To take part in research you will need to share some personal details with us. By signing up to our research database, The User Experience Agency Ltd will store details about you.
This document explains what information we have, why we need it, how we use and handle it and your rights to that information.
Keeping your personal information secure is our top priority and we use secure methods to store and transmit your data. We will never sell your data to anyone.
When you sign up to our database, you’ll begin to receive emails about upcoming research sessions for which we think you might be suitable. You can unsubscribe at any time if you no longer want to receive the emails.
We may also call you or send you text messages as part of the process of finding a suitable day/time to attend a research session.
This document explains how you can ask us to restrict/cease processing your personal data; which can be done by emailing firstname.lastname@example.org at any time.
WHAT PERSONAL DATA DO WE HOLD AND HOW DID WE GET IT?
In the course of applying to take part in research and in the research sessions themselves, you will provide us with personal data about yourself. This would be done either through signing up from responses to online surveys, telephone conversations with our employees and responses given during research sessions. This may include the following:
- Information you provide during your registration with us via online registration forms. This includes your name, date of birth, email address, contact details and address, gender, relationship status, nationality, number of children, employment status and details including salary bracket.
- Information that you provide when completing online surveys to determine if you will be suitable to take part in research sessions. You may also provide additional information with our staff over email, phone or text message.
- Information that you provide during the course of the research session(s).
- Video or audio recordings of the research sessions.
- Information that you provide in any email communication with ourselves.
- Information uploaded to any apps used in the course of the research (for example, you might be asked to upload photos from your experience of using a service or product throughout the course of a week).
We may also collect and store any information you provide to us regarding a 3rd party (i.e. if you refer a friend to us to take part in research). Before you provide another person’s details to us, please make sure you get their consent. You can refer them to this document, so they can understand how we will use and process their information.
By using our website, we may track some information about your computer and how you use our site, including your IP address, location, browser type/version, operating system, how you came to our site, how long you visited our site, which pages you looked at on our site (and how often) and how you moved through the site. This is all collected anonymously by Google Analytics so that we can see how people use our site to help us make it better and easier to navigate.
WHAT WE DO WITH YOUR PERSONAL INFORMATION
We may use your data (in accordance with GDPR) in the following ways;
- To contact you via email, telephone, text message or social media to offer you research opportunities. When you complete an online survey, we may need to phone you and run through your survey responses with you. We might need to check you have the services you have stated in the survey.
- We will manually process your data to match you with suitable research opportunities. This includes filtering the details you have supplied against the criteria we have been given by our clients for the research they’re conducting. This is how we match you with projects.
- Send you payments (we call these ‘incentives’), vouchers and/or prizes for our prize draws. We usually pay you in cash but sometimes we may need to pay you via Amazon e-voucher or bank transfer, in these cases we’ll collect the first line of your address and postcode and/or your bank account number and sort code so that we can make a BACs payment to you. We will only take these details from you if you have agreed to take part in a session. We will never ask for your bank details over the phone, only via email or text message. We only store these long enough to make payment to you, once payment has been made these are deleted from our records. We will NEVER ask for credit or debit card details from you and we will never ask you to purchase anything or make a payment to us.
- After taking part in research, we may share anonymous quotes, however we will not use your real name and we will change details that might make you identifiable to others.
- Prevent fraud and keep our website / database information accurate and secure.
Your data will only be processed by our staff in the UK in line with UK/EU law and the GDPR.
- We protect your personal information using technical and administrative security measures to reduce the risks of loss, misuse, unauthorised access, disclosure and alteration. Some of the safeguards we use are firewalls and data encryption and physical access controls to our offices.
- Your data may be transferred and stored via some online systems based in the US. By this, we mean systems like Mailchimp which we use to send you emails. Where data is stored on systems based in the US, we have contracts in place with those suppliers to ensure they meet our strict data security criteria.
- Any special category data we hold on you for the purposes of research will be stored anonymously, we may share the information you provide; however, we will not use your real name and we will change details that might make you identifiable to others
Special category data is defined as personal data consisting of information as to:
- Racial or ethnic origin
- Political opinion
- Religious/philosophical beliefs
- Trade union membership
- Physical or mental health or condition
- Sexual life or sexual orientation
- Biometric data
WHAT WE DON’T DO WITH YOUR DATA
We will not supply your personal information to anyone (other than our clients). We ask our clients to delete any personal information we send them about you within 7 days of the date of the research testing dates. This is also in our terms and conditions with our clients.
We will not use your data for any purpose other than to match you with research opportunities.
We will never sell or rent/hire your data to anyone. In the event that we sell our business to a new owner then we’ll make sure you’re aware and ask you to opt in again, provided you’re happy to continue your registration with us.
HOW LONG DO WE KEEP YOUR PERSONAL DATA?
The data you provide to sign up to our website is kept until you opt to stop receiving communications from us regarding research opportunities.
The data you provide when completing online surveys is kept for 12 months and then deleted. We keep this information as it can be helpful in matching you to future research projects.
Any banking information you provide is kept only long enough to allow us to make payment to yourself. However, some of your bank information may be preserved by our bank on our transaction history.
Any video or audio recordings of you taking part in research sessions are kept by ourselves for up to 18 months from the date of the research session. The recordings are shared with our client at the end of each project via secure online transfer. We keep the videos for this long in case our client needs them re-sending at any point within 18 months of the research taking place. We delete all video and audio recordings after 18 months. We ask that our client only keeps the videos for 18 months from the date they receive them from us – they are then deleted.
WHAT ARE YOUR PERSONAL DATA RIGHTS?
The User Experience Agency complies with the Market Research Society’s Code of Conduct, and adheres to the principles of the Data Protection Act 1998 and GDPR.
If at any point you believe that the personal information we hold on you is incorrect, you want us to correct or delete that information, or you no longer want us to hold that information or contact you, you can exercise your rights under the current Data Protection laws.
These rights include:
- Right of access
- Right to withdraw consent
- Right to rectification
- Right to erasure
- Right to restriction of processing
- Right to data portability
- Right to object
For more information about your personal data rights please visit the Information Commissioner Office website at: https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the- gdpr/individuals-rights/
WE WILL ENSURE THAT:
- there is a Compliance Officer with specific responsibility for data protection in the organisation;
- everyone managing and handling personal information understands that they are contractually responsible for following good data protection practice;
- procedures for handling personal information are clearly described;
- everyone managing and handling personal information is appropriately trained to do so;
- everyone managing and handling personal information is appropriately supervised;
- anyone needing to make enquiries, or respond to queries, about handling personal information knows where to seek advice;
- queries about handling personal information are promptly and courteously dealt with, and logged when appropriate;
- reviews and audits are carried out of the way personal information is managed and methods of handling personal information are assessed and evaluated.
WHO DO I CONTACT IF I HAVE AN ISSUE WITH MY PERSONAL INFORMATION THAT YOU HOLD?
If you would like us to update or delete your details,
Please contact our Data Protection Officer:
020 7949 4940 or email@example.com
HOW DO I MAKE A COMPLAINT ABOUT HOW MY PERSONAL DATA IS BEING HELD OR PROCESSED?
If you wish to raise a complaint on how we handle your personal data, you can contact our Data Protection Officer who will investigate the matter.
If you are not satisfied with our response you can make a complaint to the Information Commissioner’s Office (ICO). Their Helpdesk number is 0303 123 1113.
Information Commissioner’s Office
Or online: https://ico.org.uk/concerns/
Authorised by Company Director:
Dr Louise Croft Baker
The User Experience Agency Ltd
Chestnut Barns, Moreton, Thame, Oxfordshire, UK t: +44(0)207 947020
Registered office: As above. Registered in England and Wales. Registered number: 06701477