Insync Privacy Policy

Last updated: April 2014

Overview

At Insync Surveys Pty Ltd (ABN 58 108 768 958) we take your individual right to privacy seriously.  Our basic principles are as follows:

  • we comply with the Australian Privacy Principles established by the Commonwealth Privacy Act 1988 (the Privacy Act) and subsequent amendments,
  • we will always tell you upfront why your data is being collected, how it will be shared and if your individual responses, including your identity, will be shared with or seen by any other entity 
  • we are committed to handling the information you provide responsibly; any personal information collected by us is treated as private and confidential unless we have informed you otherwise prior to collection or there is a need to release the information under an Australian law or court/tribunal order, and
  • we will take every reasonable and practical precaution to safeguard the security, integrity and privacy of this information; including periodically reviewing and updating our security measures in light of current technologies.

This policy sets out how the Australian Privacy Principles (APPs) in the Privacy Act are to be complied with by Insync Surveys in relation to the collection, retention, use and disclosure of personal information about the subjects of and participants in our surveys and market and social research. Please note that this privacy policy will be regularly reviewed and updated; we recommend that you check back regularly to this page to be apprised of any updates or changes.

Objectives

The aims of this policy are to:

  • set out how the APPs in the Privacy Act are to be applied and complied with at Insync Surveys in the conduct of its business
  • facilitate the protection of identifiable research information provided by, or held in relation to, the participants or subjects of our surveys and research
  • enable quality research to be carried out, so as to provide accurate information to government, commercial and not for profit organisations to support their decision making processes.

Definitions

Please note these definitions are drawn from the Association of Market and Social Research Organisations (AMSRO) Privacy Code 2014 and in some cases have been adapted

Client means an organisation or agency that requests, commissions or subscribes to a given market and social research project ie the ultimate beneficiary of the research findings

Collection of identifiable research information means gathering, acquiring or obtaining identifiable research information from any source, by any means, for inclusion in a record

Contact details means a record of identifying information such as names, companies, position titles, email addresses and phone numbers, collected and retained in order to contact individuals in a research sample

Identifiable research information means personal information about research participants, respondents or subjects to which this policy applies. It includes contact details, research status and research data.It does not include any unsolicited information.

Market and social research means consensual investigation of the behaviour, needs, attitudes, opinions, motivations or other characteristics of a whole population or a particular part of a population, in order to provide accurate and timely information to clients about issues relevant to their activities, to support their decision making processes

Research data means a record of the responses provided by individuals participating in market and social research at the time of collection in order to obtain a representation of a population's or sub-population's behaviour, needs, attitudes, opinions and motivations at a given point in time

Research purpose means the handling of information in order to carry out any function considered essential to the conduct or communication of the results of a market and social research project

Research status means information in relation to whether or not an individual has been contacted or has participated in a market and social research exercise, but does not include research data. Research status information is likely to take the form of a list containing individual contact details, forwarded from a client to Insync Surveys for research purposes, which also contains information in relation to the individuals and may include information about actual contact with those individuals or their participation.

Respondent means an individual about whom identifiable research information is collected in the course of market and social research. Research subjects may be referred to as participants or research subjects and may include another individual about whom a subject is providing information.

What information does Insync Surveys collect and hold?

Identifiable research information is usually collected during a research project so that analysis can be done on the aggregate responses to analyse trends. The identifiable research information we collect and hold may include:

  • director, employee and/or customer names;
  • contact details (including telephone and email);
  • age of respondents;
  • gender of respondent;
  • tenure of respondents
  • department, role and/or level of respondents

and such other information which is relevant and necessary to deliver services to clients or to comply with the law.

All identifiable research information about individuals and confidential information about organisations that use Insync Surveys is and will remain confidential and secure, as per the conditions provided to respondents at the time the research is conducted. No completed research forms, paper, online or otherwise, are released to clients unless permission to do so is sought from the respondent prior to conducting the research, which often occurs in the case of customer research and employee entry and exit surveys.

Our surveys are specifically designed to give maximum insight without impinging upon respondent anonymity. If clients desire a copy of the raw survey results after the research has been completed, Insync Surveys may provide a spreadsheet of responses, without the respondents' email addresses or other information that could identify the respondents. Insync Surveys will not provide raw responses with more than one demographic, since this would give the client the opportunity to "triangulate" an individual's responses using their unique combination of demographics.

The only exception to this rule is where a client insists upon owning all the raw data arising from the survey. In these cases we will make that fact clear to respondents prior to them participating in the research.

Respondents should note that the free-text responses to questions at the end of most of our surveys are provided verbatim (i.e., unedited) to the relevant organisation. Should a survey respondent identify himself or herself by name, writing style or otherwise, his or her comments will not remain anonymous. This fact is normally explained on each of our surveys for the avoidance of doubt.

How does Insync Surveys collect identifiable research information?

Information collected for market and social research purposes

We use a number of methods to collect information in the ordinary course of our business, including online surveys, paper surveys, telephone interviews and face to face interactions such as focus groups.

In each situation, the respondent is advised up front as to the research purpose and what will be done with the information collected.

No identifiable research information handled in the context of our work is unsolicited. However, if any unsolicited information is received by us, it will be handled in accordance with the APPs. In situations where the client has provided a contact database, such as employee email addresses or client telephone numbers, we will ensure the resulting identifiable research information is collected according to this policy and the APPs.

Information collected online via our website

Like many other websites, Insync Surveys uses software to automatically track and monitor each visitor's domain name, browser type, and date and time of access, as well as other information. Insync Surveys does not associate this tracking data with any specific users who browse our site, nor do we distribute any such data to third parties.

Other than anonymous tracking data, Insync Surveys only collects identifiable information that is specifically and voluntarily provided by a visitor to our site. A visitor to our site may choose to provide this information to register for certain areas of the site, apply for a training course or event, order a publication or register for our newsletter. We will not disclose identifiable information to third parties without your consent except where we may be required by law.

At any point after registering with us, a visitor may choose to unsubscribe. In this instance, Identifiable information will then be removed from our relevant database to ensure that any future contact, such as distributing a newsletter, ceases to occur.

How does Insync Surveys store identifiable research information?

Our collection methods

At its core, Insync Surveys has a secure, robust online data collection capability which serves the needs of all types of surveys conducted, from in depth interviews with key opinion leaders through to a staff survey for a multi-national employer in ten languages. Survey data is collected via our web servers, which are hosted in an ISO 27001 & ASIO T4 Certified Tier 3, 24 hour monitored data centre located in Australia. They are managed and patched by staff according to best practice. Offsite backups are also transported and stored securely. Insync Surveys utilises 128-bit SSL encryption verified by Verisign for secure HTTP communications.

From time to time, we also collect identifiable research information via paper surveys and face to face focus groups. Paper surveys will generally be scanned and uploaded into our online system, stored locally for a determined period of time and then destroyed (unless another process is agreed with the client and communicated to respondents prior to collection). Focus group responses are generally collated without reference to respondent contact details (unless permission from respondent is granted prior to collection).

With respect to our client portals, no confidential data is stored on client machines at any time throughout the process; no software is required to be downloaded and no permanent cookies are stored. A non-traceable cookie is only stored by the client browser for the length of the log-in session to verify the client's identity.

Where information is held

Information collected is housed on Insync Surveys' servers located in data centres. The data centre that holds the information that is collected is provided by Avnet Cloud Services, a division of Avnet Technology Solutions Australia (previously known as ICO). The data centre is located in North Ryde, NSW. The secondary data centre, where backups are mirrored and replacement hardware is available, is in Homebush Bay, NSW. Our Hermes system also has a data centre run by IPrimus and is located in Melbourne, VIC.

Insync Surveys also uses Virtual Dedicated Servers. They are not shared with any other customers. This gives us the security and performance of a dedicated server as well as the failover capacity of virtual server technology. Security patches are applied to the server on a weekly basis.

Information may also be shared with suppliers and clients from time to time using cloud based services which are professionally managed according to documented processes.

De-identification of identifiable research information

As we find it important to retain identifiable research information for future research purposes, identifying (contact) details will, if practicable, be stored separately from other information (research status and research data), with measures in place (e.g. by the use of an encrypted intervening variable) to ensure the identity of the individuals cannot be readily revealed from the other information. Similarly, where we use respondent usernames and passwords for our surveys, details of which username corresponds with which email address is held separately from password data and also separately from responses.

Respondents are able to request de-identification and/or deletion of their records at any time via a written request to the Privacy Officer.

What does Insync Surveys do with the research data collected?

We generally use research data at an aggregate level; we use the combined answers of many people and present aggregated information about various demographic groups within an organisation or population. Aggregated research data is then used to provide organisational insight. Sometimes this is in isolation, ie simply based on the research data from one survey, while other times we provide this insight alongside historic trends, industry benchmarks and/or other comparative data. We will not provide demographic reports to a client unless there are a minimum number of respondents in each respective category; this is documented with all our clients prior to conducting any research.

We also sometimes use our research database to undertake research and publishing, provided always that such output shall not in any way identify the results of individual respondents or of individual organisations unless permission is sought and granted in writing beforehand.

Any identifiable research information collected through our market and social research or via our website will not be released unless the law requires it or individual permission is given. We do not sell research data to third parties and, unless it is made explicitly clear to the contrary at the time of collection, we will also not release identifiable research information overseas.

It is also important to note that on occasion our clients request that individual feedback from our research is provided in addition to aggregated results. In such cases respondents are asked for permission for their individual feedback to be given to the client prior to the commencement of the research and only when permission is given, is individual feedback provided to the client.

How can I access my personal information?

We will, at your request, provide you with access to any information that we may have collected about you in accordance with Australian Privacy Principle 12. To gain access to this information, you should contact us (see details below) and provide us with full proof of your identity and details. If you believe that any information is inaccurate, incomplete or obsolete, please contact us and we will revise the relevant information in accordance with Australian Privacy Principle 13.

Who can I speak with if I have a complaint about Privacy?

A complaint is any concern you have about our activities in relation to privacy. Our complaint-handling procedure is designed to be:

  • readily available to any individual who has registered with, been solicited by or participated in our research and/or consulting activities
  • simple to follow
  • able to be used by complainants without any charge or fee.

Complaints should be made in writing to:

The Privacy Officer
Insync Surveys Pty Ltd
PO Box 446, Flinders Lane VIC Australia 8009
Email: privacy@insyncsurveys.com.au
Phone: +(61 3) 9909 9209

Complainants should outline the specific nature of the complaint with supporting evidence where possible. Our Privacy Officer will respond promptly, within 14 days, to outline the Company's response to the complaint and our recommended path to resolution.

We use all our reasonable endeavours to promptly deal with and satisfy any complaints. If a resolution cannot be achieved to the satisfaction of the complainant within 30 days, the complaint can then be escalated to The Office of the Australian Information Commissioner (OAIC). The OIAC website contains details regarding the process to follow in this instance.

Exit/Entry Surveys

Exit and Entry survey data is collected on an individual basis, selected staff from the client have access to a secure online portal. On this site individual data can be viewed, IS have to get written approval from the client for staff to gain access to the portal. Once approval is given IS create a unique password and username for the end user. The participant of the exit or entry survey is given the option to share their results with their direct manager by selecting a "don't share" option on the survey. The participant is notified that their individual results are shared with select staff who have access to the secure portal.


 

send-an-enquiry.gif   contact-us.gif