Privacy Policy of Prósent ehf.

Prósent ehf. (also referred to as “the Company” and “Prósent”) is committed to ensure the reliability, confidentiality, and security of personal information that the company collects for research purposes.

This privacy policy is intended to inform recipients and respondents of research on behalf of Prósent about what personal information is collected, how such personal information is used and who gets access to the information.
This privacy policy applies to recipients and respondents of research, but it also refers to recipients and respondents as “you” and to the company as “we”.

If you are in doubt regarding our privacy policy, please contact Prósent for more information.

1.Purpose and Legal Obligation

The company strives to comply with all privacy legislation. This privacy policy is based on Act No. 90/2018 on Data Protection and the Processing of Personal Data (the “Data Protection Act”).

2. Liability

Prósent is responsible for the processing of personal information that takes place in the company’s operations and is the responsible party for the processing within the meaning of the Data Protection Act. However, Prósent may also appear as a processor, e.g., when conducting surveys on behalf of its customers.

3. What is Personal Data?

This policy defines personal data as any information regarding a personally identified or personally identifiable individual, i.e., information that can be traced directly or indirectly to a specific individual. Data that are not personally identifiable or anonymous are not considered personal information.

4. Personal Data collected and processed by the Company

Due to research we conduct for our clients; we may collect personal information about you connected to the relevant market research. However, the company may collect different personal information about different parties and the processing and collection of personal information may depend on the nature of the research that Prósent conducts at any given time.
Due to our communication with you for research, we may process various personal information that may vary depending on the needs of our customers and the type of research, such as:

  • Human resources research: Such as e-mail address, department name and name of supervisor.
  • Customer service research: Such as email address, type of business and number of years in business.
  • Survey panels: Such as email address.

In addition to the above information, the company may also collect and process other information that you provide to the company. It is important to note that responses can never be traced to respondents.

In all presentation of data, Prósent makes sure that it is not possible to trace responses to individual participants. As an example of employee satisfaction surveys, if the number of respondents is less than 5 for a certain variable, the answers are not analysed separately to prevent identification of participants.

In principle, we collect personal data directly from you. In cases where personal information is obtained from a third party, the company will seek to inform you of this.

5. Why Do We Collect and Process Personal Information and on What Basis?

Prósent always lets participants know what the purpose of the process is, but it can vary depending on the nature of the survey and the needs of customers.

In all cases, the collection and processing of personal information is based on your consent, and you may always revoke such consent. All communication in connection with such revocation or change in the content of the consent shall be directed to Prósent ehf.

The company commits that all processing of personal data is legal, fair, and transparent. Prósent will only collect data for specific, special, and legitimate purposes and that the collection and processing will not go beyond what is necessary for the purpose of the processing. Processing shall in all cases be sufficient, appropriate, and limited to what is necessary for the purpose of the processing.

6. Disclosure to Third Parties

The company never provides personal information to third parties.

7. How Is the Security of Personal Information Ensured?

Prósent operates in accordance with the strict ESOMAR Code of Conduct set by the International Association of Market Research Companies. The company also seeks to take appropriate technical and regulatory measures to protect personal data with special regard to its nature. Examples of such security measures are access controls to systems where information about you is stored. These measures are intended to protect personal information from being accidentally lost or altered and from unauthorized access, copying, use or disclosure.

8. Retention of Personal Information

The company will seek to retain only personal information about you for as long as necessary for the purpose of the processing, unless otherwise permitted or required by law.

In general, Prósent deletes personally identifiable data in sample lists within 90 days of the completion of the survey.

9. Your Rights Regarding the Personal Information That the Company Processes

You have the right to access, and in certain cases, get a copy of the personal data we process about you as well as information about the processing.

In certain circumstances, you may also have the right to request that personal data about you will be deleted or that its processing will be restricted. You also have the right to have your personal information corrected if it is incorrect or unreliable.

In addition, you may be entitled to a copy of the information you have provided to us in computerized form.

When we process your personal information based on our legitimate interests, you may object to that processing.

However, your above rights are reasonable. Thus, laws or regulations may authorize or oblige the company to reject your request to exercise the rights in question. However, your right to object to the processing of your personal information through direct marketing is unconditional.

10. Inquiries and complaints to the Data Protection Authority

If you wish to exercise the rights described in article 9 in this policy, or if you have any questions about this privacy policy or how we manage your personal information, please contact Prósent which will seek to answer questions and guide you about your rights under this privacy policy.
If you are dissatisfied with how Prósent handles personal information, you can send a message to the Data Protection Authority (www.personuvernd.is).

11. Communication with the Company

Trausti Haraldsson, Managing Director of Prósent    I    Email: trausti@prosent.is    I    Mobile: 859 9130

12. Audit

The company may from time to time change this privacy policy in accordance with changes in applicable laws or regulations or due to changes in how the company manages personal information. If Prósent makes any changes to this privacy policy, an updated version will be presented to you in the same manner as this policy was announced.

Any changes to the policy will take effect after the updated version is published.

This privacy policy was launched on 11.09.2018.