Effective Date: Updated March 2021
RF Associates (Whitehall Holdings Ltd) is a social and market research, evaluation and consultation agency and your privacy is very important to us. We are a private limited company registered in Northern Ireland (NI 631266) Registered address 25 Victoria Road, Holywood, BT18 9BA
We take great care in protecting your privacy and the information you provide whilst conducting research with us (whether hosted on our own website, other websites on our behalf or by any other means, including by telephone or face to face).
From 25 May 2018 the EU General Data Protection Regulation (GDPR) replaces existing EU data protection regulations. It is designed to harmonise data privacy laws across Europe, to protect and empower all citizen’s data privacy and to reshape the way organisations across the region approach data privacy. For more information you can refer to the Information Commissioner’s Office: guide-to-the-general-data-protection-regulation-gdpr
The purpose of this policy is to give you a clear explanation about how RF Associates collects and uses the personal data you provide to us and that we collect. We ensure that we use your information in accordance with all applicable laws concerning the protection of your personal data.
We conduct social and market research, evaluation and consultations and we commit, in obtaining your co-operation, not to mislead you about the nature of our work or how the findings will be used. Your responses will be treated as confidential unless you consent to being identified.
Our data protection lead
If you have any queries concerning this policy, or would like to make a subject access request (find out what, if any data we hold about you) please contact our Director who advises on Data Protection issues, Ruth Flood:
Phone: 07802 702352
Personal data we collect
We will collect personal data when you participate in a market research study with us, the information we collect can contain your personal opinions as well as personal data such as:
Your full name
Age & Date of Birth
Photos, audio & video footage
We may also occasionally collect sensitive personal data (for example, your ethnic origin), but we will always obtain your explicit consent and tell you why and how the information will be used.
Where relevant to the research being undertaken, we may collect business contact information, such as, company name, job title, and department.
In addition, for online surveys we will record your IP address, which type of browser you are using, your screen size and other basic metrics.
We do not do any invisible processing of data from your computer. We will only collect and use personal data in accordance with this policy to the extent deemed reasonably necessary to serve our legitimate business purposes, and we will maintain appropriate safeguards to ensure the security, integrity, accuracy and privacy of the information you have provided.
RF Associates makes reasonable efforts to keep personal data in its possession or control, which is used on an ongoing basis, accurate, complete, current and relevant, based on the most recent information available to us. We rely on you to help us keep your personal data accurate, complete and current by answering our questions honestly.
How we use your personal data
When we contact you, we generally do so for one of the following purposes:
To invite you to participate in research.
To confirm the details of research you have agreed to take part in.
To conduct research with you.
To update and to ensure that our records of your personal data are correct. (applicable to those consenting to being part of an ongoing community or panel).
To notify you if you have won a prize draw that we administered or to provide you with an incentive for taking part.
The personal data we collect is:
Combined with the responses/views/opinions of others who participated in the same research and reported back anonymously to the client that commissioned the study.
Used on an aggregated basis to determine which groups of people think certain things more than others.
Occasionally used to re-contact you to validate your responses (if you have consented to us doing so).
All of your survey responses are treated as confidential. We will never intentionally disclose your personal data or individual survey responses to the client that commissioned the study or any third parties unless you consent to sharing your identifying information and individual responses.
Who we share your personal data with
We will never pass your personal data on to other organisations for them to use for their own marketing purposes. However, we may disclose your personal information in the following circumstances:
To third parties to perform functions on our behalf. We require these third parties to comply strictly with our instructions and data protection laws and we make sure that appropriate controls are in place. We enter into agreements with all our third parties and regularly monitor their activities to ensure they are complying with our policies and procedures. They will only have access to the personal data needed to perform their functions, and will not use it for other purposes.
Where we are under duty to disclose your personal information in order to comply with law or the disclosure is ‘necessary’ for purposes of national security, taxation and criminal investigation or where we have your written consent.
All the personal information we process is processed within the European Economic Area (EEA). However for the purposes of IT hosting and maintenance your information will be situated outside of the European Economic Area (EEA).
Provision of market research services to our clients
Information will be required from stakeholders in order to provide an efficient service. Personal data requested will be kept to a minimum and only that information which is required to provide the service, and to keep the clients updated, will be requested. Clients may be asked if they consent to be contacted with broader information about the work of RF Associates. Consent once given can be withdrawn at any time.
For those under 16 please we will always obtain a parent/guardian’s consent before collecting any personal information.
Using our website – Cookies
Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitors’ use of the website and to compile statistical reports on website activity. These are the only cookies in use on our website.
Contact us form
We collect information from those who contact us with a request for information. Information provided is processed and stored in order to provide an information service to stakeholders. Your details may be forwarded within RF Associates to the appropriate employee in order to deal with your query however they will not otherwise be shared.
Links to other sites
How we protect your personal data
RF Associates maintains appropriate technical, administrative and physical safeguards to protect information, including, without limitation, personal data, received or collected by us. We review, monitor and evaluate our privacy practices and protection systems on a regular basis.
We sometimes store information, on secure servers hosted by Dropbox in the USA. Dropbox is certified under the EU-US Privacy Shield framework. They also hold ISO 27018 certification, a global standard for cloud privacy and data protection. Personal data is always encrypted at rest and in transit. Only certain employees have access to the personal data you provide us and are only granted access for data analysis and quality control purposes.
We sometimes use Survey Monkey to collect online survey data. Survey Monkey is also certified under the EU-US Privacy Shield framework. Personal data is always encrypted at rest and in transit using secure TLS cryptographic protocols. Only certain employees have access to the personal data you provide us and are only granted access for data analysis and quality control purposes.
We sometimes use Mailchimp to circulate information by email. Mailchimp has staff based outside the EEA, and stores your data in the USA. Mailchimp is certified under the EU-US Privacy Shield framework.
Attending a RF Associates event
Individuals’ names may be shared as part of a delegate list for networking purposes, no contact details will be shared. This will only be done with the consent of the individual concerned, however. Delegate lists used by us for communication before and during events for planning and reminder purposes, and may be used to contact delegates about future events that may be of interest to them. Consent will be sought where appropriate.
Group photographs may be taken at events and can be used for post event communications and in reports. Event attendees will be made aware of this and can advise RF Associates if they do not wish to be visible in any photograph. Individual photographs where people are names are attributed will only be used with consent.
The security of your personal information is important to us, but remember that no method of transmission over the internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. As such we make no warranties as to the level of security afforded to your data, except that we will always act in accordance with the relevant UK and EU legislation.
How long we will keep your personal data
Your choices and rights
You have the right to ask for a copy of the information RF Associates holds about you.
Queries and complaints
In the event that you wish to make a complaint about how your personal data is being processed by RF Associates (or third parties as described above), or how your complaint has been handled, you have the right to lodge a complaint directly with the ICO.
Telephone helpline: 0303 123 1113
RF Associates tries to be as open as it can in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’. If we do hold information about you we will:
Give you a description of it
Tell you why we are holding it
Tell you who it could be disclosed to
Let you have a copy of the information in an intelligible form
Remove your data if this would not prevent the administration of a service we are contracted to deliver.
Remove your data if this would not prevent the administration of a service we are contracted to deliver
To make a request for any personal information we may hold you need to put the request in writing:
This Policy shall be governed and construed with the laws of Northern Ireland, without regard to its conflict of law provisions.
When you email us
Any email you sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with office policy. Email monitoring or blocking software may also be used. Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law.
Emails may be shared within RF Associates to ensure that a query is addressed to, and resolved by, the correct employee.
When you contact us via social media
RF Associates uses a variety of social media outlets to engage with stakeholders. We cannot guarantee that information shared through these media will be private, for example, if you share your contact details in an unsecure and public space then these may be viewed by parties other than RF Associates. Please do not share personal information in a public forum. For the relevant privacy notices, please see:
If you send us a private or direct message via social media the message will be stored but will not be shared with any other organisations.