Privacy Policy for respondents

AplusA Group commitments regarding protection of personal data

through its surveys

Effective as of April 2020

AplusA respects the privacy of respondents to its researches. This privacy policy (“Privacy Policy”) explains how we collect, use, disclose and protect personal data (“Personal Data”) submitted through our surveys.

This Privacy Policy does not apply to the collection and use of personal data of the visitors of our websites. In these cases, please refer to our dedicated privacy policy.

  1. Lawfulness of personal data processing as part of AplusA’s market research studies and surveys, and consent:

In accordance with Article 6 of the GDPR, AplusA only collects personal data if it obtains the freely given, specific and informed prior consent of the person contacted to respond to the market research study or survey, after having explained to that person the purpose of data collection in a clear, accurate and concise way.

AplusA will keep evidence of this consent for the period necessary for processing, generally the duration of the study and associated quality control activities.

AplusA undertakes to inform the person responding to the study of the origin of their data if this data comes from a contractor or customer rather than being directly generated by AplusA. The new European Regulation authorizes AplusA to reuse customer data for research purposes, as market research studies are categorized as scientific research.

  1. Nature of the personal data processed and duration of their storage

AplusA has made a commitment that personal data will not be stored longer than for the purpose for which they were collected or processed, with the application of clear provisions on retention periods.

If you have any questions related to the processing of your personal data, please refer to the section “Your rights” below.

  1. Minimization and anonymization of personal data

AplusA has made a commitment to reduce the impact of personal data collection by limiting and minimizing collection to the elements required for the purposes of the study, and by ensuring that this data is not used in a way that is incompatible with these purposes.

AplusA has also introduced procedures to guarantee that those participating in its studies do not experience any harm or injury as a direct result of their collaboration in the study, using anonymization techniques and by limiting access to personal data to field teams and study personnel working on the study in question.

Finally, AplusA undertakes to preserve the anonymity of the persons responding to its studies vis-à-vis the end customer by providing it only non-nominal aggregated or raw data, except where agreement and consent are given by the persons responding to the studies if pharmacovigilance obligations require AplusA to communicate their identities to the customer, or as part of transparency declarations (e.g. Sunshine Act in the USA).

  1. Sharing of personal data

4.1 External service providers:

In addition to the transfer of personal data to its internal teams, subsidiaries and IT teams, AplusA may use a supplier or subcontractor to perform certain services related to its activity and may therefore transfer personal data to it. AplusA selects its suppliers and ensures that they have the ability to comply with the directives and regulations related to the protection of personal data, and will transfer the personal data only if a commitment and agreement has been previously signed between this external service provider and AplusA.

4.2 International transfers

Personal data submitted through our studies resides on our servers located in our data center (Fiducial)  in France.

​AplusA is a global organization. Your personal data may be transferred to one or more AplusA affiliated companies  in other countries and used for the purposes described previously. To facilitate our global operations, we may transfer and access Personal Information from around the world, including the United States. This Privacy Policy shall apply even if we transfer Personal Information to other countries.

​AplusA’s legal entities outside the European Union have entered into intra-company data protection agreements using standard contractual clauses prepared by the European Commission. These agreements require the contracting parties to respect the confidentiality of your Personal Information and to handle European personal data in accordance with applicable European data protection laws. AplusA’s legal entities outside the European Union are the following:

AplusA – Building 3, Chiswick Park, 566 Chiswick High Road, London W4 5YA, UK

AplusA Bell Falla, 570 Broad Street, Suite 502, Newark, NJ 07102, United States

AplusA  does  not  transfer  any  personal  data  outside  the  European  Economic  Area (EEA) unless  a  prior transfer agreement has been established with the entity receiving the personal data, and unless it has received guarantees that this entity has implemented measures offering the same level of security as that required by European regulations.

In any case, AplusA only transfers personal data outside the EEA after having obtained the consent of the persons responding to the studies.

4.3 Public bodies

AplusA may disclose personal data to public bodies, courts, administrative bodies or the administrative authority responsible for the protection of personal data if the law so requires or if it receives an order requiring it to do so.

  1. Sensitive data processing

Since AplusA processes only health data, AplusA undertakes to process these sensitive data in accordance with applicable regulations. In particular, AplusA is committed to treating on a case-by-case basis the requests for studies that, because of their type of processing, would expose respondents to AplusA’s studies to high risk.

In close consultation with the client and prior to their implementation, these studies will be the subject of an impact analysis to determine the proposed operations’ issues in terms of the protection of personal data. It has been decided that all non-interventional or observational studies will be the subject of an impact study.

This analysis will include at least:

  • A systematic description of the processing operations envisaged and the purposes of the processing;
  • An assessment of the necessity and proportionality of the operations with regard to the purposes;
  • An assessment of the risks created by the processing;
  • Measures to deal with these risks.
  1. Personal data concerning children

AplusA will not collect or process personal data about children under the age of 16 – or the legally required age defined by French law or by the applicable law – without the prior permission of the parent(s) or legal guardian(s).

  1. Your rights:

Under the applicable law, you have the following rights:

  • Access to personal data: We will make available to you the personal data about you in our custody or control that we have collected, used or disclosed, upon your written request, to the extent required and/or permitted by law.
  • Rectification of your personal data: If you think that your personal data is inaccurate, you can ask for their rectification.
  • Erasure of your personal data: If you believe that AplusA no longer requires to process your personal data, you can ask for their erasure from our databases.
  • Restriction of the processing of your personal data: If you believe that the processing of your personal data is either inaccurate or unlawful, you can ask or the restriction of this processing. AplusA will then only store this data and no longer process them in any other way without your consent.
  • Opposition to the processing of your personal data: If you previously consented to the processing of your personal data by AplusA, you have the right to object this processing of your data on grounds relating to your particular situation and at any time.
  • Deciding of the processing of your personal data after your death: At any times, you or a person you designated can inform AplusA of your decision about the processing of your personal data after your death, whether this is the erasure, the conservation or the communication of these data.

​To exercise any of these rights related to the personal information that we may hold about you, we require that you submit your request in writing to dpo@aplusaresearch.com. When we receive an access request from an individual, we will attempt to fulfil the requested information within 30 days.

In certain situations, however, we may not be able to give individuals access to all or some of their personal data. If we deny an individual’s request for access to their personal data, we will advise the individual of the reason for the refusal.

  1. Dedicated team, training and internal tools

8.1 Internal tools

In accordance with regulatory requirements, AplusA maintains specific internal documentation:

  • Documentation relating to the processing of personal data: the processing register, impact assessments carried out, the management of non-EEA transfers or contractual clauses;
  • Documentation relating to information to persons: information statements given to the person whose data were collected, the form for the collection of the consent of the persons, the procedure put in place for the exercise of the rights of persons (right of access, modification etc.);
  • Contracts defining the roles and responsibilities of each actor: contracts with subcontractors.

8.2 Training

AplusA has launched a training and awareness programme for all its teams on the new European regulation on the protection of personal data.

8.3 Dedicated team

AplusA has set up an internal team dedicated to the protection of personal data, headed by the Data Protection Officer, the Quality Manager and the Head of IT.

  1. Security

The security of your personal data is very important to us. We have put in place reasonable physical, electronic, and administrative procedures to safeguard the information AplusA collects. Access to your personal data is granted only to those employees who require it in order to perform their duties.

AplusA has implemented security protocols to control risks, as described in an AplusA technical protocol, notably through the use of an encrypted, secure messaging service for sending and receiving personal data files. This protocol complies with internationally recognized standards and is regularly examined and updated if necessary.

  1. Changes to this policy

According to the evolution of the applicable law, we may update our privacy practices and this privacy policy at any time. For this reason, we encourage you to refer to this privacy policy on an ongoing basis. This privacy policy is current as of the “last revised” date which appears at the top of this page. We will treat personal data in a manner consistent with the privacy policy under which it was collected, unless we have your consent to treat it differently. By using this website following any privacy policy change, you freely and specifically give us your consent to collect, use, transfer and disclose your personal data in the manner specified in such then-current privacy policy.