The IMI International Privacy Code
IMI Internationalis full service market research and consulting firm completing work across North America, Europe and the South Pacific. IMI INTERNATIONAL has a strong history of protecting the privacy of its clients, employees, and respondents in all of our business operations.
The IMI INTERNATIONAL Privacy Code is a formal statement of the principles and guidelines concerning the protection of personal information provided to IMI INTERNATIONAL, by its clients, respondents and employees. The objective of the IMI INTERNATIONAL Privacy Code is to promote responsible and transparent practices in the management of personal data in accordance with the Personal Information Protection and Electronics Documents Act (PIPEDA). IMI INTERNATIONAL wants to ensure its clients, employees and respondents, that is will constantly review all of its practices concerning the protection of personal information, and remain current with all legislation and technology, to meet both today’s and tomorrow needs of its client’s, employees, and respondents.
The following is an outline of the Principals of the Personal Information Protection and Electronics Documents Act (PIPEDA), and how IMI INTERNATIONAL is acting upon them to ensure the protection of personal information both today and in the future.
Respondent Personal Confidentiality
IMI INTERNATIONAL is a market research company that is in the business of collecting respondent’s information for client’s products and related marketing activities for those products. IMI INTERNATIONAL delivers the aggregate results of all respondent’s answers to its clients. Therefore any information related to a respondent’s personal information including name, phone number, email address, or any other identifying information is never revealed to anyone including the client. The data collected is used only for the purposes of the study for which it was collected and is not used for any other purpose.
Accountability
The Data Protection Officers at IMI INTERNATIONAL are responsible for personal information under its control and are responsible for IMI INTERNATIONAL’s compliance with the following principles:
- Ensuring compliance with the provisions of the IMI INTERNATIONAL Privacy Code rests with the Data Protection Officers and senior management of IMI INTERNATIONAL, which will designate one or more people to be accountable for compliance with the code.
- IMI INTERNATIONAL shall upon request make available the title of the Data Protection Officers that are designated to oversee the IMI INTERNATIONAL Privacy Code
- IMI INTERNATIONAL is responsible for personal information in its possession or control, and shall use all appropriate means to ensure a comparable level of protection while any personal information is being used by a third party.
- IMI INTERNATIONAL will implement policies and procedures to allow the Privacy Code to take effect, including
- Implementing procedures to protect personal information and to oversee IMI INTERNATIONAL’s compliance with the IMI INTERNATIONAL Privacy Code
- Establishing procedures to respond to any inquires or complaints made – through any means of communication – i.e. phone, internet, face-to-face.
- Training and communicating to all staff at IMI INTERNATIONAL about the Privacy Code, and its policies and practices
- Allowing public access to IMI INTERNATIONAL’ Privacy Code
Identifying Purposes for Collection of Personal Information
IMI INTERNATIONAL shall identify the purposes for which personal information is collected at the request of the respondent at the end of interview.
IMI INTERNATIONAL may also handle personal information that is shared with us form a client where they have already received consent to do so.
IMI INTERNATIONAL collects personal information to understand respondent needs, attitudes, purchase intent, and preferences for client’s products, services, and related marketing activity.
Obtaining Consent for Collection, Use or Disclosure of Personal Information
The knowledge and consent of a respondent or an employee is required for the collection, use or disclosure of personal information. IMI INTERNATIONAL may also use or disclose personal information without the knowledge or consent in the case of an emergency where the life, health or security of an individual is threatened.
- In obtaining consent, IMI INTERNATIONAL shall use reasonable efforts to ensure that a respondent or employee is advised of the identified purposes for which the personal information will be used or disclosed. Purposes shall be stated in a manner that can be reasonably understood by the respondent or the employee.
- Generally, IMI INTERNATIONAL will seek consent to use and disclose personal information at the same time it collects the information; however, IMI INTERNATIONAL may seek consent to use and disclose personal information after it has been collected, but before it is used or disclosed for a new purpose
- IMI INTERNATIONAL will require respondents to consent to the collection, use or disclosure of personal information, and require that all third parties have documented proof of collection of consent.
- In determining the appropriate form of consent, IMI INTERNATIONAL will take in to consideration the sensitivity of the personal information and the reasonable expectations of it respondents and employees.
Limiting Collection of Personal Information
IMI INTERNATIONAL shall limit the collection of personal information to only that which is necessary for the purposes identified by IMI INTERNATIONAL IMI INTERNATIONAL shall only collect personal information by fair and lawful means.
- IMI INTERNATIONAL collects personal information mainly from respondents and employees
- The personal information collected is limited to email address, full name, and mailing address (when necessary for processing rewards). Additional personal information is only collected on a per study need and will be made clear to the induvial(s).
Limiting Use, Disclosure and Retention of Personal Information
IMI INTERNATIONAL will not use or disclose personal information for purposes other than those for which it was collected, except with the consent of the individual. IMI INTERNATIONAL will only retain personal information for as long as necessary for fulfillment of those purposes.
IMI INTERNATIONAL may disclose personal information about its employees for the following reasons
- For normal personnel and benefits administration
- In the context of providing references regarding current or former employees in response to requests from prospective employers
- Where the employee consents to such disclosure or disclosure is required by law
Only IMI INTERNATIONAL employees with a business need to know, or whose duties reasonably so require, are granted access to personal information about respondents and employees.
IMI INTERNATIONAL will keep personal information only as long as it remains necessary or relevant for the identified purposes or as required by law.
IMI INTERNATIONAL will maintain reasonable and systematic controls, schedules, and practices for information and records retention and destruction which applies to personal information that is no longer necessary or relevant for the identified purposes or required by law. Such information will be destroyed, erased, or made anonymous
Accuracy of Personal Information
Personal information shall be as accurate, complete and up to date as is necessary for the purposes for which it is to be used.
- IMI INTERNATIONAL will update personal information about employees as and when necessary to fulfill the identified purposes or upon notification by the individual.
Security Safeguards
IMI INTERNATIONAL shall protect personal information by security safeguards appropriate to the sensitivity of the information
- IMI INTERNATIONAL will protect all personal information against such risks as loss or theft, unauthorized access, disclosure, copying, use, modification or destruction through appropriate security measures. IMI INTERNATIONAL will protect all data, regardless of the form in which it is held.
- IMI INTERNATIONAL will protect personal information with third parties through contractual agreements, stipulating the confidentiality of the information and outlining the purposes for which it can be used.
- All IMI INTERNATIONAL employees with access to personal information will be required to respect the confidentiality of that information.
- In the event any “Personal Data” is compromised IMI INTERNATIONAL will implement the “Escalation Process for Security Incidents” within 72 hours of detection.
Openness Concerning IMI INTERNATIONAL Privacy Policies and Practices
IMI INTERNATIONAL shall make available to its respondents, and employees, specific information about its policies and practices relating to the management of personal information.
IMI INTERNATIONAL will make information about its privacy policies and practices easy to understand, including:
- The title and address of the person(s) accountable for IMI INTERNATIONAL’s compliance with the IMI INTERNATIONAL Privacy Code, and to whom all inquires and complaints can be forwarded to.
- The means of gaining access to all personal information held by IMI INTERNATIONAL
- A description of all the personal information held by IMI INTERNATIONAL, including a general account of its use
Customer and Employee Access to Personal Information
IMI INTERNATIONAL shall inform a respondent or employee of the existence, use and disclosure of his or her personal information upon request and shall give the individual access to that information. A respondent or employee shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
- Upon request IMI INTERNATIONAL shall afford respondents and employees a reasonable opportunity to review personal information in the individuals file. All personal information should be provided in an understandable form within a reasonable time and at a minimal or no cost to the individual.
- Upon request IMI INTERNATIONAL will provide an account of the use and disclosure of the personal information, and where reasonably possible, shall state the source of the information. In providing the information IMI INTERNATIONAL will provide a list of all of the corporations that it may have disclosed the information too.
- In order to protect personal information, a respondent or employee may be required to provide sufficient identification information to permit IMI INTERNATIONAL to account for the existence, use and disclosure of personal information and to authorize access to the individuals file. Any such information will only be used for this purpose.
- IMI INTERNATIONAL shall promptly correct or complete any personal information found to be inaccurate or incomplete. Any unresolved differences as to accuracy shall be noted in that individuals file.
- Respondents can seek access to their personal information by contacting a designated IMI INTERNATIONAL representative.
- Employees can seek access to their information by contacting their immediate supervisor.
Challenging Compliance
A respondent or employee shall be able to address a challenge concerning compliance with the above principles to the designated person(s) from IMI INTERNATIONAL’s compliance with the IMI INTERNATIONAL Privacy Code
- IMI INTERNATIONAL shall maintain procedures for addressing and responding to all inquiries or complaints from its respondents and employees about IMI INTERNATIONAL’s handling of personal information.
- IMI INTERNATIONAL shall inform its employees and respondents about the existence of these procedures as well as the availability of complaint procedures
- The person(s) accountable for compliance with IMI INTERNATIONAL’s Privacy Code may seek external advice where appropriate before providing a final response to the individual
- IMI INTERNATIONAL will investigate all complaints concerning compliance with the IMI INTERNATIONAL Privacy Code. If a complaint is found to be valid, IMI INTERNATIONAL shall take appropriate measures to resolve the complaint including, if necessary, amending its policies and procedures.
- A respondent or employee shall always be informed of the outcome of the investigation regarding their complaint.
- A respondent or employee may seek advice from the Office of the Privacy Commissioner of Canada at 1-800-282-1376 or inf@privcom.gc.ca and if appropriate, file a complaint with that office. However, respondents and employees are encouraged to use the IMI INTERNATIONAL internal information and complaint procedure first.
Audits and Training
- Quarterly audits of the Personal Data Handling Policy are conducted by the Data Protection Officers
- All employees receive data handling/data protection training;
- New employees receive training prior to handling any “Personal Data”
- Current employees receive annual refresher training
- Audit programs and training programs are updated as required
For additional questions please contact dataprotection@consultimi.com.