A – How do we implement protection of personal data?
We make sure to respect the following obligations:
We integrate personal data protection upstream of project development in a process referred to as "Privacy by Design".
We undertake to consider protection of your personal data and your privacy at the time of designing services offered to you, which allows you to reduce any risks of default in respect of the principles of the GDPR and the amended Data Protection and Freedom of Information Act.
Consequently, a suitable and proportionate level of technical and organisational measures for processing personal data are taken in relation to the scheduled purpose of processing.
Application of this principle therefore allows for implementation of preventive measures aimed at limiting risks with regard to Personal Data protection.
Guaranteeing, by default, the highest level of protection for personal data through "Privacy by default".
We implement appropriate technical and organisational measures so as to guarantee by default, that an optimal security of data processing is both organised and implemented.
B – What personal data do we process?
We solely collect and use personal data which is necessary to us in the framework of our activities so as to offer personalised and high-quality projects. We may be led to collect various categories of personal data from you, notably:
Personal contact details (surname, given names, date of birth, postal address and email address, telephone number, sex)
Family circumstances (number of children and date of birth of children, identity card or passport or residency permit, social security number)
Qualifications and employment information (level of studies, job, name of employer, pay)
Bank details, information concerning transportation methods, places of consumption, digital tools used, etc. and solely data pertaining to your customs and preferences.
Photos, videos and audio: recordings during qualitative surveys or focus groups or during all types of surveys, geolocation data during face-to-face field research
Publications/databases published by official authorities (Official Journal)
Our third-party clients or suppliers, such as bodies providing commercial information, fighting fraud, in compliance with data protection regulations
Websites/social network pages with information which you have published and databases published by third parties
C – Special cases of data collection, notably indirect data collection
We Fieldwork may collect personal information even if you are not an employee, client or panellist of We Fieldwork.
The below list (which is not exhaustive) constitutes a list of examples of personal data collected by We Fieldwork with non-clients, such as:
People applying for jobs but not having already works for us
Employees of our service providers
D – Why and according to what legal basis for processing do we use your personal data?
To comply with our legal and regulatory obligations, we use personal data to fulfil various legal and regulatory obligations, amongst which are:
Compliance with legislation applicable in terms of international sanctions
Responses to official requests from duly authorised public or legal authorities
We use your personal data for daily management, namely research projects, HR processing for employees, and account administration, etc.: (Non-exhaustive list)
Establishing statistics: segmentation of prospective clients and clients, processing data collected, processing Employer data, etc.
Recording telephone calls for employee training purposes
Personalisation of research work conducted
Analysis of your habits and preferences across various channels (visits to our agencies, email, Website visits, etc.)
Management of client and prospective client records.
And also to respect your choices when we request your consent for specific processing.
Under some circumstances, consent is required to process your data, for instance, if we undertake processing, for purposes other than those described above, we hereby inform you and where necessary will ask for your consent.
E – For how long do we store your personal data?
The term of storage of your personal data depends on the processing activity being undertaken.
We undertake not to store your personal data for longer than necessary for provision of the service, and consequently, the amount of time you use our service, increased by the term of storage imposed by rules applicable by legal statutes of limitations.
A table summarising all terms of storage is currently being published.
This will be published and accessible under this paragraph once complete.
With regard to databases provided by our clients, the majority of information is stored for the duration of contractual relations and for a further period of 2 years after the end of contractual relations.
F – To what category of entities are your personal data disclosed?
In order to fulfil the aforementioned purposes, we may disclose your personal data solely and exclusively to:
People working for We Fieldwork
Service providers and sub-contractors performing services on our behalf
Banking service providers
Financial and legal authorities or State departments, public authorities on request and up to the limit of that which is permitted by regulations
Certain regulated professions such as lawyers, notary publics and auditors
G – Data transfer outside of the European Economic Area
In the event of any international transfers originating from the European Economic Area (EEA):
If the European Commission has issued an adequacy decision, recognising that the country concerned has a level of data protection equivalent to that for which provision is made by legislation within the EEA, your personal data will be transferred on this basis.
If the level of protection has not been deemed as equivalent by the European Commission, we will rely either on a derogation applicable to the specific situation or implementation of any appropriate guarantee to ensure the protection of your personal data (standard contractual clauses approved by the European Commission, binding corporate rules).
To date, no transfer of your personal data is planned outside of the EEA.
H – Security
We Fieldwork undertakes to adopt and respect all measures necessary to protect the security and confidentiality of your personal data and, notably, to prevent these from being damaged, deleted or accessed by unauthorised third parties. Only duly authorised individuals may be granted access to data.
We are continuously improving our security procedures as technology develops so as to always maintain a maximum level of protection. Our staff along with the staff of our sub-contractors having access to personal data are contractually bound by an obligation of non-disclosure.
Organisational measures include limiting access to personal data solely to those persons with a legitimate need to be informed.
Moreover, in the event of any security incident affecting your personal data (damage, loss, alteration or disclosure), we guarantee the obligation of notifying personal data breaches, notably with the French Data Protection Authority (CNIL).
I – What are your rights and how can you exercise these?
Pursuant to applicable regulations, you have various rights, and namely:
Right of access: you can receive information concerning processing of your personal data as well as a copy of these personal data by making a request with firstname.lastname@example.org
Right of rectification: if you believe that your personal data are inaccurate or incomplete, you can request that these be amended accordingly, by making a request by email to email@example.com
Right of deletion: you can request deletion of your personal data up to the limit of that which is permitted by regulations, by making a request with firstname.lastname@example.org
Right to limited processing: you can request limited processing of your personal data, by making a request with email@example.com
Right of opposition: you can object to processing of your personal data, on grounds related to your personal circumstances. You have the right to object to processing of your personal data for commercial canvassing, including profiling linked to such canvassing by making a request with firstname.lastname@example.org
Right to withdraw consent: if you have given your consent to processing of your personal data, you may withdraw your consent at any time, by making a request to email@example.com
Right of referral to the National Data Protection Authority (hereinafter the "CNIL") for any claim if you believe that We Fieldwork has failed to respect its legal obligations in personal data protection or if you should fail to enforce respect of your rights concerning data.
J – In what manner can you find out about modifications to this personal data information document?
In a world with constantly changing technology, we regularly update this information document. We would invite you to read the latest version of this document on our websites and inform you of any substantial modification via our websites or usual communication channels.
K – How to contact us?
If you have any questions concerning use of your personal data as outlined in this document, you can contact our Data Protection Officer by writing to We Fieldwork, 256 rue Francis de Pressensé, 69100 Villeurbanne or by sending an email to: firstname.lastname@example.org
L – Hypertext links and cookies
The website at www.wefieldwork.com includes a certain number of hypertext links to other sites (partners, information, etc.) implemented with the authorisation of the website proprietor. However, the proprietor of the website is unable to check the content of sites visited and relinquishes all liability as to any risks of illegal content.
Users are hereby informed that during visits to www.wefieldwork.com, one or more cookies may be automatically installed on computers. A cookie is a small file which does not enable identification of a user, but which records information pertaining to a computer's browsing on the website. Data obtained in cookies are intended to streamline subsequent browsing on the website, and also to enable various website traffic measures. These data are stored for 13 months.
The settings of the web browser allow users to be notified of the presence of cookies and, as applicable, to refuse them and are available at the following address: www.cnil.fr
Refusal to install a cookie may means that some services cannot be accessed. Users may, however, configure their computer as follows to refuse installation of cookies:
In Internet Explorer: under tools / internet options. Click on Confidentiality and then select
Block all cookies. Click on OK.
In Netscape: Edition tab/preferences. Click on Advanced preferences and select Deactivate cookies. Click on OK.
Data controller: person(s) responsible for determining the purposes of data processing and resources assigned accordingly.
Data protection authorities: authorities responsible for issues related to privacy and data protection within the territory where We Fieldwork operates as well as any We Fieldwork entities.
European Economic Area (EEA): the European Economic Area includes all European Union Member States as well as Iceland, Liechtenstein and Norway.
Personal Data: information pertaining to an identified or identifiable person, for instance data concerning employees of We Fieldwork, its external service providers, its candidates, employees of its service providers or suppliers, its clients, patients using We Fieldwork products and users of our website or service centres. These data include name, postal address, email address, applications, user account details of the data subject as well as all related correspondence. Personal data may also include information pertaining to web browsing (for instance data associated to a particular cookie) as well as IP addresses, where these may be associated to a specific individual.
Processing: any activity pertaining to personal data and notably data collection, storage, access, association with other data, transfer to third parties or deletion.