Our GDPR Guidelines
Quintana Research (henceforth mentioned as “Us” or “We”) fully abides by all the compliance measures as described under the General Data Privacy Regulation (“GDPR”).
- We have a Consent Management Program in place where users have to give us their clear and explicit consent.
- Users also have the right to extract their consent. They can do so by sending us an email or clicking on the opt-out option.
- purpose of data collection;
- the data is categorized into: transferred and non-transferred PII (Personal identifiable information), and sensitive and non-sensitive data;
- Time and date of the consent gained from users;
- Time and date for the modification, or objection, or erasure of the PII information;
- Maintaining the record of EU certification (if any);
- Record of technical details of the data collection; and
- To record and review the results of data protection impact assessment, when required.
- We have a Data Subject Access Rights procedure in place. Users can request for a copy of all the Personal Data collected regarding themselves using this procedure.
- We take no more than 30 days to handle such requests.
- Records of any such requests made are documented and stored correctly.
- Users can find the right email address to raise any related issues in the Policy.
- We use pseudonymization wherever possible, aided by encryption technology, to reduce any risk to the users.
- All Personal Information stored in our servers is entirely secured and encrypted.
- Any breaches occurred are duly documented and the supervisory authority is notified within 72 hours.
- We are well prepared to perform an assessment of the impact of processing operations on the protection of personal data whenever the nature, scope, context and purpose of our processing will attract the same.
- We shall designate a DPO if and when any instance arises where our central purpose requires consistent and systematic data monitoring of the users.
- Our DPO will report to the CEO and/or the Board directly.
- We follow industry-standard clauses for data protection in all our contracts with our vendors and customers.
- We take care that our contracts do not raise any conflict with the fundamental rights or freedoms of the users.