The Cog is a market research agency that operates within the boundaries of the Data Protection Act 1998, and EU General Data Protection Regulation (GDPR). In processing your data we will comply with the General Data Protection Regulations (EU) 2016/679 (from 25 May 2018), as well as the Data Protection Act 1998 (and any amendment of or replacement for that Act) and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (and any amendment of or replacement for those Regulations), as well as any other data protection laws that apply from time to time (together the "Data Protection Laws"). The Cog processes personal data (that is, data by which a living individual can be identified) relating to participants (ie. those that take part in research).
This privacy statement applies to the processing of this type of data.
As a research business, we are required to handle personally identifiable data for purposes of market research or our own business development activities. As such, The Cog is committed to GDPR compliance. Given the size of the company and the scale of personal data processing we carry out, we do not require a Data Protection Officer but we do have a designated person for GDPR compliance.
The Cog uses client supplied databases and data obtained by other means, to locate participants with whom to conduct research. This is in the legitimate interest of The Cog and its clients, but participants do have rights relating to this type of processing (including the right to object to the processing of their data in this way - see below for more information).
The Cog also collects and uses personal data obtained from participants as part of conducting research. The reason we collect this data is only for analysis purposes and to determine that we have sourced the right people for our clients, but all purposes for which data is being collected are always made clear at the time of data collection. This processing is based entirely upon informed consent – which again brings with it legal rights (again including the right to object to the processing of your data in this way).
The Cog collects the following data for the legitimate interest of the work we carry out. We collect this data with consent when we screen for suitable participants.
We collect your data in order to enable us to carry out our job as per the instructions of our clients, but also to comply with our legal / contractual obligations and for legitimate interests.
Personal data of which The Cog is not the controller (eg. the customer database of the client we are representing to locate potential participants) is deleted immediately upon completion of the project.
Personal data of which The Cog and our clients are joint controllers (eg. data which you have given consent for us to collect as part of the research we do) is stored in the form in which it was collected for 12 months from project completion.
We’re committed to protecting your personal information. We adopt robust and appropriate technologies and policies to protect it from unauthorised access and improper use.
We generally store and process your information within the European Economic Area (EEA). On occasion with Cloud based software, the data might be transferred and stored at a destination outside of EEA but, in these cases, we ensure we use reputable suppliers.
We never use data for the purposes of anything other than those uses related to research. We do not sell on personal details and you will not be contacted for any type of sales or promotions. We only use the details we collect for genuine market research projects.
You may exercise your rights above by contacting us at firstname.lastname@example.org and we will comply with your requests unless we have a lawful/contractual reason not to do so which we will inform you of.
Chief among your rights is your right to object to the processing of your data. The Cog will immediately comply with your objection and cease processing, unless there is a legitimate legal reason not to (which would be very rare and would be explained at the time).
Through a process referred to as a Subject Access Request; you have a right to obtain
You also have the right to the following;
All requests will be processed within 30 days, there is no fee involved in exercising any of these rights.
We may collect and process the following data about you:
When you e-mail us, or use a contact form within this Site, we will use your e-mail address for the purposes of administering your query, responding to you or sending you information about our business. We will not publish your e-mail address on this Site.
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual.
For the same reason, we may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve this Site and to deliver a better and more personalised service.
They enable us:
You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies.
If you wish us to remove your details from our marketing database at any time please e-mail us.
All communications regarding personal data (including subject access requests or the execution of any of your other rights, as well as any queries relating to this policy document) should be addressed in writing to email@example.com