A guide to our GDPR compliance measures

Purpose: This guide is prepared to assist the clients, partners and vendors of Erevna Healthcare (“Hereinafter referred to as “We or us”) to understand the compliance measures adopted by us in terms of the General Data Privacy Regulation (“GDPR”).

Privacy Policy

  • We have prepared a Privacy Policy that demonstrates all the fundamental requirements we meet to be complaint to GDPR.
  • The Privacy policy is published clearly on our website and is thoroughly accepted as examined by our own staff.

Creation of a consent management program

  • A consent management program is in place and is also the part of the website wherein the users provide their clear consent.
  • An appropriate right to withdraw the consent is also provided to the users in the privacy policy, with reference to both the opt-out option and to writing an email to us for the same.
  • The rights of the users who wish to withdraw the consent are also clearly mentioned in the Privacy Policy.

  • We maintain adequate documentation for all the processing activities in electronic form which includes
    – purpose of collecting data;
    – categorization of data in the manner of – transferred PII (“Personal identifiable information”), non-transferred PII, and sensitive and non-sensitive data;
    – Date and time of consent from the users;
    – Date and time of erasure / modification / objection of PII information;
    – Maintaining and recording any EU certification;
    – Recording all technical details of collecting data; and
    – Recording and reviewing the outcome of data protection impact assessment, whenever required.

  • A Data Subject Access Rights procedure is in place that allows users to request a copy of all Personal Data held regarding themselves.
  • Such requests are handled within 30 days
  • A record of these requests is logged and stored appropriately.
  • The purpose, period, category, the information about recipients with who the data will be further shared can be disclosed to the users, and an email address for seeking such information is provided in our Privacy Policy.

  • Our data erasure procedure allows users to request that their Personal Data be rectified, erased or deleted.
  • Appropriate email addresses are provided to the users in our Privacy Policy to raise such issues.

  • To reduce the risk to the users, we apply pseudonymization wherever possible through encryption.
  • All the personal information transmitted is stored in our servers which is fully encrypted and secured.

  • A Breach Management procedure is well prepared, and the Privacy Policy clearly contains the email address to address such issues.
  • We document such breaches and notify the supervisory authority within 72 hours.

  • We are well prepared to perform an assessment of the impact of processing operations on the protection of personal data whenever the nature, scope, context and purpose of our processing will attract the same.

  • We shall be duly designating a DPO whenever our central purpose will require regular and systematic monitoring of data of the users.
  • Our DPO should report directly to the CEO and/or board.

  • We have included standard data – protection clauses in our agreements with our customers and vendors.
  • We have ensured that our agreements do not have a conflict with the fundamental rights or freedoms of the users.

A guide to EREVNA HEALTHCARE’s ESOMAR compliance measures

Purpose: This guide is prepared to assist the clients, partners and vendors of Erevna Healthcare (“Hereinafter referred to as “We or us”) to understand the compliance measures adopted by us in terms of the ESOMAR.

Privacy Policy

  • We have prepared a Privacy Policy that demonstrates all the fundamental requirements we meet to be compliant to ESOMAR.

Fundamental Principles

  • Erevna Healthcare research team ensures that data subjects are not harmed as a direct result of their personal data being used for research.
  • In a scenario, if Erevna Healthcare research team engage in non-research activities, e.g. promotional or commercial activities directed at individual data subjects, they clearly distinguish and separate those activities from the research.
  • Erevna’s research team always behave ethically and not do anything that might harm a data subject or damage the reputation of market research in anyway.

  • Erevna’s research team restrict the collection and/or processing of the personal data to those items that are relevant to the research.

  • The research team of Erevna usually take the consent from the parent or responsible adult during the collection of the personal data from children or anyone for whom a legal guardian has been appointed.
    – Note: Erevna Healthcare doesn’t conduct interviews with Children now.

  • During collection of the personal data from data subjects for the purpose of research, moderators or the research team of Erevna Healthcare stays transparent about the information we plan to collect, the purpose for which it will be collected, with whom it might be shared and in what form.
  • The research team of Erevna clearly state the general purpose of the research as soon as methodologically possible.
  • Erevna’s research team respect the right of data subjects to refuse requests to participate in research.

  • If Erevna’s research team plan to collect personal data for research that may also be used for a non-research purpose, this is made clear to data subjects prior to data collection and their consent for the non-research use obtained.
  • Erevna Healthcare ensure that personal data cannot be traced, nor an individual’s identity inferred via deductive disclosure.
  • The personal data of the respondents held no longer than is necessary for the purpose for which it was collected or used.
  • We do not share a respondent’s personal data with a client unless the data subject has given consent to do so and has agreed to the specific purpose for which it will be used.
  • If the personal data need to be transferred to any other service providers, Erevna’s research team ensure that the recipients employ at least an equivalent level of security measures.
  • We have a privacy notice that is readily accessible by data subjects and is easily understood.
  • In the event of a data breach containing personal data, the team have a duty of care for the data subjects involved and we follow all applicable data breach notification laws.

  • Erevna Healthcare research team design research to the specification and quality agreed with the client and in accordance with the guidelines.
  • We provide clients with enough technical information about the research to enable them to assess the validity of the results and any conclusions drawn.
  • We ensure that the research findings and any interpretation of those data are clearly and adequately supported by data.
  • We allow our clients to arrange for independent checks on the quality of data collection and data preparation on special request.

  • When publishing research findings, we ensure that the public has access to enough basic information to assess the quality of the data used and the validity of the conclusions.
  • Erevna Healthcare make available upon request the additional technical information necessary to assess the validity of any published findings, unless contractually prohibited.
  • When the client plans to publish the findings of a research project, we ensure that they are consulted as to the form and content of publication. Both, we and the client have a responsibility to ensure that published results are not misleading.

  • Erevna Healthcare research team stay honest, truthful and objective and we ensure that our research is carried out in accordance with appropriate scientific research principles, methods and techniques.
  • We always behave ethically, and we do not do anything that unjustifiably damage the reputation of research or lead to a loss of public confidence in it.
  • We do not hide, and we go straightforward and stay honest in all our professional and business dealings.

  • Erevna Healthcare research team conform to all applicable international and national laws, and local codes of conduct and professional standards or rules.