Protection

Protection

This document outlines Ad Hoc Research’s policy relating to the protection of the personal information we gather in the course of our studies, from individuals as well as from businesses.

Personal information includes any information which allows the identification of a study participant, whether such information is in verbal, digital or written form.

The policy is structured according to the ten principles relating to the equitable processing of personal information pursuant to the federal Personal Information Protection and Electronic Documents Act. These principles are interdependent:

  1. accountability;
  2. identifying purposes for collecting personal information;
  3. consent;
  4. limiting collection;
  5. limiting use, disclosure and retention;
  6. accuracy;
  7. safeguards;
  8. openness;
  9. individual access;
  10. challenging compliance.

 

1. Accountability:

Ad Hoc Research is responsible for personal information under its control.

For this purpose, we adopted this policy and designated a person responsible for the protection of personal information.

The designated person is responsible for …

  1. Applying and enforcing Ad Hoc Research’s policy relating to the protection of personal information;
  2. training employees about this policy;
  3. managing inquiries and requests for information;
  4. processing complaints relating to the protection of personal information.

 

The person responsible for the protection of personal information can be reached…

 

2. Identifying purposes for collecting personal information:

In the course of its operations, Ad Hoc Research collects personal information from study participants for the purposes of carrying out such studies.

The purposes for which personal information is collected are identified before data collection in at least one of the following documents:

A complete list of specific information to be collected can be found in the data collection tools (e.g.: questionnaires, discussion guides, interview guides, online community activity guides).

 

3. Consent:

Participation in Ad Hoc Research’s studies, regardless of the type of study (whether they are surveys, focus groups, individual interviews or online communities), is always on a voluntary basis.

Before participating in a study, participants are told that the study is carried out by Ad Hoc Research and they are made aware of the purposes for which the information will be collected. To that effect, Ad Hoc Research ensures that employees tasked with data collection are trained with respect to those objectives in order to adequately inform participants.

The participant’s consent is explicitly obtained by the interviewer upon collection of personal information during which there is human interaction or implicitly when the participant completes an online survey.

During the study, participants have every right to refuse to answer one or more specific questions. They can also terminate their participation at all times.

The data we gather is only presented to our clients in aggregate form. We never disclose any identifiable information relating to a participant without having previously obtained such participant’s explicit consent.

When carrying out studies focused on minors, we gather personal information from such minors only once we’ve obtained the consent of a parent or legal guardian.

  

4. Limiting collection:

Ad Hoc Research only collects personal information which is necessary to the purposes identified in its studies.

The personal information we collect is used solely for the purposes for which it was collected. We do not use such information for other studies or for our specific needs.

Personal information will never be sold to any third parties.

 

5. Limiting use, disclosure and retention:

Ad Hoc Research covenants to use and communicate the personal information it collects only for the purposes for which it was collected. It retains such information only as long as is necessary to fulfill such purposes.

Nominal lists provided by our clients are accessible only to company employees who need to have access to such information as part of their work.

Consequently, when a project is completed, we delete personal information from company files or anonymise such information. For example…

When a client asks for telephone interview recordings, Ad Hoc Research provides recordings starting from the first question of the survey, excluding the introduction where the respondent’s name might be mentioned. The file does not include the respondent’s name or phone number, unless such respondent has given his/her explicit consent. 

When a client asks for focus group or individual interview recordings, the client must agree to safeguard such recording, refrain from disclosing it and destroy it after use.

When a client wishes to remotely attend a focus group or individual interview, the client must refrain from recording any discussions.

 

6. Accuracy:

Ad Hoc Research strives to collect the most accurate, complete and up-to-date personal information possible to meet the informational requirements related to its projects. For this purpose, Ad Hoc Research adopted several quality control measures. Such measures vary according to the data collection method used.

 

7. Safeguards:

Ad Hoc Research covenants to use all appropriate safeguard measures to protect the information with which is it entrusted. For this purpose, it has undertaken the necessary steps to meet the requirements under norm ISO/IEC 27002 by the end of the year 2019.

The personal information we gather is stored on our secure servers located in our Montréal offices. 

All company employees must subscribe to our policy relating to the security of information and agree to be bound by confidentiality obligations upon hiring, and formally reiterate such commitment every year thereafter. Our security policy sets forth the principles that must be rigorously followed by every employee. These rules address such matters as access and transportation of information, personal use of resources and confidentiality of company information.

We require from our partners commitments regarding protection of personal information and security that are at least equal to the ones we follow. Subcontractors are bound by confidentiality agreements, whether or not they have access to sensitive information.

 

8. Openness:

An overview of Ad Hoc Research’s policy relating to the protection of personal information appears on its website, where one can access the complete policy.

In addition, the company’s policy is available upon request to the person responsible for the protection of personal information, whose contact information is indicated at Section 1 of this document.

When required, it is included in the company’s service proposals.

 

9. Individual access:

Upon request by a study participant, Ad Hoc Research notifies the participant with respect to the existence of his or her personal information, the use of such information and, as the case may be, the fact that the information was conveyed to third parties.

Participants can consult the information that Ad Hoc Research keeps relating to them. They can challenge its accuracy and integrity as well as request that appropriate corrections be made. When corrections are requested relating to information provided by one of our clients, we refer the participant to our client or, with the participant’s permission, we relay the corrections directly to our client.

The project manager answers participants’ requests for access to their personal information. We strive to answer such requests within five business days.

When someone we contact to participate in one of our studies asks how we obtained his or her contact information, we answer honestly. Depending on the method of collection, such information can be conveyed by an interviewer, a recruiter or the project manager.

 

10. Challenging compliance:

Any individual can file a complaint in the event that Ad Hoc Research does not comply with the principles set forth in this policy.

The complaint must be addressed to the person responsible for the protection of personal information, whose contact information is indicated at Section 1 of this document.

This person shall see to it that the complaint is carefully and diligently examined and, if required, that necessary actions are taken in order to correct the situation and ensure that similar cases do not reoccur.