At Abacus Data, respecting privacy is an important part of our commitment to respondents and the general public.
When you participate in survey research conducted by our organization, you can be confident that any personal information that you share with us will stay with us.
Any time you participate as a respondent in one of our your individual responses will be kept confidential and never linked to your personal identifying information without your express permission. Your personal identifying information will never be sold to anyone. You are free to choose whether or not to participate in a survey, free to choose not to answer any specific questions and free to discontinue participation at any time.
The Abacus Data Privacy Policy is a statement of principles and guidelines describing the level of protection of personal information provided by Abacus Data to respondents and the general public. The objective of the Abacus Data Privacy Policy is to promote responsible and transparent personal information management practices in a manner consistent with the provisions of the Personal Information Protection and Electronic Documents Act (Canada).
Abacus Data will continue to review its Privacy Policy to make sure that it is relevant and remains current with changing industry standards, technologies, and laws.
Abacus Data is an Accredited Research Agency Member of the Canadian Research and Insights Council (CRIC). The CRIC sets standards for research organizations to which members must adhere and which also protect your privacy.
If you have any questions about how your privacy is protected at Abacus Data , please contact our Privacy Officer by e-mail at info@abacusdata.ca or by mail at Abacus Data, 6-71 Bank St., Ottawa, ON K1P 5N2.
The ten principles that form the basis of The Abacus Data Privacy Policy are interrelated and Abacus Data adheres to the ten principles as a whole. Each principle must be read in conjunction with the accompanying commentary. As permitted by the Personal Information Protection and Electronic Documents Act (PIPEDA), the commentary in the Abacus Data Privacy Policy has been drafted to reflect personal information issues specific to Abacus Data.
The scope and application of the Abacus Data Privacy Policy are as follows:
The Abacus Data Privacy Policy applies to personal information collected, used, or disclosed by Abacus Data in the course of commercial activities.
The Abacus Data Privacy Policy applies to the management of personal information in any form whether oral, electronic or written.
The Abacus Data Privacy Policy does not impose any limits on the collection, use or disclosure of the following information by Abacus Data:
- non-personally identifiable information;
- the name, title, business address and/or telephone number of an employee of an organization; and
- other information about an individual that is publicly available and is specified by regulation pursuant to the Personal Information Protection and Electronic Documents Act (PIPEDA).
The application of the Abacus Data Privacy Policy is subject to the requirements and provisions of the Personal Information Protection and Electronic Documents Act (PIPEDA), the regulations enacted thereunder, and any other applicable legislation or regulation.
collection: The act of gathering, acquiring, recording, or obtaining personal information from any source, including third parties, by any means.
consent: Voluntary agreement for the collection, use and disclosure of personal information for defined purposes. Consent can be either express or implied and can be provided directly by the individual or by an authorized representative. Express consent can be given orally, electronically or in writing, but is always unequivocal and does not require any inference on the part of Abacus Data. Implied consent is consent that can reasonably be inferred from an individual’s action or inaction.
disclosure: Making personal information available to a third party.
employee: An employee of or independent contractor to Abacus Data.
personal information: Information about an identifiable individual, but does not include the name, title, business address or telephone number of an employee of an organization, and does not include descriptive, factual information about an organization.
respondent: A member of the public who provides personal information to Abacus Data in the course of a survey conducted by Abacus Data. For example, a respondent is an individual who discloses personal information to Abacus Data in the course of quantitative or qualitative marketing or social research.
third party: An individual or organization outside of Abacus Data.
use: The treatment, handling, and management of personal information by and within Abacus Data or by a third party with the knowledge and approval of Abacus Data: The act of gathering, acquiring, recording, or obtaining personal information from any source, including third parties, by any means.
consent: Voluntary agreement for the collection, use and disclosure of personal information for defined purposes. Consent can be either express or implied and can be provided directly by the individual or by an authorized representative. Express consent can be given orally, electronically or in writing, but is always unequivocal and does not require any inference on the part of Abacus Data. Implied consent is consent that can reasonably be inferred from an individual’s action or inaction.
disclosure: Making personal information available to a third party.
employee: An employee of or independent contractor to Abacus Data.
personal information: Information about an identifiable individual, but does not include the name, title, business address or telephone number of an employee of an organization, and does not include descriptive, factual information about an organization.
respondent: A member of the public who provides personal information to Abacus Data in the course of a survey conducted by Abacus Data. For example, a respondent is an individual who discloses personal information to Abacus Data in the course of quantitative or qualitative marketing or social research.
third party: An individual or organization outside of Abacus Data.
use: The treatment, handling, and management of personal information by and within Abacus Data or by a third party with the knowledge and approval of Abacus Data
The Ten Principles of Privacy
Principle 1
Abacus Data is responsible for personal information under its control and shall designate one or more persons who are accountable for Abacus Data’s compliance with the following principles.
Responsibility for compliance with the provisions of the Abacus Data Privacy Policy rests with the Abacus Data Privacy Officer who can be reached by e-mail at info@abacusdata.ca. Other individuals within Abacus Data may be delegated to act on behalf of the Privacy Officer or to take responsibility for the day-to-day collection and/or processing of personal information.
Abacus Data is responsible for personal information in its possession or control and shall use contractual or other means to provide a comparable level of protection while information is being processed or used by a third party.
Principle 2
Abacus Data shall identify the purposes for which personal information is collected at or before the time the information is collected.
Abacus Data collects personal information from the public only for the following purposes:
- to conduct quantitative or qualitative marketing and social research;
- to understand respondent opinions to establish suitability for further quantitative and qualitative marketing and social research; and
- to meet legal and regulatory requirements.
Further reference to “identified purposes” mean the purposes identified in this Principle.
Abacus Data shall specify orally, electronically or in writing the identified purposes to the respondent at or before the time personal information is collected in a survey. Upon request, persons collecting personal information shall explain these identified purposes or refer the individual to a designated person within Abacus Data who can explain the purposes.
When personal information that has been collected is to be used or disclosed for a purpose not previously identified, the new purpose shall be identified prior to use. Unless the new purpose is permitted or required by law, the consent of the respondent will be acquired before the information will be used or disclosed for the new purpose.
Abacus Data may provide clients or other third parties with information from any survey, in aggregate form. In aggregate form it is impossible to identify an individual respondent’s personal information.
Principle 3
The knowledge and consent of an individual are required for the collection, use, or disclosure of personal information, except where inappropriate.
Participation by respondents in survey research is always voluntary. When a respondent agrees to participate in a survey, he/she gives consent to the interview by participating.
Generally, any personal information collected in the course of an interview is not disclosed to third parties. However, occasionally, a client sponsoring a research project may want to contact respondents directly. In these cases, Abacus Data always explains the reason for the disclosure to the respondent and obtains express permission from the respondent before making any such disclosure.
A respondent is always free to choose whether or not to participate in a survey, free to choose not to answer any specific questions and free to discontinue participation at any time.
In obtaining consent, Abacus Data shall use reasonable efforts to ensure that a respondent is advised of the identified purposes for which personal information will be used or disclosed. The identified purposes shall be stated in a manner that can be reasonably understood by the respondent.
Generally, Abacus Data shall seek consent to use and disclose personal information at the same time it collects the information. However, Abacus Data may seek consent to use and/or disclose personal information after it has been collected, but before it is used and/or disclosed for a new purpose.
In determining the appropriate form of consent, Abacus Data shall take into account the sensitivity of the personal information and the reasonable expectations of its respondents.
The participation of a respondent in a quantitative or qualitative marketing or social research study may constitute implied consent for Abacus Data to collect, use and disclose personal information for the identified purposes.
Principle 4
Abacus Data shall limit the collection of personal information to that which is necessary for the purposes identified by Abacus Data. Abacus Data shall collect personal information by fair and lawful means.
In conducting surveys, Abacus Data limits the amount and type of personal information it collects. We collect only the amount and type of information needed for the purposes identified to individuals.
Abacus Data collects personal information about an individual primarily from that individual or a member of that individual’s household. Except as permitted by law, Abacus Data will only collect personal information from external sources, such as client organizations, if individuals have consented to such collection.
Principle 5
Abacus Data shall not use or disclose personal information for purposes other than those for which it was collected, except with the consent of the individual or as required or permitted by law. Personal information shall be retained only as long as necessary for the fulfillment of those purposes.
Abacus Data may disclose a respondent’s personal information to:
- a client of Abacus Data where the respondent has consented to such disclosure;
- a third party engaged by Abacus Data to perform functions on its behalf;
- a public authority or agent of a public authority if, in the reasonable judgment of Abacus Data, it appears that there is imminent danger to life or property which could be avoided or minimized by disclosure of the information; or
- a third party or parties, where the respondent consents to such disclosure or disclosure is required or permitted by law.
Only Abacus Data’s employees with a business need-to-know, or whose duties reasonably so require, are granted access to personal information about respondents.
Abacus Data shall keep personal information only as long as it remains necessary or relevant for the identified purposes or as required by law. Depending on the circumstances, where a respondent may have to be re-contacted for purposes of clarifying responses to a survey, or to seek additional responses, Abacus Data shall retain the personal information for a period of time that is reasonably sufficient to allow this re-contact.
Abacus Data shall maintain reasonable and systematic controls, schedules and practices for information and records retention and destruction which apply to personal information that is no longer necessary or relevant for the identified purposes or required by law to be retained. Such information shall be destroyed, erased or made anonymous.
Principle 6
Personal information shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.
Personal information used by Abacus Data shall be sufficiently accurate, complete, and up-to-date to minimize the possibility that inappropriate information may be used to make a decision about a respondent.
Abacus Data shall update personal information about respondents and employees as necessary to fulfill the identified purposes or upon notification by the individual.
Principle 7
Abacus Data shall protect personal information by security safeguards appropriate to the sensitivity of the information.
Abacus Data shall protect personal information against such risks as loss or theft, unauthorized access, disclosure, copying, use, modification or destruction, through appropriate security measures, regardless of the format in which it is held.
Abacus Data shall protect personal information disclosed to third parties by contractual agreements stipulating the confidentiality of the information and the purposes for which it is to be used.
All of Abacus Data’s employees with access to personal information shall be required to respect the confidentiality of that information.
Principle 8
Abacus Data shall make readily available to individuals specific information about its policies and procedures relating to the management of personal information.
Abacus Data shall make information about its policies and procedures easy to understand, including:
- title and address of the person or persons accountable for Abacus Data’s compliance with its Privacy Policy and to whom inquiries and/or complaints can be forwarded;
- the means of gaining access to personal information held by Abacus Data;
- a description of the type of personal information held by Abacus Data, including a general account of its use; and
- a description of what personal information is made available to related organizations (e.g. subsidiaries).
Principle 9
Upon request, Abacus Data shall inform an individual of the existence, use, and disclosure of his or her personal information and shall give the individual access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
Upon written request to the Privacy Officer, Abacus Data will inform an individual of the existence, use and disclosure of his/her personal information and shall be given access to that information.
In certain situations, Abacus Data may not be able to provide access to all the personal information that it holds about a respondent. For example, Abacus Data may not provide access to information if doing so would likely reveal personal information about a third party or could reasonably be expected to threaten the life or security of another individual. Also, Abacus Data may not provide access to information if disclosure would reveal confidential commercial information.
In order to safeguard personal information, a respondent may be required to provide sufficient identification information to permit Abacus Data to account for the existence, use and disclosure of personal information and to authorize access to the individual’s file. Any such information shall be used only for this purpose.
Abacus Data shall promptly correct or complete any personal information found to be inaccurate or incomplete. Any unresolved differences as to accuracy or completeness shall be noted in the individual’s file. Where appropriate, Abacus Data shall transmit to third parties having access to the personal information in question any amended information or the existence of any unresolved differences.
Respondents and employees can obtain information or seek access to their individual files by contacting the Abacus Data Privacy Officer.
Principle 10
An individual shall be able to address a challenge concerning compliance with the above principles to the designated person or persons accountable for Abacus Data’s compliance with the Abacus Data Privacy Policy.
Abacus Data shall maintain procedures for addressing and responding to all inquiries or complaints from its respondents regarding Abacus Data’s handling of personal information.
Abacus Data shall, on written request, inform its respondents about the existence of these procedures as well as the availability of complaint procedures.
The person or persons accountable for compliance with the Abacus Data Privacy Policy may seek external advice where appropriate before providing a final response to individual complaints.
Abacus Data shall investigate all complaints concerning compliance with its Privacy Policy. If a complaint is found to be justified, Abacus Data shall take appropriate measures to resolve the complaint including, if necessary, amending its policies and procedures. The respondent shall be informed of the outcome of the investigation regarding his or her complaint.
Additional Information
For more information regarding the Abacus Data Privacy Policy, please contact the Abacus Data Privacy Officer by e-mail at privacy@abacusdata.ca by mail at Abacus Data , 6-71 Bank St., Ottawa, ON K1P 5N2
Please visit the Privacy Commissioner of Canada’s website at www.priv.gc.ca/en
For Standards related to the Canadian Research and Insights Council of which Abacus Data is an Accredited Agency member please visit www.canadianresearchinsightscouncil.ca