As the General Data Protection Regulation (GDPR) comes into force, we would like to reaffirm our commitment to data protection. Since the second half of 2017, the BVA Group has set up a multidisciplinary working group in charge of the GDPR to adapt the new layout, including:
- The implementation of a Compliance Plan defining the General Policy of the BVA Group in relation to the GDPR.
- The nomination of a Data Protection Officer (Hervé TRANGER, email@example.com)
- The implementation of a Crisis Plan, in the event of Personal Data Violation alert procedures and third-party notification, operation of the Crisis Cell, corrective interventions).
- An audit and mapping of processes involving Personal Data, the writing of best practices for each DCP treatment and the definition of possible corrective measures.
- The definition of technical standards to ensure the security of transfers and storage of Personal Data, as well as erasure and destruction procedures (evolution of the ISSP).
- Strengthening organizational rules for limiting access (only to people with a legitimate need), separating data from different clients and transferring Personal Data between different entities in the BVA Group.
- The definition of the new contractual rules to be applied, including those relating to the Personal Data protection clauses, and the modification of existing contractual relations with our customers who have requested it.
- The monitoring of compliance with the GDPR of suppliers performing on our behalf a Personal Data processing.
- BCR’s preparation for Personal Data transfers with non-EU/EEA BVA Group subsidiaries.
- Accommodation to the new obligations of all legal notices, especially for the solicitation of consent to participate in surveys.
- A plan of staff awareness in the group by anticipating an inscription of employment contract of Personal Data obligations.
- A specific training plan based on the types of treatment to which the teams are exposed.
The GDPR is everyone’s business, especially data processing professionals!
BVA Group complies with the International ICC / ESOMAR Code of Market Researches, Social and Opinion Studies and other rules and codes of conduct of the profession.
Our GDPR policy
|Rights||What is it?||How does BVA respond?|
|Each respondent must provide free, specific, informed and unambiguous consent.||Legal notices provided at the beginning of each survey clearly explain the goal of the survey and how the data is processed.|
Right to information
|Each respondent must be informed of his/her rights and receive information consistent with the GDPR at the time of data collection.||Legal notices explain where the respondent's contact information come from and how they can exercise their rights.|
Right of access, rectification, deletion, portability
|Each respondent has the right to access the data concerning him/her and to ask for rectification or deletion.||When the Data has been provided to BVA by the sponsor of the study, BVA will forward the claims to the sponsor for a feedback. In other cases, BVA responds directly to requests.|
Right to Restrict the Treatment
|A respondent's data can not be used in the processing other than the one for which it was collected.||BVA uses the Data only in the specific context that is explained at the beginning of the survey. No other use of data is realized without the respondent's agreement.|
Right to be forgotten
|Respondents have the right to delete their personal data||The respondent's contact information is never retained more than necessary. Generally, they are destroyed no later than 2 months after the end of the study. In other cases, the reasons, conditions and shelf life are clearly explained. And every respondent has the permanent right to request the erasure of his/her Personal Data.|
Right to Withdraw Consent
|Respondents may withdraw consent to be contacted for surveys.||One respondent no longer wishes to be contacted by BVA: BVA agrees not to contact him /her anymore!|
Right to data protection
|Each respondent has the right to have their data protected against the risk of theft, modification or deletion.||BVA continuously improves its tools and procedures to enhance the security of your Personal Data.|
If a respondent to a survey wishes to access his personal data, request a modification or deletion of his/her data or no longer to be contacted for a survey by one of the BVA Group companies, he must connect to https://rgpd.bva-group.com/?lang=en¶m=site and specify the channel by which he was contacted (face to face, by phone, by e-mail …) as well as the subject of the survey and / or the brand for which this survey was made.
All applications must be accompanied by proof of identity to be admissible.
Have you received a survey by internet or phone and intend to respond? We thank you very much.
In its surveys, the BVA group will never ask for your credit card number, either on a website, by email or by phone.
If you have any questions, please contact our Data Protection Officer by email: firstname.lastname@example.org
Or by mail:
DPO France BVA Group
27 rue du Colonel Avia
75015 Paris – France