1 Who are we?
Agenda Consulting is a research consultancy, helping not-for-profit organisations develop and sustain the highest levels of employee and volunteer engagement.
For the purposes of the General Data Protection Regulation (GDPR) (EU) 2016/679, the data controller is Agenda Consulting Ltd, registered in England, registration number 4509427. Registered office: 2nd Floor, 11-12 Cornmarket Street, Oxford, OX1 3EX, UK
Our contact points are as follows:
+44 (0)1865 263720
Registration Number with Information Commissioner’s Office (ICO): ZA232518
Data Protection Administrator: Catherine Wearden (contact details as above)
2 How do we obtain information about you?
We obtain information about you:
- When you complete a survey that we are running for your organisation
- If your organisation sends us demographic data about you.
3 What personal information do we collect?
We collect two types of information: demographic information and your views/ideas/opinions.
Demographic information. This may include email address, name, the part of the organisation that you work in and some personal characteristics (e.g., gender, age, religion, sexual orientation) that your organisation wishes to collect. This information may be provided to us by your organisation before the survey launches and/or collected directly from you as you complete the survey.
This is to enable us to analyse the survey results by a range of different demographic groups. This is valuable in helping our clients to understand whether issues identified in their survey are broadly universal or whether they are more marked amongst particular groups.
Your views/ideas/opinions. The survey that you complete will ask for your views, ideas and opinions on a wide range of topics chosen by your organisation. This is gathered so that your organisation can understand people’s views.
Your personal information will be held confidentially by us and on our behalf by companies that help us with our work (please see below).
3.1 Processors
Our expertise is in conducting surveys and analysing the results. Like many companies, we use third parties to carry out IT work for us. In data protection law these other companies are called processors and they have a duty (in law and in their contract with us) to protect your personal data.
Our Reflections software was developed by and is supported by Alberon Limited, a UK company. In the course of providing us with maintenance and support services Alberon do have access to all personal data stored in Reflections, though in practice access is minimal and limited by our Information Security Policy to support issues only. The Reflections platform is hosted by Memset, a UK based professional hosting company operating to the highest security standards including compliance with ISO27001. You can read their GDPR compliance statement here. Memset host (store) the data for us and are under obligations to us under their contract, and to you and us under data protection legislation, to secure your data against loss or misuse. Back-ups of the platform are held in Ireland by Jungle Disk, who hold only encrypted data (encrypted to AES-256 standard). Jungle Disk have no access to the personal data in the back-up as they do not have the key to decipher the encryption.
3.2 New survey provider
If your organisation decides to change from Agenda to a different survey provider, we may need to transfer your survey results to the new survey provider. This is so that they can compare survey results over time. This would include the transfer of personal information that could identify you. We will not do so unless we have a guarantee from that new survey provider that they adhere to the same high standards of privacy and confidentiality as we do.
3.3 Legal obligation
It is also possible that we may be required to disclose information when required to do so by law.
4 What is the lawful basis for collecting the information and how do we use it?
We have agreed a contract with your organisation to gather information about your views and those of your colleagues in order for the organisation to understand those views. We collect the information in the legitimate interests of us and your organisation in the delivery of this contract. Where we collect special category personal data (see section 9 for details of what this includes) we do so on the basis of having obtained your consent for its collection.
The information will be used for three purposes:
- To set up access so that you can carry out the survey
- To provide aggregated reports for your organisation
- Benchmarking information.
Aggregated reports will include organisation-wide results and results for individual teams or departments.
Benchmarking information. We also aggregate information from surveys for benchmarking purposes.
Your organisation is better able to see how its actions affect employee and/or volunteer engagement, if we are able to show how results have changed over time. For this reason, we keep survey data until asked to delete it by your organisation.
None of the personal data we collect from you is used in automated decision-making or profiling.
5 Your rights
We are based in the UK and comply with the UK’s laws on privacy.
You have the right to ask us about, or receive a copy of, the personal information we hold on you. You can also ask us to change anything that is incorrect, to delete your personal information, or to stop using it in a particular way. For any such queries please use the email given at the start of this policy. We may need to ask you for some further information to verify your identity before we can carry out your request, and we must reply to you within 30 days of verifying your identity.
If you wish us to delete the information, we will remove all demographic information from our database that enables you to be identified. We will instruct any relevant sub-contractors listed at paragraph 3 above to do so as well.
If you are unhappy with how we deal with your personal information, we would like to hear from you to have a chance to put it right. Please contact us on the details given at the start of this policy. You also have the right to complain to the government body that supervises our data protection practices. As we are in the UK, this is the Information Commissioner’s Office (ico.gov.uk). You can contact them by telephone on +44 (0) 303 123 1113.
6 Security of data
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
We have put in place procedures to deal with any suspected data security breach and will notify you, and any applicable regulator, of a suspected breach where we are legally required to do.
7 Cookies
Cookies are small pieces of text sent to your web browser by a website you visit. A cookie file is stored in your web browser and allows the site or a third-party to recognize you and make your next visit easier and the site more useful to you.
Visit www.aboutcookies.org/ to find out more.
In Reflections surveys, a cookie is placed on your system when you begin the survey to track your progress as you undertake the survey. This enables you to leave and return to your survey response if needed, for example if you cannot complete it in one sitting. These cookies are only used for this purpose.
8 Updating the Privacy Policy
We strive for continuous improvement in our services, processes and protecting data subject rights, and we may need to update this privacy policy, if we change how we process your personal data. We advise you to check this policy on a regular basis – in the event of a substantial change, we will provide you with a new privacy policy.
9 Special Category Personal Data
This includes any data we collect from you on (or which might reveal) your:
- Racial or ethnic origin;
- Political opinions;
- Religious or philosophical beliefs;
- Trade union membership;
- Genetic or biometric data;
- Health;
- Sex life;
- Sexual orientation.
To withdraw your consent for our holding special category personal data about you contact us as shown at the top of this policy.
