Purpose
The purpose of this Policy is to provide an overview of the policy, expectations and accountabilities relating to the handling of Personal Data.
Overview
SERVICE 800 specializes in service quality measurement. The main role of SERVICE 800 is to, on behalf of its client companies, contact customers who have a recent service experience or customer managers who can comment on a service relationship.
SERVICE 800 uses no assembled, purchased or otherwise acquired call lists of individuals. The client company provides all customer data used by SERVICE 800. The client company acquires its customer data when it contracts to provide or responds to a request to provide a service or product.
SERVICE 800 acts as an Agent of its client companies and performs work under their direction and according to their definitions. SERVICE 800 does not perform any studies on its own behalf.
Definitions
“Personal Data” means data, which may identify an individual
As defined by the United States and European Union Data Protection Safe Harbor Arrangement, SERVICE 800 acts as Data Processor or Data Handler, and its client companies act as Data Controller. As Data Controller, the client companies define the purpose and process for handling Personal Data. As Data Processor, SERVICE 800 performs the process defined by the Data Controller.
Customers that provide customer feedback or other pertinent data during the process are considered to be Data Subjects.
SERVICE 800 also reviews Canadian privacy legislation (“PIPEDA”) as well as privacy requirements in other geographies. SERVICE 800 welcomes client checklists relating to individual or specific data privacy requirements, and will respond with details regarding the extent to which individual requirements may be met.
Role of the Data Processor
SERVICE 800 – including its regular staff of employees, part time employees and contractors – provides the services defined by the Data Controller. The Data Controller may provide personal data to SERVICE 800 as required by the defined process. SERVICE 800 may distribute the data within its own staff, as required to provide the services, but is not allowed to share the data with any other outside party without the express written authorization of the Data Controller.
SERVICE 800’s primary use of the data is to survey individuals who work at its client companies’ customers about specific service experiences. Data typically provided to SERVICE 800 includes company name, individual contact at company, phone, e-mail, address, product type, and service type or service characteristic.
SERVICE 800 regularly manages customer data it received from its clients by testing the data for completeness and validity, excluding customers that have been recently surveyed or those customers that have asked not be included in the study, and performing random selections of the data in order to provide a targeted number of customer responses by the characteristic defined by the Client. This data is managed within dedicated databases and not intermixed with other customer lists.
SERVICE 800 contacts customers primarily via phone but may also contact them via e-mail to invite them to a web site where they have the option of completing a survey. During a web survey, any cookies associated with progressing through the survey are deleted when the survey is either completed or abandoned.
The Product of the Data Processor
In the course of performing the process defined by the Data Controller, SERVICE 800 obtains customer ratings and answers to the script and questions approved by the Client.
The Data Controller defines how the data is to be analyzed and reported. SERVICE 800 performs the reporting as defined and releases no customer, aggregate or analytical data to anyone other than those designated in writing by the Data Controller.
In the course of providing analytics, SERVICE 800 produces non-personal data that shows aggregate or statistical representations of the body of the data.
The Data Controller retains ownership of all Personal Data and other collected data.
Security
SERVICE 800 employs industry standard security measurement to protect all stages of data and data handling. Security elements include but are not limited to encrypted transmissions, password controls, recipient profiling, firewalls, FTP sites, and restricted ISPs.
The Data Controller may define security requirements. SERVICE 800 will respond with the degree to which each security element can be accommodated. The Data Controller will judge their adequacy.
Accountabilities
SERVICE 800 as Data Handler is accountable to the Data Controller. All SERVICE 800 staff, including regular employees, part time employees and contractors, are accountable to SERVICE 800 to protect and not to disclose any personal data to any other party. Complying with SERVICE 800’s Non-Disclosure Agreement is a requirement of employment. Each contractor must also agree to and comply with such policy.
Contacts
Mr. David Welch, SERVICE 800, 2190 West Wayzata Blvd, Long Lake (Minneapolis) MN USA