Data Privacy Policy

Basis Consumer US, including Basis Research LA LLC and Basis Chicago Limited, (Basis) is committed to adhering to the Data Privacy Framework Principles to the extent necessary to meet national security, public interest, and legal requirements. These Principles will apply to all personal data transferred and do not apply to any data from which individuals cannot be identified or where pseudonyms are used.

Basis complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.  Basis has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.  Basis has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  

To learn more about the Data Privacy Framework (DPF) program, and to view our certification page, please visit https://www.dataprivacyframework.gov/.

US law will apply to questions of interpretation and compliance with the Principles and relevant privacy policies by Data Privacy Framework organizations, except where Basis has committed to co-operate with EU data protection authorities (“DPAs”).

The Federal Trade Commission (FTC) has jurisdiction over Basis’ compliance with the Data Privacy Framework.

DEFINITIONS

“Personal data” and “personal information” are data about an identified or identifiable individual that are within the scope of the Directive, received by an organization in the United States from the European Union, and recorded in any form.

“Sensitive information / data” is personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying the sex life of the individual.

“Processing” of personal data means any operation or set of operations that is performed upon personal data, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure or dissemination, and erasure or destruction.

“Processor” is the company or person who performs the processing.

“Controller” means a person or organization which, alone or jointly with others, determines the purposes and means of the processing of personal data.

COLLECTION AND USE OF DATA

Basis collects personal information to enable us to contact respondents to take part in market research projects; these can be for online surveys and / or face-to-face interviews and focus groups. We collect only the minimum amount of personal information that we need to enable us to fulfil the project parameters.

You may need to provide us with personal information such as your:

  • Name

  • Phone number(s)

  • Physical address and / or regional location

  • Email address

  • Age and life stage

  • IP address

  • Socio-economic information (such as affluence level, ethnicity)

Basis only retains such information for as long as reasonably required for business purposes or as reasonably required to comply with our legal obligations.

PRINCIPLES

  1. NoticeBasis must inform individual about its participation in and commitment to the principles of the Data Privacy Framework, the data collected and who has access to it (including third parties and the purpose for this), the purpose for collection, their individual rights and how to contact Basis to exercise any of these, the independent dispute resolution body designated to address complaints and provide appropriate recourse free of charge to the individual, being subject to the investigatory and enforcement powers of the FTC, the requirement to disclose personal information in response to lawful requests by public authorities.

    Basis provides privacy or fair processing notices to all individuals prior to them participating in any fieldwork, this informs them of who has access to their data, where it is being held, for how long, their rights under the Data Privacy Framework (and GDPR if relevant), and who to contact to exercise any of said rights.

    All notices are written in clear and easy to understand language to ensure that there is no confusion and all participants are fully cognisant of their rights and give informed consent.

  2. Choice offer individuals, by a clear, conspicuous, and readily available means, the opportunity to choose (opt out) of whether their personal information is to be disclosed to a third party or used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individuals. Express consent (opt in) from individuals must be obtained if any sensitive information is to be disclosed or used for a purpose other than that which it was originally collected or subsequently authorized by the individual.

    Basis provides market research and brand consultancy services to our clients in various business fields. Basis collects Personal Data from individuals to enable them to participate in surveys, focus groups, depth interviews and other research activities. In our capacity as a service provider, we will receive, store, and / or process Personal Data on behalf of our clients; in such cases, we are acting as a data processor. On rare occasions, the information that we collect from individuals in this capacity might be linked back to a client database, but you would be made aware if this is the case and asked to opt in before you take part.

    We may need to disclose your information to our third-party suppliers as part of this – these include market research recruitment agencies, focus group meeting venues and venue hosts, panel and survey solution suppliers, online survey hosts. We will always inform you at the start who may have access to your information should you choose to participate in the research.

    The Personal Data that we collect may vary based on the requirements of the research project and client it is for, but as a general matter, Basis collects the following types of Personal Data: full name, email address, mailing address / region, telephone number(s), title, gender, age and life stage, affluence level, IP address, and occasionally ethnicity.

    We also may collect Personal Data from persons who contact us through our website to request additional information; in such a situation, we would collect contact information (as discussed above) and any other information that the person chooses to submit through our website.

    Basis does not disclose personal information to third parties for purposes that are different than what it was originally collected for. Should the initial purpose change, we will recontact individuals with the option to opt-out.

  3. Accountability for Onward Transfer only transfer personal data for limited and specified purposes, and comply with Notice and Choice principles. To transfer personal information to a third party, the organization must enter into a contract with the third-party controller providing the data specifying that the recipient will provide the same level of protection as the Principles, and will notify the organization if it makes a determination that it can no longer meet this obligation and will immediately cease processing or takes other reasonable and appropriate steps to remediate.

    Basis discloses Personal Data only to Third Parties who reasonably need to know such data and only for the specific purposes it was gathered for. Such recipients must agree to abide by confidentiality obligations and data protection agreements. Basis takes reasonable and appropriate steps to ensure that our third parties effectively processes the personal information transferred in a manner consistent with the Principles, and monitor our third party suppliers throughout our relationship with them.  We will inform you who the third parties are at the time of gathering your personal data.

    Basis also may occasionally disclose Personal Data to our client when a Data Subject has consented to or requested such disclosure. Please be aware that Basis may be required to disclose an individual's personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements. Basis’ accountability for personal data that it receives in the United States under the Data Privacy Framework and subsequently transfers to a third party is described in the Data Privacy Framework Principles. In particular, Basis remains responsible and liable under the Data Privacy Framework Principles if third-party agents that it engages to process personal data on its behalf do so in a manner inconsistent with the Principles, unless Basis proves that it is not responsible for the event giving rise to the damage. 

  4. Security when creating, maintaining, using or disseminating personal information, take reasonable and appropriate measures to protect it from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved in the processing and the nature of the personal data.

    Basis has implemented physical and technical safeguards to protect Personal Data from loss, misuse, and unauthorized access, disclosure, alternation, or destruction. Basis ensures that it always keeps updating its security to counteract any new and emerging threats. For example, electronically stored Personal Data is held on a secure network with firewall, encryption, anti-malware and virus protection; access to our system requires user authentication and pre-programmed permission levels that limiting the scope of employees who have access to certain data.

  5. Data Integrity and Purpose Limitationpersonal information must be limited to the information that is relevant for the purposes of processing. Basis may not process personal information in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the individual. Basis must take reasonable steps to ensure that personal data is reliable for its intended use, accurate, complete, and current. Information may be retained in a form identifying or making identifiable the individual only for as long as it serves a purpose of processing.

    Basis will explain on first contact what information we require, how long we will need this for, where their data is stored and who has access to it. We only ask for the minimum personal information required to fulfil the needs of the purpose and only retains this information that personally identifies an individual for as long as it serves the purpose for processing. After which, all data is anonymized (e.g. responses to survey questions are usually amalgamated and not attributed to any one individual) and personal data securely deleted. We use reasonable efforts to maintain the accuracy and integrity of Personal Data and to update it as necessary.

  6. Accessindividuals must have access to personal information about them that Basis holds and be able to correct, amend, or delete that information where it is inaccurate, or has been processed in violation of the Principles, except where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated.

    To exercise your rights to access any data held by Basis, and correct, amend or delete this, please email Basis at LAinfo@basisresearch.com. Requests received must be in writing providing sufficient clarity to enable us to determine whether we are processing your data and to enable us to locate it, and satisfy us of your identity to prove you are allowed to receive this. Any request will be dealt with in a timely manner, and in any case within one month of receiving it; you will be provided with an acknowledgement of your request once this has been received.

    Any data you provide to correct our information must be truthful, complete, and accurate.

  7. Recourse, Enforcement and Liabilityeffective privacy protection must include robust mechanisms for assuring compliance with the Principles, recourse for individuals who are affected by non-compliance with the Principles, and consequences for the organization when the Principles are not followed. Minimum mechanisms must include a readily available independent recourse mechanism by which each individual’s complaints and disputes are investigated and resolved at no cost to the individual, follow-up procedures for verifying that the attestations and assertions organizations make about their privacy practices, and obligations to remedy problems arising out of failure to comply with the Principles.

    In compliance with the Data Privacy Framework Principles, Basis commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Data Privacy Framework. European Union, United Kingdom, and Swiss individuals with Data Privacy Framework inquiries or complaints should first contact Basis by email at LAinfo@basisresearch.com.

    Basis further commits to refer unresolved privacy complaints to an independent dispute resolution mechanism, the BBB National Programs consumer complaints system. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit  https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information and to file a complaint. This service is provided free of charge to you.

    Where complaints and disputes are not resolved through the above channels, Basis will follow the terms of arbitration as set forth in the Data Privacy Framework, provided that an individual has invoked binding arbitration by delivering notice to Basis by following the correct procedures. See Data Privacy Framework Annex 1 for details https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.

    Basis shall remain liable under the Principles if it or its agents process such personal information in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the damage. Procedures are in place for verifying that privacy practices have been implemented and any problems arising out of failure to comply will be dealt with swiftly and decisively.

RENEWAL

Basis will renew its US-EU and Swiss-US Data Privacy Framework certifications annually, unless it subsequently determines that it no longer needs such certification or if it employs a different adequacy mechanism. As part of this Basis will review and update its information security and Data Privacy Framework policies annually to ensure that we remain compliant and up-to-date with the Principles.