Privacy Policy - in-sync

The security of personal information about in-sync’s market research respondents is essential for in-sync to provide services to its clients with integrity. In addition, in-sync has obligations under PIPEDA (Canada’s Personal Information Protection and Electronic Documents Act), as well as other Privacy legislation in the jurisdictions in which our research may take place.

The scope and application of the in-sync Privacy Policy (the “Policy”) are as follows:

• The Policy applies to personal information collected, used, or disclosed by in-sync in the course of commercial activities.

• The Policy applies to the management of personal information in any form, including oral, electronic or written.

• The Policy does not impose any limits on the collection, use or disclosure of the following types of information by in-sync :

(a) Non-personally identifiable information;
(b) The name, title, business address and/or telephone number of an employee of an organization;
(c) Other information about an individual that is publicly available and is specified by regulation pursuant to the Personal Information Protection and Electronic Documents Act (Canada).

• The application of the Policy is subject to the requirements and provisions of the Personal Information Protection and Electronic Documents Act (Canada), the regulations enacted hereunder, and any other applicable legislation or regulation.

For purposes of the policy, Personal Information (“PI”) shall mean any information that can identify an individual directly or through other reasonably available means. For greater clarity, PI can include, :
1. a first name together with last name or initials
2. a home or other physical address
3. an email address or other online contact information
4. a telephone number
5. a government issued identifier
6. IP protocol details that identifies an individual
7. facial images
8. detailed birth dates or treatment dates

As part of in-sync’s commitment to treat personal information with respect, in-sync operates in accordance with the following nine principles (the “Principles”):

PRINCIPLE 1 – ACCOUNTABILITY: in-sync will maintain and protect the PI under our control. in-sync has designated an individual who is accountable for compliance with the Principles. in-sync is responsible for PI in it’s possession or control and shall use contractual or other means to provide a comparable level of protection while information is being processed or used by a third party.

PRINCIPLE 2 - IDENTIFYING PURPOSES: The purposes for which PI is collected will be identified to the respondent at the time the information is collected.

PRINCIPLE 3 – CONSENT: Informed consent is required for in-sync collection, use or disclosure of any PI.

PRINCIPLE 4 - LIMITING COLLECTION: The PI collected by in-sync shall be limited to those details necessary for the purposes identified to the respondent.

PRINCIPLE 5 - LIMITING USE, DISCLOSURE AND RETENTION: in-sync will only use or disclose PI in accordance with the purposes for which it was originally collected. in-sync will retain PI only for so long as is required to fulfill the purpose for which it was collected or as required by law.

PRINCIPLE 6 – ACCURACY: in-sync shall make every reasonable effort to ensure PI is maintained in an accurate, complete and up-to-date form.

PRINCIPLE 7 - SAFEGUARDING CUSTOMER INFORMATION: in-sync shall utilize industry standard security measures to protect PI.

PRINCIPLE 8 - CUSTOMER ACCESS: Upon request, in-sync shall inform respondents of: (i) the type of PI in-sync has collected; (ii) how in-sync has used PI in the past, and how in-sync may us PI in the future; and (iii) whether or not in-sync has disclosed PI to any third parties (and, if so, to whom). Individuals may verify the accuracy and completeness of their PI, and may request that it be amended, if appropriate.

PRINCIPLE 9: HANDLING CUSTOMER COMMENTS
Customers may direct any questions or enquiries with respect to the Principles or about in-sync information handling practices by contacting:

Amanda Ram, Chief Privacy Officer
90 Eglinton Avenue East, Suite 403
Toronto, ON M4P 2Y3
Phone: 416-932-0921
Email: .(JavaScript must be enabled to view this email address)

TYPES OF INFORMATION IN-SYNC COLLECTS: The types of personal information in-sync may have access to depends on, and is related to, the reason (or purpose) such personal information was provided to us. Typically, in-sync would collect or have access to personal information for the following purposes:

a. To conduct quantitative or qualitative marketing and social research;
b. To understand respondent opinions to establish suitability for further quantitative and qualitative marketing and social research; and
c. To meet legal and regulatory requirements.

In conducting surveys, in-sync limits the amount and type of personal information it may collect or have access to. We collect or request access to only the amount and type of information needed for the purposes identified to individuals.

HOW IN-SYNC COLLECTS SUCH PERSONAL INFORMATION in-sync may gather or have access to PI in person, over the telephone or by corresponding with an individual via mail, facsimile, the Internet, or from third parties (such as a recruiter) who have authority to disclose such personal information to us.

in-sync typically does not directly collect PI. In the course of providing research, we engage contractors, or recruiters to collect and disclose PI to in-sync for the purpose of obtaining the participation by respondents in focus groups, on-line discussions and in-home interviews. This participation is always voluntary. When a respondent agrees to participate in in-sync research, he/she gives consent to the interview by participating, is fully informed and signs a consent form.

A respondent is always free to choose whether or not to participate in a focus group, on-line discussion and in-home interviews, free to choose not to answer any specific questions and free to discontinue participation (“opt-out”) at any time.

in-sync also requires that every third party who discloses personal information to us has consent to do so. If it is discovered that a third party has inappropriately disclosed PI to us, the Chief Privacy Officer must be informed and we will follow up immediately to rectify the situation.

http://www.insyncstrategy.com: Visitors to the in-sync corporate website are welcome to browse the site at any time anonymously and privately without revealing any personal or financial information. PI is not collected that could identify a person unless they choose to provide it voluntarily.

WHEN INFORMATION MAY BE DISCLOSED TO OUTSIDE PARTIES: in-sync does not disclose any PI to third parties except as specifically provided for in this policy. The following are the limited instances where in-sync may disclose PI to third parties:

a. To a client of in-sync where the respondent has consented to such disclosure and the client has signed a confidentiality agreement;

b. To a third party engaged by in-sync to perform functions on its behalf and the third party has signed the appropriate Service Provider’s Agreement;

c. To a public authority or agent of a public authority if, in the reasonable judgment of in-sync Consumer Insight Corp., it appears that there is imminent danger to life or property which could be avoided or minimized by disclosure of the information; or

d. To a third party or parties, where the respondent consents to such disclosure or disclosure is required or permitted by law.

e. To the parent/legal guardians of minors in situations in which the minor respondent(a) threatens or harasses another individual who is participating in the study; (2) communicates or implies a threat to seriously harm themselves or others; or (3) discloses serious crimes that they have either committed or intend to commit.

In such circumstances, in-sync ensures that the third party has appropriate privacy safeguards in place that are at least as rigorous as our own. Transmission of such personal information will be done via our secure web site, or if physically transferred, it will be done via a bonded courier. Under no circumstances will PI be transferred in a non-secure manner (such as unencrypted e-mail or fax).

The type of information in-sync may legally be required to disclose may relate to criminal investigations or government tax reporting requirements. In some instances such as a legal proceeding or order, in-sync may also be required to disclose certain information to authorities. Only the information specifically requested is disclosed and in-sync will take precautions to satisfy ourselves that the authorities that are making the request have legitimate grounds to do so.

IN-SYNC EMPLOYEES: In daily operations, access to private, sensitive and confidential information is restricted to authorized employees who have a legitimate business purpose and reason for accessing it.

As a condition of their employment, all employees are required to abide by the privacy standards in-sync has established. Employees are informed about the importance of privacy and they are required to agree to a code of conduct that prohibits the disclosure of any customer information to unauthorized individuals or parties.

Unauthorized access to and/or disclosure of personal information by an employee is strictly prohibited. All employees are expected to maintain the confidentiality of personal information at all times and failing to do so will result in appropriate disciplinary measures, which may include dismissal.

HOW IN-SYNC SAFEGUARDS PI: in-sync uses industry standard technologies and follows best practices to ensure that PI is protected against unauthorized access, disclosure, inappropriate alteration or misuse.

Electronic customer files are kept in a secure environment with restricted access. Paper-based files are stored in locked filing cabinets.

in-sync manages its server environment appropriately and the in-sync firewall infrastructure is strictly adhered to. in-sync security practices are reviewed on a regular basis. in-sync routinely employs current technologies, including intrusion detection systems, to ensure that the confidentiality and privacy of PI is not compromised.

The in-sync website uses Secure Sockets Layer (SSL) and 128 bit encryption technologies to enhance security when you visit the secured areas of our sites. SSL is an industry standard tool for protecting and maintaining the security of message transmissions over the Internet. When accessing the vendor or client account or send information from this site, encryption will scramble the data into an unreadable format to inhibit unauthorized access by others.

To safeguard against unauthorized access to these accounts, users are required to “sign-on” using a user id and a password to certain secured areas.

in-sync shall keep PI only as long as it remains necessary or relevant for the identified purposes or as required by law. Depending on the circumstances, where a respondent may have to be re-contacted for purposes of clarifying responses to a survey, or to seek additional responses, in-sync shall retain the personal information for a period of time that is reasonably sufficient to allow this re-contact.

in-sync shall maintain reasonable and systematic controls, schedules and practices for information and records retention and destruction which apply to personal information that is no longer necessary or relevant for the identified purposes or required by law to be retained. Such information shall be destroyed, erased or made anonymous.

LEGISLATION AND OTHER CODES OF CONDUCT: in-sync’s Privacy Policy has been established to meet the requirements of Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and the standards set forth under various U.S. Federal and State Privacy legislation, where applicable. The Privacy Policy has also been established with consideration to the following requirements:

MRIA Code of Conduct – (Marketing Research and Intelligence Association) – the MRIA Code of Conduct and Privacy Code have been incorporated into the in-sync Privacy Policy and our standard operating procedures.

At all times the identity of the client is kept confidential – not revealed to recruiters or respondents – unless specifically instructed otherwise by the client. At all times the identity of the product is kept confidential – not revealed to recruiters or respondents – unless specifically instructed otherwise by the client.

Health Insurance Portability and Accountability Act (HIPAA) – in-sync does not fall into the purview of HIPAA, although its health care clients, facilities or respondents may or may not. However, in-sync’s privacy policy and operating procedures have been set to uphold the general standards that would be required under HIPAA. In instances where in-sync will specifically be privy to patient PI through a person or entity that is HIPAA covered (physician, hospital, etc.) certain additional procedures may apply

QUESTIONS, CONCERNS AND COMPLAINTS: Questions about privacy, confidentiality or the personal information handling practices of in-sync, its employees or service suppliers, may be addressed to:

Amanda Ram, Chief Privacy Officer
90 Eglinton Avenue East, Suite 403
Toronto, ON M4P 2Y3
Phone: 416-932-0921
Email: .(JavaScript must be enabled to view this email address)

UPDATING THIS PRIVACY POLICY: Any changes to the in-sync privacy policy and information handling practices will be acknowledged in this policy in a timely manner. in-sync may add, modify or remove portions of this policy when it is appropriate to do so. You may determine when this policy was last updated by referring to the modification date found at the beginning of this policy.