Security and Data Processing Policy
1. DATA SECURITY AND CERTIFICATIONS
- All data access by Demographix customers and Demographix staff is over a secure SSL connection protected by a Comodo EV Security Certificate. Survey data submitted by survey respondents is sent over an SSL Link.
- Our data is held on servers in a secure data centre in the UK. Physical access to the servers is protected by numerous security measures and is restricted to authorised staff.
- All data is stored, backed up and replicated across multiple servers in multiple locations with comparable security. All these devices are in the UK. Data is not stored, backed up or replicated outside the UK.
- Demographix is registered with the Information Commissioner’s Office (No. Z1244335) as both a Data Controller for our own data and as a Data Processor for customer data.
2. GENERAL DATA PROTECTION REGULATION
- Demographix customers will ensure they gain active consent from all respondents for the storage and use of their personal data. Consent must be unambiguous and obtained through a clear and affirmative action.
- Customers will ensure that any write-in question used to gather personal data will be designated as Personal Identification Data (PID). When designated as such, tools are available to redact all the data gathered at a later date.
- Customers will monitor/audit in a timely way all personal data collection and use of personal data in their surveys and panels, and wherever possible use Demographix tools to delete personal data on a regular basis.
3. CONFIDENTIALITY AND DATA DESTRUCTION
- Demographix will take all reasonable measures to protect the confidentiality of information stored or generated by the Service and to prevent it being revealed to unauthorised parties but will not be liable for any breach of confidentiality how so ever caused.
- Demographix maintains a log of accesses by customers to its system. It will inform customers immediately where it believes that customer log-ins or Demographix facilities are being used in a way which compromises the security of its own or customer data.
- Where a customer requests that a survey or panel be deleted Demographix will delete all survey responses or records of panel membership within 24 hours and this data is then not recoverable.
4. DATA OWNERSHIP
- Demographix customers retain ownership over all data, email addresses and other information and materials which they enter into the Demographix system, which the system collects through online surveys or which is derived from such data.
- Demographix shall not use, nor shall it assert any right, title or interest in or to such data, email addresses and/or other information and materials at any time.
- Demographix authorised staff have access to all data entered into or generated by its system. Such access and the information gathered will not be used except for the maintenance and development of Demographix and its services.
This Security & Data Processing Policy was last reviewed and revised on 21 January 2021
Demographix is fully ICO registered and complies with the Data Protection Act 1988. We take all necessary steps to ensure that your online privacy is not compromised.