Research Respondent Privacy Notice

Basis Research Limited and Basis Social Limited (“BASIS”) is committed to maintaining the confidentiality and security of your personal information. This privacy policy explains why we require data, how we use any personal information we collect about you, and your rights.

BASIS aims to conduct research to the highest standards of research integrity. Our research is underpinned by policies and procedures that ensure we comply with regulations and legislation that govern the conduct of research; this includes data protection legislation such as the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA 2018).

In this context, the BASIS uses personal data to conduct research to inform the decisions that our clients who commission the research make.

 

What is research? 

BASIS undertakes research across a broad spectrum of areas on behalf of our clients, some of these include consumer behaviour, brand awareness / confidence, testing new product ideas and brand strategies.

The research can be carried out in various formats, from qualitative research methodologies (e.g. focus groups, one-on-one depth interviews, workshops, online communities, telephone interviews etc.) to quantitative surveys (these are usually conducted online).

As well as carrying out research projects ourselves, we also engage trusted suppliers to provide us with additional expertise and ways to conduct the research to ensure we have the best research and analysis available to our clients. We may also receive personal information collected by these third parties in the course of the performance of their services for us. In that case, we will take reasonable steps to ensure that they have the right to disclose your personal information to us.

 

What is personal data? 

‘Personal data’ means any information which relates to or identifies an individual; for example, your name, address, telephone number, email address, date of birth, marital status, and any other information necessary to the purpose of the project. This includes information which may not explicitly identify you (e.g. where your name has been removed) but does make it possible to recognise you if it is combined with other information that is readily available. For example, this might be because the information available contains a postcode, your gender and date of birth; in these circumstances it might be possible to identify you by using other information available elsewhere. Therefore, in these circumstances, we would treat the details we hold as personal information and protect it accordingly. 

Personal information does not include anonymous or non-personal information.

 

How we use your personal information

We promise to respect the confidentiality of the personal information that you, as a participant in our research, provide to us or any organisations that we have engaged to perform research on our behalf.

BASIS, and those trusted suppliers, will provide you with full details informing you about the information we require from you for each project and how we are going to use it. We will ask you for your informed consent when we contact you directly to ask if you would like to take part. We will not do anything with your personal information that you wouldn’t reasonably expect. We will use your information only for the purpose of the research you are participating in and we will not usually use your information or contact you for any purpose other than that research project unless you have agreed to this. We commit to keeping your personal information secure. 

 

Responsible for your personal information

Our clients define the scope of the research and analysis that they need to inform their decisions, so they are the Data Controller, which means they decide how information for is collected, used, shared, stored and deleted (processed). BASIS is engaged to carry out the research and analysis on their behalf and are a Data Processor.

We will ensure that we, and any supplier, only collect only what is appropriate and necessary. We will inform you of what we are collecting and why, and only use it in line with the objectives of the research, unless you have agreed otherwise. 

There are instances where two or more Data Controllers work together on a research project. Each party may control data at different stages of a research project. An example of this is where the client of BASIS is the Data Controller for the data you have provided for the research project, whilst a research partner may also be a Data Controller for your personal information where it has obtained your agreement to contact you more broadly about other research studies that may be of interest to you. 

In all circumstances where two or more controllers work together on a research project, the organisations have agreements and/or contractual arrangements in place which document how they have agreed to share their responsibilities and how they will safeguard your personal information. The involvement of the organisations will be detailed in the project specific Privacy Notice made available to you prior to the project commencing. 

 

Special category personal data

BASIS, or our trusted suppliers, may process some information about you that is considered to be ‘sensitive’, this is called ‘special category personal data’. This may include information concerning your ethnicity, sexual orientation, gender identity, your religious beliefs, or details about your health or about past criminal convictions. This will, of course, be for a research project dedicated and relevant to that field.

Access to, and the sharing of, this more sensitive personal data is carefully controlled and you will be specifically informed about this in your project specific Privacy Notice. 

 

What safeguards we have in place to protect your personal information 

In order to protect your rights and freedoms when using your personal information for research and to process special category information BASIS must have appropriate safeguards in place to help protect your information. We have the following safeguards: 

  • Policies and procedures that tell our staff how to collect and use your information safely.  

  • Training to ensure our staff understand the importance of data protection and how to protect your data. 

  • Security standards and technical and organisational measures as required by the DPA 2018 that ensure your information is stored safely and securely. 

  • Contracts, agreements and processes in place with organisations carrying out research on behalf of BASIS including confidentiality clauses to set out each party’s responsibilities for protecting your information. 

  • We always use third party suppliers who have adequate safeguards in place.

In addition to the above safeguards the DPA 2018 also requires us to meet the following standards when we conduct research with your personal information: 

a)     the research will not cause damage or distress to someone (e.g. physical harm, financial loss or psychological pain). 

b)     the research is not carried out in order to do or decide something in relation to an individual person, unless the processing is for medical research approved by a research ethics committee. 

How your data is stored and when we disclose your personal information

Employees of BASIS who conduct qualitative research with you directly will have your information a way that we can identify and contact you as a participant, for example when you take part in an interview. However, most personal information used in quantitative research will be pseudonymised before it is shared with us. Reports and information that are passed to our clients will generally be anonymised, unless you have been made aware and agreed that your personal information will be passed on to them.

We may share your personal information with our employees, third party suppliers (e.g. panel providers, survey hosts, recruiters, venues, hostesses, etc.) and (where explicitly stated) our clients, who require such information as part of our market research services and projects.

Where it is necessary to work with other suppliers for the purpose of achieving the research outcomes, you will be provided with information about this in your project specific Privacy Notice, which will describe how your data will be used and shared. Information shared will be on a need-to-know basis, not excessive and with all appropriate safeguards in place to ensure the security of your information. 

BASIS will retain your personal information only for as long as it is necessary to fulfil the purposes for which the personal information was collected. All market research data (e.g. your responses to survey questions, participation in face-to-face groups / interviews / workshops, and telephone interviews, etc.) is anonymised at the end of project so that it cannot be associated with or tracked back to you.

On some research projects we cannot de-identify the information as it is necessary for achieving the outcome of the research, for example video outputs. For such projects, we store your personal information as part of the research for the duration of the project and for a defined period after the project has ended. You will be informed in the project specific Privacy Notice about the retention of your information. 

 

Your legal rights

Under data protection legislation you have individual rights in relation to the personal information we hold about you. The extent to which these rights apply to a particular research project may vary and sometimes rights may be restricted, for example where such individual rights would seriously impair research outcomes or after a point at which the research has been anonymised and published.

However, where restrictions do not apply you have the right to: 

  • access your personal information 

  • correct any inaccurate information 

  • erase any personal information

  • restrict or object to our processing of your information

  • move your information (portability) 

It’s important to understand that if it’s considered necessary to refuse to comply with any of your individual rights, you will be informed of the decision within one month and you also have the right to complain about our decision to the Information Commissioner.

 

Who can you contact?

If you have any queries concerning this Privacy Notice or to exercise any of these rights, please write to us at Data Protection Lead, Basis Research, Hanway House, 24 Hanway Street, London W1T 1UH, or email info@basisresearch.co.uk