Personal data
Bassline Strategy Ltd. takes the privacy of all individuals seriously. As a provider of research and communications services, we adhere to codes of conduct, set out by the Royal Statistical Society and the Public Relations Institute of Ireland and in accordance with principles of best practice in market research. As such, the collection, use and storage of personal data is in strict accordance with the General Data Protection Regulation (GDPR).
Informed consent
At all times, we fully respect and maintain the privacy of all individuals electing to participate in research conducted by Bassline Strategy Ltd. or who otherwise elect to be involved with Bassline Strategy Ltd. in any other capacity. This means that we will never record, store, nor pass on to third parties, any personal or personally identifiable data, relating to an individual, without their express permission to do so, (i.e. with their informed consent). In the case of researching children, only those aged 15 or above are able to provide their own consent, therefore for any child aged 14 years and under, parental consent is always obtained.
Bassline Strategy Ltd. selects personal data processing suppliers based on their capacity to comply with our data protection requirements, and we have ensured that those suppliers are GDPR compliant. Suppliers cannot transfer any personal data outside the EEA unless they agree to appropriate safeguards and obtain customer consent. Additionally, our suppliers cannot subcontract part of the personal data processing services to sub-processors without our prior approval.
Why do we collect personal data?
Bassline Strategy Ltd. conducts social research. The data we provide to our customers is always aggregated across a wide number of research participants and is never presented in a way that identifies participants at an individual level. At times, however, Bassline Strategy Ltd. does ask individuals to provide personal data, purely for lawful processing reasons.
Our lawful bases for processing personal data:
-
Where it is necessary for our legitimate business interests
-
Where we need to perform our duties under a contract
-
Where we need to comply with a legal obligation
-
Where we have gained informed consent
-
Where we are carrying out the performance of a task in the interest of public interest or in the exercise of an official authority
For example, for sending feedback of survey results, for sending agreed incentives or rewards to individual survey participants and for managing the appropriate frequency with which a given respondent is invited to take part in our surveys. We also use personal information to enable us to invite people to participate in research that is appropriate to them thus matching contact details with specific criteria, such as: demographic information, lifestyle and consumption patterns.
We also collect necessary employee and candidate data. The access to employees’ personal data is strictly limited to the relevant staff in charge of human resources management.
Data Protection Principles
Bassline Strategy Ltd. is considered the Joint Data Controller with our clients. Bassline Strategy Ltd. processes personal data in accordance with the following data protection principles set out by the GDPR:
-
We process personal data lawfully, fairly and in a transparent manner;
-
We collect personal data only for specified, explicit and legitimate purposes;
-
We process personal data only where it is adequate, relevant and limited to what is necessary for the purposes of the processing;
-
We keep accurate personal data and take all reasonable steps to ensure that inaccurate personal data is rectified or deleted without delay;
-
We retain personal data only for the period necessary for the processing;
-
We adopt appropriate measures to make sure that personal data is secure and is protected against unauthorised or unlawful processing and from accidental loss, destruction or damage.
Special Category data: We keep private information private!
The type of personal information that Bassline Strategy Ltd. collects and stores on individuals electing to participate in research includes aspects such as: name; age; date of birth; residential area; household composition; marital status; household income; ethnicity; religion; political beliefs and educational attainment. Bassline Strategy Ltd. uses pseudonymisation or anonymisation techniques to protect respondents’ personal data so that access is restricted to fieldwork teams on a need to know basis. In addition, any data containing personally identifiable sensitive information, i.e. special category data (ethnicity, race, political opinions, religious or philosophical beliefs, health data, data concerning individuals’ sex life and sexual orientation), is stored securely (e.g. password protected and/or encrypted).
Where do we access and store personal data?
Bassline Strategy’s head office is located at Grand Canal Dock, Dublin 2, while its operational office is located in The Tara Building, 11-15 Tara Street, Dublin 2.
Retention Policy: How long do we keep personal data?
Bassline Strategy Ltd. retains participant personal data for a maximum term of 1 year. After this time, all personal identifiers will be removed (i.e. deleted) from the data source.
We will delete all HR-related personal data (or return to an employee if requested) at the end of an employee’s contract.
Personal data breaches
Any notifiable breach in Bassline Strategy's protection of personal information will be communicated with all individuals potentially affected within a maximum of 72 hours and will be reported to the Data Protection Commissioner (+353 57 868 4800). All efforts will be made to rectify breaches of personal information with immediate effect. We will record all data breaches regardless of their effect.
Data Protection Officer (DPO)
Bassline Strategy Ltd. does not fall under the organisation type in which a DPO is mandatory; we are not a public authority, our core activities do not require large scale monitoring of individuals, nor do they consist of large-scale processing of special categories of data.
*Individuals’ Rights: Putting you in control of your data
Withdrawal of consent
GDPR affords additional rights to individuals in relation to their personal data. Broadly these relate to transparency around what data is held and how it is used, as well as the right to have data updated or removed.
Anyone electing to provide Bassline Strategy Ltd. with personal information (e.g. research participants) has the right to withdraw their consent, at any stage, with immediate effect. An individual can choose to withdraw their consent by opting-out or unsubscribing to any communication materials originated by Bassline Strategy Ltd. For live research projects, they can do so by emailing the named contact. Or, and for all other communications, they can do so by emailing david@bassline.ie with the subject ‘Opt Out’. Bassline Strategy Ltd. will remove all personal information held on the individual in question within 48 hours and provide final confirmation of removal by email. No further contact with that individual will subsequently be made.
Subject Access Requests (SARs)/ Right to data portability
Anyone electing to provide Bassline Strategy Ltd. with personal information (e.g. research participants, candidates for employment etc.) retains the right, at any stage, to have full transparency of the data held in relation to them by Bassline Strategy Ltd. Individuals can request a written account of all the personal information Bassline Strategy Ltd. holds on them by emailing david@bassline.ie with the subject ‘Subject Access Request’. Bassline Strategy Ltd. undertakes to respond with full details within 48 hours, upon request. We will record all Subject Access Requests. Individuals have the right to receive their data in a portable way (i.e. electronically) so that it can be easily stored and accessed.
Right to object
Individuals have the right to object to the processing of their personal data providing they have grounds relating to their particular situation unless the processing of personal data is necessary for the performance of a public interest task. Individuals can object by emailing david@bassline.ie with the subject “Right to Object”.
Right to erasure
Individuals have the right to request erasure of their personal data both in relation to their own personal data and/or on behalf of one’s children, this can be done writing by emailing david@bassline.ie with the subject “right to erasure”. We will respond to all requests within 1 month. A log detailing any erasure requests will be kept internally.
Right to restriction
Individuals have the right to request the restriction of the processing or use of their personal data if they have issues with the content we hold or are unsure about how their data is being processed/used, this can be done in writing by emailing david@bassline.ie with the subject “right to restriction”. We will respond to all requests within 1 month. A log detailing any restriction requests will be kept internally.
Right to rectification
Individuals have the right to request the rectification of any data we hold if they believe it to be inaccurate or incomplete. This can be done in writing by emailing david@bassline.ie with the subject “right to rectification”. We will respond to all requests within 1 month.
What personal information do we collect from the people that visit our website?
We may determine the approximate location of your device from your IP address. We collect and use this information to calculate how many people visit our website from certain geographic regions. When completing our contact form, you will be asked to enter your name, email address or other details in order for us to respond.
When do we collect information?
We collect information from you when you subscribe to a newsletter, fill out a form or enter information on our site.
How do we use your information?
We may use the information we collect from you in the following ways:
-
To improve our website in order to improve user experience
-
To follow up with you after correspondence
How do we protect your information?
Our website is scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to our site as safe as possible. Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems and are required to keep the information confidential. We implement a variety of security measures when a user enters, submits, or accesses their information to maintain the safety of your personal information.
Use of Cookies
Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your Web browser (if you allow) that enables the site’s or service provider’s systems to recognise your browser and capture and remember certain information. We use cookies and similar technologies, such as tags and pixels (“Cookies”), to analyse our website traffic, to allow content subscription and for essential website functions. This section provides more information about Cookies, including how we use them and how you can exercise your choices about our use of Cookies.
We use analytics cookies to understand how you use our website so we can monitor performance and ultimately improve user experience. The information is collected on our behalf by WordPress. The third parties’ software collects and stores that data (however, they won’t use your data for any purpose other than collecting and storing the data on our behalf). Members of our staff that deal with the above third parties will also have access to this data (no staff that don’t need to access the data for the above purpose will have access to it).
Some of our website features make use of third-party applications and services to enhance the experience of visitors. These include social media platforms, such as Facebook and Twitter (via our sharing feature). As a result, cookies may be set by these third parties, and used by them to track your online activity. We have no direct control over or access to the information that is collected by these cookies. We recommend consulting the individual privacy policies of any such services for more information.
When you accessed the website (www.bassline.ie) you were presented with an alert that notified you of our use of cookies. If you continue to use the website you are agreeing to the use of the cookies described in this notice.
You can use your browser settings to accept or reject new cookies and to delete existing cookies. Your browser should have a ‘help’ function which will tell you how, and you can find more about how you can delete and manage cookies at http://www.allaboutcookies.org/. Restricting the use of cookies may mean that you will not be able to use of all the features or services available on our website.
Complaints: If we do anything to upset you, please let us know – we’ll do our best to put it right!
Bassline Strategy Ltd. strives to ensure that all individuals taking part in our research find the experience to be easy, convenient and engaging. We employ strict, ethical practices such that the content and administration of our research is in no way likely to cause offence or distress to participants. We also always reward individuals for their participation. Incentives are always administered within the timeframe specified at the beginning of the project (usually a week).
If for any reason you have been unsatisfied with your experience with us, or if you are concerned about how your data is being used, please email david@bassline.ie with “Complaint” as the subject. We will endeavour to get back to you within 2 working days. If you are unhappy with how we have dealt with a complaint, you are able to escalate this to the Data Protection Commissioner.