The protection of personal data is a top priority for RAIT GROUP. Our companies are compliant with the guidance and requirements of the professional code of conduct applicable to all registered market research companies (ICC/ESOMAR International Code on Market, Opinion and Social Research) and all current existing local regulations, inlcuding the General Data Protection Regulation („GDPR“) especially as far as the protection of respondents’ data is concerned.
„RAIT GROUP“ OÜ companies use a variety of security technologies and procedures to help protect your personal information. Procedures may vary in each company, but general rules, which are mentioned below are applied in each RAIT GROUP unit.
Information We Collect
We may collect information including but not limited to about our clients, participants of our events, respondents and employees.
We may collect personal information from you when you use our services, such as your name, email address, and other contact information needed for the participation in the study or service use that you are informed of prior to the collection of data.
Use of Information
We use the information we collect to provide and improve our services, to communicate with you, and to comply with legal requirements. We may also use the information for research and analytics purposes, invitations to participate in our studies and to send you marketing and promotional materials.
Sharing of Information
We do not sell or rent your personal information to third parties. We may share your information with third-parties, who act as separate controllers and/or service providers, who act as processors, who help us provide our services, such as hosting providers, after signing data processing agreement.
We take reasonable steps to protect your personal information from unauthorized access, use, or disclosure. We use a variety of appropriate security technologies and procedures which vary based on the sensitivity of the personal data we process and the current state of technology. Please note that no security measures can be 100% effective and while we strive to protect your data, we cannot guaratee that the unauthorized access, use, or disclosure will never occur.
RAIT GROUP has already taken many actions to comply with the GDPR; with some of the main actions including but not limited to the following:
- Need-to-know principle. RAIT GROUP uses techniques to protect respondents’ personal data as part of its data collection operations so that access is restricted to its fieldwork teams in its operations units solely on a need to know basis.
- Employee training. RAIT GROUP trains its employees on exisiting regulations, including the GDPR.
- RAIT GROUP implements encryption solutions, notably on all employees’ laptops.
- RAIT GROUP enforces procedures in order to select suppliers processing personal data based on their capacity to comply with our data protection requirements. This means that all suppliers, who process personal data on our behalf as processors, must sign a data processing agreement with RAIT GROUP companies.
We retain the personal information we collect for as long as reasonably necessary to attain the objectives of the processing or until the legal obligation stipulates taht we do so. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the processing purposes and whether we can achieve these purposes through other means, and applicable statutory obligations. Whilst retaining the personal data, we take into account the need to resolve disputes and enforce the contract between us or anonymize your personal data and retain this anonymized information indefinitely.
Changes to This Policy
We may update this Policy from time to time to reflect the changes in the way we process personal data, and we will make this Policy available on our website.
You have the right to request access to the personal information we collect about you, to request that we correct or delete it, object to certain processing, request that we restrict the processing, request data portability and withdraw your consents, including opt out of marketing communications. You also have the right to submit your claim to the data protection authority, in Estonia to the Estonian Data Protection Inspectorate (in Estonian: Andmekaitse Inspektsioon at email@example.com or www.aki.ee).
If you have any questions or concerns about this Policy or each RAIT GROUP companies‘ privacy practices, please contact us at firstname.lastname@example.org.
Effective Date: 2023-01-01