Board Benchmarking is a division of Insync Surveys (ABN 58 108 768 958) (Board Benchmarking)
Last updated: October 2019
At Board Benchmarking we take your individual right to privacy seriously. Our basic principles are as follows:
- we comply with the Australian Privacy Principles established by the Commonwealth Privacy Act 1988 (the Privacy Act) and subsequent amendments,
- we will always tell you upfront why your data is being collected, how it will be shared and if your individual responses, including your identity, will be shared with or seen by any other entity,
- we are committed to handling the information you provide responsibly; any personal information collected by us is treated as private and confidential unless we have informed you otherwise prior to collection or there is a need to release the information under an Australian law or court/tribunal order, and
- we will take every reasonable and practical precaution to safeguard the security, integrity and privacy of this information; including periodically reviewing and updating our security measures in light of current technologies.
The aims of this policy are to:
- set out how the APPs in the Privacy Act are to be applied and complied with at Board Benchmarking in the conduct of its business
- facilitate the protection of identifiable research information provided by, or held in relation to, the participants or subjects of our surveys and research
- enable quality research to be carried out, so as to provide accurate information to government, commercial and not for profit organisations to support their decision making processes.
Please note these definitions are drawn from the Association of Market and Social Research Organisations (AMSRO) Privacy Code 2014 and in some cases have been adapted.
Client means an organisation or agency that requests, commissions or subscribes to a given market and social research project i.e. the ultimate beneficiary of the research findings
Collection of identifiable research information means gathering, acquiring or obtaining identifiable research information from any source, by any means, for inclusion in a record
Contact details means a record of identifying information such as names, companies, position titles, email addresses and phone numbers, collected and retained in order to contact individuals in a research sample
Identifiable research information means personal information about research participants, respondents or subjects to which this policy applies. It includes contact details, research status and research data. It does not include any unsolicited information.
Market and social research means consensual investigation of the behaviour, needs, attitudes, opinions, motivations or other characteristics of a whole population or a particular part of a population, in order to provide accurate and timely information to clients about issues relevant to their activities, to support their decision making processes
Research data means a record of the responses provided by individuals participating in market and social research at the time of collection in order to obtain a representation of a population’s or sub-population’s behaviour, needs, attitudes, opinions and motivations at a given point in time
Research purpose means the handling of information in order to carry out any function considered essential to the conduct or communication of the results of a market and social research project
Research status means information in relation to whether or not an individual has been contacted or has participated in a market and social research exercise, but does not include research data. Research status information is likely to take the form of a list containing individual contact details, forwarded from a client to Board Benchmarking for research purposes, which also contains information in relation to the individuals and may include information about actual contact with those individuals or their participation.
Respondent means an individual about whom identifiable research information is collected in the course of market and social research. Research subjects may be referred to as participants or research subjects and may include another individual about whom a subject is providing information.
What information does Board Benchmarking collect and hold?
Identifiable research information is usually collected during a research project so that analysis can be done on the aggregate responses to analyse trends. The identifiable research information we collect and hold may include:
- director, employee and/or customer names;
- contact details (including telephone and email);
- age of respondents;
- gender of respondent;
- tenure of respondents
- department, role and/or level of respondents
and such other information which is relevant and necessary to deliver services to clients or to comply with the law.
All identifiable research information about individuals and organisations that use Board Benchmarking is and will remain anonymous and secure, as per the conditions provided to respondents at the time the research is conducted. No completed research forms, paper, online or otherwise, are released to clients unless permission to do so is sought from the respondent prior to conducting the research, which often occurs in the case of customer research and employee entry and exit surveys.
Our surveys are specifically designed to give maximum insight without impinging upon respondent anonymity. If clients desire a copy of the raw survey results after the research has been completed, Board Benchmarking may provide a spreadsheet of responses, without the respondents’ email addresses or other information that could identify the respondents. Board Benchmarking will not provide raw responses with more than one demographic, since this would give the client the opportunity to “triangulate” an individual’s responses using their unique combination of demographics.
The only exception to this rule is where a client insists upon owning all the raw data arising from the survey. In these cases we will make that fact clear to respondents prior to them participating in the research.
Respondents should note that the free-text responses to questions at the end of most of our surveys are provided verbatim (i.e., unedited) to the relevant organisation. Should a survey respondent identify himself or herself by name, writing style or otherwise, his or her comments will not remain anonymous. This fact is normally explained on each of our surveys for the avoidance of doubt.
How does Board Benchmarking collect identifiable research information?
Information collected for market and social research purposes
We use a number of methods to collect information in the ordinary course of our business, including online surveys, paper surveys, telephone interviews and face to face interactions such as focus groups.
In each situation, the respondent is advised up front as to the research purpose and what will be done with the information collected.
No identifiable research information handled in the context of our work is unsolicited. However, if any unsolicited information is received by us, it will be handled in accordance with the APPs. In situations where the client has provided a contact database, such as employee email addresses or client telephone numbers, we will ensure the resulting identifiable research information is collected according to this policy and the APPs.
Information collected online via our website
Like many other websites, Board Benchmarking uses software to automatically track and monitor each visitor’s domain name, browser type, and date and time of access, as well as other information. Board Benchmarking does not associate this tracking data with any specific users who browse our site, nor do we distribute any such data to third parties.
Other than anonymous tracking data, Board Benchmarking only collects identifiable information that is specifically and voluntarily provided by a visitor to our site. A visitor to our site may choose to provide this information to register for certain areas of the site, apply for a training course or event, order a publication or register for our newsletter. We will not disclose identifiable information to third parties without your consent except where we may be required by law.
At any point after registering with us, a visitor may choose to unsubscribe. In this instance, Identifiable information will then be removed from our relevant database to ensure that any future contact, such as distributing a newsletter, ceases to occur.
How does Board Benchmarking store identifiable research information?
Our collection methods
At its core, Board Benchmarking has a secure, robust online data collection capability which serves the needs of all types of surveys conducted, from in depth interviews with key opinion leaders through to a staff survey for a multi-national employer in ten languages. Survey data is collected via our web servers, which are hosted in an ISO 27001 & ASIO T4 Certified Tier 3, 24 hour monitored data centre located in Australia. They are managed and patched by staff according to best practice. Offsite backups are also transported and stored securely. Board Benchmarking utilises 128-bit SSL encryption verified by Verisign for secure HTTP communications.
From time to time, we also collect identifiable research information via paper surveys and face to face focus groups. Paper surveys will generally be scanned and uploaded into our online system, stored locally for a determined period of time and then destroyed (unless another process is agreed with the client and communicated to respondents prior to collection). Focus group responses are generally collated without reference to respondent contact details (unless permission from respondent is granted prior to collection).
With respect to our client portals, no confidential data is stored on client machines at any time throughout the process; no software is required to be downloaded and no permanent cookies are stored. A non-traceable cookie is only stored by the client browser for the length of the log-in session to verify the client’s identity.
Where information is held
Information collected is housed on Board Benchmarking’ servers located in data centres. The data centre that holds the information that is collected is provided by Avnet Cloud Services, a division of Avnet Technology Solutions Australia (previously known as ICO). The data centre is located in North Ryde, NSW. The secondary data centre, where backups are mirrored and replacement hardware is available, is in Homebush Bay, NSW. Our Hermes system also has a data centre run by IPrimus and is located in Melbourne, VIC.
Board Benchmarking also uses Virtual Dedicated Servers. They are not shared with any other customers. This gives us the security and performance of a dedicated server as well as the failover capacity of virtual server technology. Security patches are applied to the server on a weekly basis.
Information may also be shared with suppliers and clients from time to time using cloud based services which are professionally managed according to documented processes.
De-identification of identifiable research information
As we find it important to retain identifiable research information for future research purposes, identifying (contact) details will, if practicable, be stored separately from other information (research status and research data), with measures in place (e.g. by the use of an encrypted intervening variable) to ensure the identity of the individuals cannot be readily revealed from the other information. Similarly, where we use respondent usernames and passwords for our surveys, details of which username corresponds with which email address is held separately from password data and also separately from responses.
Respondents are able to request de-identification and/or deletion of their records at any time via a written request to the Privacy Officer.
What does Board Benchmarking do with the research data collected?
We generally use research data at an aggregate level; we use the combined answers of many people and present aggregated information about various demographic groups within an organisation or population. Aggregated research data is then used to provide organisational insight. Sometimes this is in isolation, i.e. simply based on the research data from one survey, while other times we provide this insight alongside historic trends, industry benchmarks and/or other comparative data. We will not provide demographic reports to a client unless there are a minimum number of respondents in each respective category; this is documented with all our clients prior to conducting any research.
We also sometimes use our research database to undertake research and publishing, provided always that such output shall not in any way identify the results of individual respondents or of individual organisations unless permission is sought and granted in writing beforehand.
Any identifiable research information collected through our market and social research or via our website will not be released unless the law requires it or individual permission is given. We do not sell research data to third parties and, unless it is made explicitly clear to the contrary at the time of collection, we will also not release identifiable research information overseas.
It is also important to note that on occasion our clients request that individual feedback from our research is provided in addition to aggregated results. In such cases respondents are asked for permission for their individual feedback to be given to the client prior to the commencement of the research and only when permission is given, is individual feedback provided to the client.
How can I access my personal information?
We will, at your request, provide you with access to any information that we may have collected about you in accordance with Australian Privacy Principle 12. To gain access to this information, you should contact us (see details below) and provide us with full proof of your identity and details. If you believe that any information is inaccurate, incomplete or obsolete, please contact us and we will revise the relevant information in accordance with Australian Privacy Principle 13.
Who can I speak with if I have a complaint about Privacy?
A complaint is any concern you have about our activities in relation to privacy. Our complaint-handling procedure is designed to be:
- readily available to any individual who has registered with, been solicited by or participated in our research and/or consulting activities
- simple to follow
- able to be used by complainants without any charge or fee.
Complaints should be made in writing to:
The Privacy Officer
Insync Surveys Pty Ltd
PO Box 16107, Collins Street West VIC Australia 8009
Phone: +(61 3) 9909 9209
Complainants should outline the specific nature of the complaint with supporting evidence where possible. Our Privacy Officer will respond promptly, within 14 days, to outline the Company’s response to the complaint and our recommended path to resolution.
We use all our reasonable endeavours to promptly deal with and satisfy any complaints. If a resolution cannot be achieved to the satisfaction of the complainant within 30 days, the complaint can then be escalated to The Office of the Australian Information Commissioner (OAIC). The OAIC website contains details regarding the process to follow in this instance.