Introduction
CRC Research Inc. (“CRC”) is a CRIC Accredited market research company and operates premier facilities across Canada for focus groups and individual interviewing. CRC specializes in medical and consumer recruitment for both qualitative and quantitative projects. As per CRIC member requirements, CRC is compliant with the ISO 20252:2019 Market, Opinion and Social Research Vocabulary and Service Requirements.
Purpose
Respecting the privacy of all those we deal with, and maintaining their trust is of paramount importance to us. This Privacy Policy describes the information we collect from our research participants, the reason for doing so and how we handle this information.
CRC is committed to remaining compliant with the privacy regulations of the jurisdictions we operate in, including Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), any Provincial enhancements thereto, and with the new European GDPR regulations. We adapt to changing industry standards and new technologies, and to new regulations and legislation.
Accountability
CRC is responsible for demonstrating sound personal information management practices. Respect for privacy is demonstrated through accountability measures and includes:
Implementing comprehensive and proportionate policies and procedures for the handling of personal information
Ensuring that appropriate record keeping, reporting
and security structures are in placePromoting a culture of understanding and awareness of personal information management practices amongst employees
Any further questions regarding privacy policy and/or personal information management practices may be submitted to the Privacy Officer:
Kathy Harsz
121 Bloor Street East, 2nd Floor, Toronto, ON M4W 3M5
416-544-3005, kathy@crcresearch.com
Collection and use of personal information
A. What type of information does CRC collect?
CRC collects information from those interested in participating in market research studies. At a minimum, the information collected includes the full name, age, and gender and contact information of interested participants. Further customized information may be collected depending on the specifics of individual studies.
B. How and why does CRC collect this information?
The information collected is used to provide clients with strategic target audiences for market research studies. The purpose of these studies is typically to obtain feedback from the target audience on proposed new/ updated products or services, or on the effectiveness of marketing campaigns. Participant information is presented anonymously to clients.
The information is collected via secure pre-screening online links, which are programmed by dedicated recruiting coordinators for each given study. At times, this information is also collected by telephone. The rationale for collecting information is to screen potential participants using client questionnaires in order to ensure that the proper target audience is recruited for the purposes of the given study.
Security Safeguards
A. Why does CRC Research need my ID verification?
CRC research requires proof of identity from all participants to deter and detect fraudulent participants. The ID check allows CRC Research to verify the respondent details against those submitted during recruitment, and to properly identify the individual invited to participate in a study. The ID also ensures that the correct person is the recipient of the study honorarium. Equally importantly, CRC Research frequently undertakes research on regulated substances such as alcohol and tobacco, and we need to ensure that only those of legal age (as specified by individual Canadian jurisdictions) are included in the research. This requires that we ask for ID verification so that we remain compliant not only with current legislation, but also with the constraints required by the client commissioning the given study.
B. How does CRC keep information safe?
Information is stored within dedicated servers located within the CRC offices in Toronto, Vancouver and Montreal. Strict and specific security access perimeters ensure that only certified staff has access to information. File transfer protocols requires project specific login credentials, all of which are password encrypted and distributed only to authorized recipients.
C. How long is information kept?
As per standardized best practices and guidelines, study materials are kept for a minimum of six (6) months. After one (1) year, study materials are deleted from the servers. If participants agree, their information may be kept on file for the sole purpose of inviting individuals to future studies. Information will be permanently deleted at the request of any individual.
Where a client provides a list of potential participants, this list is automatically destroyed at the conclusion of the study.
D. Is information shared or sold?
Under no circumstances would CRC share or sell any participant information.
E. Do any third parties collect or have access to information that CRC gathers?
No. CRC employs the highest security standards, ensuring only authorized internal personnel access collected information stored in the database, client sample or target lists.
F. Does CRC use cookies?
CRC does not use cookies.
Choice and transparency
A. What rights do individuals have with regards to their information?
Research participants have the right to be informed about the collection and use of personal information
They have the right to request an update, modification, or deletion of information
They have the right to opt-out of any service or to withdraw any consent that may have been previously granted
B. How will CRC facilitate information rights?
CRC will provide access to information including: the rationale for processing personal information, retention periods, and, if any, third party access
Requests to update, modify or delete information will be performed by the management team of the panel and/or database
CRC encourages consultation with the Privacy Officer when questions arise
C. How will CRC manage respondent consent?
CRC will collect written and at times verbal consent from all participants recruited for all commissioned
Consent forms will be issued to all participants thoroughly outlining the purposes of the study and the details involved around respondent participation
CRC encourages consultation with the Privacy Officer when questions arise
D. How does CRC Research manage privacy breach?
CRC has been successful in ensuring full security and has never experienced a privacy breach to date
CRC’s protocol for dealing with potential privacy breaches involves a shutdown of the system ensuring the situation is quarantined, and allowing the IT team to identify the issue at hand and take corrective action
Once a breach is identified, the Privacy Officer and CRC management are notified, together with any impacted clients and/or participants
Following containment of the breach and resolution, the CRC IT team proceed with full system check and security enhancements as needed
CRC encourages consultation with the Privacy Officer when questions arise