Privacy & Information Policy

This policy statement guides the behaviour of our staff, contractors and partners.

It informs our clients about how we treat information and what obligations they and we have.

1)      Compliance

At mext we comply with the Australian Privacy Act, revised March 2014.

Further, we comply with the privacy guidelines of the AMSRS, of which we are a member.

If, at any stage, you are not sure, contact Stefan.grafe@mextconsulting.com or check the relevant regulations.

Electronic:

Client data may only be stored on our 2 step secured servers. The keeping of local copies on desktops and removable storage is not permitted. 

Hard copy:

Information retained as hard copy either being passed to us by a client or printed may only be kept in our offices. The only exception is the taking of hard copies to meetings when necessary.

2)      Respondent data

At mext we go beyond legal requirements in the handling of market research respondent information.

We follow the following principles and processes:

1)      Respondents must be told on request what data is stored, where it is stored and how it is used.

2)      On request, their data has to be deleted within 3 working days.

3)      Any respondent data may only be stored in our two step secured server. Any new device or user wanting to access the data can only do so by obtaining a 6 digit one off code from managing director, Stefan Grafe.

4)      Respondent data may only be transferred from the client to us :

-          physically on their removable device (after depositing on our server, the data has to be deleted before passing the removable device back to the client)

-          by email or file transfer with adequate file encryption. 

3)      Retention:

Respondent data must be deleted from our servers immediately when not needed anymore or latest after 12 months unless the privacy act or AMSRS guidelines state otherwise based on specific circumstances.

4)      Survey & qualitative respondent data provisions

Under no circumstances are we to enable the client to link respondent responses and their identifiable information. We are only permitted to report in aggregate and with quotes that can’t be traced to an individual’s contact or other information. That means in surveys, no link may be established to identifiable information. Even on client request, data that may be identifiable may not be provided. In qualitative work it is to be ensured that only first names and suburbs are to be mentioned, not addresses or phone numbers.

5)      Partners and sub contractors

If respondent data has to be passed to a supplier, such as the quant field agency, then this has to be done encrypted.

Our supplier has to agree to:

-          Use the data only for the required purpose.

-          Delete the data immediately after the project is closed – which their invoicing is the automatic trigger for.

6)      Contacting respondents

Respondents that have not given prior express consent to be contacted for market research purposes may not be approached

-          Outside of week days 9 am to 6 pm to ascertain if they would be willing to participate

-          If they are listed in the telemarketing and market research  blacklist (please note that this provision does not apply where potential respondents are already customers of the organisation and/or receive services or benefits from the organisation)