PRIVACY POLICY
Last updated December 2021
Contents:
1. Who we are
2. What personal data are
3. How we use your personal data
4. What information we collect
5. How we collect your personal data
6. Which is the legal basis we use for processing your personal data
7. With whom we share your personal data
8. How long we keep you personal data
9. Security of processing of your personal data
10. Data Protection Officer
11. Your legal rights
12. Complaints
13. Changes to our Privacy Policy
1. Who we are
Pulse Market Research Limited (‘PMR’, ‘We’, ‘us’) is limited liability company incorporated in Cyprus under company number HE148203 and is located at 52 Archagelou Michael, Flat 201, Egkomi , 2410 Nicosia, Cyprus.
PMR is a market research company and a member of ESOMAR, an international organization focusing on developing better research methods, of MSPA, a representative Trade Association for companies participating in the Mystery Shopping Industry focusing to improve and stimulate the acceptance, performance, reputation and use of Mystery Shopping services worldwide, of WAPOR an international organization for companies practicing in public opinion surveys and SEDEAK, the Cyprus organization of opinion poll and market research companies. We adhere to the professional standards and codes of ethics which the above association and organizations set out for their members.
PMR is strongly committed to privacy and confidentiality issues entrusted to, is the ‘data controller’ of all personal information that is collected and used by us for the Purposes of the EU Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC, known as GDPR.
This privacy policy (‘Privacy Policy’) explains how we handle and treat your personal information that we collect from you or which we have acquired about you from a third party and the purposes for which we process your personal information. Further, it states your rights in respect of our processing of your personal data.
Please take a moment to read and understand it.
2. What personal data are
Personal data are information that directly or indirectly identifies you as individual.
By indirect identification we mean the identification of a natural personal through the combination of various information.
3. How we use your personal data
For survey purposes: We use your personal data in order to conduct the survey for which the client has engaged us. The information gathered during the survey in form of questionnaires is collected and analyzed, with the aim of delivering credible research data to our customers. Moreover, the data is then translated into useful representations, such as graphs, charts etc.
For statistical purposes: We may process data delivered by the subjects (interviewees) to carry out statistical processes on behalf of our clients to whom we provide our services. The usage data may vary in accordance to the research.
For market research purposes: From time to time, we may also use your information to contact you for market research purposes. We may contact you by phone. We may use the information to customize the website according to your interests.
For recruitment purposes: We may also use your personal data in connection with the assessment of your application for work with us.
For website purposes: This privacy policy also applies to your use of our website at https://www.pulse.com.cy/ (the ”Website”).
For marketing purposes: From time to time we may use your personal data to send you our informative newsletters to our subscribers, that consist of infographics and other forms of statistical information, through SendInBlue. SendInBlue is a marketing automation platform and an email marketing service. Pulse uses SendInBlue as its newsletter platform provider. SendInBlue’s privacy policy is available at: https://www.sendinblue.com/legal/privacypolicy/
4. What information we collect
We only use your personal data for the purposes defined in this Privacy Policy. If we intend to you user personal data for another purpose, we will ask for your prior consent. The personal data that we collect may vary and they may include but not limited to:
a. Survey Respondent data
i. Survey Responses;
ii. Name;
iii. Contact details i.e. email address, postal address, and phone number;
iv. Demographic data i.e. age, gender, professional or educational background etc;
v. Any other data may be necessary depending on the nature of the survey we conduct.
b. Job applicants data
i. CVs
ii. Name, Surname;
iii. Professional Background;
iv. Contact details;
v. Birth date;
c. Website data
COOKIE POLICY
A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
We use Google Analytics cookies to analyse the use of our website. Google Analytics gathers information about website use by means of cookies. The information gathered relating to our website is used to create reports about the use of our website. Google’s privacy policy is available at: https://www.google.com/policies/privacy/
5. How we collect your personal data
We collect your personal data either from the client, who engaged us to conduct the survey and with whom you may already maintain a consuming or business relationship or directly from you.
We may also collect your personal data in the course of a survey. Our dialing software generates random number digits, that are used to make random calls in all Cypriot cities. If case of a response, the survey is conducted with the subjects’ prior consent.
6. Which is the legal basis we use for processing your personal data
Our legal basis for processing your personal data is your freely given and informed consent that you have given to us prior the commencement of the survey we may process. We may also process your personal data when this is necessary for the purposes of the legitimate interests which we pursue i.e. investigating/defending on potential legal claims, complains and disciplinary proceedings.
7. With whom we share your personal data
We may appoint sub – contractors data processors as required to deliver the services such as without limitation IT systems or software providers, IT support services and others who will process personal data on our behalf and at our direction. We conduct an appropriate level of due diligence and put in place contractual documentation in relation to any sub – contractor to ensure that they process personal information appropriately and according to our legal obligations.
8. How long we keep you personal data
We will not retain your data for longer than is necessary to fulfil the purpose it is being processed for. To determine the appropriate retention period, we consider the amount, nature and sensitivity of the personal data, the purposes for which we process it and whether we can achieve those purposes through other means.
We must also consider periods for which we might need to retain personal data in order to meet our legal obligations or to deal with complaints, queries and to protect our legal rights in the event of a claim being made.
When we no longer need your personal data, we will securely delete or destroy it.
9. Security of processing of your personal data
In order to protect you privacy and protect your personal data against unauthorised access, improper use or disclosure, unauthorised modification, accidental loss, destruction or damage we have implemented appropriate information security policies, rules and technical measures such as without limitation:
9.1. Pseudonymization, along with encryption of personal data, pseudonymization is explicitly mentioned as one of the “appropriate technical and organisational measures to ensure a level of security appropriate to the risk”. In other words; it is recommended, where appropriate and feasible as Article 32(1,a) of the GDPR (the text we just mentioned) states.
Moreover, ‘pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person. it is a technique that is used to reduce the chance that personal data records and identifiers lead to the identification of the natural person (data subject) whom they belong too. Furthermore, our business has adopted this policy in order to ensure enhanced privacy, making it easier to process personal data beyond the original personal data collection purposes or to process personal data for survey purposes. The personal data of the subjects (interviewees), is pseudonymized for a period of time. This period, is not predefined, and it extends as long as the company fulfills its main process. In other terms, the period is prolonged until a particular survey is completed.
9.2. Anonymization, is the process by which the already existing “pseudonymized” data, will reach its final state on our database. Our company has adopted the policy of anonymization, in order to ensure that personal data is kept for as long as it is needed by the controller in order to carry its main process. Thereby, after this process is completed there is no way to identify a particular subject and only raw data is left to be stored on our servers.
9.3. Encryption is a broadly used process whereby data gets turned into an encoded and unintelligible version, using encryption algorithms and an encryption key, and whereby a decryption key (which in some forms of encryption is the same as the encryption key) or code enables others to decode it again.
Pulse has adopted its Encryption Policy by ensuring that all databases on the servers are encrypted.
The hosting facilities for our data are situated locally, on our servers in Nicosia, Cyprus.
10. Data Protection Officer
We have appointed a Data Protection Officer (“DPO”) to oversee compliance with this policy. You have the right to make a complaint at any time to a supervisory authority.
Our DPO’s contact details are:
Email: dpo@pulse.com.cy
Telephone number: +357 22447000
11. Your legal rights
You have the following rights in relation to the personal information we hold about you:
• Request information about whether we hold personal information about you, and, if so, what that information is and why we are holding/using it.
• Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
• Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
• Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
• Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
• Object to automated decision-making including profiling, that is not to be subject of any automated decision-making by us using your personal information or profiling of you.
• Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
• Request transfer of your personal information in an electronic and structured form to you or to another party (commonly known as a right to “data portability”). This enables you to take your data from us in an electronically useable format and to be able to transfer your data to another party in an electronically useable format.
• Withdraw consent. In circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
• Lodge a complaint with the supervisory authority. If you have a concern about any aspect of our privacy practices, including the way we have handled your personal data, you can report it to the relevant Supervisory Authority.
Please note that some of the above rights may be limited where we have an overriding interest or legal obligation to continue to process the data or where data may be exempt from disclosure due to professional secrecy obligations.
If you want to exercise any of these rights, then please contact our DPO by Email.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
12. Complaints
If you are unsatisfied with the Company’s actions or wish to make an internal complaint, you may contact the Company’s DPO, whose details are defined above.
13. Changes to our Privacy Policy
We may make changes to this Privacy Policy from time to time. To ensure that you are always aware of how we use your personal data we will update this Privacy Policy from time to time to reflect any changes to our use of your personal data. Where it is practicable we will notify you by email of any significant changes. However, we encourage you to review this Privacy Policy periodically to be informed of how we use your personal data.
Important Note:
If you have any questions about this Privacy Policy or want to exercise your rights sets out in this Privacy Policy, please contact us by:
– Sending an email to: info@pulse.com.cy
– Call us on: +357 22447000