Pickersgill Consultancy and Planning Ltd (PCP) is a Market Research Company based in York in the UK. Our company registration is 2470269 and our registered address is 54 Bootham, York YO30 7XZ.
Our sole activity is conducting research projects in response to the needs of clients, which come from the public, private and third (charity) sectors.
Personal data collected
For every research project we undertake, we take care only to collect information that is needed for that research. We will never use the information you provide for any purpose other than research.
You will not be adversely affected in any way by taking part in our research and there will never be a charge to you for taking part in our research.
We will collect your views and opinions about the subject we are researching. We never sell, promote or market any products and services provided by our clients.
We may also ask you for personal information about yourself (for example; your gender, age and postcode, ethnic background or origin, sex life or sexual orientation). Usually, you don’t have to answer any question we ask if you don’t want to. However, for some research projects we need an answer to some questions to be able to include your views in the research. If this is the case we will let you know at the start, so you can decide if you want to answer and take part or not.
If we ask you to give us your name and contact details, we will always explain what they will be used for at the time we collect them and obtain your permission to use them for that purpose. We’ll also ensure they are only used for that purpose.
The main reasons we would ask for your name and contact details are as follows;
• To record your consent to take part in the research
• For quality control purposes so we can check the work of our interviewers
• To administer prize draws or incentives for taking part in the research
• To invite you to take part in further research
• So our client can contact you to resolve a specific issue or cause for dissatisfaction you have raised. (If you have consented to this)
The lawful basis for collecting your data
Under the General Data Protection Regulation (GDPR), there are 6 lawful bases that can be used to legally collect personal data. For our research projects we will generally rely on consent, legitimate interest or public task/public interest as the lawful basis for data collection.
Other data we may hold about you
We may hold data about you that you have not provided directly to PCP Ltd, as follows;
• If you have an existing relationship with one of our clients (for example you are a customer of one of our clients) and they have provided your details so we can invite you to take part in research. To do this, the client will be legally allowed to pass-on your data and we will confirm this with them.
• If we purchase a database of contacts from a commercial sample provider. We might do this so we can call people to take part in a survey by phone. Again, contact details will only be provided to us where there is a lawful basis for doing so.
• Your telephone number or your address may have been taken from publicly available sources. In these situations, we don’t hold any personal data about you or anyone in your household.
How we use your data
We use your personal data in the following ways:
• For research purposes, including analysing data and writing research reports for our clients.
• To re-contact you for quality control purposes, so our telephone supervisor can check the interviewer was polite or to clarify answers you have given.
• To administer prize draws or incentives (if offered for the research you took part in).
• To re-contact you to take part in further research (if you gave your permission when we first contacted you).
We always explain how your data will be used at the time we invite you to take part in the research, including confirming that the research is anonymous or confidential; unless you give specific agreement to do so our client will not know who took part in the research.
If we want to re-contact you for a specific purpose at a later date, we always ask your permission at the time you take part in the research, and will only contact you for that purpose.
Unless we have your specific agreement to reveal your details we will report research findings in an anonymised (it will not be possible to identify you) or aggregated (which means mixed in with the views of many other people) format.
On some occasions, we may ask for your permission to identify you to our client, but we will explain why we want to do this and we will only identify you with your permission.
Access to your personal data is strictly controlled and limited to PCP employees on a need to know basis.
Sharing your data with others
There are some very limited circumstances under which we would share your personal data with third parties such as;
• We may employ the services of a mailing house to print and post out large postal mailers or surveys – your name and address would be supplied to them for this purpose only
• We may employ a transcription agency to work with us to transcribe quantitative interviews and focus groups
In these circumstances the third party would act as a data processor to PCP Ltd and a sub-contractor agreement would be in place to confirm that they are dealing with personal data legally.
All our suppliers are located in the UK; we will never transfer personal data outside of the UK.
How long we will keep your data for
We will usually delete all personal data within 6 months of the end of a research project. If a different retention period is required, this will be outlined in the privacy notice that accompanies each project.
If you have contacted us to request that you are not contacted again by PCP Ltd, we will keep a record of your contact details so we can exclude you from our future research projects, where it is possible to do so.
Your rights under GDPR
Individuals have certain rights under GDPR over their personal data and data controllers have a responsibility to fulfil these rights. In some instances PCP Ltd will be the data controller (or joint data controller) for an individual research project, but in other cases we will be acting as a data processor and our client would be the data controller. For each project, we will clearly specify who the data controller is, so you know who to contact in order to exercise your rights.
An individual’s rights include;
• Right to be informed – Individuals have the right to be informed about the collection and use of their personal data.
• Access to personal data – a right to access personal data that is held by the data controller and the data processor.
• Amendment to inaccurate personal data – a right to have any personal data we hold about you amended if it is inaccurate.
• Erase personal data (‘right to be forgotten’) – a right to have personal data erased applies in certain circumstances; it automatically applies when the lawful basis for processing your data is consent.
• Restrict processing – a right to restrict the processing of personal data in certain circumstances. This means that an individual can limit the way that an organisation uses their data. It is different to requesting the erasure of personal data.
• Data portability – a right to obtain and reuse your personal data for your own purposes across different services.
• Object to processing – a right to object to processing in certain circumstances, including where the lawful basis is legitimate interest.
• Not be subject to decision making based on automated processing
• Withdrawal of consent – if we are processing your personal data on the lawful basis of having your consent to do so, you have a right to withdraw this consent at any time; any personal data will be deleted from any research study or database in which you are identifiable.
You can contact us to fulfil any of your rights under GDPR either via email (firstname.lastname@example.org) or by phone (08006523740). We will respond to your request within legal time limits and in line with current data protection legislation.
If you have been contacted by phone, all calls will be recorded from the moment the call is connected. Once we have explained our reason for calling you and you have consented to take part we will also ask for your consent to recording the rest of the call. Recordings will only be used for the following purposes:
• For quality control purposes – We record calls for quality control purposes so that we can check the work of our interviewers, to ensure they are following the MRS Code of Conduct, and to comply in with the requirements of ISO 20252, the International Standard for Market and Social Research, to which PCP Ltd is a Company Partner, hence the legal basis for processing this personal data is legitimate interest. Recordings will be kept for 12 months after the date of the call unless you are informed otherwise in the project privacy information notice.
• For research purposes – If we need to record your interview for research purposes, we will explain how the recording will be used and who will have access to it, and ask for your consent to the recording. The recording will only be used for the purpose you consented to, and will not be passed on to our client or any other third party unless you give your consent. Recordings will be kept for 12 months after the date of the call unless you are informed otherwise in the project privacy information notice
All call recordings are made on a Contrex service are stored securely in a datacentre. Access to the recordings is only available via a portal login that has the capability to access recordings. All call recordings are available only via the Contrex portal and can only be identified by the caller’s phone number and date of calling.
You may request for your call recording to be deleted at any stage by contacting PCP using the contact details provided below.
How we keep your information safe
We use a wide range of technology to ensure that any personal data we hold is processed, stored and transferred in a secure way. This includes encryption, password protection and limiting access to personal data to key staff only.
PCP use SNAP software for data processing purposes. High levels of security are applied to all data held within Snap Webhost, in line with their ISO 27001:2013 certified Information Security Management System. Snap Surveys commitment to data security is evidenced by its ISO 27001:2013 certification. The SNAP data centre providers Rackspace and UKFast are also ISO 27001:2013 certified. The SNAP ISMS is regularly tested and externally audited each year as a requirement of maintaining their certification.
We are listed under the name Pickersgill Consultancy and Planning (PCP)
Your right to make a complaint
You have the right to make a complaint to the Information Commissioners Office (ICO) if you are unhappy with the way PCP Ltd processes your personal data. The ICO can be contacted at ico.org.uk or by calling 0303 123 1113.