Security and Data Processing Policy
STATUTORY AND OTHER CERTIFICATIONS
- Demographix is registered with the Information Commissioner’s Office (No. Z1244335) as both a Data Controller for our own data and as a Data Processor for customer data.
- Demographix is an Associate member of the Market Research Society (No. 02177197) and abides by the MRS code of practice.
- All client data is stored on servers at data centres certified to the international standard for information security – ISO/IEC 27001:2013 – and is subject to external assessment and auditing.
- All data access by Demographix customers and Demographix staff is over a secure SSL connection protected by a Norton/Verisign Certificate. Survey data submitted by survey respondents is sent over an SSL Link.
- Our data is held on servers in a secure data centre managed by Rackspace in the UK. Physical access to the servers is protected by numerous security measures including biometric security and is restricted to Rackspace staff.
- All data is stored, backed up and replicated across multiple servers in multiple locations with comparable security. All these devices are in the UK. Data is not stored, backed up or replicated outside the UK.
CONFIDENTIALITY AND DATA DESTRUCTION
- Demographix Limited will take all reasonable measures to protect the confidentiality of information stored or generated by the Service and to prevent it being revealed to unauthorised parties but will not be liable for any breach of confidentiality how so ever caused.
- Demographix maintains a log of accesses by customers to its system. It has a policy of informing customers immediately where it believes that customer log-ins or Demographix facilities are being used in a way which compromises the security of its own or customer data.
- Where a customer requests that a survey or panel be deleted Demographix Limited deletes all survey responses or records of panel membership within 24 hours and this data is then not recoverable.
- Demographix customers retain ownership over all data, email addresses and other information and materials which they enter into the Demographix system, which the system collects through online surveys or which is derived from such data.
- Demographix shall not use, nor shall it assert any right, title or interest in or to such data, email addresses and/or other information and materials at any time.
- Demographix authorised staff have access to all data entered into or generated by its system. Such access and the information gathered will not be used except for the maintenance and development of Demographix and its services.
GENERAL DATA PROTECTION REGULATION
- Demographix customers will ensure they gain active consent from all respondents for the storage and use of their personal data. Consent must be unambiguous and obtained through a clear and affirmative action.
- Customers will ensure that any write-in question used to gather personal data will be designated as Personal Identification Data (PID). When designated as such, tools will be available to redact all the data gathered at a later date.
- Customers will monitor/audit in a timely way all personal data collection and use of personal data in their surveys and panels, and wherever possible use Demographix tools to delete personal data on a regular basis.
For a PDF copy of this document click here (PDF 160KB)
Demographix is fully ICO registered and complies with the Data Protection Act 1988. We take all necessary steps to ensure that your online privacy is not compromised.