Scope of GDPR
GDPR applies to organizations that:
- are established in the European Union; or
- offer goods or services to individuals in the EU; or
- monitor or process personal data relating to individuals in the EU.
As a provider of market research and intelligence services to EU-based clients, we process personal data in accordance with GDPR requirements.
Our Commitment to GDPR Compliance
We are committed to:
- lawful, fair, and transparent processing of personal data;
- collecting personal data only for specified, explicit, and legitimate purposes;
- ensuring data accuracy and relevance;
- limiting data retention to what is necessary;
- implementing appropriate technical and organizational security measures.
GDPR compliance is treated as an ongoing process and not a one-time exercise.
Lawful Basis for Processing
We process personal data only where one or more lawful bases apply, including:
- performance of a contract or pre-contractual steps;
- compliance with legal obligations;
- legitimate business interests, provided these do not override data subject rights;
- consent, where explicitly obtained.
Data Subject Rights
In accordance with GDPR, individuals whose personal data we process have the right to:
Access
Access their personal data
Rectification
Request rectification of inaccurate or incomplete data
Erasure
Request erasure of personal data, subject to legal and contractual limitations
Restriction
Restrict or object to processing
Portability
Request data portability where applicable
Withdraw Consent
Withdraw consent at any time where processing is based on consent
Requests may be submitted using the contact details below. We may require identity verification before responding.
Data Retention and Erasure
We retain personal data only for as long as necessary to fulfill business, legal, or contractual purposes.
Where applicable, we support GDPR-mandated erasure requests and assess each request based on:
- legal obligations;
- contractual requirements;
- legitimate business interests;
- exemptions permitted under GDPR.
Security Measures
We implement reasonable technical and organizational measures to protect personal data, including:
Access Controls
Access controls and role-based permissions
Encryption
Encryption of data in transit and, where appropriate, at rest
Secure Infrastructure
Secure IT infrastructure and hosting environments
Employee Training
Employee training on data protection and confidentiality
Incident Response
Incident response and breach management procedures
Data Breach Management
In the event of a personal data breach, we maintain procedures to:
- assess risk to data subjects;
- notify relevant supervisory authorities where required;
- communicate with affected individuals where legally necessary.
Third-Party Processing and International Transfers
Where personal data is processed by third-party service providers, we ensure:
- contractual safeguards are in place;
- processors act only on our instructions;
- confidentiality and security obligations are enforced.
Where data is transferred outside the EEA, appropriate safeguards are applied in accordance with GDPR.
Shared Responsibility
GDPR compliance is a shared responsibility. Clients and partners using our services are responsible for ensuring that their own use of data complies with applicable data protection laws.
Governance and Training
We maintain internal governance structures to support GDPR compliance, including:
- defined responsibilities for data protection matters;
- periodic review of policies and procedures;
- employee awareness and training programs relevant to data protection obligations.
Relationship With Privacy Policy
This GDPR Policy should be read together with our Privacy Policy, which provides further details on the categories of personal data we collect and how it is used.
Contact Information
For GDPR or data protection-related inquiries, please contact: