PRIVACY AND GDPR POLICY

KADA RESEARCH POLICY STATEMENT
This policy explains how and why we use personal data, to ensure individuals remain informed and in control of their information.
Privacy is important to us. We take great care in protecting individual privacy and the information provided whilst conducting research with us (whether through online, telephone/mobile or face to face research approaches).

We are committed to meeting the requirements of the following laws and codes:
The EU General Data Protection Regulation (GDPR)
Data Protection Act 1998 and the Data Protection Act 2018 which will enact GDPR requirements Market Research Society’s (MRS) Code of Conduct

We do not sell or promote anything. We conduct research and we commit, in obtaining co-operation from individuals, not to mislead them about the nature of the research or how the findings will be used. Responses will be treated as confidential unless individuals consent to being identified.

We operate in the UK under the name Kada Research. Our registered office is 145 Hunter House Road, Sheffield S11 8TX. Our business address is: 10 South Street, Park Hill, Sheffield, S2 5QY. Our website address is https://www.kadaresearch.co.uk.
We are registered with the ICO under registration ZA182592. We are registered with Companies House under registration number 7839881.

WHY MIGHT WE CONTACT OTHERS?
If individuals are invited to take part in research, it will be because:

  • They were selected due to being, a customer or recently left customer of one of the companies for whom we work.
  • Has some form of government support and agreed to participate in evaluation or research activity.
  • They have given permission to supply their details to a third party for research purposes.
  • They have taken part in previous research administered by Kada Research and given us their permission to contact them in the future for research purposes.

If individuals have been contacted by Kada Research and do not believe they have given permission or just wish their name to be removed from the database, they need to let us know and we will remove them from the contact list for that specific research project and inform the relevant organisation who supplied their details. Their rights under GDPR are protected and we will reply to any ‘subject access requests’ within 48 hours. Please submit any requests or queries to karl.dalgleish@kadaresearch.co.uk.

We never knowingly invite children under the age of 16 to participate in research studies without taking measures to ensure appropriate consent from a responsible adult has been obtained.

WHAT INFORMATION DO WE HOLD?
We are typically provided with nothing more than a name and a phone number and/or email address in order to contact research beneficiaries. For other methods of research, such as face to face, we may have approach potential participants to explain what we are doing.

Where we are provided with a database or where we have bought in a database, we request only the minimum amount of details to allow us to conduct the research to the specification we have been commissioned to carry out. We never hold sensitive data such as account numbers or financial details.

When we contact third parties or research beneficiaries, we generally do so for one of the following purposes:

  • To invite participation in research or evaluation work.
  • To confirm the details of research someone has agreed to take part in.
  • To conduct research with participants or stakeholders.
  • To validate answers/views given in a recent research we conducted (if they have consented to us doing so).
  • To update and to ensure that our records of personal information are correct.

WHAT INFORMATION DO WE COLLECT?
The information we collect can contain personal opinions to the questions we ask as well as personal information such as name, address, postcode, gender, occupation, age etc. As with all research, individuals have the option to refuse to take part or refuse to answer any individual question(s). Refusing to answer any one or more question(s) will not impact their ability to complete a research survey.

Where relevant to the research being undertaken, we may collect business contact information, such as, company name, job title, and department. This is collected for quality control purposes and is not shared with anyone outside of our organisation unless express permission has been obtained (see the section ‘who do we share data with?’).

In addition, for online surveys we will record IP addresses, which type of browser they are using, their screen size and other basic metrics. This is collected for quality control purposes and is not shared with anyone outside of our organisation unless express permission has been obtained (see the
section ‘who do we share data with?’).

We do not do any invisible processing of data from an individual’s computer. We will only collect and use personal information in accordance with this policy to the extent deemed reasonably necessary to serve our legitimate business purposes, and we will maintain appropriate safeguards to ensure the security, integrity, accuracy and privacy of the information provided.

Kada Research makes reasonable efforts to keep personal information in its possession or control, which is used on an ongoing basis, accurate, complete, current and relevant, based on the most recent information available to us. We rely on individuals to help us keep personal information
accurate, complete and current by answering our questions honestly.

Personally identifiable information collected will be kept for no longer than 12 months from project commencement unless stated specifically at the time of taking part. Non-identifiable information given will be kept for no longer than 5 years. This will be checked and reviewed on an annual basis with the relevant data being deleted.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

When visitors leave comments on the website we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection. If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service Privacy Policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.


HOW IS CONSENT GAINED AND IS IT DEMONSTRABLE?
At the start of every research or evaluation project we will provide participants the vital information that will allow them to provide informed consent as to whether they wish to take part or not. This will include who we are calling on behalf of, the length of time we need to complete a survey, the general topic and, if relevant, any incentive information.

HOW DO WE USE THE DATA GIVEN TO US?
The personal information we collect is:

  • Combined with the responses/views/opinions of others who participated in the same research and reported back anonymously to the client that commissioned the study
  • Used on an aggregated basis to analyse the data based on certain groups or demographic profiles
  • Occasionally used to re-contact individuals to validate their responses (if they have consented to us doing so) or to participate in follow-on research such as a case study or an in-depth interview (again provided consent has been given).

All survey responses and research material are treated as confidential. We will never intentionally disclose personal information or individual survey responses to the client that commissioned the study or any third parties unless:

  • Individuals request or consent to sharing their identifying information and individual responses.
  • In the rare but possible circumstance that the information is subject to disclosure pursuant to judicial or other government subpoenas, warrants, orders or for similar legal or regulatory requirements.

WHO DO WE SHARE INFORMATION WITH?
We will never sell personal information to third parties. From time to time we may employ other companies and individuals (defined as associated) to perform functions on our behalf. Such as conduct research in a language that we are unable to do so in-house. On such occasions they will have access to the personal information needed to perform their functions but will not use it for other purposes. Agreements are in place to ensure that any third parties must also process the personal information as set out in this Privacy Policy and as permitted by the UK’s Data Protection Act/laws/GDPR.

The data we or our partners collect during the research process is reported back to our client in anonymised format unless they have explicitly given permission to be identified. We do not share any research data we collect data with other parties. All data is stored in secure UK servers.

Visitor comments may be checked through an automated spam detection service.

We shall endeavour to ensure that personal information is kept confidential and secure.


COOKIES
A cookie is a small text file that may be placed on individual’s devices (computer, mobile phone,tablet) when individuals complete one of our online surveys. In the case on on-line surveys with us we will use a session cookie. This is a temporary cookie and is removed when the browser is closed. This session cookie allows us to give a visit to our website (or one of our third-party partners’ websites) a unique identifier so an individual can complete the survey. Participants can configure their browser to notify themselves when cookies are being placed on their computer. They can also turn cookies off and delete those they do not want.

If you leave a comment on our site you may opt in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.


SECURITY
Kada Research maintains appropriate technical, administrative and physical safeguards to protect information, including, without limitation, personally identifiable information, received or collected by us. We review, monitor and evaluate our privacy practices and protection systems on a regular basis.

Only certain employees have access to the personal information provided to us and are only granted access for data analysis and quality control purposes. Kada Research is not responsible for any errors by individuals or organisations in submitting personally identifiable information to us.


ACCESS RIGHTS
Co-operation in any research conducted by Kada Research is always voluntary, and we are always grateful for help we received.

Right of access and right of rectification – Individuals are entitled to access the personal information we hold about them (which is known as a subject access request) and they have the right to update any incorrect information.

Right to withdraw consent – Individuals also have the right to withdraw consent given for participation in our research at any time.

Right to be forgotten – this request allows individuals the right to have their personal data held by us securely erased. In such requests we will delete them from the project we have contacted them on/for and will pass the request to the organisation that provided us with the details in the initial instance.

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Wherever reasonable and practical we will carry out such requests and do so within 10 working days of being emailed karl.dalgleish@kadaresearch.co.uk.

QUERIES
If individuals have any queries concerning this policy, our website or our research, or would like to make a subject access request, please contact us on karl.dalgleish@kadaresearch.co.uk.

If individuals have concerns regarding how personal information has been processed by Kada Research, they can make a complaint to the Information Commissioners Office (ICO) via the following options:
Website: https://ico.org.uk/concerns
Telephone helpline: 0303 123 1113.
We are registered with the ICO under registration ZA182592.

Our policy may be updated periodically and the latest version will always be available on request (karl.dalgleish@kadaresearch.co.uk).

Last updated 12.03.2020