Data Protection and Privacy Policy
UNPITCHD LTD.
1. Introduction
UNPITCHD LTD. is committed to protecting the privacy and security of the personal data we collect and process as part of our consumer research activities. This policy outlines our practices for gathering, using, storing, and sharing personal data in compliance with GDPR and other applicable laws.
​
2. Gathering Research Participant Consent
-
Consent Collection: Before any data is gathered, participants must sign a consent form as part of the onboarding process and before the research begins.
-
Consent Coverage: The consent covers the right to access, rectify, and erase personal data, the purpose of data collection, the duration of data retention, and the right to withdraw consent at any time.
​
3. Protecting Confidentiality and Non-Disclosure
-
Confidentiality Obligations: Participants agree not to disclose, share, or use any confidential information or data shared with them for any purpose other than participating in the research. Confidential information includes, but is not limited to, video and photo content, research questions and findings, and any other proprietary information disclosed during the research process.
-
Additional Measures: When conducting research using WhatsApp, confidentiality features that prevent screenshots to protect highly sensitive content are always enabled and any images are shared so that they can only be viewed once. If highly sensitive content is shared with participants, we have the option to delete the content immediately after viewing.
-
Data Protection: All research data is handled in accordance with applicable data protection laws and regulations.
​
4. Collection, Treatment, Sharing, and Storage of Personal Data
-
Collecting Personal Data: Personal data collected through our research includes, but is not restricted to, names, phone numbers, email addresses, and postcodes collected during screening for recruitment and throughout the study.
-
Purpose of Data Collection: UNPITCHD collects personal data for market research purposes, i.e. to gain insights into market trends and consumer behavior, allowing us to help our clients better meet the needs of their customers.
-
Data Collection Platforms: Personal data is collected and stored on two, connected encrypted software platforms:
-
WhatsApp: First name, mobile number, visual representation through photos.
-
Airtable: First name, last name, address, email address, family situation. Airtable Security Practices
-
-
Personal Data Storage:
-
Retention Policy: Original data is saved for 90 days after the research has ended. Data is securely stored on encrypted servers.
-
Responsibility: It is UNPITCHD LTD.’s responsibility to ensure that personal data is handled and stored securely.
-
-
Data Sharing and Sanitisation:
-
Non-Transfer: UNPITCHD LTD does not transfer personal data to external entities without explicit consent.
-
Data Sanitisation: UNPICTHD follows the guidelines of the ICO to sanitise personal data. Sanitised data is data that has been processed to remove any personally identifiable information (PII). Where sanitisation is not possible (e.g. with visual or audio files), UNPITCHD LTD. ensures that those files have been gathered with explicit consent and that copyright propriety has been transferred.
-
Client Data Sharing: We provide our third-party clients with access to insights derived from our participants’ personal data and access to sanitized data. This content can be used for internal purposes only and cannot be published without requiring explicit, additional consent from the participants.
-
​
5. Data Subject Rights
-
Access Requests: Participants have the right to request access to their personal data.
-
Rectification and Erasure: Participants can request correction or deletion of their data.
-
Objections and Restrictions: Participants can object to or request restrictions on the processing of their data.
-
Right to Withdraw: Participants can withdraw their consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
-
Complaints: Participants have the right to lodge a complaint with a supervisory authority if they believe their data protection rights have been violated.
​
6. Contact and Communication
-
Data Protection Officer: Stéphanie RENUCCI is the designated Data Protection Officer.
-
Contact Information: Participants can reach the DPO for any data protection queries or concerns at steph@unpitchd.com
​
7. Monitoring and Auditing
-
Regular Audits: We conduct regular audits of our data protection practices to ensure compliance.
-
Continuous Improvement: Audit results are used to enhance and improve our policies and procedures.
​
8. Incident Response
-
Breach Notification: We have a process in place for identifying, reporting, and managing data breaches. Participants are promptly notified of any data breaches in accordance with GDPR requirements.
​
9. Additional Measures and Processes
-
Researcher Training: All researchers are individually trained on UNPITCHD’s data privacy and confidentiality policies.
-
Policy Updates: Our processes and policies are frequently reviewed and updated. (Last updated June 2024)
​