Data Protection Policy
1.1 This policy informs research participants, clients and other interested parties the steps Nisus Consulting takes to ensure we manage and store data securely.
1.2 Nisus Consulting (also referred to as “Nisus”, “we” or “us”) is committed to protecting the information we hold and that is provided to us.
1.3 All Nisus research projects adhere to the Market Research Society’s Code of Conduct.
2. Nisus service standards
2.1 All surveys will be clearly identifiable as from Nisus.
2.2 Our surveys will clearly explain the purpose of the research and how the information will be used.
2.3 When our team contact respondents by telephone or email they identify themselves, state the purpose of the contact and any pertinent details for how the interview will be conducted (i.e. if it will be recorded).
2.4 We will be honest and transparent about the research purposes and use of information.
2.5 All feedback will be treated confidentially and stored securely.
2.6 No captured contact details provided to us will be used for non-research or reporting purposes (i.e. marketing).
3. Unsolicited email
3.1 We do not send unsolicited emails asking for participation in surveys. Rather, we send email invitations only to people who we believe have consented to take part in the research project. Every person who receives a survey invitation can ‘opt-out’ of the research and to not receive any future communication from Nisus.
4. The information we collect
4.1 We conduct research for the benefit of our clients. The information is used to improve services, develop corporate strategy and produce reports (e.g. thought leadership pieces).
4.2 When participating in our research projects, we will ask for opinions and occasionally personal information such as name and email address. Research participants can refuse to answer questions or discontinue involvement in a study at any time.
4.3 Research participants will be informed if their feedback will be attributed and identifiable when reported to the client.
4.4 We may collect and process the following data about respondents:
– Contact details (including name, country of work/residence and email address), place of employment and information on the services used.
– The data submitted when expressing opinions, attitudes, experiences and usage of products or services.
5. How will we use information?
5.1 Research responses will be aggregated and the findings reported to the client that commissioned the study.
5.2 Unidentifiable feedback responses may be retained for future research and analysis purposes.
6. Information we share and transfer
6.1 We will not share personal information with any third-party organisation.
6.2 When conducting research on a behalf of a client we will be clear about who has commissioned the research and how the information provided to us will be shared with them.
6.3 Nisus transfers information using Microsoft Office 365, meaning all email communication is covered under Microsoft Exchange Online Protection. Microsoft uses Transport Layer Security (TLS) which are cryptographic protocols that secure communication over a network by using security certificates to encrypt a connection between computers.
7. Security of information
7.1 All information is handled and managed in compliance with the Data Protection Act 1998.
7.2 Any information we hold is protected through our secure systems and processes (see section 8).
8. Data storage
8.1 The data is stored on UK-only Microsoft cloud servers which have the following encryption:
– Files at rest are encrypted using 256-bit Advanced Encryption Standard (AES).
– Microsoft uses Secure Sockets Layer (SSL)/Transport Layer Security (TLS) to protect data in transit between Microsoft apps and servers; it’s designed to create a secure tunnel protected by 128-bit or higher Advanced Encryption Standard (AES) encryption.
– Microsoft applications and infrastructure are regularly tested for security vulnerabilities and hardened to enhance security and protect against attacks.
9. Data retention
9.1 We may retain response data indefinitely for research purposes (for more information see Part IV, Section 33 of the Data Protection Act 1998 (c.29) and the Information Commissioner’s Office explanation on exemptions).
9.2 However, in line with the spirit of the Data Protection Act 1998 we will not keep personalised data longer than absolutely necessary to fulfil its stated purpose.
11. Legal rights
11.1 Research participants have a legal right under the Data Protection Act 1998 to request access to any information that we hold that can be identified as theirs. This request should be put in writing to the details below. We will respond within 30 days of receiving it. The Data Protection Act 1998 details a number of exemptions from disclosure and if we cannot fulfill the request, we will provide a full explanation in writing.
12. Contact details
12.1 For further information, contact Tim Nightingale at firstname.lastname@example.org
Nisus Consulting Data Protection Policy (Version 1.2, 1 July 2019)