Quality data collection, data protection and data security is achieved by following industry best practice and quality standards.

This includes the MRS/AQR Recruiter Accreditation Scheme, Market Research Society, Social Research Association, ESOMAR and NCVO codes of conduct and standards.

Importantly, it also includes working in keeping with ISO 27001 – the international standard for information security and data protection, and ISO 20252 – the international standard for Market, opinion and social research.

In keeping with ISO 27001 – the international standard for information security and data protection, and ISO 20252 – the international standard for Market, opinion and social research, we have systems, processes and policies in place that enable us to protect personal data and manage data securely.

With all this in mind, our approach to data security and data protection, through all stages of the data collection and research process, is as follows:

• All databases containing personal information should be password protected.
• All databases containing personal information should be transported using secure data transfer methods.
• All databases are held in a single location with access available only to relevant personnel.
• All on-line/cloud systems are either UK or EU based and comply with GDPR requirements.
• The confidentiality and anonymity of participants are observed and their details are not linked so as to identify them in the reporting of the research results.
• All databases and personal information are not used for any other purpose than the immediate project.
• All databases and personal information are destroyed on completion of the project.
• A senior member of staff is responsible for data protection on any given project and organisationally overall, acting as our Data Protection Officer (DPO).
• We have established policies, processes and systems in line with the requirements of ISO 27001 and compliant with GDPR, including a Statement of Applicability, Information security and data protection manual and training document, access control, remote working, acceptable use, staff and supplier policies.
• Staff are trained and briefed around data protection and information security, including our policies, processes and systems, and required to sign agreements, as part of their terms of contract, that they follow these requirements.
• There is regular management review and reporting, internal and external auditing of our policies, processes and systems, in keeping with the requirements of ISO 27001 and ISO 20252.

Ultimately, we are flexible and adapt our approach to be in line with our clients’ data security and protection requirements.

1. Overview
   Dataly Ltd is a social and market research data collection provider. We are a company registered in England and Wales. We are registered with the Information Commissioner. Please read this Policy carefully as it explains how we collect and use information about you. The Policy has been created to be consistent with the General Data Protection Regulation and is in line with our industry codes of practice around the use of data (Market Research Society).

2. What information do we collect or process about you?
   We will only collect or use information for a specific project on behalf of our clients. The information that you might provide to us could include, for example, your name, email address, telephone number and personal information about your background. You may choose whether or not to give some information to us – we do not collect any information automatically without your consent. We will sometimes be provided with personal information by our clients for a research activity. In such cases, we will manage your data in line with this policy and that of our clients.

3. How do we use the personal information we collect?
   The personal information you provide to us will be used for research purposes only. For example, it may be used to invite you to take part in research and/or to analyse results by different types of people to help our clients provide services to meet the needs of their residents, service users and customers. Your information will be presented anonymously to our clients. This means that your name and contact details will not be linked to your responses, unless otherwise agreed with you.

4. Legal basis for processing personal information
   We will tend to only collect and process your personal data with your explicit consent. In some cases, we may process data because it is in your, our or our clients’ legitimate interests.

5. Who do we share personal information with?
   We will not share your personal information to any other organisation other than our client without your explicit consent.

6. How long do we keep personal information?
   On completion of a project, we will retain your data for up to one year, unless otherwise stated. Personal information will be securely destroyed at the end of this period.

7. How do we keep your data?
   We manage data securely, in line with ISO 27001 – the international standard for information security and data protection. All data is held within the UK or European Union.

8. Your rights and Contact us?
   Please contact us if you have any questions about information we hold about you or about this Policy:

Send an email to: hello@dataly.co.uk

Write to us at: Dataly, 20 Camp View Road, St. Albans, AL1 5LL

As members of the Market Research Society and Social Research Association we are committed to ethical practice and observe by their various codes of conduct and guidance, which is especially important given that we sometimes engage with potentially vulnerable people on sensitive/personal subject matter. The key principles behind our ethical practice and approach to safeguarding are as follows:

• The confidentiality and anonymity of personal and sensitive information is provided for through observing data security and data protection guidelines.
• Participants have informed consent to take part in any data collection processes through accessible and sufficient information provision at the outset.
• Materials are accessible to ensure that all participants can engage effectively.
• All our staff maintain up to date DBS checks and are trained around ethical practice and our safeguarding policies.

Any safeguarding concerns will be reported to the appropriate bodies, in line with our safeguarding policy and those of our clients.