Data Protection, GDPR and information Security
The General Data Protection Regulation issued by the European Union (“GDPR”) and effective 25 May, 2018, is a further evolutionary step in the protection of the privacy rights of individuals (for example, tighter restrictions around consent, the right to be forgotten, the type and amount of personal data that can be utilized, data access and security, etc.) beyond those protections that have already been in place for some time in the European Union and in many other countries around the world.
As such, the protection of personal data is, and always has been, a top priority for Quomeda as a leader in the Market Research industry and producer of information about markets. Quomeda is compliant with the guidance and requirements of the professional code of conduct applicable to all registered market research companies (ICC/ESOMAR International Code on Market, Opinion and Social Research and Data Analytics1 ) and all current existing local regulations, especially as far as the protection of respondents’ data is concerned.
Quomeda took a proactive approach to ensure the safeguarding and protection of the personal data of its customers, respondents and employees. Moreover, by the end of 2018, Quomeda intends to also implement the GDPR requirements in all countries where it operates.
Quomeda has already taken many actions to comply with the GDPR; with some of the main actions including but not limited to the following:
1. The nomination of a global Chief Privacy Officer (CPO) and local Data Privacy Officers (DPOs). The role of the CPO is to guide and coordinate Quomeda’ global compliance efforts on data protection and privacy and to manage the local Data Protection Officers who have been appointed for each country in which Quomeda operates. Their mandate is to ensure that personal data are appropriately treated and protected.
2. Anonymised data and access security
- For respondents
Quomeda uses anonymization techniques to protect respondents’ personal data as part of its data collection operations so that access is restricted to its fieldwork teams in its operations units solely on a need to know basis. Quomeda applies the same policy and care for customer provided samples and for Quomeda online panellists and off-line respondents.
- For our employees
The access to employees’ personal data is strictly limited to the relevant staff in charge of human resources management.
3. Employee training
Quomeda will launch an extensive employee training program to ensure a high level of data protection awareness and data protection adherence across the Quomeda group. Our customers expect that Quomeda employees are compliant with GDPR and other applicable data protection legislation. Quomeda is implementing a worldwide training program concerning data protection (including GDPR requirements) for relevant staff.
Quomeda implemented various encryption solutions, notably on all employees’ computers. Regarding its (software) applications, Quomeda is taking measures to encrypt certain panel applications as well as databases containing special (sensitive) categories of personal data such as data concerning health. Lastly, when it comes to its employees, Quomeda’ main human capital management system, is fully encrypted.
Quomeda enforces procedures in order to select suppliers processing personal data based on their capacity to comply with Quomeda’s data protection requirements. This means that all suppliers must sign an agreement with Quomeda including data protection clauses at least as strict as the ones Quomeda signs with its customers, and that no supplier can transfer any personal data outside the EEA unless they agree to appropriate safeguards and obtain customer consent. Additionally, our suppliers cannot subcontract part of the personal data processing services to sub-processors without Quomeda prior approval.
6. Data transfers
Quomeda put in place some contractual measures for cross border data transfers within Quomeda and with its suppliers. When a data transfer is required in a country recognized as not having an adequate level of data protection, Quomeda ensures that EU Standard Contractual Clauses are in place, implementing appropriate technical and organisational measures for the protection of the personal data.
Quomeda remains committed to protecting the personal data of its customers, respondents and employees. If you have any questions or require any further clarification, please contact our Chief Privacy Officer at email@example.com who will direct your question to the appropriate person.
As you navigate through this Site, some of your user information may be actively collected (name, e-mail address) or passively collected (which you did not actively provide) such as your browser type, domain name, IP address, pages visited, and the length of your user session using various technologies and means, such as Internet Protocol Address, cookies, Internet Tags and navigational data collection, for the sole purpose of web site enhancement.
No information collected is shared with third parties for advertising or other purposes except that it may be disclosed to those of Quomeda’s contractors who assist with programming and technical aspects of hosting and operating the Site. Transmissions to and from this Site may not be confidential and consequently, may be read or intercepted by others.
In accordance with the law of 6 January 1978 concerning informatics and freedom (loi Informatique et Liberté du 6 janvier 1978) and any applicable European regulations, you have the right to access, modify, correct or delete any personal data which we may have collected (Art. 34 of the law of 6 January 1978). To exercise this right please contact firstname.lastname@example.org.