Privacy Information Notice
RED C Research Ltd is an independently owned UK company, in partnership with RED C Research & Marketing Ltd, based in Ireland. RED C is a market research agency and we have a responsibility to everyone who participates in research with us to ensure that we process their personal data with due care across our organisation.
RED C is registered as a data processor with the Data Protection Commissioner’s office and we abide by the Data Protection Act 1998 & 2003. RED C have undertaken organisational and technical changes in recent months in order to ensure compliance with the new General Data Protection Regulation (GDPR) which comes into effect on 25th May 2018. GDPR streamlines data privacy laws across the EU and is enforceable on companies who process the personal data of EU citizens.
RED C have appointed Janna Howard as our Data Protection Officer (DPO). Janna is responsible for ensuring adherence to data protection laws across the organisation. It is very important to us that any personal data that we process is in strict adherence to our data protection and IT policies. These policies have been implemented to ensure that adequate security and organisational measures are in place to protect any personal data that we process and to ensure compliance with data protection laws. In addition to this all of our staff has been given the necessary training.
What Is The Purpose Of This Privacy Information Notice?
RED C collect certain information about you in the course of operating our business. This notice sets out details of the information that we collect, how we process it and who we share it with. It also explains your rights under data protection law in relation to our processing of your data.
If you have any queries in relation to this Privacy Information Notice, would like to exercise your data subject’s rights or have any questions concerning our data protection procedures please contact our Data Protection Officer using the details outlined at the end of this Privacy Information Notice.
Who does this Privacy Information Notice apply to?
This notice applies to all parties whose personal data we process. This includes but is not limited to research participants, members of the public, job applicants, employees, clients, sub-contractors and suppliers. Anyone under the age of 16 years should not disclose any personal data to us without first obtaining consent from a parent or legal guardian.
Who are we?
RED C Research & Marketing Ltd was incorporated in 2003 and is an independently Irish owned company. RED C Group, with offices in Dublin, Dundalk and London is one of Ireland and the UK’s premier providers of research-based consultancy services. We have a responsibility to everyone who interacts with us and participates in research with us to ensure that we process their personal data with due care. RED C places data protection and privacy at the centre of our business and uphold this by having mandatory staff training and data protection, privacy and IT security policies in place to ensure that the business operates within all relevant legislative frameworks.
Throughout this Privacy Notice, ‘we’, ‘us’ and ‘our’ refers to RED C Group. We share your information within the RED C Group where required in order to provide and improve our services and to comply with regulatory and legal requirements.
What Personal Data Does RED C Collect And Why?
Personal data is the information that identifies you, such as your name, email or postal address. RED C collect and process personal data as part of the services we provide. This incorporates both online and physical data that allows a person to be identified. We limit the personal data that we process to what is required to undertake a particular function or service offering.
The following is the types of personal data we collect and the reasons why:
- Personal data that you willingly submit as a response within a survey, depth interview, focus group, Vox Pop, online focus group/community or immersion sessions with our clients.
- To Conduct Quality Control Checks:
Conducting quality control is a necessary business activity for RED C as we are members of the Market Research Society (MRS) UK and European Society for Opinion and Market Research (ESOMAR) and we are therefore required to adhere to a set of benchmark research industry standards. These cover the recruitment, training and appraisal of the market research interviewers that work for us and the implementation of various administrative and validation procedures to maintain the quality and accuracy of data collected. In order to ensure we meet the required standards we contact a percentage of people who have participated in our research projects to ask them some questions. In order to conduct a quality control check we require personal details such as your name, address, email and contact number so that a member of our quality control team can conduct this check. These details are not collected or retained for any other purpose.
We retain an individual’s telephone number if they inform us that they do not wish to take part in any further telephone surveys – it is only the telephone number that we retain and no other details. We also securely retain a list of email addresses of individuals who have instructed us not to contact them again in relation to any online surveys. RED C is the Data Controller in respect of any personal data that we are holding on a blacklist.
- If You Participate In Prize Draws to Administer Your Participation:
If you choose to participate in a prize draw we need your personal data to announce that you are the winner and to distribute the prize to you. For this process we will require your name, address, email address and contact number.
- Employee and Job Applicants:
In order to fulfil our contractual obligations with employee and job applicants, RED C may process full name, date of birth, contact number, email address, home address, health information, PPS number, bank details, CV and referees. Further information regarding how we process employee personal data can be found in the employee handbook.
- Interactions with Us:
If you contact us we may record the details of this contact (i.e. name, phone number, email correspondence and hard copy correspondence) so that we can deal with your query.
- Marketing Communication, Events and Live-Streaming:
RED C regularly sends marketing emails about our services, news and other content that is relevant to professionals and organisations working in the marketing, market research and advertising industries. For this purpose we may process a full name, job title, telephone number, email address and organisation name. We provide the option to unsubscribe on every email that we send. In order to improve the content of our emails and make them more relevant we track the performance of them. If we ever contact you via email, phone, post or text asking you to provide feedback or complete a survey on ways to improve our services we will always provide an option for you to unsubscribe or opt-out. To be removed from our direct mail marketing list at any time or to update your communication preferences please contact email@example.com.RED C host seminars, workshops and networking events on an ad-hoc basis. In order to attend an event we require those interested to register with us so that we can provide the practical details about the event. For this purpose we may process a full name, job title, email address, contact number and organisation name. In order to improve our events and make them more relevant we track the performance of them.
- As part of a service or event RED C may offer the option to live stream. In order to register for the live streaming we may process your full name, job title, email address, contact number, IP address and organisation name to ensure the service is delivered. In order to improve our live streaming service we track the performance of them.
- From information publicly available about you (i.e. trade directories, websites and social media) where it is appropriate for us to use it, for example, to improve our service offerings. RED C will always provide an option for you to unsubscribe or opt out from receiving further emails or communication from us.
- We also collect, use and share Aggregated Data such as statistical or demographic data. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
Where Does RED C Collect Personal Data From?
Most of the personal data that we collect will be provided by you through you voluntary contacting us or participating in, for example, a survey/focus group/depth interview with us. RED C only accept personal data from our clients about their customers/stakeholders or from third party organisations on the condition that sharing this data with us does not infringe data protection law and the information is provided to RED C for the purposes of providing market research services. Personal data is collected if you have voluntarily subscribed or asked us to subscribe you to our marketing communication or event lists or requested that we add you to our blacklist.
The Legal Grounds for processing your personal data
We will obtain your consent in order to process certain personal data about you that you have provided to us in a survey or focus group/depth/online community. You can withdraw your consent at any time during your participation in a survey or focus group/depth/online community. RED C will always provide an unsubscribe option at the bottom of any online survey invite or SMS that we send. If we process any special category data we will only do so if you have provided explicit consent.
In order to operate our business effectively, provide services and improve on current offerings we may process personal data on the legal basis of legitimate interest (as long as that processing does not unduly impact your rights). We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
Where necessary for the performance of a contract to which you are a party. If you have entered into a service with us and the processing is necessary to perform the service.
The processing is required in order to comply with a legal obligation such as retaining financial records for Revenue, meet requirements under employment, social security or social protection law and for the establishment, exercise or defence of legal claims.
We will only use your personal data for the purpose for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose and as long as that processing does not unduly impact your rights.
Who Do We Share Your Personal Data With?
We share your personal data with the following third parties:
- Clients – RED C can only provide personal data captured in a survey or discussion to our clients if the participant has provided consent for us to do this.
- Service Providers – we rely on trusted third parties to help us run our business and to provide us with specialised services. These can include companies that provide IT services (e.g. software providers), document storage and destruction companies, legal advisors, accountants and consultants. Where our service providers have access to your personal data, we ensure they are subject to appropriate safeguards and that they only use the data as per our strict instructions.
- Sub-contractors – we ensure that any sub-contractors that we use are subject to appropriate safeguards and that they only use the data as per our strict instructions.
- Regulators – in certain circumstances RED C is obliged to provide information to a regulator (e.g. in the investigation of complaints).
- Other third parties – RED C may share your information externally with other partners where you have provided your consent. We may be required to disclose personal information at the request of governmental or law enforcement agencies. We will only share this information when we have your valid consent or in the event that we are legally obliged to do so. RED C may need to share personal data in order to establish, exercise or defend our legal rights.
- Third parties whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
CHANGE OF PURPOSE
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please email firstname.lastname@example.org. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Transfers Outside Of the UK & European Economic Area (EEA)
We do not seek to actively transfer personal data outside of the UK and EEA. If we transfer your personal data outside of the UK or EEA we will ensure that appropriate measures are in place to protect your personal data and to comply with our obligations under applicable data protection law. This may mean that we enter into contracts in the form approved by the European Commission (EC), transfer to countries deemed by the EC to provide an adequate level of protection for processing personal data or putting additional measures and safeguards in place if we transfer data outside of the UK or EEA to a country with no adequacy decision by the EC. If you would like further details about the measures we have taken in relation to the transfer of your personal data, please contact our Data Protection Officer – email@example.com.
How Do We Secure The Data?
Your personal data is treated confidentially at all times and we have taken the appropriate technical and organisational security measures against accidental loss, unauthorised use, access, alteration, disclosure or unlawful processing of this data. To this purpose we use several security techniques including secure servers, firewalls and encryption, as well as physical safeguard of the locations where data is stored. We limit access to personal data to employees, sub-contractors and third parties that are required to have access to perform necessary tasks within their functions of the business and they are subject to a duty of confidentiality. RED C have a Data Breach and Incident Reporting policy in place which sets out procedures for dealing with any suspected personal data breach and the requirements for notification of data subjects and where applicable the office of the Data Protection Commissioner.
Links to Third Party Sites
There may be links provided to other websites, plug-ins and applications on RED C’s website. By clicking on these links or enabling a connection may allow third parties to collect or share information about you. We do not have any control over these third party websites and are not responsible for their privacy notices. We advise you to read the privacy notice of any website that you visit. Please note that this Privacy Information Notice only covers our own organisation and website.
Retention of Personal Data
The length of time we retain personal data for varies depending on the type of data and its use and is outlined in RED C’s Data Retention Schedule. RED C in establishing an appropriate retention period consider the volume of personal data held, the sensitivity of that data and potential risk of harm from unauthorised use or disclosure. RED C will retain your personal data for as long as reasonably necessary for the purpose for which we collected it, as communicated to you as part of the consent, or as long as the law prescribes. If you have any queries in relation to this please contact our Data Protection Officer – firstname.lastname@example.org.
You have various rights under data protection law, subject to certain exemptions, in connection with our processing of your personal data:
- Right to access the data – you have the right to request a copy of the personal data that we hold about you, together with other information about our processing of that personal data.
- Right to rectification – you have the right to request that any inaccurate data that is held about you is corrected, or if we have incomplete information you may request that we update the information such that it is complete.
- Right to erasure – you have the right to request us to delete personal data that we hold about you. This is sometimes referred to as the right to be forgotten.
- Right to restriction of processing or to object to processing – you have the right to request that we no longer process your personal data for particular purposes, or to object to our processing of your personal data for particular purposes.
- Right to data portability – you have the right to request us to provide you, or a third party, with a copy of your personal data in a structured, commonly used machine readable format.
In order to exercise any of the above rights, please contact RED C’s Data Protection Officer using the contact details set out below. Exercising these rights are subject to the conditions and limits established by the GDPR and if we believe your request to be ineligible we shall inform you of this and our reasoning. You will not be required to pay a fee to exercise your rights. We may need to request specific information from you to help us confirm your identity as a security measure to ensure your data is not disclosed to anyone who does not have a right to access it.
Changes to this Privacy Information Notice and your Duty to Inform us of Changes
RED C reserves the right to change any of the terms of this Privacy Information Notice at any time and without notice. RED C therefore recommends that you review this Privacy Information Notice regularly and before participating in a research project with us.
It is important that the personal data that we hold about you is accurate and up to date therefore please let us know if your personal data changes during your relationship with us.
Who to Contact In Relation To the Processing Of Your Data?
If you have any queries or requests in connection with our processing of your personal data, you can get in touch with us using the following contact details. Please note our preferred method of contact is email.
Data Protection Officer Contact Details
Name: Janna Howard
Tel: (01) 818 6316
Address: RED C Research & Marketing Ltd,
Ground Floor, Block G,
East Point Business Park, Alfie Byrne Road,
Dublin 3, Ireland, D03 H2N1
If you are not happy with regards how we are processing your personal data please note that members of the public have the right to lodge a complaint with the Information Commissioner’s Office (ICO) and guidelines on how to do this can be found on their website: https://ico.org.uk/global/privacy-notice/making-a-complaint/