Survey privacy notice
1. Introduction: Privacy Statement for EUFIC stakeholder survey
The aim of this survey is to examine stakeholders’ perceptions of EUFIC. This Privacy Statement summarises how Twine will respect your privacy during this research.
Your personal data will be processed in accordance with the UK Data Act, 2018.
By providing us with your data, you warrant to us that you are over 13 years of age.
Anna K Traylor is the data controller and we are responsible for your personal data (referred to as “we”, “us” or “our” in this privacy notice).
Contact Details
Our full details are: Anna K Traylor trading as The Twine Partnership (Twine)
Email address: anna@thetwinepartnership.com
Postal address: 36 Cherington Road, Westbury on Trym, Bristol BS10 5BJ
It is very important that the information we hold about you is accurate and up to date. Please let us know if at any time your personal information changes by emailing us at anna@thetwinepartnership.com
2. What data do we collect about you, for what purpose and on what ground we process it
Personal data means any information capable of identifying an individual. It does not include anonymised data.
3. Purpose of the data processing operation
Data collected in this project will be processed only to answer the research questions of the EUFIC study. Neither your name nor the name of your organization will be passed onto third parties.
Sensitive Data
We do not collect any Sensitive Data about you. Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any information about criminal convictions and offences.
4. Categories of data subjects
Persons who have consented to participate in this survey.
5. Data processed
Types of data, including personal data that may be processed are as follows:
· Name, company organization
Appropriate organizational and technical security measures will accord your data the protection applicable for sensitive data, as stated by Regulation (EU) 2016/679. Anonymised data from this research will be stored securely on the EUFIC server (www.eufic.org) in Belgium for 5 years.
6. Recipients of personal data
Only authorised individuals will be able to access your personal data.
Recipients of your data shall not use your data for any other purpose than this research.
The personal information collected will not be communicated to third parties, except in an anonymised form.
7. International transfers
Where you are within the United Kingdom:
We are subject to the provisions of the UK General Data Protection Regulations that protect your personal data. Where we transfer your data to third parties outside of the UK, we will ensure that certain safeguards are in place to ensure a similar degree of security for your personal data. As such:
We may transfer your personal data to countries that the relevant regulatory authorities in the United Kingdom have approved as providing an adequate level of protection for personal data by; or
If we use US-based providers that are part of a UK regulator approved privacy framework, we may transfer data to them, as they have equivalent safeguards in place; or
Where we use certain service providers who are established outside of the UK, we may use specific contracts or codes of conduct or certification mechanisms approved by the United Kingdom regulators which give personal data the same protection it has in the UK.
If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
Where you are within the EEA:
We are subject to the provisions of the EU General Data Protection Regulations that protect your personal data. Where we transfer your data to third parties outside of the EEA, we will ensure that certain safeguards are in place to ensure a similar degree of security for your personal data. As such:
We may transfer your personal data to countries that the European Commission has approved as providing an adequate level of protection for personal data by; or
If we use US-based providers that are part of an EU approved privacy framework, we may transfer data to them, as they have equivalent safeguards in place; or
Where we use certain service providers who are established outside of the EEA, we may use specific contracts or codes of conduct or certification mechanisms approved by EU regulators which give personal data the same protection it has in the EEA.
If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
8. Legal basis for the processing operation
Data processing shall be carried out in accordance with Art. 6(a) of Regulation (EU) 2016/679: the research participant has given consent to the processing of their personal data for a specific purposes.
9. Time limit for storing the data
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. When deciding the correct time to retain the data we look at its amount, nature and sensitivity, potential risk of harm from unauthorised use or disclosure, the processing purposes, if these can be achieved by other means and legal requirements.
Anonymised data may be stored for longer, because it will be combined with the data from others (e.g. average responses to a particular question).
10. Data security
We have put in place security measures to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed without authorisation. We also allow access to your personal data only to those employees and partners who have a business need to know such data. They will only process your personal data on our instructions and they must keep it confidential.
We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach if we are legally required to.
11. Your rights as a respondent
Under data protection laws you have rights in relation to your personal data that include the right to request access, correction, erasure, restriction, transfer, to object to processing, to portability of data and (where the lawful ground of processing is consent) to withdraw consent.
If you are within the UK, you can see more about these rights at:
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/ If you wish to exercise any of the rights set out above, please email us at anna@thetwinepartnership.com.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive or refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you.
If you are within the UK and are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We should be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.
If you are within the EU and are not happy with any aspect of how we collect and use your data, you have the right to complain to the data protection authority of the country in which you are based. We should be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.