Consumer privacy is our top priority at eye square. We rely primarily on demographic and aggregated data from which we cannot directly identify people, and we maintain appropriate limits on access to data about specific individuals where we hold it.
Our internal policies and procedures conform to applicable laws and industry standards around the globe. They also incorporate the principle of Privacy by Design and Default – a commitment to include appropriate privacy protections in the design and implementation of our products and services, as well as making the protection of privacy the default setting in all projects.
While developing our products and services, we assess their potential impact on personal data and embed appropriate privacy protections into our data processing activities, taking into account the other privacy principles described below
We are committed to responsible stewardship of the data under our control and to compliance with all applicable data protection laws that regulate the collection, use and disclosure of data about individual people. Eye square´s internal privacy team oversees compliance with applicable privacy laws, self-regulatory programs that we participate in, and our internal privacy policies.
THE DATA EYE SQUARE COLLECTS
eye square collects personal data from:
Our respondents: individuals who were recruted via external panel providers. This way we do not need to know names, emails or telephone numbers.
Our clients: B2B data needed for sending proposals or newsletters. All Client data is stored in Salesforce and SendInBlue *
Our employees, contractors and business contacts at other companies in the course of conducting our business.
*Additional safeguards for US suppliers are in place, as well as the use of standard contractual clauses to clarify US privacy shield cancellation
Personal Identifiable Information (PII) shall only be collected if necessary. All participants are recruited via panel partners, meaning that all our respondents are members of research panels partners like Schlesinger, Dynata, Cynt or Gapfish.
All PII obtained shall be lawfully collected, compiled, stored, allowed access to, processed and utilized by eye square
Participation in all research projects is voluntary and respondents may opt out of any research project, at any time. In addition, consent will be obtained prior to the collection of PII that will be recorded.
All PII obtained shall be treated confidentially, shall be used for research purposes only and shall not be disclosed to any person not employed by eye square, except with consent, as required by law or by court order.
All PII obtained shall not be disclosed to any client other than for lawful research purposes.
In this regard, in general, clients will not receive:
A. The last name or telephone number of any respondent for any research study;
B. Any original screeners or sign-out sheets containing any last names or telephone numbers.
C. Audio or Video data from respondents, unless for research purposes only and respondents consent is given
In all our studies, we try to minimize the handling of personal data as far as possible:
Example: we do not receive all the information from the partner companies recruiting participants for us, so neither we nor you, as a customer, know the full names or specifically corresponding details such as addresses or the like of the participants. This guarantees the anonymity of the study data.
The processing of personal data is only ever carried out with the explicit consent of the participants.
The personal data of respondents (for example audio or video recordings) will be deleted as soon as the purpose of storage no longer applies, i.e., after the evaluation of the study (after three months at the latest). They must also be deleted if a participant withdraws his or her consent.
We try to implement the use of technical services and storage of data, if possible, in house, i.e. on our own servers.
Our partners and subcontractors are specifically selected and contractually bound to protect data.
On request, we can provide detailed documentation of the various measures that have been implemented to meet the requirements of the GDPR (e.g. electronic access control system, access rights, back-up procedures, encryption, etc.), as well as various policies like home-office or information security policy.
The company management as well as the employees are aware that there are risks to the rights, interests and freedoms worthy of protection of the data subjects when processing personal data.
Regular training courses and workshops are held to raise awareness and expertise, often providing specific topics pertaining to data security in relation to research projects.
To minimize risks, data protection impact assessments are carried out periodically. For the processing of special categories of personal data, like biometric data, children or disabilities special assessments are held before and within the projects to ensure the safety and protection of these groups.
DATA QUALITY ISO 20252
Making sure our data is based on the best panels that ensure data and information security as well as certified quality management programs is part of our quality management program. eye square is an ISO 20252 certified full service research provider that undergoes annual company audits on quality management, data protection and information security. Find more ISO certification information here.