Updated 3rd July 2023
INSTINCT AND REASON takes your privacy seriously and, as a company, we are committed to protecting and respecting your privacy. This policy contains important information about the personal information it collects about you, how we will use this data, the conditions under which it may be disclosed to other parties and how it is secured. Please read it carefully. Please note that our policy may change over time, so do check this page to ensure you are aware of any policy changes.
We may be required to comply with requests for personal data from regulatory bodies and legislative authorities.
Instinct and Reason (ABN 17 101 283 845) and INSTINCT AND REASON Limited (No: 06933192) respects and upholds your rights under the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) (“Privacy Act”).
INSTINCT AND REASON also adheres to the Privacy (Market and Social Research) Code 2014 (“Code”). For more information about the Privacy Act, the Australian Privacy Principles and the Code click visit www.amsro.com.au.
INSTINCT AND REASON LIMITED – PRIVACY AND COOKIES POLICY
- Who we are
- Data security
- Market research
- Marketing communications
Who we are
INSTINCT AND REASON conduct market research and provide business consulting services across the globe. We are committed to conducting our business lawfully and to the highest professional industry standards. This website is operated by INSTINCT AND REASON LIMITED part of the INSTINCT AND REASON HOLDINGS Group (ABN: 63 606 766 205), whose registered (trading) offices are listed below:
- INSTINCT AND REASON Limited (Registered in England No: 06933192, Registered Office: Column House, 7 London Road, Shrewsbury, SY2 6NN)
- INSTINCT AND REASON Pty Limited (Registered in Australia No: 17 101 283 845, Office: Suite 302, 410 Elizabeth Street Surry Hills NSW 2010 AUSTRALIA)
The legal basis for using your personal data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we have your express consent to do so.
- Where we need to perform the contract, we are about to enter into or have entered into with you or to perform other legal obligations.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation.
How we keep your personal information secure
We take great care to ensure our business information systems are protected against the potential for malicious intrusion, for both stored and transmitted data. We use professional, reputable systems and suppliers and strong data encryption. We train all our staff to our information security standards.
In addition to data protection legislation (for example, the EU General Data Protection Regulation) and for Australian citizens the Australian privacy principles contained in the Privacy Act 1988, we work to market research industry professional standards and best practice.
Sending European Union (EU) citizens’ data outside of the EU
We keep EU citizens’ data within the European Union as standard. If we have a technical or business requirement for EU citizens’ data to transfer beyond the EU, then we obtain the individuals’ permission for this or we will ensure that there is a formal written contract in place approved by the European Commission which gives personal data the same protection as it has in the European Union; in the event that any personal data is transferred to the United States, we shall ensure that the party receiving personal data has signed up to the Privacy Shield which requires them to provide similar protection to that afforded in the European Union. We ensure any data transfer and repository beyond the EU is secure to the standards of EU data protection legislation.
Information about our market research activities
INSTINCT AND REASON collects and processes personal information as part of our business activity of conducting market research.
INSTINCT AND REASON Group complies with data protection legislation as applicable to the rights of citizens in the geographic areas in which our research activities are conducted.
In the EU, as from 25th May 2018, this is the General Data Protection Regulation (Regulation (EU) 2016/679), commonly known as GDPR, which replaces the 1995 Data Protection Directive (Directive 95/46/EC). This new GDPR ruling means that there is a single set of data protection rules across all EU member states for the protection of its citizens’ personal data. This includes Rights for Individuals.
GDPR – Summary of Individual Rights
- The right to be informed – right to be informed about the collection and use of personal data
- The right of access – right to access their personal data and supplementary information
- The right to rectification – right for individuals to have inaccurate personal data rectified, or completed if it is incomplete
- The right to erasure – right for individuals to have personal data erased in certain situations
- The right to data portability – right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services
- The right to object – right to restrict processing of their personal data in certain situations, for example the right to object to use of personal data for direct marketing purposes
- Rights in relation to automated decision making and profiling – right to be informed about and object to automated processing of data which may which may produce a potentially damaging decision
- The right to withdraw consent at any time – this applies where we are relying on consent to process your personal data.
Why we collect and process personal data
The definition of personal data is where an individual can be identified directly or indirectly by that data on its own or together with other data.
As part of our market research activities we may collect and/or process personal data that helps us:
- To know who to approach for participation in our research projects. This could be name, email address, telephone number, address. This may be from our clients if we are helping them assess their customers’ views of their products and services, or to conduct research amongst their own employees. It may be from a professional supplier of potential market research participants, where prior informed consent from the individuals will have been obtained by such suppliers. We may collect information from public sources on who to approach for research. In all cases we will obtain informed consent at the point of participation to proceed.
- To control the design of the data collection.
- For quality control purposes. For example, IP address is often used at this stage prior to anonymising the data collected from surveys.
- To provide information for analysis.
We may collect Special Categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. This Special Category data is subject to even stricter rules than apply to standard personal data and is only collected with your permission or where we have another specific legal ground to do so.
Collecting information from you
We collect personal information from people who take part in our market research related activities including, surveys (on-line or face to face, telephone), focus group discussions and other market research related activities. We will always explain what we require and obtain consent before it is collected.
We may collect information for market research by:
- Web/internet surveys
- Telephone surveys
- Interviews by one of our interviewers either in-home or in a specific location (e.g. in a shopping centre, on a train station, at a venue) – this could be by using equipment such as a tablet or on paper forms
- Self-completion surveys printed on paper forms – by post or in a specific location, site or event
- Focus groups
- Technology-based solutions (e.g. tracking website usage), behavioural data including eye-tracking data)
- Digital social media/interactive web platforms – in accordance with contractual terms and conditions as specified by the provider and relevant legislation
- Mobile devices in accordance with contractual terms and conditions as specified by the provider and relevant legislation
Sending personal information outside of the INSTINCT AND REASON Group
- We will respond to requests for personal information in accordance with legislative and regulatory requirements.
- We may use a research solution that requires personal information in order to proceed. For example, when we run online interactive research sessions, or ask participants to undertake certain tasks using mobile apps. This would be explained at the point of participation to proceed. We undertake stringent scrutiny of such services to check data security. We use solutions that restrict data to the EU as standard. Contrary to this, we would obtain consent.
- We may ask you to attend a focus group discussion or go somewhere to test a new product, and it is possible we would need to send your contact details to our organisers for this.
- It may be beneficial to pass your answers to the client who has commissioned the research about their product or service. This would all be explained and your permission sought before we would do this.
- Your answers may be held on a database that is used by our clients to view and manipulate anonymised and aggregated research data. We will gain your consent for any personal data or personally identifiable information that is available to be viewed by our clients.
- We may use an approved research supplier to provide specialist services such as data collection, analysis, consultancy, digital production or research tools, specialist techniques such as biometric data collection and analysis.
Keeping your personal information
We only keep personal information for as long as required for the purposes of the research. Our data retention policy states that we will not keep personal information for longer than 2 years, except where previously agreed with our research participants.
Wherever possible, we work with data that does not have personal information in it. For example, we will detach personal information to make a data set that combines hundreds of completed surveys in order to produce statistical analysis. From focus groups and small-scale research, we mask the identity of participants with labels such as ‘Male, 25-34, London’.
Web/Internet Surveys IP Address
If you participate in a web/internet survey, our system will collect information about your computer, including where available your IP address, operating system and browser type. Whilst this is the default position of our online software, we do not retain this information in any data/database.
Access to your personal data and processing restriction
Please contact us to request your data and/or data erasure or processing restriction. We will confirm receipt of your request within 5 working days and take the appropriate steps to consider your request in line with GDPR legislation. Please note, it is likely you will be asked for proof of identification prior to commencing any work in response to your request.
How we collect information from you
We collect, store and retain information about you in a variety of ways when visiting our website:
- Registering to receive our marketing communications or information about upcoming events
- Registering to download content from our website
- Applying for vacancies listed on our websites
- When you contact us via our enquiry email
The type of personal information we collect
By personal information we mean any information that you provide via our website that we have collected and may include (but not limited to): Forename, Surname, Postal address, Email address, Telephone number, Job title.
How we use your information
If you are (i) an existing client (ii) interacting with our marketing communications (iii) engaging with us through business development and potential future work (iv) have given express consent to us to use personal information for marketing purposes, INSTINCT AND REASON may at times use your personal information to provide you with marketing communications related to products, services and information relating to conferences and events.
Sending your personal information outside of INSTINCT AND REASON Group
We may share information with our third-party service providers for services such as data analysis, website hosting, infrastructure provision, IT services, e-mail delivery services, auditing services, business development and lead generation, marketing services or to comply with legal or regulatory requirements.
Cookies are commonly used across websites and mobile applications which may be used by INSTINCT AND REASON to provide you with, for example, customised information from our website. The cookie will allow us to recognise you when you visit our website. A cookie is an element of data that a website can send to your browser which may then be stored on your system. It does not contain confidential information such as your home address, telephone number or credit card details.
We do not exchange cookies with any third-party websites or external data suppliers. If you wish, you can usually adjust your browser preferences so that your computer does not accept cookies. Turning off cookies may mean that there is a loss of functionality when using our website.
Unsubscribing from marketing communications
You have the right to withdraw consent to receiving direct marketing messages making use of your personal data at any point. If at any point you would like to opt out from receiving any marketing communications, simply click on the unsubscribe link at the bottom of any emails you receive.
LINKS TO OTHER WEBSITES
We do not control any third-party websites and are not responsible for their privacy policies. When you leave our website, you should read the privacy notice of every website that you visit.
DATA PROTECTION COMPLAINTS
To ensure the process is fair and consistent, complaints and enquiries will be referred to a single point of contact being the Privacy Officer, currently Matthew Johnson. Our procedures and timelines will be:
- A complaint is received about an alleged breach of the Privacy Code/APPs.
- Complaint will be forwarded to the Privacy Officer within 7 days.
- The Privacy Officer will make a determination on the complaint and advise the complainant in writing 30 days from date of receipt.
- The Privacy Officer will keep a record of all complaints and determinations. Details of complaints will be logged to make sure that any serious or systemic issues are identified and acted upon. This will comprise a register and file records that will be securely stored in accordance with the Code/APP.
- If the Privacy Officer determines there has been a breach of the Code/APPs he/she will, upon notification to the complainant, advise the relevant personnel in writing of any action required to remedy the breach.
- If breach is incapable of being rectified and is not rectified within 30 days, the Privacy Officer must inform the Managing Director and ADIA about the failure to rectify the breach.
Lodging a complaint with authorities:
Individuals have the right to lodge complaints about data protection issues with their national supervisory authority if they are not satisfied with our response or have not received a response within 30 days.
- For Australia, the supervisory authority is the Office of the Australian Information Commissioner who may be contacted at 1300 363 992.
- Notifiable data breaches: https://www.oaic.gov.au/privacy/notifiable-data-breaches/report-a-data-breach.
- Privacy complaint: https://www.oaic.gov.au/privacy/privacy-complaints/lodge-a-privacy-complaint-with-us
- For EU Member States about alleged breaches of GDPR.
- The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.
If you have any questions relating to our policy please contact by email or by post addressed to:
- AUSTRALIA : INSTINCT AND REASON PTY LTD, Suite 302, 410 Elizabeth Street Surry Hills NSW 2010 AUSTRALIA. Or by telephone +612 9283 2233
- UK : INSTINCT AND REASON LTD, Suite 1, 7 Ridgmount Street London WC1E7AE. Or by telephone +44 203 355 4454