Protection

This document outlines Ad hoc research’s policy regarding the protection of personal information that we collect in the course of our studies, whether from individuals or companies.

Personal information consists of any piece of information that can be used to identify a participant in one of our studies, whether that information is in verbal, electronic, or written form.

Personal information consists of any piece of information that can be used to identify a participant in one of our studies, whether that information is in verbal, electronic, or written form.

1. accountability;
2. identifying purposes for collecting personal information;
3. consent;
4. limiting collection;
5. limiting use, disclosure and retention;
6. accuracy;
7. safeguards;
8. openness;
9. individual access;
10. challenging compliance.

1. Accountability:

Ad Hoc Research is responsible for personal information under its control.

To this end, the company has adopted this policy and appointed a privacy officer. The privacy officer has decision-making authority and direct access to management.

The main duties of the privacy officer are to...

1. ensure compliance with Ad hoc research’s privacy policy and laws related to the protection of personal information;
2. train and educate employees about this policy;
3. manage requests related to the policy (e.g., requests for access, removal, etc.);
4. handle complaints about privacy protection;
5. maintain a record of confidentiality incidents;
6. coordinate actions in the event of incidents.

Contact information for the privacy officer:

• Richard Saint-Pierre, Associate Vice-President personal-Information@adhoc-research.com..
• Ad hoc research, 400 De Maisonneuve Blvd. West, Suite 1200, Montreal, Quebec, H3A 1L4

2. Identifying purposes for collecting personal information:

As part of its activities, Ad hoc research collects personal information from participants in its studies to meet the information needs of those studies.

The purposes of collecting information are described before data collection begins in one or more of the following documents:

• The client’s request for proposals.
• Ad hoc research’s service offer.
• The project file.
• The data collection tool(s) (e.g., questionnaire, discussion guide, interview guide, online community activity guide).

The complete list of specific information to be collected can be found in the collection tools (e.g., questionnaire, discussion guide, interview guide, online community activity guide).

3. Consent:

Participation in Ad hoc research studies, regardless of their nature (surveys, focus groups, individual interviews, online communities), is always voluntary.

Before agreeing to take part in a study, participants are informed that it is being conducted by Ad hoc research and are told the objectives of the information gathering. To this end, Ad hoc hoc research ensures that its data collection staff are trained on the objectives of the study so that they can adequately inform participants.

The participant’s consent is obtained explicitly by the interviewer in data collection involving human intervention or implicitly by the participant when responding to an online survey.

During the study, participants have the right to refuse to answer specific questions. They may also withdraw from the study at any time.

The information we collect is presented to our clients in aggregate form only. We do not disclose any information that could identify a participant unless we have obtained their explicit consent in advance.

When conducting research targeting minors under the age of 14, we collect personal information from them only after obtaining the consent of a parent or legal guardian.

4. Limiting collection:

Ad hoc research collects only the personal information necessary for the purposes determined by its studies.

The personal information we collect is used only for the purposes for which it was collected. We do not use it for other studies or for our own specific needs.

5. Limiting use, disclosure and retention:

Ad hoc research undertakes to use or disclose the personal information it collects only for the purposes for which it was collected. The company retains this personal information only for as long as necessary to fulfill these purposes.

The lists of names provided by our clients are only accessible to company employees who need access to this information in the course of their work.

Thus, at the end of a project, the company deletes the personal information collected from its systems or renders it anonymous. For example:

• The lists of names provided by our clients are deleted.
• Data that could identify respondents (e.g., first name, last name, phone number, address, email, etc.) is deleted from project documents and databases.
• Recordings of interviews and focus groups, as well as each participant’s responses in online communities, are deleted.

When a client requests recordings of telephone interviews, Ad hoc research sends recordings starting with the first question on the questionnaire, excluding the introduction where the respondent’s name may be mentioned. The file does not mention the respondent’s name or phone number, unless the respondent has given their explicit consent.

When a client requests a recording of a focus group or individual interview, they must agree to store the recording securely, not to distribute it, and to destroy it after use.

When a client wishes to attend a focus group or individual interview remotely, they must agree not to record the interview.

Personal information is never sold to anyone.

6. Accuracy:

Ad hoc research aims to collect personal information that is as accurate, complete, and up to date as possible in order to meet the information needs of its projects. To this end, it has implemented several quality control mechanisms. These control measures differ depending on the methodology used for data collection.

7. Safeguards:

Ad hoc research is committed to using appropriate safeguards to protect the information entrusted to it. To this end, the company follows the requirements of ISO/IEC 27001:2022.

All company employees must sign the information security policy and confidentiality agreement upon hiring. Each year, all employees receive mandatory training on the latter and must formally reiterate their commitment. Our security policy sets out the principles that must be strictly followed by every employee of the firm. The rules cover, in particular, access to and transport of information, personal use of resources, and confidentiality of company data.

We require our partners to make commitments to personal information protection and security that are at least equivalent to our own. Subcontractors are bound by confidentiality agreements regardless of whether or not they have access to sensitive information.

We prefer to host and process data in Canada, specifically on our secure servers located in our Montreal offices. However, some of our partners—particularly cloud service providers and analytics tool providers—may host certain data outside the country, mainly in the United States or in European Union member countries. Before transferring any personal information outside Quebec, we conduct a privacy impact assessment to ensure that the protective measures in place are equivalent to those required by applicable legislation.

Any incident involving a leak, loss, or unauthorized access to personal information is recorded in an internal log. If the incident poses a serious risk of harm, the person concerned and the Commission d’accès à l’information will be notified as soon as possible. Where appropriate, corrective measures are immediately implemented to limit the impact and prevent the recurrence of such incidents.

8. Openness:

The Ad hoc research website provides a summary of the privacy policy and provides access to the company’s complete policy on this subject.

In addition, the company’s policy is available upon request from the privacy officer, whose contact information is provided in Section 1 of this document.

When required, it is included in the company’s service offerings.

9. Individual access:

When requested by a participant in our studies, Ad hoc research informs them of the existence of personal information concerning them, the use made of it and, where applicable, the fact that it has been disclosed to third parties.

Participants may consult the information that Ad hoc research holds about them. They may contest its accuracy and completeness. They may have appropriate corrections made. To do so, they must contact the privacy officer, whose contact information is provided in Section 1 of this document, and include proof of identity. When the requested corrections concern information provided by one of our clients, we refer participants to our client or, with the participants’ permission, we relay the corrections directly to our client.

The project manager is responsible for responding to participants requesting access to their personal information. We aim to respond within five business days.

When a person contacted to participate in one of our studies asks how we obtained their contact information, we respond honestly. Depending on the method of collection, this information may be provided by an interviewer, a recruiter, or the project manager.

You may request to be removed from our call lists at any time. To do so, please contact us at 1-800-937-4040.

10. Challenging compliance:

Anyone may file a complaint regarding Ad hoc research’s failure to comply with the principles set out in this policy.

Complaints should be addressed to the privacy officer, whose contact information is provided in Section 1 of this document.

The privacy officer will ensure that the complaint is reviewed carefully and diligently and that, if necessary, appropriate action is taken to correct the situation and prevent similar cases from recurring. We aim to respond to complaints within 30 days.

Last update: August 8, 2025