Privacy & Compliance
Data Protection Policy
Our commitment to protecting personal data and upholding the rights and privacy of every research participant.
1. Data Protection Principles
GABS is committed to processing data in accordance with general responsibilities under data protection regulations, which include: (1) protecting the privacy of the individual and personal data by regulating the processing of personal information; and (2) providing processes to obtain, hold, use or disclose personal information lawfully.
2. General Provisions
This policy applies to all personal data processed by GABS. This policy shall be reviewed at least annually or whenever the need arises. All staff, contractors, and associates who handle personal data on behalf of GABS Research are required to comply with this policy.
3. Lawful, Fair and Transparent Processing
To ensure its processing of data is lawful, fair and transparent, GABS Research shall keep all consent forms obtained from survey participants for a minimum of 2 years, or as required by the client, in a secured manner accessible only to authorised personnel.
4. Lawful Purposes
All data processed by GABS Research must be done on one of the following lawful bases: consent, contract, legal obligation, vital interests, public task, or legitimate interests. Survey participants have the right to opt out of a survey and all information collected from them would be discarded upon withdrawal.
5. Data Minimisation
The company shall ensure that personal data collected are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. Collection of unnecessary personal data is strictly prohibited.
6. Archiving / Removal
To ensure that personal data is kept for no longer than necessary, GABS shall put in place an archiving policy for each area in which personal data is processed. This process shall be reviewed annually. The policy shall consider what data should be retained, for how long, and why.
7. Security
Personal data shall be stored securely using modern, encrypted software. All paper-based data must be stored securely in locked filing cabinets. Access to personal data shall be limited to authorised personnel only. Data shall not be shared informally. Personal data shall not be transferred to any country without adequate data protection legislation unless the express consent of the individual has been obtained.
8. Subject Access Request
All individuals whose data is processed by GABS Research have the right to: access a copy of their personal data; object to processing of their personal data; prevent processing for direct-marketing purposes; ask to have inaccurate data amended; request that their data be erased.
9. Disclosure of Data
GABS Research may share data with government bodies and law enforcement agencies if legally required to do so. Otherwise, personal data will not be shared, sold, or disclosed to third parties without explicit consent.
10. Consequences of Failure to Comply
Failure to comply with this Data Protection Policy may result in disciplinary action. If a contractor or employee knowingly or recklessly discloses personal data in contravention of this policy, GABS Research reserves the right to pursue legal remedies.