Illuminas UK Privacy Policy

 

Who are we?
Privacy statement
Our data Protection Officer
What personal data do we process in market research activities?
How is your personal data collected?
How will your personal data be used?
Who has access to your personal data?
How long will we keep your personal data?
How do we secure your personal data?
Your choices

Who are we?

Illuminas Global (“Illuminas”) is a professional marketing intelligence agency that uses scientific methods to gain insight to specific issues relevant to our clients. Our registered office is 183 Eversholt Street, London NW1 1BU and our company registration number is OC376554.

Your privacy is very important to us. We go to great lengths to preserve your privacy and protect the personal data used in our processing activities. This Privacy Policy describes how we collect, use and share information, and what choices you have with respect to any information we may hold about you.

Privacy statement

We are committed to meeting the requirements of all applicable data protection legislation and requirements, including the following laws, codes and standards:

  • The EU General Data Protection Regulation (GDPR)
  • Data Protection Act 1998 and the new Data Protection Bill 2017
  • Market Research Society’s (MRS) Code of Conduct
  • ICC/ESOMAR (European Society for Opinion and Marketing Research) International Code on Market and Social Research.
  • ISO 20252:2012 – Market, opinion and social research quality standard (certified)
  • ISO/IEC 27001:2013 – Information Security Management quality standard (certified)

Any information that you supply to Illuminas is used solely for legitimate market research or statistical purposes and will never result in an attempt to sell you anything based on your responses.

Our Data Protection Officer (DPO)

If you would like to receive any further information regarding this Privacy Policy or would like to submit a Subject Access Request please contact our DPO

Email: [email protected]
Data Protection Officer
Illuminas
183 Eversholt Street
London
NW1 1BU

What personal data do we process in market research activities?

During the course of a market research study we may process the following information about you:

  • Full name
  • Phone number
  • Email address
  • Postal address
  • Potentially bank details (if your incentive is paid with BACS)
  • Other demographic information such as profession and age
  • Product information you may have with one of our clients
  • Your opinions
  • Photos of you
  • Audio and video recordings of the market research sessions
  • We may also collect your IP address and which type of web browser you are using if you participate in an online market research survey.

If there is a requirement to collect and process sensitive personal data (such as gender, ethnicity, political opinions, religious beliefs, trade union activities, physical or mental health or sexual life) we will obtain your explicit consent and provide a full description of how it will be used and where it will be located.

On rare occasions, we may use cookies (a cookie is a piece of information that web servers send to your browser file when you access a website, then when you come back to a website again, that website will detect whether you have cookies on your browser file) and other similar devices sparingly for quality control, validation, or to prevent bothersome repeat surveying. You can configure your browser to notify you when cookies are being placed on your computer or to reject cookies altogether.

We do no other invisible processing of your data, nor do we attempt to obtain any data from your computer or mobile device.

How is your personal data collected?

Depending on the project, Illuminas will get contact details in a number of ways. These include:

  • From one of our clients, who you are a customer of or have had contact with in the past.
  • From a research panel that you have signed up to in the past and for which you have consented your personal information to be used for invitations to future market research studies.
  • From one of our third parties who have previously made contact to invite you to conduct market research activities.
  • From information that is publicly available.
  • Potentially bank details (if your incentive is paid with BACS)
  • Other demographic information such as profession and age
  • Product information you may have with one of our clients

Illuminas sometimes gets contact details from its clients, usually where you have had some contact with them previously and they are seeking feedback on a service they provide to you.

If your contact details have been provided to us by one of our clients, you will either have agreed to this when you gave them your contact details (consent) or they should have informed you that your information may be passed to third party research company such as Illuminas. In this case the information provided to us is done so either under our client’s legitimate interests to conduct the research or where they are a public authority, and that it is necessary to share the information in order to conduct the research task in the public interest.

Our clients will sometimes give us additional information about you, along with your contact details, but this will only be information needed for conducting or reporting the research. We will not seek to pass back any information which could identify you without your explicit consent, unless you are otherwise informed during the course of the research.

We may have also received your information from a third party you have previously been in contact with and with whom you have actively agreed that they may pass your contact details on to market research companies like Illuminas. If this is the case, we will let you know how and where your personal data will be used during and shortly after the research. We will then request consent to participate from you before the research starts.

We want to make sure that you are happy for us to use your information for market research purposes. If you think that your details should not have been passed to us, please inform us by [email protected] so that we can raise the concern with the organisation that provided us with your contact details.

How will your personal data be used?

Your personal data is used by us to assist in our market research activities. These activities include:

  • Contacting you to invite you to participate in a market research survey
  • Attendance checking and coordination activities during face-to-face research interview sessions
  • For internal quality control purposes
  • Recording your research responses as either audio / video files or as text files, depending on the research methodology used.
  • Sharing with carefully selected third party vendors to conduct additional processing activities relating only to the research survey you have participated in
  • Reviewing your research responses in combination with the responses obtained from others in order to identify trends and key messages
  • Feed back to our client anonymised findings we believe to be of interest to them

At the start of these activities you may be asked for consent to an audio recording of the session being made. The recording is simply to enable our researchers to more easily and accurately report on the findings of the session. These recordings are typically kept for a year after the end of the research study, or longer in certain circumstances (in which case you will be advised of the actual period during the interview or discussion group), but they will be deleted after this time.

In obtaining your cooperation, we will not mislead you about the nature of the research or the use that will be made of the findings.

We will not send you unsolicited email or pass on your email address(es) to others for this purpose. If we want to send you future email or contact you using other methods, we will ask your explicit permission for this.

Who has access to your personal data?

It is our intention to be as transparent with you as possible with regards to who we may need to share your personal data with to fulfil our research. Before you start your research with us we will let you know who we will share your information with strictly for the purposes of conducting necessary and legitimate additional market research activities.

During the course of a research programme your personal information may be shared with the following types of organisation:

  • Recruiters (who will invite you to participate in research on our behalf)
  • Fieldwork agencies (who may conduct interviews on our behalf)
  • Research viewing facilities (who provide rooms, recording facilities and coordination services for our interviews)
  • Online platforms (which we use to host online research activities)
  • Video streaming partners (if we conduct any live streaming of any face-to-face interviews)
  • Our clients (only if you are a customer and we have told you upfront that is what we planning to do)
  • Transcribers (who may transcribe recordings)
  • Cameramen and video editors (who may perform editing activities on our behalf)
  • Law enforcement (only if required to do so)

Illuminas utilizes a carefully selected network of third party vendors for market research related data processing and analysis. These organisations are contractually obliged to solely use your information for research and statistical purposes and safeguard your information from unauthorised disclosure or modification. They are also contractually obliged to delete your information in line with an agreed retention period.

Illuminas may need to transfer your data outside of the EU in order to complete research activities or fulfil our contractual requirements. We will always make sure we do the following if this is required:

  • We’ll ask for your consent to do this before you start your research session with us
  • We’ll ensure there are acceptable cross border transfer mechanisms in place (e.g. EU-US Privacy Shield for US companies, or EU standard contractual clauses for transfers to other organisations outside the EU)
  • We’ll ensure adequate security mechanisms are in place to protect your information (as per our ISO 27001 procedures).
  • We will never sell or rent your information to third parties.
  • We will never share your information with third parties for additional marketing purposes.

How long will we keep your personal data?

Unless a longer retention period is required by our client, or by law, we will only hold your personal information on our systems for the period necessary to fulfil the purposes outlined in this Privacy Policy or until you request it is deleted.

Most personal information held about you by us in order to conduct our market research activities will be retained for 3 months after the completion of the work. This is to ensure we can respond to any validation requests from our clients or otherwise complete the provision of our services to our clients.

All information is securely deleted (in line with our ISO/IEC 27001 certified procedures) as soon as the retention period has been met.

The only personal data belonging to you that is not deleted after 6 months is your name and date of attendance which is securely stored in a separate database for a further 2 years. This is for legitimate internal quality control purposes.

How do we secure your personal data?

We take information security very seriously at Illuminas and have invested a lot of resource in designing and implementing our Information Security Management System (ISMS) in order to safeguard the confidentiality, integrity and availability of your personal data.

Our ISMS has been certified with the international quality standard ISO/IEC 27001:2013. This means that our security measures are frequently assessed both internally by us, and externally by quality assessors and security testers.

At Illuminas we have a security and privacy by default mindset. The following is ingrained into the Illuminas culture:

  • Risk based approach – every decision we make around privacy and security measures is based on a risk assessment.
  • Security and Privacy by design – security and privacy are baked into each research project at the very beginning
  • Encryption at rest and in transit – we encrypt your personal data whilst it is stored on our servers and when we transfer it to third parties. We also instruct our third parties to adopt the same principle.
  • Principle of least privilege – all of our systems are configured to only permit our team the necessary access they need to fulfil their job roles.

Your choices

At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:

  • Right of access: you have the right to request a copy of the information that we hold about you.
  • Right of rectification you have a right to correct data that we hold about you that is inaccurate or incomplete.
  • Right to be forgotten in certain circumstances you can ask for the data we hold about you to be erased from our records.
  • Right to restriction of processing where certain conditions apply to have a right to restrict the processing.
  • Right to object you have the right to object to certain types of processing such as direct marketing.
  • Right to judicial review in the event that we refuse your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined below.

Please contact our DPO if you would like to exercise any of these rights.

Your choices

We keep this Policy under regular review. This Policy was last updated in May 2018.