1. Introduction

At Insight Scouts Research & Consultancy Limited (hereinafter “we”, “us” or “our”) we are committed to protect our clients’ privacy and handling their personal data in an open and transparent manner.

The purpose of this privacy policy ("Policy") is to provide a clear explanation of when, why and how we collect and use personal data. We have designed it to be as user friendly as possible, and have separate it in sections to make it easy for you to find the information that is most relevant to you.

The new European Union (EU) Data Protection Law, the General Data Protection Regulation (“GDPR”), comes into effect on 25th of May 2018. The GDPR (EU) 2016/679 gives individuals in the EU more control over how their data is used and places certain obligations on businesses that process the information of those individuals. We have updated our Privacy Policy to reflect the new requirements of the GDPR.

2. Who we are

Insight Scouts Research & Consultancy Limited is a boutique market research agency covering markets across Central Eastern/Europe, the Middle East and North Africa from its headquarters in Nicosia, Cyprus. The Company offers a full range of quantitative and qualitative research services, backed by strict quality control procedures. The office of the Company is located at Neas Engomis, Flat 108, Engomi, 2409, Nicosia, Cyprus. The Company is incorporated and registered under the laws of the Republic of Cyprus under the certificate registration number ΗΕ 255957.

3. Who this privacy policy is directed to

This privacy policy is directed to natural persons (hereinafter our “clients”) who are either past, current or potential clients, or are authorized representatives/agents of past, current or potential clients.

4. Identity and contact details of the Data Controller and Data Protection Officer

(a) Data Controller

Insight Scouts Research & Consultancy Limited, a Cyprus private limited liability company, having registration number ΗΕ 255957, is the "Data Controller” pursuant to the GDPR, and related Cyprus Law, and determines how your personal data is kept and processed.

The main establishment and the central administration of the Data Controller is situated at Neas Engomis, Flat 108, Engomi, 2409, Nicosia, Cyprus.

(b) Data Protection Officer (DPO)

We have designated a Data Protection Officer (DPO), who is responsible to monitor compliance with this privacy policy as well as the applicable Laws and liaise with the Cyprus Supervisory Authority, namely the Office of the Commissioner for Personal Data Protection.

The DPO may be contacted directly with regards to all matters concerning this policy and the processing of your personal data including the enforcement of all applicable and available rights.

Official requests may be made by post at Neas Engomis, Flat 108, Engomi, 2409, Nicosia, Cyprus, or electronically at dpo@insightscouts.eu This e-mail address is being protected from spambots. You need JavaScript enabled to view it .

5. How do we collect personal data

The Company depends on the collection and analysis of information about living individuals (“Data Subjects”) to carry out its market research and associated business. Therefore, we will collect your data when you conduct research with us. When we contact you, we generally do so for one of the following purposes:

  • To invite you to participate in research.
  • To confirm the details of research you have agreed to take part in.
  • To conduct research with you.
  • To validate answers/views you gave in a recent research we conducted (if you have consented to us doing so).
  • To update and to ensure that our records of your personal information are correct (applicable to those consenting to being part of an ongoing community or panel).

Maintaining respondents’ and the public’s confidence requires that respondents do not suffer direct adverse consequences, risk or harm as a result of providing the Company with their their Personal Data. The data and or information may be obtained from any kind of individual or organisation.

6. Categories of personal data that we collect

The personal data we collect can contain your personal opinions as well as personal data such as name, address, postcode, gender, occupation, age, date of birth, email address, telephone number etc.  Where relevant to the research being undertaken, we may collect business contact information, such as, company name, job title, and department.

In addition, for online surveys we will record your IP address, which type of browser you are using, your screen size and other basic metrics.

We do not do any invisible processing of data from your computer. We will only collect and use personal information in accordance with this policy to the extent deemed reasonably necessary to serve our legitimate business purposes, and we will maintain appropriate safeguards to ensure the security, integrity, accuracy and privacy of the information you have provided.

The Company makes all reasonable efforts to keep personal data in its possession or control, which is used on an ongoing basis, accurate, complete, current and relevant, based on the most recent information available to us. We rely on you to help us keep your personal data accurate, complete and current by answering our questions honestly.

Should there be a need to further process the personal data for a purpose other than that for which they were initially collected, you will be informed in advance about the additional purpose and the relevant details in respect to the further processing.

With your explicit consent we may collect special categories of personal data. Pursuant to the definition given by the GDPR, these data may include racial or ethnic origin, political opinions, religious or philosophical beliefs, health data, trade union membership, the processing of genetic data, biometric data, data concerning health, sex life or sexual orientation and criminal records.

7. Lawful reasons for processing personal data

In order to proceed with a business relationship our clients must provide their personal data to us which are necessary to operate our business and provide our products and services.

In case that our clients fail to provide us with their personal data will prevent us from commencing or continuing the business relationship with them.

In accordance with GDPR we may rely on the following lawful reasons when we collect and use personal data to operate our business and provide our products and services:

  • Compliance with legal obligations– We may process personal data in order to meet legal regulatory obligations.
  • Contract – We may process personal data in order to perform our contractual obligations as shown in our contract with tour clients.
  • Consent - We may rely on your freely given consent at the time you provided your personal data to us for a purpose of the process that does not relate to the services we offer to you.  You have the right to withdraw consent at any time. However, any processing of personal data will not be affected prior to the receipt of the withdrawal.
  • Legitimate interests – We may rely on legitimate interests based on our evaluation that the processing is fair, reasonable and balanced. A legitimate interest is when we have a business or commercial reason to use our clients’ information. Instances of such processing activities can include, initiating legal claims, preparing our defense in litigation procedures, initiating complaints to our regulator etc.

8. Why do we need Personal Data

We aspire to be transparent when we collect and use personal data and tell you why we need it, which typically includes:

  • Providing the requested services in accordance with our contracts entered into between you and us.
  • provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.
  • Customer management: to manage your account, to provide you with customer support and with notices about your account, including notices about changes to services we offer or provide through it;
  • Administering, maintaining and ensuring the security of our information systems, applications and websites;
  • complying with legal and regulatory obligations.

9. Do we share personal data with third parties?

In the course of our business relationship our clients’ personal data may be provided to various departments within our Company. We will not sell your personal information to third parties. From time to time we may employ other companies and individuals to perform functions on our behalf. They will have access to the personal data needed to perform their functions, but will not use it for other purposes. In addition, the following third parties may also be the recipients of the personal data under the certain circumstances:

  • Supervisory and other regulatory and public authorities, whereby a statutory obligation exists that we are subject to.
  • Financial institutions in the context to provide our services to the clients.
  • Any other service providers or professionals which our clients specifically instruct us to engage with.

Third parties to whom we may disclose Personal Data may have their own privacy policies which describe how they use and protect Personal Data. If you want to learn more about their privacy practices, we encourage you to visit the websites of those third parties.

10. Do we transfer your personal data outside the European Economic Area?

We store personal data on servers located in the European Economic Area (EEA). We may transfer personal data to reputable third party organisations situated inside or outside the EEA when we have a business reason to engage these organisations. Each organisation is required to safeguard personal data in accordance with our contractual obligations and data protection legislation.

You have the right to ask us for more information about the safeguards  that we have put in place. Contact us as set out in Section 15 if you would like further information or to request a copy where the safeguards are documented (which may be redacted to ensure confidentiality).

11. Personal data security

We have put in place appropriate technical and organisational measures including physical, electronic and procedural measures to protect personal data from loss, misuse, alteration or destruction. We restrict access to information at our offices so that only officers and/or employees who need to know the information have access to it. Those individuals who have access to the data are required to maintain the confidentiality of such information.  In addition, we have trained our employees on how to handle, manage and process personal data, applied upgraded technical measures and transformed our policies and procedures in a way that will comply with the GDPR.

Please be aware that the transmission of data via the Internet is not completely secure. Users should also take care with how they handle and disclose their personal data and should avoid sending personal data through insecure email.

12. Retention of personal data

We will keep our clients’ personal data for as long as we have a business relationship.
Once our business relationship has ended, we will hold your personal data on our systems for the longest of the following periods:

  • any retention period that is required by law or regulations;
  • the end of the period in which litigation or investigations might arise in respect of the services or
  • as directed by our own internal retention policies or practices, the length of which may vary depending on the nature of the information that is held.

13. Do we change this privacy policy?

We may modify or revise our privacy policy from time to time to reflect our current privacy practices. When we make changes to the privacy policy, we will revise the "updated" date at the top of this page. We encourage you to periodically review this Privacy policy that can be found at our website www.insightscouts.eu to be informed about how Insight Scouts Research & Consultancy Limited is protecting your Personal Data.

14. What are your data protection rights?

Subject to the provisions of the GDPR, you have certain rights regarding the Personal Data we collect, process or disclose and that is related to you, including the right:

  • To receive access to your personal data (right to access).
  • To rectify inaccurate personal data concerning you (right to data rectification);
  • to request deletion/ erasure of your personal data (right to erasure/deletion, “right to be forgotten”);
  • to receive the Personal Data provided by you in a structured, commonly used and machine-readable format and to transmit those Personal Data to another data controller (right to data portability);
  • to object to the use of your personal data where such use is based on our legitimate interests or on public interests (right to object);
  • in some cases to request the restriction of processing of your personal data (right to restriction of processing);
  • To withdraw the consent given to us with regard to the processing of your personal data at any time. Note that any withdrawal of consent will not affect the lawfulness of processing based on consent before it was withdrawn.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information or to exercise any of your other rights. This helps us to ensure that personal data is not disclosed to any person who has no right to receive it. No fee is required to make a request unless your request is clearly unfounded or excessive. Depending on the circumstances, we may be unable to comply with your request based on other lawful grounds, We will try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

15. How to raise a complaint

To exercise any of the above rights, or for any questions or complaints about our use of your personal data, please contact our Data Protection Officer, either by post at at Neas Engomis, Flat 108, Engomi, 2409, Nicosia, Cyprus, or electronically at dpo@insightscouts.eu This e-mail address is being protected from spambots. You need JavaScript enabled to view it .

Complaints may also be lodged to the supervisory authority in Cyprus (Office of the Commissioner for Personal Data Protection, by post at 1 Iasonos Str. 1082, Nicosia, Republic of Cyprus. More information can be found at http://www.dataprotection.gov.cy.