Tebbutt Research Confidentiality
Confidentiality at Tebbutt Research is considered in the context of data, products, and other information collected and used for the purposes of research.
Privacy at Tebbutt Research is considered in the context of personally identifiable information (PII) that could potentially identify a specific individual.
Tebbutt Research understands the needs and expectations of our research clients, participants, and anyone else who provides information in the form of documents or products, regardless of format or media, and undertakes to treat this information confidentially and secure from misuse.
Where information provided is of a personally identifiable nature, additional processes shall be initiated in accordance with legal and industry standards.
Legal and Industry considerations
- The Research Society Code of Professional Behaviour
- The Research Society fact sheet – MSR and the Privacy Act 1988 and Australian Privacy Principles
- ISO 20252: 2019 Clause 4.3 Information Security
- The ESOMAR Code of Conduct
- General Data Protection Regulation (GDPR) policy
General confidentiality and privacy controls
Assets including buildings and infrastructure, hardware and software, fixed and mobile devices are subject to protective protocols due to the risks associated with data storage.
Unattended electronic assets whether fixed or mobile are secured by the user and monitored centrally by a designated IT officer. Access controls of devices and software platforms are restricted to designated personnel as administrators. Individual users do not have access to modify critical system settings.
Secure areas in the building where sensitive documents, products or data are stored are subject to lockable restraints.
Operations security protection protocols are in place to:
- ensure hardware and software is protected from cyber-attack, malware, and unrestricted use,
- restrict access to equipment on a user-need basis,
- ensure cyber security protocols are maintained,
- operational data is protected via backup from loss of data, and
- operational data is monitored via logs and audits or other monitoring to track technical integrity and risk.
Information handling and transfer
Information transfer responsibilities, authorisations and protocols are assigned to a senior project manager taking into account client specific requests, legal requirements and local issues related to security of project information on transfer. This applies to all external parties including clients, participants, and outsourced providers/vendors.
Your Personal Information
In general, the type of personal and sensitive information Tebbutt Research collects and holds includes (but is not limited to): contact details, e.g., name, month, year of birth, location, telephone number, email address, occupation and other details provided by you relating to your family composition, product or service usage as well as a record of your participation in market research activities organised by us. Other details relating to individuals’ profiles may include behaviours, attitudes, and opinions.
How we use your personal information
Tebbutt Research uses and discloses your personal information for the primary purpose for which it is collected, for reasonably expected secondary purposes which are related to the primary purpose and in other circumstances authorised by the Privacy Act, the GDPR and legislation relevant to your country of residence.
In general, we may use and disclose your personal information for the following purposes:
- to extend invitations to participate in market research;
- for quality control or validation of research participants;
- to provide our research clients with profiling information about participants recruited to their study;
- to monitor participation rates;
- to contact past participants to conduct further, follow-up research;
- to comply with our legal obligations; and
- to help us manage and enhance our services.
Apart from the above circumstances, your personal information will not be disclosed without your consent unless legally obliged to do so.
Personal information about research respondents will only be used in compliance with the Privacy Act, the GDPR, and legislation relevant to your country of residence.
When we disclose your personal information
With your permission, we may disclose your personal information to:
- other companies or individuals who assist us in providing services or who perform functions on our behalf and organisations that carry out activities essential to our research activities, including for quality control activities, data entry, data processing, conduct of interviewing, contacting people to ask them to participate in research exercises, or
- anyone else to whom you authorise us to disclose it, usually our client.
Unless required or authorised by law, the identity of research respondents will not be disclosed to anyone not directly involved with the research project or to (end) clients requesting the research or used for any non-research purpose without the individual’s consent.
Sending information overseas
Data including your personal information is typically collected in your country of residence and may be transferred to our data processing centre in Australia, and our operations centres in Fiji, Papua New Guinea, and Solomon Islands.
All personal information crossing international borders is done so in compliance with the GDPR, including the requirement for data to be encrypted in transit.
Some personal information which we collect is classified as sensitive information. Sensitive information includes information relating to a person’s racial or ethnic origin, political opinions, religion, trade union or other professional or trade association membership, sexual preferences and criminal record, that is also personal information, and health information about an individual.
Sensitive information will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose, unless you agree otherwise, or where certain other limited circumstances apply, for example, where required by law.
Management of personal information
The APPs and GDPR require us to take reasonable steps to protect the security of personal information. Tebbutt Research staff are required to respect the confidentiality of personal information and the privacy of individuals.
Tebbutt Research takes a range of technical, administrative, and physical security steps to protect personal information held from misuse, loss and from unauthorized access, modification, or disclosure, for example by use of physical security and restricted access to electronic records.
Where we no longer require your personal information for a permitted purpose, we will take reasonable steps to de-identify or destroy it.
How we keep personal information accurate and up to date
Tebbutt Research takes reasonable steps to make sure that the personal information it holds is accurate, complete and up to date. Our contact details are set out below.
The Tebbutt Research website
When visiting our website, the site server makes a record of the visit and logs the following information for statistical and administrative purposes:
- the user’s server address – to consider the users who use the site regularly and tailor the site to their interests and requirements;
- the date and time of the visit to the site – this is important for identifying the website’s busy times and ensuring maintenance on the site is conducted outside these periods;
- pages accessed and documents downloaded – this indicates to Tebbutt Research which pages or documents are most important to users and also helps identify important information that may be difficult to find;
- duration of the visit – this indicates to us how interesting and informative Tebbutt Research site is to visitors;
- the type of browser used – this is important for browser specific coding.
A cookie is a piece of information that an Internet web site sends to your browser when you access information at that site. Cookies are either stored in memory (session cookies) or placed on your hard disk (persistent cookies). The Tebbutt Research website does not use persistent cookies. Upon closing your browser, the session cookie set by this web site is destroyed and no Personal Information is maintained which might identify you should you visit our web site at a later date.
Retention and destruction of Personal Information
Tebbutt Research will destroy or de-identify your personal information as soon as practicable once it is longer needed for the purpose for which it was collected. However, we may be required by law to retain your Personal Information after your relationship with us has expired. In this case your Personal Information will continue to be protected in accordance with this Policy. If we destroy Personal Information, we will do so by taking reasonable steps and using up-to-date techniques and processes.
Questions, issues, and complaints
Where we hold information that you are entitled to access, we will endeavour to provide you with a suitable range of choices as to how access is provided (e.g., through direct login to your profile or by emailing it to you).
- Email our data privacy officer: email@example.com
- Telephone our head office in Australia: +61 7 55532 4666
We will respond and advise whether we agree with your complaint or not. If we do not agree, we will provide reasons. If we do agree, we will advise what action we consider is appropriate to take in response. If you are still not satisfied after having contacted us and given us a reasonable time to respond, then we suggest that you contact the Office of the Australian Information Commissioner on Email: firstname.lastname@example.org