Please note that this Policy applies in conjunction with other policies and procedures. It does not establish contractual or legal rights for any persons, but intends to comply with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter, the ‘General Data Protection Regulation’ or ‘GDPR’).
Step Beyond Ltd is the controller of the personal data you submit to us and is responsible for the processing of your personal data under the applicable data protection legislation. Our registered address is Maltings, Aston, Stone ST15 0BW
3.1 Personal Data We Collect About You
Because data privacy is of high importance for us, we intend to remain open and transparent about how we use your personal data. Step Beyond will only collect your personal data where necessary for our research projects.
We may collect, use and disclose (i.e., process) the following types of personal data about you: your contact information, such as a name, surname, address, e-mail address, IP address and telephone number. We may also collect demographic information to ensure our surveys are representative of the wider population and to use in our analysis to help us understand the needs of specific groups.
Although we are technically considered ‘data controllers’, the ultimate control over your personal data remains with you at all times. Provided you give us a proof of your real identity, you have the right to request access to a copy of the personal data we currently maintain about you in a structured, commonly used and machine-readable format and obtain information regarding the processing, including whether we process your personal data for profiling purposes. In case you notice an error in your personal data, you may also request that we rectify the inaccurate personal data or complete your personal data.
3.2 Legal Grounds For Processing
Under the applicable data protection legislation, personal data may only be collected and processed based on a limited number of legal grounds. At Step Beyond, we rely on one of the following grounds to process your personal data:
You may object at any time to the use of your personal data for profiling by Step Beyond, provided that we process your personal data based on our legitimate interests, by contacting our data protection officer using the contact details below, without any additional cost.
Step Beyond is committed to the processing of your personal data in a lawful, fair and transparent manner. Accordingly, we will only use your personal data if we have a valid reason for doing so and provided you have been informed of the processing purposes beforehand, at the time we collected your personal data.
Moreover, Step Beyond guarantees that any processing of your personal data will be limited to what is necessary, adequate and relevant in order to achieve the purposes for which personal data is collected. Step Beyond will use anonymized or pseudonymized data, e.g. for our internal analysis and reporting purposes, in compliance with the Market Research Society’s Code of Conduct.
Because the protection of your personal data is of the upmost importance to us, Step Beyond is also dedicated to protect your personal data and the systems it is held in. We have defined and implemented adequate technical and organisational measures against any unauthorised access, unlawful use, accidental loss, corruption or destruction. This way, Step Beyond is confident that your personal data will be processed on a strictly ‘need to know basis’, when and where appropriate and necessary.
As we are fully aware threats evolve and diversify we regularly review and update our security measures and infrastructure, with a view to mitigate operational risks and maintain our security programs up to the latest industry-accepted standards and best practices.
We will securely delete your personal information 12 months after you have taken part in any research project. We will also keep your personal data separate to the answers you give to our surveys.
Where relevant and necessary for the purpose of the processing activity, we may occasionally need to disclose your personal data to other appropriate organisations who have a need to know (so-called ‘third party recipients’), based on our legitimate interest. This might for example include our data processing partners or fieldwork quality supervisors.
Each time your personal data is shared externally, this will be covered by strict data processing agreements, where Step Beyond remains the data controller and the third parties involved act as data processors. Step Beyond shall restrict the access and transfer of your personal data to trusted third party recipients who demonstrate an adequate level of data protection. Moreover, these third-party recipients will be required to delete or return all the personal data to Step Beyond after the end of the provision of Services relating to the processing and delete existing copies, unless the law requires storage of the personal data.
Step Beyond only keeps your personal data for as long as necessary to fulfil the purpose for which we initially collected it. Under the MRS Code of Conduct we are obliged to keep it for a minimum of 12 months after you take part in the survey. After 12 months we will securely erase your data.
Under certain circumstances, and provided you give us a proof of your real identity, you may exercise your right to request the erasure of your personal data. Please be aware that this is only possible to the extent that the personal data is no longer necessary for the initial purpose (i), if the processing was based on your consent and you withdrew it (ii), or where you have already objected to the processing based on our legitimate interest (iii).
Except when we need to keep a copy of your personal data for statistical purposes, or insofar as we are legally required to retain a copy of your personal data, you can rest assured Step Beyond shall either securely dispose of or permanently anonymize your personal data once we have fulfilled the initial processing purpose and when further retention of your personal data is not necessary anymore.
For further information or if you wish to exercise one of your above-mentioned rights, please contact us at firstname.lastname@example.org. We will do our best to reply to your e-mail as soon as possible, and in any case within one month. If fulfilling your request necessitates more time, we will keep you informed of this and come back to you within two additional months. Step Beyond will charge you nothing for this request, unless we have already provided you with the requested information previously or it appears unreasonably difficult for us to retrieve it. In such case, we will inform you beforehand of the administrative fee.
If you are not satisfied with the way we handled your request, you have the right to request the restriction of our use of your personal data and lodge a complaint with the supervisory authority responsible for the protection of personal data in your country of residence. Although we sincerely hope this won’t be necessary, we have provided the contact details of the relevant data protection authorities below.
Water Lane, Wycliffe House, Wilmslow – Cheshire SK9 5AF
Tel: +44 1625 545 745