MDI PRIVACY COMPLIANCE POLICY
MDI Privacy Compliance Policy
LAST UPDATED JULY 2018
MDI fully endorses and complies with the Australian Privacy Principles (APPs) contained in the Privacy Act (1988) in relation to the handling of personal information. MDI also complies with the Market and Social Research Privacy Code (2014) which sets out how the APP’s are to be applied in relation to the collection, retention, use and disclosure of personal information in market and social research. This code is administered by AMSRO (Australian Market and Social Research Organisation) and adjudicated by the Australian Privacy Commissioner.
MDI is compliant with the new GDPR data security policy which came into effect May 2018.
What we collect
The types of personal information we collect about research participants will vary depending on the purpose for which it is collected, but may include:
Name, date of birth, email address (and in some cases more detailed contact preferences);
Opinions and feedback on a range of topics, including use of certain brands, products & stores frequented in the course of participating in market research we conduct;
Information regarding personal or professional interests, demographics, experience with our services;
Location data and images collected that may be collected through participating in research activities conducted via an online application or platform; and
Personal information such as email address or mail address to fulfil any incentive or reward which the user has earned through the conduct of market research; and
Any other linked data.
You do not have to provide us with any personal information, however if you do not do so we may not be able to facilitate your participation in Projects.
Depending on the nature of the research we conduct, we may also collect sensitive information from you including racial or ethnic origin, political opinions, religious or philosophical beliefs, association membership, or details of health, disability or sexual activity or orientation, biometric and/or genetic data. Sensitive information will only be collected with your prior consent and only if it is directly related to, or reasonably necessary for, the research we conduct.
MDI will generally collect your personal information directly from you in the course of you participating in research and/or surveys. However, MDI may also collect information about you from its clients to whom you have expressed an interest in participating in market research activities conducted on their behalf. If so, we will inform you as soon as practicable of this collection and the circumstances of this collection.
We do not collect any unsolicited information under any circumstances.
How we use your personal information
MDI uses your information for the purpose of conducting market research activities and to better understand your needs, aiming to provide you with a better service. Specifically, we also use your information to help you complete a transaction, participate in market research we conduct, to communicate back to you, to update you on service and benefits, and to personalise research tasks for you.
From time to time, we may also use your information to contact you to provide you with information about opportunities to participate in a research panel or provide information about a special offer we think would be of particular interest. At a minimum, we will always give you the opportunity to opt out of receiving such direct marketing or technical updates. We will also follow local requirements, such as allowing you to opt in before receiving unsolicited contact, where applicable.
MDI will not sell, rent, or lease or otherwise deal with your personally identifiable information to others. Unless we have your permission or are required by law, we will only share the personal data you provide online with other MDI entities and/or business partners who are acting on our behalf for the uses. Such MDI entities and/or business partners, including those in other countries, are governed by our privacy policies with respect to the use of this data and are bound by the appropriate confidentiality agreements. Any overseas supplier is bound by an agreement with MDI to abide by the Australian Privacy Principles and the EU GDPR policy where applicable.
Data collected online may also be combined with information you provide when making other contact with MDI.
If we wish to use any of this personal information, or data for any purpose other than those specified above, we will not do so unless we have your express consent to do so.
If you are located:
(a) in Australia, we will take reasonable steps to ensure the overseas recipient does not breach the Australian Privacy Principles in relation to any of your personal information that we disclosed to them; and
(b) in the EU, and the disclosure is to a recipient in a country that is not subject to an adequacy decision by the EU Commission, data will be adequately protected by EU Commission approved standard contractual clauses, an appropriate Privacy Shield certification or a vendor's Processor Binding Corporate Rules. A copy of the relevant mechanism can be provided for your review by contacting us using the contact details below.
Sharing of Personal Identifiable Information
Any information supplied to MDI, by a third party, including government related identifiers, is deleted from our system, at the completion of each applicable research project.
Any requests for Bank details are made on a project basis. This is requested purely to enable payment of incentives. All details are deleted at the completion of the applicable research project. We do not add these details to your permanent record.
How long we retain your data
Where we process survey data, or other personal data associated with our legitimate business purposes, we will retain this data for a period of 12 months unless otherwise advised.
Where we process platform registration data, we will retain this data for or as long as you are a registered user of our platform and you have not removed your account.
Where the account is deleted or you are no longer a registered user of our platform, we will keep the data for a period of 3 months as a backup before it is removed.
Where we process personal data with your consent, we will retain it until you ask us to stop and for a short period after this (to allow us to implement your requests).
Accuracy & Access to your Information
MDI strives to keep your personally identifiable information accurate. We will provide you with access to your information, including making every effort to provide you with online access to your registration data so that you may view, update or correct your information at the MDI site where it was submitted.
To protect your privacy and security, we will also take reasonable steps to verify your identity before granting you access or enabling you to make corrections. To access your personally identifiable information, return to the web page where you originally entered it and follow the instructions on that web page. Certain areas of MDI’s web sites may limit access to specific individuals through the use of passwords and through providing personal data.
Any overseas partners must abide by and adhere to Market and Social Research Privacy Principles in the Privacy Act (1988) in relation to handling of personal information or the GDPR if located within the EU.
Wherever we rely on your consent, you will always be able to withdraw that consent, although we may have other legal grounds for processing your data for other purposes, such as those set out above.
If you wish to withdraw your consent, please contact our privacy department using the email address below. You will be required to confirm your identity before we can remove any personal data.
A cookie is a piece of information contained in a very small text file that is stored in your Internet browser or elsewhere on your hard drive. Cookies allow a website to identify a user's device whenever that user returns to the website and are commonly used in order to make websites work more efficiently and enrich the user experience, as well as to provide information to the owners of the site.
Information is also generated whenever a page is accessed on MDI that records information such as the time, date and specific page. We collect such information for statistical and maintenance purposes that enables us to continually evaluate the performance of the survey platform utilised, Web Survey Creator (WSC).
We do not tie information gathered using third party analytics to your personal information.
MDI is committed to ensuring the security of your information. To prevent unauthorised access or disclosure, maintain data accuracy, and ensure the appropriate use of information, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect online. We use appropriate encryption when collecting or transferring sensitive data.
Enquiries and Complaints
For further Privacy information, please refer to your local region’s policies.