Personal Data Protection Notice
for Research Participants in Anonymous Survey (USA)
LAST UPDATED 21 FEBRUARY 2022
This Notice is for individuals based in the USA, who have been invited to participate in an anonymous EDI survey delivered by The Unmistakables Ltd on behalf of our client, your employer.
This Notice explains how we will collect, store and use any personal information (personal data) that you share through the survey as a research participant.
For this research:
Your employer acts as the Data Controller;
We act as Joint Data Processor based in the UK, working in partnership with our trusted survey specialist who is contracted under a non-disclosure agreement.
How to contact us
If you have any questions about this notice or the personal data we hold, please do not hesitate to contact our Privacy Lead at firstname.lastname@example.org.
Data Protection Principles
We will comply with data protection laws and principles, set out in the UK General Data Protection Regulation (GDPR). We will ensure that all personal data will be:
used fairly, lawfully and transparently;
used for specified, explicit purposes;
used in a way that is adequate, relevant and limited to only what is necessary;
accurate and kept up to date as necessary;
kept for no longer than is necessary;
What data do we collect?
We will collect your personal data only to the extent that it is necessary to carry out research and consult your employer regarding their DEI strategy.
Personal data will include:
protected characteristics such as gender, ethnicity, sexuality, religion and socio-economic status;
personal opinions, perceptions, anecdotes and experiences within your company.
How do we collect personal data?
Your data will be collected through a voluntary anonymous survey hosted on SurveySparrow, which will securely transfer your information from the USA to the UK.
How will we use personal data?
We will use your personal data so that we can analyse themes and trends, then present aggregated findings and make recommendations to your employer regarding their DEI strategy.
How will we use particularly sensitive data?
Sensitive data (also known as special category data) is particularly personal data relating to aspects of your identity, such as gender, sexuality or disability. We will only use sensitive personal data to inform our research and recommendations. When we collate and present our findings to your employer, data will be aggregated so that you cannot be identified.
How do we store personal data?
We have put in place appropriate security measures to prevent personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we restrict access to personal data to employees, freelancers and suppliers who have a business need-to-know and who have signed contracts with a non-disclosure agreement to protect data that is collected, stored and processed as part of this scope of work.
After this scope of work is over, we will review the personal data in due course, then securely destroy personal data in accordance with applicable laws and regulations.
Data Protection Rights
We will ensure we are GDPR compliant by upholding the data protection rights:
The right to access – You have the right to request copies of personal data from us.
The right to rectification – You have the right to request that we correct any data you believe is inaccurate, and/or to complete any data you believe is incomplete.
The right to erasure – You have the right to request that we erase your personal data, under certain conditions.
The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.
The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.
The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
You can exercise any of these rights by contacting our Privacy Lead at email@example.com. If you make a request, we have one month to respond to you.
How to contact us
If you have any questions about this notice or the personal data we hold, please do not hesitate to contact the Data Processor at firstname.lastname@example.org.
How to contact the appropriate authority
If you feel that we have not addressed your concern in a satisfactory manner, you may contact the Information Commissioner’s Office.