You are here: HomePrivacy

PRIVACY POLICY

1. Introduction

This privacy policy explains how Opinion Health Ltd is committed to preserving your privacy and maintaining the confidentiality of any information that you provide us with. Opinion Health is a healthcare market research company headquartered in London. This policy explains how we collect, store, use and protect that information to ensure that we protect all the personal data that you share with us, whether you are a member of a panel, or a participant in a survey.

This privacy policy has been developed to ensure that Opinion Health Ltd complies with the requirements set out in the UK Data Protection Act 2018 and The European Union General Data Protection Regulations (2016/679) which came into force in May 25th, 2018 and the California Consumer Privacy Act. However, this policy will be applied on a worldwide basis to ensure a consistent approach.

Personal data used for projects are processed in accordance with GDPR Data Protection Legislation and the professional standards and practices as set out by EphMRA, ESOMAR, BHBIA and other international code of conducts. Opinion Health undertakes to ensure that, data subjects rights and requests such as rights for information, data deletion, data correction and data portability is adhered to.

In this privacy policy, when we refer to your "personal information and data" we mean all the personal details, information and data that you send or submit to us at any time of your own free will. We do not, however, collect nor store bank account or credit card or any other financial information, security numbers or similar.

Signing up to our community, taking part in our surveys and other research activities is entirely voluntary. By registering to the community and accepting these terms, you confirm that you are 18 years of age or older and you have read and agree to the Privacy Policy and understood the information provided and are happy to freely join the Opinion Health community and provide your contact details and for us to store them on the Opinion Health platforms so that we can send you invitations to relevant studies. You further agree that anything you see or read during any research study should be treated as confidential and should not be shared with any third party. Taking screenshots, sharing the material, or any action that would inform others of the research content is strictly prohibited.

In our continuous effort to prevent and detect fraud and as part of our compliance policy and due diligence process, you may be asked to verify your identify either by submitting a picture of your ID or using a verification app.

Compliance with this policy is checked from time to time to ensure that all requirements are adhered to and that any non-compliant issues are identified and rectified efficiently and effectively.

Any changes we may make to our privacy policy in the future will be posted on our website. Changes may also be notified to you by e-mail.


2. Scope

The Policy is applicable globally and will form the minimum standard to which all employees and suppliers have to adhere to, regardless of what regulations apply directly to any specific activity or region.

Everyone working for Opinion Health Ltd has some responsibility for ensuring personal data are collected, stored and handled appropriately and processed in line with this Policy and its data protection principles.

Opinion Health Ltd also expects and verifies that its suppliers/vendors comply with the principles as set out within this document


3. Collection and Use of Personal Data

We collect personal data from you when you communicate with us by any media (our website, social media, telephone, mobile, email, WhatsApp, face-to-face and other activities) This data is for market research purposes only and we always collect data in a way, which is entirely lawful. Under UK Data Protection Act 2018 and GDPR regulations we need to have a valid lawful basis in order to process your personal data. In processing your personal data we rely mainly on two lawful bases: processing is necessary for our legitimate interest and the consent given by you to process your personal data.

We define personal data as any identifiable data relating to a natural person that is directly or indirectly collected, by us or a third party. We collect your personal data on a voluntary basis. When you register with us and each time you use or access the interactive parts of this Site or of our survey and research and email platforms we will collect information and data from you.

This will include:

  • 3.1 Your personal details, such as name. email and other personal contact details (this may include also mobile number to receive SMS or WhatsApp survey invitations and reminders) you give us when you register to use the interactive parts of this site or access our survey and research platforms and any updated personal information which you provide us with from time to time.

  • 3.2 Processing and retention of self-reported health data.

  • 3.3 The personal information and data you submit about yourself or on behalf of any third party in participating in any surveys, questionnaires, interviews, polls or participating in or using the other interactive parts of this site each time you use or access the interactive parts of this site and of our survey and research platforms. That personal information and data may include sensitive personal information relating to such matters as health and socio-demographic information.

  • 3.4 We will also collect any other personal information, which you send us by email or letter from time to time.

  • 3.5 Opinion Health Ltd may also obtain personal data from other database/panel owners or recruiters who have assured us that their databases only contain information from individuals who have consented to have their personal data shared with other parties.

  • 3.6 To prevent and detect fraudulent survey participation behaviour and guarantee data quality we also collect and check IP addresses against global IPs blacklists, geolocation, browser and device specifications for the purpose of device fingerprint.

  • 3.7 Other data we may collect depending on the specifications of the project may include opinion, images, voice, videos and confirmation of diagnosis in the form of anonymised doctor’s letter, health records and treatment pictures with initials on.

  • 3.8 We also collect data for Pharmacovigilance adverse even reporting. This will include contact details e-mail address, mobile number, disease, treatment product taken and adverse event. You may choose not to disclose your name and contact details in the adverse event forms and fill it in anonymously.

  • 3.9 For all of the above we will obtain these directly from you


4. How We Use Personal Data.

Opinion Health Ltd undertakes all types of qualitative and quantitative market research activities in the healthcare sector but does not have access to medical or health records nor recruits for or directly conduct clinical trials. We do not sell our database of personal information to others for the purposes of promotional activities or carrying out direct marketing. We only publish survey information or data or make it available to clients who commission research, reports or other information from us only in an aggregated, anonymised and non-personal form.

We only collect data directly from individuals and not by tracking, combining data sets or inferring by using algorithms to analyse sets of data.

Opinion Health will not share your personal data with any third party without your consent. If a research activity requires for your personal data to be shared with a third party for example in the case of a qualitative research activity, we will seek your consent. Demographics or postcode data will only be used for statistical analysis and only for market research purposes and never for marketing or promotional activities.

Opinion Health will retain your personal data no longer than necessary to fulfil the purpose we collected it for, including the purpose to satisfy any pharmacovigilance requirements as far as adverse events reporting is concerned.

In order to achieve our objectives, our staff will need to store, process, reproduce, collate, adapt, use, analyse and modify the personal information and data you submit to us from time to time and to take any other steps in relation to that personal information and data we need to (in all cases whilst that personal information and data remains in personally identifiable form) in order to do the following:

  • 4.1 To meet the specific requirements of any research, survey, poll or other interactive activity you participate in any such activity which we carry out in the future using data you have previously submitted to us.

  • 4.2 To carry out profiling statistical analysis, market research and testing (whether or not for the purposes set out in the previous paragraph),

  • 4.3 To meet the specific requirements of any other activity we carry out from time to time.

  • 4.4 To retain that personal information and data on our database for use in relation to future activities of the type described in the first paragraph of this section.

  • 4.5 To put that personal information and data into non-personal form for us to make available to others or to publish or disseminate in any form.

  • 4.6 We will also need to store your personal information and data in a personalised form to do the following (by email to the email address or by mail to the address that you have registered with us from time to time):

  • 4.6.1 Send you the results of the surveys, polls and questionnaires you have participated in from time to time

  • 4.6.2 Invite you to participate in our surveys and other research activities including referring people you may know to participate in our studies or sign up to our community

  • 4.6.3 Respond to any requests for information from you

  • 4.6.4 Notify you occasionally about important changes or developments to this Site and our research platforms

  • 4.6.5 Request your permission to use your personal information for a purpose that was not explained to you when your personal information was first collected

  • 4.6.6 Record the points earned on your account

  • 4.6.7 Validate your profiling information or check consistency and validity of your survey answers

  • 4.6.8 Notify you of the points you have earned

  • 4.6.9 Manage the incentives program and send you cheques/vouchers for any rewards payable to you via Amazon or other electronic vouchers platform or PayPal

  • 4.6.10 Investigate suspected fraudulent activities

  • 4.6.11 To comply with all applicable laws and regulations and respond to authorised information requests of government or other public authorities

  • 4.7 If we enter into a joint venture with or sell or merge our business to or with another company, entity or business, we will need to disclose and/or provide any personal information or data that you have provided to us to our new business partners or owners in a form which is personally identifiable. We will only do so on the basis that such new partners or owners agree to treat such personal information and data in accordance with data protection laws and this privacy notice; such business partners or owners shall be entitled to do everything with your personal information and data that we would be entitled to with it under this privacy policy and based on the principle of lawful basis of processing the data for their legitimate interest as per the UK Data Protection Act 2018 and GDPR regulations.


5. Legal Disclosure.

We may provide your personal information in response to a search warrant or other legally valid inquiry or order, or to an investigative body in the case of a breach of an agreement or contravention of law, or as otherwise required by law.

Nothing in this privacy policy affects your right to decline to provide us with any personal information or data and you should not provide us with any personal information or data if you do not agree to us collecting, using and transferring it in accordance with this policy.


6. Respondents Rights

You have the right to access, review, correct, restrict or delete your personal data


6.1 The right to not to be contacted again

UK Data Protection Act 2018 and GDPR regulations, if you exercise your right not to be contacted for the purpose of market research you are exercising your right to restrict processing. When processing is restricted, Opinion Health is permitted to store the personal data, but not further process it.


6.2 The right to be forgotten (erasure)

UK Data Protection Act 2018 and GDPR regulations, you will have the right to request the deletion or removal of personal data where there is no compelling reason for its continued processing. If an individual specifically asks that their personal data is deleted and that they are not contacted again, the conflict between the two requests should be pointed out and their consent to hold their personal data for the purpose of making sure they are not contacted for market research should be requested.


6.3 The Rights of Access of the Data Subject (SAR)

UK Data Protection Act 2018 and GDPR regulations ,all participants will have the right to get confirmation of all the information that Opinion Health has about them, access to this information and any other supplementary information within 30 days from request.


6.4 Right to rectification

You have the right to have any incorrect, incomplete or out of-date information about your personal data to be corrected or supplemented.


6.5 Right to data portability

You have the right to have your personal data provided by you transferred to another party and be made available in an easily readable format, like a Word or Excel document


6.6 Children’s Data

Opinion Health does not normally conduct research studies with children. However, if it is necessary and appropriate to a particular project (mainly qualitative telephone interviews) to directly involve children we will never contact children directly and we will always go through parents and/or legal guardians after conducting a data privacy impact assessment. We will provide parents and/or legal guardians information about the study topic, any personal or sensitive information which may be collected from the children, the way the data will be used and whether and with whom Opinion Health may share such information. We will always seek the presence of the parent or of the guardian during the interview to assess if this is appropriate and decide to withdraw at any time.


7. Cookies

Cookies are small text files stored on one's computer by a website that assigns a numerical user ID and stores certain information about one's online browsing. Unless you have indicated your objection by emailing panel@opinionhealth.com, our system will issue cookies to your computer when you log on to this site or our survey and research platforms. Cookies are used to help us provide you with a better experience for market research purposes and control participation depending on the requirements of a specific research survey or activity and to provide quality control and validation functions. No personal information is stored on any cookie and you can adjust your browsers privacy settings to delete cookies upon exiting this website or when you close your browser. By continuing to browse our sites, you re agreeing to our use of cookies In common with most online surveys, we gather certain information automatically and store it in survey data files. This information may include the following: Internet Protocol addresses (IP address), browser type, Internet service provider, geolocation, termination/exit pages, operating system and date/time.


8. Security

Opinion Health has put in place technical, physical and administrative measures to protect your personal data and the information we collect.

8.1 We employ security measures to protect your personal information and data from access by unauthorised persons and against unlawful processing, accidental loss, destruction and damage.

We process data and store it on servers managed by our hosting provider. Those servers are located in the EU in Germany and the UK. The data centre operates in a suitable computer centre environment to prevent data on the online platform from being damaged, lost or compromised as a result of unauthorized access or natural disasters.

8.2 Your Account Information and Profile are password-protected. We recommend that you do not divulge your password to anyone. We will never ask you for your password in an unsolicited phone call or in an unsolicited email. Also remember to sign out of your panel account and close your browser window when you have finished your work. This is to ensure that others cannot access your personal information and correspondence if you share a computer with someone else or are using a computer in a public place like a library or Internet cafe.

8.3 An employee who has data protection and information security responsibilities will be appointed.

8.4 Physical access to the office buildings limited by video and code-entry and various access control mechanisms like alarm keypad.

8.5 The data centre operates in a suitable computer centre environment to prevent data on the online platform from being damaged, lost or compromised as a result of unauthorized access or natural disasters. All data will be fully backed up overnight on a dedicated hard drive on the server. The data will also be copied to a central server in a separate fire area over night. The data will be encrypted and transferred securely. Backups can be restored to the day for the last seven days. Furthermore, a backup for the last four weeks is available accurate to the week.

8.6 Only authorised IT personnel are allowed in. Data centre visitation is only available by pre-requested appointment, requires current ID, and to be on an authorised list of visitors. Server racks are locked.

8.7 All employees are instructed on data protection and information security matters upon commencing employment and are subject to confidentiality obligations.

8.8 Employees are not permitted to record Personal Data on a storage medium (e.g. disk) to enable them to re-access the information in premises that are not controlled by Opinion Health.

8.9 A business continuity plan and an information security incident management system are in place.

8.9.1 Monthly standard vulnerability tests are performed on our survey and panel management system. Penetration tests are conducted by external vendors on a regular basis. If there are recommendations as a result they evaluate the impact and schedule the remediation with regards to criticality.

8.9.2 We employ appropriate operational and technological measures, processes and procedures to keep the Personal Data safe from unauthorized use or access, loss, destruction, theft or disclosure. Such measures include:

  1. the pseudonymization and encryption of Personal Data
  2. the ability to ensure the ongoing confidentiality, integrity, availability and resilience of relevant Processing systems and services;
  3. the ability to restore the availability and access to the Personal Data in a timely manner in the event of a physical or technical incident, including a Personal Data Breach;
  4. a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the Processing of Personal Data


9. Data Transfer and Storage

Opinion Health takes all reasonable steps as appropriate for the type and sensitivity of the data to keep the data secure in whatever form (e.g. digital, paper, audio & video recordings), that the data will only be used for the purpose stated at the time it was collected. Email addresses and mobile phone number may be stored in one or more digital platforms (Tivian, Brevo) or cloud-based services (e.g. Google Workspace, Amazon, Paypal,, Zoom, Box) or email validation providers and are fully compliant with the UK Data Protection Act 2018 and GDPR regulations. To ensure data privacy in data collection and retention, we utilize EFS by Tivian version EFS_23, ensuring uninterrupted data collection. Tivian is ISO 27001 certified and its data centres are BSI-certified.

Because of the international nature of our research, we may be asked to transfer your personal data to a countries outside of the country you reside. In this case, we will always make it clear where the client resides and to get your consent.

For transfers outside of the EEA and UK, we use Standard Contractual Clauses to make sure they provide the same safeguards as per GDPR.


10. Data retention

We take all necessary steps to keep personal data accurate, complete and current, based on the most recent information we have from you by completing and answering our questions truthly and honestly. You are responsible for ensuring that you notify us of any changes to your personal data.

Opinion Health keeps adequate documentation of processes and how they are evaluated under the UK Data Protection Act 2018 and GDPR regulations Opinion Health will retain data for a limited period of time following completion of a project as is appropriate for its intended and lawful use. We shall not retain Personal Data longer than the duration of retention agreed with the client and, in any case, shall not retain those data longer than the authorized duration of the service agreement and or also depending on the pharmacovigilance requirements as far as adverse events reporting are concerned. We store data provided on a server that is physically secured and is only accessed by authorized staff is protected behind a firewall and properly patched with the latest OS and Security. Opinion Health regularly asks participants to reaffirm their consent to be part of the community.

Opinion Health shall retain your personal data for as long as you are a member of the community. In the event that you unsubscribe from the community, we shall retain data for no longer than 1 month after you unsubscribe, unless otherwise required by law. Personal data that is no longer required shall be disposed of in a manner that ensures that the confidential nature is not compromised.

As part of the Company Business Continuity Plan our electronic systems are backed up and archived. These archives are retained for a defined period of time in a strictly controlled environment. Once expired, the data is deleted and destroyed to ensure the data is erased completely


11. Updates to Our Privacy Policy

We keep our privacy policy under regular review and any changes will be communicated to you via email


12. Contact

If you have any comments, complaints, queries and requests relating to our use of your personal information and data or if you believe the information we hold is inaccurate or out-of-date or if you decide you no longer wish to participate in our research, please contact the data manager at panel@opinionhealth.com


OH.PD.01.02 August 2022