- Provide for an environment within ‘suAzio consulting" that provides the level of data protection mandated by the General Data Protection Regulation ("GDPR") EU 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 96/46/EC and implementing European laws and regulations in the European Economic Area.
- Define responsibilities for compliance with data protection requirements
- Explain what personal data is processed by "suAzio consulting", the purposes for which the personal data is processed and potential recipients of the personal data, the data protection rights of individuals and how "suAzio consulting" is to deal with these rights.
- In order to respond to your requests and keep you informed
- In order to answer your questions and exchange information
- For administration and organization of events or webinars
- Contact you for studies via email, through mobile notifications or texts or any other proposed communication options
- Inform you of updates to our services, new features and details relevant to you through communications
- Select you for future studies
- Help you when you contact our support team
- Allow us to reward you with the promised incentives
- Protect suAzio consulting from fraudulent behavior
- Prevent multiple entries in studies by the same individuals (in line with our Terms and Conditions)
- Update, enrich and clean our database to improve our usage of data, allowing us to better select you for studies and receive communications
- we have your consent for the use of your personal data
- we need to use your personal data in order to perform a contract with you
- we need to process your data to comply with a legal obligation
- we need to process your data in order to protect your vital interests or someone else
- the processing is necessary to perform a task in the public interest
|Market Research||To understand your views about certain products and services or to understand your behavior in different situations||Identifier, contact details, email address, voice, image, opinion, bank details|
|Scientific Research for commercial companies and charitable research organizations||Including but not limiting to clinical studies, health economics and outcomes research (HEOR), non-interventional studies (NIS), real world research (RWR), observational studies, epidemiology research||Identifier, contact details, email address, health data, e.g. disease, health status, diagnose, treatment pattern, unmet needs|
|Safety monitoring (Pharmacovigilance Adverse Events Reporting)||Report Adverse Events during our studies to competent authorities||Identifier, contact details, email address, disease, treatment, product taken and adverse events|
|Survey Participation Uniqueness||Prevention of multiple entries in surveys by the same individuals in line with our Terms and Conditions||IP address, browser specifications, device specifications|
|Tracking of the Answers of Recurring Respondents (special research design projects)||When you participate in our surveys, we typically use a temporary ID which makes your answers in the survey anonymous to our clients. However, some of our clients have the specific research design need to understand how your opinion has evolved over a period of time. For this specific project type that we call “tracking” projects we will use persistent IDs and we will make this clear at the beginning of each of these surveys. Your survey responses will be considered as personal data and you will have the right to access them. Such projects will contain a notice on the very first page of the survey, so that you can identify them and decide whether or not to take part.||Persistent unique project-specific identifier|
|Data Matching and Enrichment||We enrich the data we hold on file about you by matching your personal data with third parties. This will help us to improve your panel profile and ensure that we select relevant surveys for you.||Persistent unique identifier, contact details, email address, social login, cookie, mobile device ID, official identification number (i.e. ME number)|
When you participate in our research, we may ask you for a range of information, including, for example, your personal opinions, and demographic information, such as your age, your health status, such as condition you may suffer or diagnose and treatments. You may decline to answer any questions or withdraw from participation in a study at any time.
Our third party partners are all contractually bound to keep any information they collect and disclose to us, or that we collect and disclose to them, confidential and must protect it with security standards and practices that are equivalent to our own.
You can be assured that we will protect your privacy. We will not make your personal information available to anyone without your agreement unless it is for research purposes only or if required by law. This includes your name, e-mail address and phone number
We may share your personal data with vendors to fulfil data processing requirements, e.g. data matching, third party service providers, online ad effectiveness measurement, social media data interactions, scientific publication, pharmacovigilance/safety follow up. Where these transfers are across borders or outside the EEA we shall put safeguards in place to ensure the transfer is made by a legitimate method for the purposes of EU data protection law and secure.
Your personal information may be collected, stored, transferred or processed by our sister companies, or 3rd party service providers for research-related purposes, such as data processing, and fulfilment of incentives both within and outside the EEA. They are all contractually bound to keep any information they collect and disclose to us or, we collect and disclose to them, confidential and must protect it with security standards and practices that are equivalent to our own.
We take appropriate technological and organizational measures to protect the personal information submitted to us, both during transmission and once we receive it. Our security procedures are consistent with generally accepted commercial standards used to protect personal information.
All our employees are contractually obliged to follow our policies and procedures regarding confidentiality, security and privacy.
We adhere to the following standards and industry requirements:
- EphMRA (European Pharmaceutical Marketing Research Association)
- Insights Association
- ESOMAR (European Society for Opinion and Marketing Research
- ISPOR (International Society for Pharmacoeconomics and Outcomes Research)
Cookies are small text files stored on your computer by a website that assigns a numerical user ID and stores certain information about your online browsing. They are used by web developers to help users navigate their websites efficiently and perform certain functions. The website sends information to the browser which then creates a text file. Every time the user goes back to the same website, the browser retrieves and sends this file to the website’s server.
For behavioral tracking research, we use optional cookies / software applications, but only if you have given your explicit consent to such cookies / applications.
As is true of most online studies, we gather certain information automatically and store it in study data files. This information may include things like Internet Protocol addresses (IP address), browser type, Internet service provider (ISP); referring/exit pages, operating system and date/time stamp.
We use this automatically collected information to analyze trends such as browser usage and to administer the site, e.g. to optimize the study experience depending on your browser type. We may also use your IP address to check whether there have been multiple participations in the study from this IP address.
We take all reasonable steps to keep personal information in our possession or control, which is used on an on-going basis, accurate, complete, current and relevant, based on the most recent information made available to us by you and/or by our client.
We rely on you to help us keep your personal information accurate, complete and current by answering our questions honestly and you are responsible for ensuring that the data controller (which may be us or – more often – our client) is notified of any changes to your personal data.
SuAzio consulting may collect personal data that is classified as “special categories” of personal data. You can choose whether you provide this data to us or not.
To request access to personal data that we hold about you, you should submit your request in writing to the e-mail address or postal address shown below in "How to Contact Us".
You have the following rights in relation to your personal data:
- Right to change your mind and to withdraw your consent
- Right to access your personal data
- Right to rectify your personal data
- Right to erase your personal data from our systems, unless we have legitimate interest reasons for continuing to process the information
- Right to port your personal data (portability right)
- Right to restrict processing of your personal data
- Right to object to the processing of your personal data
We shall also notify third parties to whom we have transferred your personal data of any changes that we make on your request. Note that while suAzio consulting communicates to these third parties, suAzio consulting is not responsible for the actions taken by these third parties to answer your request. You may be able to access your personal data held by these third parties and correct, amend or delete it where it is inaccurate.
Personal information will be retained only for such period as is appropriate for its intended and lawful use, unless otherwise required to do so by law, or contractually agreed by our clients. Personal information that is no longer required will be disposed of in ways that ensure their confidential nature is not compromised.
As part of the Company Business Continuity plan and as required by ISO 27001, ISO 9001, ISO 20252 and in certain instances the law, our electronic systems are backed up and archived. These archives are retained for a defined period of time in a strictly controlled environment. Once expired, the data is deleted and the physical media destroyed to ensure the data is erased completely.
If you consider that our processing of your personal data infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state or jurisdiction of your habitual residence, your place of work or the place of the alleged infringement. To find the contact details of your country supervisory authority, please consult our dedicated page here