Market research privacy notice
Last amended: 16 October 2023
Effective date: 28 May 2018
Last amended: 31st October 2022
Effective date: 25th May 2018
This Policy applies to the data collected by the RONIN International website and to the data we collect and hold for you for and from market research studies online and over the phone – either as a one-time research participant or a member of our panels. For your convenience, this Policy includes links to resources that may aid you in understanding how our Policy applies to you. This Policy does not extend to these external resources and we have only included these links for information and reference purposes. If you go to these 3rd-party sites, you will become subject to their privacy policies. Please refer to them for guidance on your data.
1. Our work
What is market research?
We conduct telephone and online market research all over the world from our UK office to service the needs of our clients and their clients in understanding you, as current or potential customers (or as a person representative of their potential customers), the market you live and work in, and the products and services that you use – that is market research.
2. Our clients
Who do we work for?
Our research is conducted on behalf of a range of clients, such as small businesses hoping to develop products and services to better suit your needs, research agencies contracted by pharmaceutical manufacturers that need to know how their products are doing, government agencies that need to find out how to shape future policy – and everything in between. We may run projects for other sponsors like consultancies and business owners.
We only carry out market research projects. Your participation in our studies will never result in sales or marketing communication from us, our clients, or any linked third-party. Market research is an important function that lets businesses thrive, offer better service, and where healthcare market research is concerned even lets us report instances of adverse events in patients to support the efforts of pharmacovigilance departments worldwide.
3. Why we contact you
You heard from us.
Any communication you receive from us, such as e-mail invitations or phone calls, will clearly identify us and explain the purpose(s) of our contact.
When we contact you, it will generally be for one of the following purposes:
- To invite you to take part in a market research or customer satisfaction survey
- To conduct a telephone interview as part of a market research survey
- To verify the answers you recently provided in a market research survey
- To validate your registration to our panel
- If you are part of our panel, to update and ensure our records are accurate
We may occasionally contact you for other purposes; we would have asked for your permission upfront before contacting you again. If we contact you for any other reason, we will always ensure the purpose is compatible with your previous consent.
In nearly all cases, we will only process your data based on your informed consent to do so. The only exception to this will be in case we share your contact details with a carefully-selected third party we commission to carry out a validation on your information, like confirming that you took part in a recent survey. This is to ensure that we meet our strenuous quality requirements and because it would not be practical to seek for your specific consent when doing so. This is a legitimate interest for a business such as ours, but we will always do so in accordance with this Policy and will only do this after carefully assessing how this will impact your privacy. If the assessment is not satisfactory, we will not proceed.
4. How we contact you and where our contact details come from
Helping you understand how we reach you
The contact details we have for you can come from a variety of sources. We will always let you know what the source of your contact details were when you speak to us.
- By e-mail If we are contacting you by e-mail, you had spoken to us previously and you indicated an interest in taking part in further and similar types of research. At this point, you would have shared an e-mail address we can use for this purpose. Alternatively, we may be contacting you on behalf of our client. If they provide you with products and services, they could have asked us, as an independent research agency, to speak with you to understand how satisfied you are with them. Sometimes, employers also ask us to run internal staff surveys to understand how satisfied you are with them, too. The privacy notice of our client will mention they sometimes share your details and work with companies such as ours for market research purpose.
- By phone If we are contacting you by phone, the above still applies but we may also have found your phone number on publicly available databases, because we think you meet the criteria of our research. This process is called ‘desk research’ and helps us reach appropriate research candidates by phone, based on country of residence, job title, or industry sector. We sometimes also work with third-party vendors that build lists of publicly available information to help us reach the right individuals. Alternatively, your telephone number might have come up during a process called ‘random-digit-dialling’ – visit https://www.ronin.com/telephone to find out more!
- Other methods We sometimes send documentation about our work to your workplace, so that you can reach out to register your interest, like a ‘register your interest’ poster. You might see some posts from us on social media. Alternatively, if you’re on LinkedIn, you may have been the recipient of one of our campaigns. Whenever this happens, we’ll ask you to submit some details about you and contact you directly to confirm that you meet the criteria for a specific survey.
5. The data we collect
What information do we get from you?
On our website Our contact form will collect the following information from you: a name, e-mail address, the name of your company and a telephone number. This allows us to help you with your query and provide any feedback we may have.
If you want to join our IT or Healthcare communities, we’ll ask you for your full name, telephone number, e-mail address, medical specialty or job title, and your country of residence. This is so that our team can get in touch and validate your details as a member of our panel. We will ask you a few more questions to understand your specific circumstances.
If you are applying to join our telephone research teams, we’ll ask for the same kind of information, but we’ll also ask for your address so that we can check whether you’d find it easy to reach us for work, and of course we’ll need to know which languages you speak. You can also choose to include a CV to your submitted form for our team to review.
Over the phone As we will tell you whenever speaking with you over the phone, we record all of our calls to ensure our teams are treating you fairly, working in a professional and courteous manner, and delivering a level of service that meets our internal standards and those of the relevant Codes of Conduct. We will always confirm this is fine with you before proceeding with the call, and these recordings will never be shared with anyone other than individuals whose role at RONIN includes responsibility for quality control – unless there is a separate purpose for which these recordings are needed, such as analysis, in which case we will ask you to consent to this separately before proceeding with the call.
6. Incentive payments
Earn money by taking part in valuable research
If you successfully completed one of our surveys, it is possible that you are entitled to receive an incentive (also referred to as honorarium or payment). The value of this incentive will vary depending on the length, complexity, and topic of the survey. We will always tell you upfront what the value, currency and method of this incentive payment will be.
All RONIN International incentive payments are governed by specific Terms and Conditions, available at: https://www.ronin-rewards.com/terms-and-conditions/. We handle all the incentive payments for our surveys, but on occasion we recruit participants to take part in the surveys of third parties. When this is the case, the 3rd-party may be administering the incentive. We will make this clear to you when contacting you about taking part in any survey.
For you to receive an incentive, we will need your e-mail address to send you an Amazon voucher or PayPal payment. Unless you previously consented to other purposes, your e-mail address will only be used to send you this payment and will be deleted once we have confirmation that the payment was received successfully and to your satisfaction.
7. Our role in the processing of your data
Who is responsible for your data?
When we get in touch with you, we will always tell you who we are, provide our contact details, and provide the name(s) of the data controller(s) that decided how your data should be processed. Most of the time, we are commissioned by our clients to get in touch with you, either as named individuals or as professionals that fit within the category of respondents being researched, and this means that they are the data controller, i.e. without them, no data processing would have occurred. This applies even if your relationship is with us, and they will never receive any of your personal data (if that were ever the case, we would ask for your informed, specific consent before doing so). Depending on the circumstances, we may be joint data controllers. Because you enter in a relationship with us when you take part in our surveys, we have a legal obligation to give effect to some of your rights, should you choose to exercise them. Please read on to find out what this means and how this can affect you.
8. Data controllers and data processor
Who is responsible for your data?
In a market research survey, different parties come together to form the ‘research chain’. It begins with the research sponsor, the company that decides they want to run a market research project. Next comes the research agency that designs the survey and will report its findings back to the research sponsor. Then comes the fieldwork agency that implements the survey online or over the phone and speaks to respondents all the over the world to collect the opinions and insights that are needed to write the reports. In addition, some other third-parties might get involved to help with some specialised elements of the project, which will vary widely project by project.
Under the applicable data protection legislation, a data controller is the entity that determines the purpose for which (“why”) and the manner in which (“how”) data is processed. On the other hand, a data processor will act on the specific instructions of the data controller and hold you details for only as long as necessary to complete the work requested of them by the data controller. In any market research project, there will often be more than one data controller and it may also include the support of multiple data processors. All of these parties are legally-bound to protect your privacy and give effect to your rights provided by GDPR.
9. Exercising your rights provided under GDPR
Data relationships on your own terms
At any time, you can request access to the personal data we hold about you. Once you get in touch, we will need to determine whether we are the data controller for your personal details. If we are not, we will ask you to get in touch, speak directly with the data controller or ask you if we can get in touch with them on your behalf. If we are the data controller, you may be able to access this personal data, and correct, amend or delete it, except in the following circumstances:
- The cost of doing so would be disproportionate and unreasonable; or
- We could not release your data without releasing data from other individuals, or confidential commercial information of RONIN or our clients
Based on your consent for us to process data, you also have a right to portability, which means you can request to receive personal data you provided to us in a format that is easy to read and that could be reused by others, if you wanted to share it with another data controller.
You can also ask us to rectify the records we hold on you. Inaccurate information can lead to frustration or misleading communication, and we are committed to making sure the information we hold on you is as accurate as possible. We work hard to keep personal information in our control accurate, complete, current and relevant, based on the most recent information available to us. We rely on you to help us keep your personal information accurate and current by answering our questions honestly.
You also have a right to erasure, also known as the ‘right to be forgotten’. If you consented to our holding or processing your data, you have a right to have any data we hold for you erased if you want to withdraw your consent. Because we often contact you on behalf of other companies that may have shared your contact details with us, we will sometimes need to get back to the company that shared your details and advise them of your decision to withdraw consent. There are limits to what this right to erasure can accomplish: if we erase all your details, we may be in contact with you again by random chance simply because market research must often get in touch with a representative sample of the population; it does not mean we kept your details, but that they came up in random sample selection.
You are also allowed to exercise your right to restrict the processing of your personal data. The right to restrict means that we will no longer do any further processing with your data, other than storing your details for the sole purpose of making sure we do not carry out any further data processing; we would do nothing else with your details. This is often the best way to prevent any further contact from us because it allows us to keep just enough information to make sure your contact details are excluded from any subsequent projects.
As mentioned, we may sometimes share your personal data with 3rd-party vendors for quality control purposes. Because our legal basis for doing so is legitimate interests, you have a right to object to this processing. Any vendors we contract will operate in accordance with data protection legislation and will make it clear to you when first contacting you that you may object to this processing at any time – this will be communicated to us and acted upon.
g. Timelines and identity verification
If you want to exercise any of these rights, please contact us via e-mail or postal mail at the contact details provided under ‘Getting in touch’. Our teams will endeavour to act on your requests no later than 30 days after receipt. If we require more time, we will let you know within this timeframe. We may need to get in touch first to ask for additional information confirming your identity, so that we do not act on malicious or fraudulent requests.
This information will only be stored to verify that your request is genuine after which it will be destroyed; it will not be used for any other purpose. If your request is likely to affect other data subjects, we may take additional verification steps, but this will be communicated to you in writing. If we cannot deliver on your request at all, we will be in touch in writing to explain why. If the request is deemed unreasonable or excessive, we may request you to pay a small fee before we send you a copy of your data – this will be kept to a reasonable amount.
10. Withdrawing consent and withholding information
No obligations in research
If you previously consented to our processing your personal data, you can withdraw this consent at any time. There are two methods for you to do so:
- Over the phone If you would like to do so over the phone during a survey, please let our telephone interviewers know and we will act on this immediately. We will end the interview and record your consent withdrawal for that survey.
- Online please e-mail us at firstname.lastname@example.org quoting your full e-mail invitation reference number and stating you no longer consent to taking part in this study. You can also end your participation at any time by closing the survey.
- E-mail If you no longer want us to process your data for any purpose, including future survey invitations, please e-mail us at email@example.com to let us know.
When you participate in our research, we may ask you for your personal opinions, as well as demographic information, such as your age and household composition. You are under no obligation to answer any question we ask you and you can discontinue participation in a study at any time. If you join the RONIN market research panel, you may leave it at any time by following the unsubscribe instructions that we include in every e-mail that we send you.
11. Confidentiality of survey responses and personal data
Protecting your identity
When working on reports or feeding back the results of surveys we conduct, we include your responses in a list with all the other participants and report this in a file to our client where you are not identifiable. This may then be used by our client to report to the research sponsor with findings from the survey. We will never report your individual survey responses or convey them in such a way that you are personally identifiable in the file, with a few exceptions. We may disclose your data and survey responses to 3rd-parties as follows:
- You request or consent to sharing your identifying information and individual responses with the third parties for a specified purpose;
- We provide your responses to a 3rd-party who is contractually bound to keep the information disclosed confidential and use it only for research purposes; this may be to ensure they do not contact you again to take part in a survey you already completed or for quality control purposes;
- In the rare but possible circumstance that the information is subject to disclosure pursuant to judicial, legal or regulatory requirements.
Your survey responses may be collected, stored or processed by our affiliated companies or non-affiliated vendors, both within and outside the EU. They are contractually bound to keep any information they collect and disclose to us or we collect and disclose to them confidential and must protect it with security standards and practices that are equivalent to our own, no matter where they themselves are based. See ‘International transfer of data’.
12. Security of personal information
Protecting your data
We inform and train our employees about our policies and procedures regarding confidentiality, security and privacy, and we emphasise the importance of complying with them. Our security procedures are consistent with generally accepted commercial standards used to protect personal information and are reviewed regularly to ensure this is maintained.
We may transfer personal information to affiliated companies or non-affiliated vendors for research-related purposes, such as data processing. We require these companies to safeguard all personal information in a way that is consistent with our measures and as regulated by law. We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it. These include encryption, password-protection, secure file transfer and other measures like limiting the number of users that can access your information at any point in time – we review this on a regular basis.
13. International transfer of data
Protecting your data within the EEA and abroad
We will sometimes need to transfer your data outside of the European Economic Area (‘EEA’) to make sure we can deliver on our services, either the support of vendors or because our clients are not based in the EEA. When we do this, we will tell you upfront before processing your data and get your explicit consent to do so and any transfer of data will be done securely. The data will only be used in the same way it would be used in the EEA, with the same concern for your rights and your privacy. This will be safeguarded by at least one of these measures:
- The transfer will be with a country that has data protection laws recognised by the European Commission to provide protection adequate with the standards of the EEA;
- We will put in place a contract between the recipient of the data that requires them to protect your data to the same standards as those applicable in the EEA.
14. Retention of data
If we don’t need it, we delete it
We will always make sure to keep only the data we need and only for the time we need it for. We review the data we hold on a regular basis. If we find the purpose for which we collected it is no longer relevant – we delete it. We also strive to collect only the data we need.
The specific timeframe will vary but if we have no business or legal need to keep it, we will either delete it securely or anonymise it to ensure no one can ever link you to it. For example:
- We may need to hold information about you for longer than usual in case you earned an incentive by taking part in research, but you have yet to redeem it on our website.
- If you are a healthcare professional, we may need to keep reports of Adverse Events you mentioned about patients until we are satisfied it was followed-up on properly.
15. Quality Standards
Business excellence delivered
Our commitment to you and the quality of our work is enshrined in the following memberships of trades associations and certification to ISO standards.
- Company Partners of UK Market Research Society (MRS)
- Corporate Members of The British Healthcare Business Intelligence Association (BHBIA)
- Members of the European Society for Opinion and Marketing Research (ESOMAR)
- Registered with the Information Commissioner’s Office (number: ZA219373)
- ISO 20252-certified (quality management system for operational excellence)
- ISO 27001-certified (information security standard)
For more information on these laws, codes and guidelines, please go online.
16. How to opt-out from further e-mails
Getting too many e-mails?
We hope that you are satisfied with the content and nature of our communication with you, but if you no longer want to receive e-mails from RONIN, please click on the ‘unsubscribe’ link at the bottom of our e-mails.
17. Getting in touch
Questions or queries?
We have appointed a Data Protection Officer who is the point of contact for any questions you may have in relation to this Policy, your personal data and how we use it. The DPO also acts as the point of contact for any organisation or regulatory body that would have questions about your data and how we use it. If you have any questions, including about this Policy, please e-mail our DPO on firstname.lastname@example.org or reach out by postal mail to:
FAO: Data Protection Officer
Harling House, 4th floor
47-51 Great Suffolk Street
SE1 0BS, London, UK
We will always endeavour to address any complaints or disputes that individuals have about their personal data or privacy, but if you have reason to believe we have not treated you fairly and our response to you have not been satisfactory, you can choose to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s Data Protection Authority and supervisory authority in the UK, by telephone on 0303 123 1113 or on www.ico.org.uk.
If you are not based in the UK, you may want to lodge a complaint with your local data protection authority. A list of these institutions is available here (last accessed 9th May 2018).
18. California Residents
Are you a California Resident?
Please consult our supplementary California Consumer Protection Act (CCPA) Privacy Notice for further information.
19. Amendments to this Policy
From time to time, we may need or choose to amend this Policy. If we change this Policy in ways that affect how we use your personal data, we will post a notice on our website to advise you of this change. This will apply from the moment that the change is made on our site.