The Insights Loop Pty Ltd
Version 1.0 - 4 September 2023
- About this Privacy Policy
- We are committed to complying with our privacy obligations in accordance with all applicable data protection laws, including the Australian Privacy Principles contained in Schedule 1 to the Privacy Act 1988 (Cth).
- If we decide to change this Privacy Policy, we will post the updated version on this webpage so that you will always know what personal information we gather, how we might use that information, where we store it and whether we will disclose it to anyone. Our policy is to be open and transparent about our privacy practices.
- This Privacy Policy only applies to personal information that we collect in the course of conducting market research. It also applies to personal information supplied to us via forms on our website at [theinsightsloop.com] or otherwise when a prospective customer requests information about The Insights Loop.
- Research participant personal information
- The Insights Loop is a market research company that conducts market research on behalf of pharmaceutical companies in Australia, and also sells certain market research known as Key Opinion Leader Studies (KOL Studies) to other companies.
- Our clients are Australian pharmaceutical companies who provide us with the personal information of research participants such as doctors or patients who we then contact to conduct the KOL Studies.
- In this Privacy Policy, we refer to the pharmaceutical companies as our customers and the research participants whose personal and/or sensitive information is processed as “data subjects”.
- Our responsibility for customer and data subject privacy
- When we provide market research services on behalf of our customers, it may be necessary for us to access personal information that is provided to us by our customers or our recruitment service partners. As a business that provides market research services to the pharmaceutical sector, we take our responsibilities in relation to data privacy, especially in relation to sensitive information such as health information, very seriously.
- We require our customers to obtain all relevant privacy consents and authorisations from the data subjects as required by applicable law in order for the personal information that is provided or made available to us by customers to be collected, disclosed and otherwise processed by us when providing our market research services on behalf of any customer. However, in some instances where a customer has not obtained such consent from a data subject, we will seek this consent from the data subject on their behalf. We also require our customers to ensure that all of their data subjects’ personal information that is accessed by us is accurate, up to date, complete, relevant and not misleading.
- We encourage our customers to ensure that data subjects are familiar with the applicable customer’s privacy policy, so that the data subjects understand how they collect, use and otherwise process personal information about them whether via our market research services or otherwise.
- The types of personal and sensitive information we collect and hold
- We collect and hold the following types of personal and sensitive information:
- Information collected via forms completed on our website at theinsightsloop.com: We collect contact details of potential customers who enquire about our products or services via our website at www.theinsightsloop.com. These contact details may include names, telephone numbers, email addresses and/or business addresses.
- Information collected when entering into an agreement with customers for market research services: We collect contact details of customers including names, telephone numbers, email addresses and/or business addresses of customer personnel, where we agree to conduct market research services on behalf of such customers. We also collect contact details of recruitment service providers including names, telephone numbers, email addresses and/or business addresses.
- Information collected via our customers and/or recruitment service partners: We collect contact details of data subjects including names, telephone numbers, email addresses and/or business addresses provided to us by our customers and/or recruitment service partners.
- Information collected during market research interviews with data subjects and surveys for KOL Mapping Studies: In the course of conducting a market research interview on behalf of a customer we may collect personal information, including sensitive information such as when the data subject is a patient and information disclosed relates to the data subject’s health. We may also collect the personal information of data subjects including names, professional titles and business addresses when conducting surveys for KOL Mapping Studies. We may also engage a recruitment service provider to conduct the KOL Mapping Studies.
- How we collect personal and sensitive information
- Our policy is to be completely transparent about how and why we collect personal and sensitive information and not to collect personal and sensitive information by means that are unfair or unreasonably intrusive.
- We collect personal and sensitive information in the manner set out above in clause 4.
- We also collect personal information about our customers’ and recruitment service providers’ personnel and about prospective customers’ and recruitment service providers’ personnel in one or more of the following ways:
- when they contact us with enquiries about our products or services, whether by email, via our website or via telephone;
- during the preparation, negotiation and performance of our contracts that we enter into with customers or recruitment service providers and for billing purposes; or
- when it is voluntarily disclosed to us (including, but not limited to via telephone, e-mail and online forms).
- How we use personal information
- We use personal information about customers’ and recruitment service providers’ personnel and data subjects to enforce our legal rights, comply with our legal obligations and as otherwise set out in the following table:
- We collect and hold the following types of personal and sensitive information:
Category |
How we use and process that personal information |
Our reason for collecting the personal information |
Personal information about prospective customers’ personnel |
· We use this information to notify prospective customers about our services and to follow up with them in response to requests that they may make to us via our website at www.theinsightsloop.com or when they otherwise contact us to enquire about our services.
|
· Necessary for our legitimate interests (in order to operate, administer and grow our businesses).
|
Personal information about customers |
· To provide market research services to customers, including writing the script, conducting the interview, preparing a report and selling the KOL Study. · To communicate with customers about the market research interviews conducted by us on their behalf. · To send out billing information and notices and process payments. · In order to identify a customer when they contact us for technical support. · To administer our contractual relationships with a customer (and to enforce our contractual rights). · To handle complaints. |
· Necessary for our legitimate interests (in order to operate, administer and grow our businesses including to provide support to customers who have engaged us to conduct market research services on their behalf, and to ensure the successful delivery of our services). · Performance and enforcement of our contracts with our customers. · Compliance with our legal and statutory obligations. |
Personal information about recruitment service providers |
· We use this information to identify and contact our recruitment service providers and their personnel. |
· Necessary for our legitimate interests (in order to operate our business via the engagement of a recruitment service providers) |
Personal and sensitive information about data subjects |
· To provide market research services to customers, including contacting potential data subjects in relation to scheduling interviews; sending market research data collected during the market research interviews to customers; and preparing market research reports for clients; · To prepare KOL Mapping Studies which are privately published then sold to our customers. · Subject to the consent of the data subject reasonably obtained from either us or our customer, to report an adverse event, product quality complaint or special situation (e.g. drug use during pregnancy). · When in-depth interviews are conducted and these interviews produce data relevant to our customer’s market research, we de-identify that data and only use the initials of the data subject’s name and/or a “Respondent ID”. This de-identified data is then used to create research insights for our customers.
|
· Necessary for our legitimate interests (in order to provide market research services to customers). · Performance and enforcement of our contracts with our customers. · Compliance with our legal and statutory obligations. |
- How we hold and secure personal information
- Where we hold or store personal information as set out above in clause 4, we will hold the information in our offices, computer systems and third-party owned and operated hosting facilities. In particular:
- we use hosting facilities operated by reputable hosting providers such as Microsoft to hold customer and data subject information;
- personal and sensitive information that is provided to us via email or phone is held on our Microsoft OneDrive servers or those of our cloud-based email providers which have restricted access security protocols;
- personal information is held on computers and other electronic devices in our offices and at the premises of our personnel; and
- we hold personal information that is provided to us in hard copy in files and folders in secure locations.
- Where we are provided with personal and/or sensitive information of data subjects, we retain this information for up to one month before deleting it from our computer systems and servers. Where data subjects provide us with sensitive information during patient interviews, we store this information in a de-identified way.
- We take reasonable steps to protect personal information that we hold set out above in clause 4 using such security safeguards as are reasonable in the circumstances to take, against loss, unauthorised access, modification and disclosure and other misuse, and we implement technical and organisational measures to ensure a level of protection appropriate to the risk of accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal information transmitted, stored or otherwise processed by us.
- For example, we:
- use SSL encryption for www.theinsightsloop.com
- perform security testing and maintain other electronic (e-security) measures for the purposes of securing personal information, such as security controls for email and other applicable computer software and systems, passwords, anti-virus management and firewalls;
- have data backup archiving and disaster recovery processes in place with server files saved locally and on the Microsoft OneDrive server;
- ensure that our suppliers encrypt the Excel files containing the personal information of data subjects;
- have an annual IT audit procedure we follow in which we conduct security audits for electronic and physical infrastructure;
- maintain physical security measures in our buildings and offices such as two doors with locks, window locks and visitor access management, cabinet locks, surveillance systems and alarms to ensure the security of information systems (electronic or otherwise);
- require all of our employees, agents and contractors to comply with privacy and confidentiality provisions in their employment contracts and subcontractor agreements that we enter into with them, including requiring that all recruitment service providers who conduct the market research interviews execute Non-Disclosure Agreements with us;
- implement passwords and access control procedures into our computer systems;
- have an online records management system on secure networks in place; and
- with respect to personal information that we no longer require or where we are otherwise required to destroy it under applicable law, we ensure that such personal information is securely de-identified (where permitted by law) or destroyed.
- Disclosure of personal information
- We only disclose personal information set out above in clause 4 to third parties as follows:
- where such disclosure is required in order for us to provide the services that a customer engages us to provide; and where the information is sensitive information, only where the customer provides its consent to us in respect of the disclosure;
- when conducting market research services, we may outsource certain obligations to third party contractors in accordance with our contractual rights. Professional services carried out by contractors, such as contacting the research participant and conducting the interview, may require access to a data subject’s personal information. We ensure that all staff and contractors are aware of their information security responsibilities, are appropriately trained to meet those responsibilities and have entered into agreements which require them to comply with privacy and confidentiality obligations that apply to personal information that we provide to them;
- when providing information to our legal, accounting or financial advisors/representatives or insurers, or to our debt collectors for debt collection purposes or when we need to obtain their advice, or where we request their representation in relation to a legal dispute;
- where a person provides written consent to the disclosure of their personal information;
- where it is brought to our attention that specific personal information needs to be disclosed to protect the safety or vital interests of any person;
- for the conduct of proceedings before any court or tribunal (being proceedings that have been commenced or are reasonably in contemplation);
- when we de-identify personal information and then use it for our or third party research purposes;
- Where we hold or store personal information as set out above in clause 4, we will hold the information in our offices, computer systems and third-party owned and operated hosting facilities. In particular:
in the event of a merger, dissolution, reorganisation or similar corporate event, or the sale of all or substantially all of our assets, we expect that the information that we have collected, including personal information, would be transferred to the surviving entity in a merger or the acquiring entity, and in such case all such transfers shall be subject to our commitments with respect to the privacy and confidentiality of such personal information as set out in this Privacy Policy;
- when required to disclose personal information in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements, or to other third parties when compelled to do so by government authorities or required by law or regulation including, but not limited to, in response to court orders and subpoenas; or
- where otherwise required by law.
- Third party websites
- Our website may include links to third party websites. Our linking to those websites does not mean that we endorse or recommend them. We do not warrant or represent that any third party website operator complies with applicable data protection laws. Customers and their end users should consider the privacy policies of any relevant third party website prior to sending personal information to them.
- Interacting with us without disclosing personal information
- If a person does not provide us with their personal information, they can only have limited interaction with us. For example, a person can browse our public facing website at theinsightsloop.com without providing us with personal information such as the pages that generally describe the services that we make available. However, when a person submits a form on our website or a pharmaceutical company enters into a contract with us for us to provide market research services on their behalf, we need to collect personal information for identification purposes, so that we can provide our market research services, and for the other purposes described in this Privacy Policy.
- Any person has the option of not identifying themselves or using a pseudonym when contacting us to enquire about our services.
- How to access and correct personal information held by us
- Subject to verification of your identity, you can contact us directly using our contact details provided in clause 14 to access and correct personal information that we hold about you.
- We will handle all requests for access to personal information in accordance with our statutory obligations. We may require payment of a reasonable fee by any person who requires access to their personal information that we hold, except where such a fee would be contrary to applicable law.
- Retention and de-identification of personal information
- For the purposes of the Privacy Act 1988 (Cth), we may take such steps as are reasonable in the circumstances to de-identify the personal information that we hold about an individual where we no longer need it for any purpose for which it was collected and/or used, if the information is not contained in a Commonwealth record and we are not required by Australian law (or a court or tribunal order) to retain it.
- Where we collect sensitive information about data subjects, we undergo a process to store this information in de-identified format.
- Opt-out for direct marketing
- If a data subject, nominated by their peers, agrees to have their name published in a in a Key Opinion Leader Mapping Study, their personal information (name and any privately provided or publicly available contact information) may be privately published in one of our customer’s reports for future direct marketing. Data subjects, nominated in our KOL mapping studies, may opt-out from the use of their personal information for direct marketing purposes by responding to our opt-out email/letter that is sent to them.
- Contact details
- Any person who wishes to contact us for any reason regarding our privacy practices or the personal information that we hold about them, or to make a privacy complaint, may contact us using the following details:
Privacy Representative
Name: Yvette Voysey
Email: [email protected]
Address: 9/38 St Marks Road, Randwick NSW 2031
- We will use our best endeavours to resolve any privacy complaint with the complainant within a reasonable time frame given the circumstances. This may include working with the complainant on a collaborative basis or otherwise resolving the complaint.
- If the complainant is not satisfied with the outcome of a complaint or they wish to make a complaint about a breach of the Australian Privacy Principles, they may refer the complaint to the Office of the Australian Information Commissioner who can be contacted using the following details:
Office of the Australian Information Commissioner
Telephone: 1300 363 992
Online Enquiries: https://www.oaic.gov.au/about-us/contact-us
Online Privacy Complaint Form: https://www.oaic.gov.au/privacy/privacy-complaints/lodge-a-privacy-complaint-with-us
Address: GPO Box 5288, Sydney NSW 2001, Australia