GDPR Policy for Strategic Edge Research
1. Introduction
Strategic Edge Research is dedicated to maintaining the highest standards of data protection and privacy. As a leading provider of market research services to the tourism, travel, and airline industries globally, we recognize the importance of safeguarding personal data. This policy outlines our commitments and procedures to ensure compliance with the General Data Protection Regulation (GDPR).
2. Scope and Applicability
This GDPR policy applies to all personal data processed by Strategic Edge Research, including data related to clients, research participants, employees, and partners. It covers all operations and activities involving the collection, storage, use, and sharing of personal data.
3. Definitions
Personal Data: Any information relating to an identified or identifiable natural person.
Processing: Any operation performed on personal data, such as collection, storage, use, or disclosure.
Data Subject: An individual whose personal data is processed.
Data Controller: The entity that determines the purposes and means of processing personal data.
Data Processor: The entity that processes personal data on behalf of the data controller.
4. Data Protection Principles
Strategic Edge Research adheres to the following data protection principles as outlined in the GDPR:
Lawfulness, Fairness, and Transparency: Personal data is processed lawfully, fairly, and in a transparent manner.
Purpose Limitation: Data is collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
Data Minimization: Only data that is adequate, relevant, and limited to what is necessary is collected.
Accuracy: Personal data is accurate and kept up to date.
Storage Limitation: Personal data is retained only as long as necessary for the purposes for which it was collected.
Integrity and Confidentiality: Personal data is processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
5. Lawful Basis for Processing
Strategic Edge Research processes personal data under the following lawful bases:
Consent: Obtaining explicit consent from data subjects for specific processing activities.
Contractual Necessity: Processing is necessary for the performance of a contract with clients.
Legal Obligation: Compliance with legal obligations to which Strategic Edge Research is subject.
Legitimate Interests: Processing is necessary for the legitimate interests pursued by Strategic Edge Research or a third party, provided these interests are not overridden by the rights and freedoms of data subjects.
6. Data Collection and Usage
Types of Data Collected: We collect various types of personal data, including contact information, demographic details, and preferences relevant to our research services.
Purpose of Data Collection: Data is collected to provide tailored market research insights, improve service offerings, and fulfill contractual obligations.
Special Category Data: Additional safeguards are implemented when processing special category data, such as health information, ensuring explicit consent is obtained.
7. Rights of Data Subjects
Strategic Edge Research is committed to upholding the rights of data subjects, including:
Right to be Informed: Providing clear and transparent information about data processing activities.
Right of Access: Allowing data subjects to access their personal data and obtain information about how it is processed.
Right to Rectification: Correcting inaccurate or incomplete personal data upon request.
Right to Erasure: Deleting personal data when requested by the data subject, subject to certain conditions.
Right to Restrict Processing: Restricting the processing of personal data under specific circumstances.
Right to Data Portability: Facilitating the transfer of personal data to another data controller at the request of the data subject.
Right to Object: Allowing data subjects to object to the processing of their personal data based on their particular situation.
8. Data Security Measures
Strategic Edge Research implements robust technical and organizational measures to ensure the security of personal data, including:
​
Access Controls: Limiting access to personal data to authorized personnel only.
Encryption: Using encryption technologies to protect data during transmission and storage.
Regular Audits: Conducting regular audits and assessments to identify and mitigate potential security risks.
9. Data Breach Response
In the event of a data breach, Strategic Edge Research will:
Notify Authorities: Promptly notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where feasible.
Inform Data Subjects: Communicate the breach to affected data subjects without undue delay when it is likely to result in a high risk to their rights and freedoms.
Mitigation Measures: Implement measures to contain and mitigate the effects of the breach and prevent future occurrences.
10. Data Retention and Disposal
Retention Policy: Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected or as required by law.
Secure Disposal: Personal data that is no longer needed is securely disposed of using appropriate methods to prevent unauthorized access.
11. ThirdParty Processors
Strategic Edge Research ensures that any thirdparty processors engaged in processing personal data on our behalf comply with GDPR requirements. We conduct due diligence and enter into data processing agreements to ensure data protection standards are maintained.
12. Training and Awareness
All employees and contractors of Strategic Edge Research receive regular training on data protection and privacy to ensure compliance with GDPR and this policy.
13. Policy Review and Updates
This GDPR policy is reviewed annually and updated as necessary to reflect changes in legal requirements, business practices, or data protection standards. Any updates will be communicated to relevant stakeholders.
By adhering to this policy, Strategic Edge Research demonstrates its commitment to data protection and privacy, ensuring that personal data is handled with the utmost care and in compliance with the GDPR.
14. Contact Information
For any questions, concerns, or requests regarding this GDPR policy or your personal data, please contact us at compliance@strategicedgeresearch.com.By adhering to this policy, Strategic Edge Research demonstrates its commitment to data protection and privacy, ensuring that personal data is handled with the utmost care and in compliance with the GDPR.