Data Protection & Privacy

(Article 6, ESOMAR Code of Conduct, revised 2017)

(a) If researchers plan to collect personal data for research that may also be used for a non-research purpose, this must be made clear to data subjects prior to data collection and their consent for the non-research use obtained.

(b) Researchers must not share a data subject’s personal data with a client unless the data subject has given consent to do so and has agreed to the specific purpose for which it will be used.

(c) Researchers must have a privacy notice that is readily accessible by data subjects and is easily understood.

(d) Researchers must ensure that personal data cannot be traced nor an individual’s identity inferred via deductive disclosure (for example, through cross-analysis, small samples, or combination with other data such as a client’s records or secondary data in the public domain).

(e) Researchers must take all reasonable precautions to ensure that personal data is held securely. It must be protected against risks such as loss, unauthorized access, destruction, misuse, manipulation, or disclosure.

(f) Personal data is to be held no longer than is necessary for the purpose for which it was collected or used.

(g) If personal data is to be transferred to subcontractors or other service providers, researchers must ensure that the recipients employ at least an equivalent level of security measures.

(h) Researchers must take particular care to maintain the data protection rights of data subjects whose personal data is transferred from one jurisdiction to another. Such transfers must not be made without the consent of the data subject or other legally permissible grounds. In addition, researchers must take all reasonable steps to ensure that adequate security measures are observed and that the data protection principles of this Code are complied with.

(i) In the event of a data breach containing personal data researchers have a duty of care for the data subjects involved and must follow all applicable data breach notification laws.

For more documents of the ESOMAR, please access:

Thiết kế website bởi Mona Media