Global Data Collection Company (GDCC) conducts telephone fieldwork for research purpose across the world.
This Policy applies to the data we collect and hold for you for and from market research studies over the phone, and data collected by the GDCC websites.
- Our work and our clients
- Why and how we contact you
- Data we collect
- Our role in the processing of your data
- Data controllers and data processor
- Exercising your rights provided under GDPR
- Withdrawing consent and withholding information
We conduct telephone market research all over the world from our callcenters to service the needs of our clients and their clients in understanding you, the market you live and work in, and the products and services that you use.
Our research is conducted on behalf of a range of clients, such as research- and consultancy agencies contracted by commercial companies and government agencies and NGOs.
We only carry out research. Your participation will never result in sales or marketing communication from us, our clients, or any linked third-party.
Any communication you receive from us, such as e-mail invitations or phone calls, will clearly identify us and explain the purpose(s) of our contact.
When we contact you, it will generally be to conduct a telephone interview as part of a survey. We may occasionally contact you for other purposes; we would have asked for your permission upfront before contacting you again. If we contact you for any other reason, we will always ensure the purpose is compatible with your previous consent.
In nearly all cases, we will only process your data based on your informed consent to do so.
The contact details we have for you can come from a variety of sources. We will always let you know what the source of your contact details were when you speak to us.
- If we are contacting you by e-mail, you had spoken to us previously and you indicated an interest in taking part in further and similar types of research. At this point, you would have shared an e-mail address we can use for this purpose. Alternatively, we may be contacting you on behalf of our client. If they provide you with products and services, they could have asked us, as an independent data collection agency, to speak with you to understand how satisfied you are with them. The privacy notice of our client will mention they sometimes share your details and work with companies such as ours for market research purpose.
- If we are contacting you by phone, the above still applies but we may also have found your phone number on publicly available databases, because we think you meet the criteria of our research. This process is called ‘desk research’ and helps us reach appropriate research candidates by phone, based on country of residence, job title, or industry sector. We sometimes also work with third-party vendors that build lists of publicly available information to help us reach the right individuals.
Via our website
Our contact form will collect the following information from you: a name, e-mail address, the name of your company and a telephone number. This allows us to help you with your query and provide any feedback we may have.
If you are applying to join our telephone research teams, we’ll ask for the same kind of information, but we’ll also ask for your address so that we can check whether you’d find it easy to reach us for work, and of course we’ll need to know which languages you speak. You can also choose to include a CV to your submitted form for our team to review.
Via telephone interviews
As we will tell you whenever speaking with you over the phone, we record all of our calls to ensure our teams are treating you fairly, working in a professional and courteous manner, and delivering a level of service that meets our internal standards and those of the relevant Codes of Conduct. We will always confirm this is fine with you before proceeding with the call, and these recordings will never be shared with anyone other than individuals whose role at GDCC includes responsibility for quality control – unless there is a separate purpose for which these recordings are needed, such as analysis, in which case we will ask you to consent to this separately before proceeding with the call.
Who is responsible for your data?
When we get in touch with you, we will always tell you who we are and provide the name(s) of the data controller(s) that decided how your data should be processed. Most of the time, we are commissioned by our clients to get in touch with you, either as named individuals or as professionals that fit within the category of respondents being researched, and this means that they are the data controller, i.e. without them, no data processing would have occurred. This applies even if your relationship is with us, and they will never receive any of your personal data (if that were ever the case, we would ask for your informed, specific consent before doing so). Depending on the circumstances, we may be joint data controllers. Because you enter in a relationship with us when you take part in our surveys, we have a legal obligation to give effect to some of your rights, should you choose to exercise them.
Who is responsible for your data?
In a market research survey, different parties come together to form the ‘research chain’. It begins with the research sponsor, the company that decides they want to run a market research project. Next comes the research agency that designs the survey and will report its findings back to the research sponsor. Then comes the fieldwork agency (in this case GDCC) that implements the survey online or over the phone and speaks to respondents all the over the world to collect the opinions and insights that are needed to write the reports. In addition, some other third-parties might get involved to help with some specialized elements of the project, which will vary widely project by project.
Under the applicable data protection legislation, a data controller is the entity that determines the purpose for which (“why”) and the manner in which (“how”) data is processed. On the other hand, a data processor will act on the specific instructions of the data controller and hold your details for only as long as necessary to complete the work requested of them by the data controller. In any market research project, there will often be more than one data controller and it may also include the support of multiple data processors. All of these parties are legally-bound to protect your privacy and give effect to your rights provided by GDPR.
At any time, you can request access to the personal data we hold about you. Once you get in touch, we will need to determine whether we are the data controller for your personal details. If we are not, we will ask you to get in touch, speak directly with the data controller or ask you if we can get in touch with them on your behalf. If we are the data controller, you may be able to access this personal data, and correct, amend or delete it, except in the following circumstances:
- The cost of doing so would be disproportionate and unreasonable; or
- We could not release your data without releasing data from other individuals, or confidential commercial information of GDCC or our clients
Based on your consent for us to process data, you also have a right to portability, which means you can request to receive personal data you provided to us in a format that is easy to read and that could be reused by others, if you wanted to share it with another data controller.
You can also ask us to rectify the records we hold on you. Inaccurate information can lead to frustration or misleading communication, and we are committed to making sure the information we hold on you is as accurate as possible. We work hard to keep personal information in our control accurate, complete, current and relevant, based on the most recent information available to us. We rely on you to help us keep your personal information accurate and current by answering our questions honestly.
You also have a right to erasure, also known as the ‘right to be forgotten’. If you consented to our holding or processing your data, you have a right to have any data we hold for you erased if you want to withdraw your consent. Because we often contact you on behalf of other companies that may have shared your contact details with us, we will sometimes need to get back to the company that shared your details and advise them of your decision to withdraw consent. There are limits to what this right to erasure can accomplish: if we erase all your details, we may be in contact with you again by random chance simply because market research must often get in touch with a representative sample of the population; it does not mean we kept your details, but that they came up in random sample selection.
You are also allowed to exercise your right to restrict the processing of your personal data. The right to restrict means that we will no longer do any further processing with your data, other than storing your details for the sole purpose of making sure we do not carry out any further data processing; we would do nothing else with your details. This is often the best way to prevent any further contact from us because it allows us to keep just enough information to make sure your contact details are excluded from any subsequent projects.
As mentioned, we may sometimes share your personal data with 3rd-party vendors for quality control purposes. Because our legal basis for doing so is legitimate interests, you have a right to object to this processing. Any vendors we contract will operate in accordance with data protection legislation and will make it clear to you when first contacting you that you may object to this processing at any time – this will be communicated to us and acted upon.
Timelines and identity verification
If you want to exercise any of these rights, please contact us via e-mail or postal mail at the contact details provided under ‘Getting in touch’. Our teams will try to act on your requests no later than 30 days after receipt. If we require more time, we will let you know within this timeframe. We may need to get in touch first to ask for additional information confirming your identity, so that we do not act on malicious or fraudulent requests.
This information will only be stored to verify that your request is genuine after which it will be destroyed; it will not be used for any other purpose. If your request is likely to affect other data subjects, we may take additional verification steps, but this will be communicated to you in writing. If we cannot deliver on your request at all, we will be in touch in writing to explain why. If the request is deemed unreasonable or excessive, we may request you to pay a small fee before we send you a copy of your data – this will be kept to a reasonable amount.
No obligations in research
If you previously consented to our processing your personal data, you can withdraw this consent at any time. There are two methods for you to do so:
- Over the phone If you would like to do so over the phone during a survey, please let our telephone interviewers know and we will act on this immediately. We will end the interview and record your consent withdrawal for that survey.
- E-mail If you no longer want us to process your data for any purpose, including future survey invitations, please e-mail us at email@example.com to let us know.
When you participate in our research, we may ask you for your personal opinions, as well as demographic information, such as your age and household composition. You are under no obligation to answer any question we ask you and you can discontinue participation in a study at any time.
When working on reports or feeding back the results of surveys we conduct, we include your responses in a list with all the other participants and report this in a file to our client where you are not identifiable. This may then be used by our client to report to the research sponsor with findings from the survey. We will never report your individual survey responses or convey them in such a way that you are personally identifiable in the file, with a few exceptions. We may disclose your data and survey responses to 3rd-parties as follows:
- You request or consent to sharing your identifying information and individual responses with the third parties for a specified purpose;
- We provide your responses to a 3rd-party who is contractually bound to keep the information disclosed confidential and use it only for research purposes; this may be to ensure they do not contact you again to take part in a survey you already completed or for quality control purposes;
- In the rare but possible circumstance that the information is subject to disclosure pursuant to judicial, legal or regulatory requirements.
Your survey responses may be collected, stored or processed by our affiliated companies or non-affiliated vendors, both within and outside the EU. They are contractually bound to keep any information they collect and disclose to us or we collect and disclose to them confidential and must protect it with security standards and practices that are equivalent to our own, no matter where they themselves are based. See ‘International transfer of data’.
We are ISO 27001 certified. In essence this means that, throughout our organization, we have processes and procedures in place to minimize any risk of unauthorized people accessing any data.
We inform and train our employees about our policies and procedures regarding confidentiality, security and privacy, and we emphasize the importance of complying with them. Our security procedures are consistent with generally accepted commercial standards used to protect personal information and are reviewed regularly to ensure this is maintained.
We may transfer personal information to affiliated companies or non-affiliated vendors for research-related purposes, such as data processing. We require these companies to safeguard all personal information in a way that is consistent with our measures and as regulated by law. We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it. These include encryption, password-protection, secure file transfer and other measures like limiting the number of users that can access your information at any point in time – we review this on a regular basis.
Protecting your data within the EEA and abroad
We will sometimes need to transfer your data outside of the European Economic Area (‘EEA’) to make sure we can deliver on our services, either to use the support of vendors or because our clients are not based in the EEA. When we do this any transfer of data will be done securely. The data will only be used in the same way it would be used in the EEA, with the same concern for your rights and your privacy. This will be safeguarded by at least one of these measures:
- The transfer will be with a country that has data protection laws recognized by the European Commission to provide protection adequate with the standards of the EEA;
- We will put in place a contract between the recipients of the data that requires them to protect your data to the same standards as those applicable in the EEA.
We will always make sure to keep only the data we need and only for the time we need it for. We review the data we hold on a regular basis. If we find the purpose for which we collected it is no longer relevant – we delete it. We also strive to collect only the data we need.
The specific timeframe will vary but if we have no business or legal need to keep it, we will either delete it securely or anonymise it to ensure no one can ever link you to it.
Our commitment to you and the quality of our work is enshrined in the following memberships of trades associations and certification to ISO standards.
- ISO 20252-certified (quality management system for operational excellence)
- ISO 27001- certified (data and information security)
- Company Partners of UK Market Research Society (MRS)
- Corporate member of the European Society for Opinion and Marketing Research (ESOMAR)
Questions or queries?
We have appointed a Data Protection Officer who is the point of contact for any questions you may have in relation to this Policy, your personal data and how we use it. The DPO also acts as the point of contact for any organization or regulatory body that would have questions about your data and how we use it. If you have any questions, including about this Policy, please e-mail our DPO on firstname.lastname@example.org or reach out by postal mail to:
FAO: Data Protection Officer
Global Data Collection Company BV (GDCC)
Conradstraat 18, 3013AP Rotterdam