment. Unless you previously consented
to other purposes, your e-mail address will only be used to send you this
payment and will be deleted once we have confirmation that the payment was
received successfully and to your satisfaction.
7. Our role in the processing of your data
Who is responsible for your data?
When we get in touch with you, we will always tell you who we are,
provide our contact details, and provide the name(s) of the data controller(s)
that decided how your data should be processed. Most of the time, we are
commissioned by our clients to get in touch with you, either as named
individuals or as professionals that fit within the category of respondents
being researched, and this means that they are the data controller, i.e.
without them, no data processing would have occurred. This applies even if your
relationship is with us, and they will never receive any of your personal data
(if that were ever the case, we would ask for your informed, specific consent
before doing so). Depending on the circumstances, we may be joint data
controllers. Because you enter in a relationship with us when you take part in our
surveys, we have a legal obligation to give effect to some of your rights,
should you choose to exercise them. Please read on to find out what this means
and how this can affect you.
8. Data controllers and data processor
Who is responsible for your data?
In a market research survey, different parties come together to form the
‘research chain’. It begins with the research sponsor, the company that decides they want
to run a market research project. Next comes the research agency that designs the survey and
will report its findings back to the research sponsor. Then comes the fieldwork agency that implements the survey
online or over the phone and speaks to respondents all the over the world to
collect the opinions and insights that are needed to write the reports. In
addition, some other third-parties might get involved to help with some specialised elements of the
project, which will vary widely project by project.
Under the applicable data protection legislation, a data controller is
the entity that determines the purpose for which (“why”) and the manner in
which (“how”) data is processed. On the other hand, a data processor will act
on the specific instructions of the data controller and hold you details for
only as long as necessary to complete the work requested of them by the data
controller. In any market research project, there will often be more than one
data controller and it may also include the support of multiple data
processors. All of these parties are legally-bound to protect your privacy and
give effect to your rights provided by GDPR.
9. Exercising your rights provided under
GDPR
Data relationships on your own terms
a. Access
At any time, you can request access to the personal
data we hold about you. Once you get in touch, we will need to determine
whether we are the data controller for your personal details. If we are not, we
will ask you to get in touch, speak directly with the data controller or ask
you if we can get in touch with them on your behalf. If we are the data
controller, you may be able to access this personal data, and correct, amend or
delete it, except in the following circumstances:
· The cost of doing so would be disproportionate and unreasonable; or
· We could not release your data without releasing data from other
individuals, or confidential commercial information of People O City LLP or our
clients
b. Portability
Based on your consent for us to process data, you also have a right
to portability, which means you can request to receive personal data you
provided to us in a format that is easy to read and that could be reused by
others, if you wanted to share it with another data controller.
c. Rectification
You can also ask us to rectify the records we hold on
you. Inaccurate information can lead to frustration or misleading
communication, and we are committed to making sure the information we hold on
you is as accurate as possible. We work hard to keep personal information in
our control accurate, complete, current and relevant, based on the most recent
information available to us. We rely on you to help us keep your personal
information accurate and current by answering our questions honestly.
d. Erasure
You also have a right to erasure, also known as the ‘right
to be forgotten’. If you consented to our holding or processing your data, you
have a right to have any data we hold for you erased if you want to withdraw
your consent. Because we often contact you on behalf of other companies that
may have shared your contact details with us, we will sometimes need to get
back to the company that shared your details and advise them of your decision
to withdraw consent. There are limits to what this right to erasure can
accomplish: if we erase all your details, we may be in contact with you again
by random chance simply because market research must often get in touch with a
representative sample of the population; it does not mean we kept your details,
but that they came up in random sample selection.
e. Restriction
You are also allowed to exercise your right to restrict the
processing of your personal data. The right to restrict means that we will no
longer do any further processing with your data, other than storing your
details for the sole purpose of making sure we do not carry out any further
data processing; we would do nothing else with your details. This is often the
best way to prevent any further contact from us because it allows us to keep
just enough information to make sure your contact details are excluded from any
subsequent projects.
f. Objection
As mentioned, we may sometimes share your personal data with 3rd-party vendors for quality control
purposes. Because our legal basis for doing so is legitimate interests, you
have a right to object to this processing. Any vendors we
contract will operate in accordance with data protection legislation and will
make it clear to you when first contacting you that you may object to this
processing at any time – this will be communicated to us and acted upon.
g. Timelines and identity
verification
If you want to exercise any of these rights, please contact us via
e-mail or postal mail at the contact details provided under ‘Getting in touch’.
Our teams will endeavour to act on your requests no later than 30 days after
receipt. If we require more time, we will let you know within this timeframe.
We may need to get in touch first to ask for additional information confirming
your identity, so that we do not act on malicious or fraudulent requests.
This information will only be stored to verify that your request is
genuine after which it will be destroyed; it will not be used for any other
purpose. If your request is likely to affect other data subjects, we may take
additional verification steps, but this will be communicated to you in
writing. If we cannot deliver on your request at all, we will be in touch
in writing to explain why. If the request is deemed unreasonable or excessive,
we may request you to pay a small fee before we send you a copy of your data – this
will be kept to a reasonable amount.
10. Withdrawing consent and withholding information
No obligations in research
If you previously consented to our processing your personal data, you
can withdraw this consent at any time. There are two methods for you to do so:
1. Over the phone If you would like to do so over
the phone during a survey, please let our telephone interviewers know and we
will act on this immediately. We will end the interview and record your consent
withdrawal for that survey.
2. Online please e-mail us at mr@peopleocity.in quoting your full e-mail
invitation reference number and stating you no longer consent to taking part in
this study. You can also end your participation at
any time by closing the survey.
3. E-mail If you no longer want us to
process your data for any purpose, including future survey invitations, please
e-mail us at mr@peopleocity.in to let us know.
When you participate in our research, we may ask you for your personal
opinions, as well as demographic information, such as your age and household
composition. You are under no obligation to answer any question we ask you and
you can discontinue participation in a study at any time. If you join the People
O City LLP market research panel, you may leave it at any time by following the
unsubscribe instructions that we include in every e-mail that we send you.
11. Confidentiality of survey responses and personal data
Protecting your identity
When working on reports or feeding back the results of surveys we
conduct, we include your responses in a list with all the other participants
and report this in a file to our client where you are not identifiable. This
may then be used by our client to report to the research sponsor with findings
from the survey. We will never report your individual survey responses or convey
them in such a way that you are personally identifiable in the file, with a few
exceptions. We may disclose your data and survey responses to 3rd-parties as follows:
1. You request or consent to sharing your identifying information and
individual responses with the third parties for a specified purpose;
2. We provide your responses to a 3rd-party who is contractually bound to keep the information disclosed
confidential and use it only for research purposes; this may be to ensure
they do not contact you again to take part in a survey you already completed or
for quality control purposes;
3. In the rare but possible circumstance that the information is
subject to disclosure pursuant to judicial, legal or regulatory requirements.
Your survey responses may be collected, stored or processed by our
affiliated companies or non-affiliated vendors, both within and outside the EU.
They are contractually bound to keep any information they collect and
disclose to us or we collect and disclose to them confidential and must protect
it with security standards and practices that are equivalent to our own, no
matter where they themselves are based. See ‘International transfer of data’.
12. Security of personal information
Protecting your data
We inform and train our employees about our policies and procedures
regarding confidentiality, security and privacy, and we emphasise the
importance of complying with them. Our security procedures are consistent with
generally accepted commercial standards used to protect personal information and
are reviewed regularly to ensure this is maintained.
We may transfer personal information to affiliated companies or
non-affiliated vendors for research-related purposes, such as data processing.
We require these companies to safeguard all personal information in a way that
is consistent with our measures and as regulated by law. We follow generally
accepted industry standards to protect the personal information submitted to
us, both during transmission and once we receive it. These include encryption,
password-protection, secure file transfer and other measures like limiting the
number of users that can access your information at any point in time – we
review this on a regular basis.
13. International transfer of data
Protecting your data within the EEA and abroad
We will sometimes need to transfer your data outside of the European
Economic Area (‘EEA’) to make sure we can deliver on our services, either the
support of vendors or because our clients are not based in the EEA. When we do
this, we will tell you upfront before processing your data and get your
explicit consent to do so and any transfer of data will be done securely. The
data will only be used in the same way it would be used in the EEA, with the
same concern for your rights and your privacy. This will be safeguarded by at
least one of these measures:
· The transfer will be with a country that has data protection laws
recognised by the European Commission to provide protection adequate with the
standards of the EEA;
· We will put in place a contract between the recipients of the data that
requires them to protect your data to the same standards as those applicable in
the EEA.
14. Retention of data
If we don’t need it, we delete it
We will always make sure to keep only the data we need and only for the
time we need it for. We review the data we hold on a regular basis. If we find
the purpose for which we collected it is no longer relevant – we delete it. We
also strive to collect only the data we need.
The specific timeframe will vary but if we have no business or legal
need to keep it, we will either delete it securely or anonymise it to ensure no
one can ever link you to it. For example:
· We may need to hold information about you for longer than usual in case
you earned an incentive by taking part in research, but you have yet to redeem
it on our website.
· If you are a healthcare professional, we may need to keep reports of
Adverse Events you mentioned about patients until we are satisfied it was
followed-up on properly.
15. How to opt-out from further e-mails
Getting too many e-mails?
We hope that you are satisfied with the content and nature of our
communication with you, but if you no longer want to receive e-mails from PEOPLEOCITY,
please click on the ‘unsubscribe’ link at the bottom of our e-mails.
16. Getting in touch
Questions or queries?
We have appointed a Data Protection Officer who is the point of contact
for any questions you may have in relation to this Policy, your personal data
and how we use it. The DPO also acts as the point of contact for any
organisation or regulatory body that would have questions about your data and
how we use it. If you have any questions, including about this Policy, please
e-mail our DPO on DPO@peopleocity.in or
reach out by postal mail to:
Data Protection Officer - PEOPLE O CITY LLP || Suashish IT Park, A Wing
4th Floor || Borivali East || Mumbai- 400066, India
We will always endeavour to address any complaints or disputes that
individuals have about their personal data or privacy.
17. Amendments to this Policy
From time to time, we may need or choose to amend this Policy. If we
change this Policy in ways that affect how we use your personal data, we will
post a notice on our website to advise you of this change. This will apply from
the moment that the change is made on our site.