As the General Data Protection Regulation (GDPR) comes into force, we would like to reaffirm our commitment to data protection. Since the second half of 2017, the PRS IN VIVO Group has set up a multidisciplinary working group in charge of the GDPR to adapt the new layout, including:
- The implementation of a Compliance Plan defining the General Policy of the PRS IN VIVO Group in relation to the GDPR.
- The nomination of a Data Protection Officer (firstname.lastname@example.org)
- The implementation of a Crisis Plan, in the event of Personal Data Violation alert procedures and third-party notification, operation of the Crisis Cell, corrective interventions).
- An audit and mapping of processes involving Personal Data, the writing of best practices for each DCP treatment and the definition of possible corrective measures.
- The definition of technical standards to ensure the security of transfers and storage of Personal Data, as well as erasure and destruction procedures (evolution of the ISSP).
- Strengthening organizational rules for limiting access (only to people with a legitimate need), separating data from different clients and transferring Personal Data between different entities in the PRS IN VIVO Group.
- The definition of the new contractual rules to be applied, including those relating to the Personal Data protection clauses, and the modification of existing contractual relations with our customers who have requested it.
- The monitoring of compliance with the GDPR of suppliers performing on our behalf a Personal Data processing.
- BCR’s preparation for Personal Data transfers with non-EU/EEA PRS IN VIVO Group subsidiaries.
- Accommodation to the new obligations of all legal notices, especially for the solicitation of consent to participate in surveys.
- A plan of staff awareness in the group by anticipating an inscription of employment contract of Personal Data obligations.
- A specific training plan based on the types of treatment to which the teams are exposed.
The GDPR is everyone’s business, especially data processing professionals!
PRS IN VIVO Group complies with the International ICC / ESOMAR Code of Market Researches, Social and Opinion Studies and other rules and codes of conduct of the profession.
Our GDPR policy
Each respondent must provide free, specific, informed and unambiguous consent.
Legal notices provided at the beginning of each survey clearly explain the goal of the survey and how the data is processed.
Each respondent must be informed of his/her rights and receive information consistent with the GDPR at the time of data collection.
Legal notices explain where the respondent's contact information come from and how they can exercise their rights.
Each respondent has the right to access the data concerning him/her and to ask for rectification or deletion.
When the Data has been provided to BVA by the sponsor of the study, PRS IN VIVO will forward the claims to the sponsor for a feedback. In other cases, PRS IN VIVO responds directly to requests.
A respondent's data can not be used in the processing other than the one for which it was collected.
PRS IN VIVO uses the Data only in the specific context that is explained at the beginning of the survey. No other use of data is realized without the respondent's agreement.
Respondents have the right to delete their personal data The respondent's contact information is never retained more than necessary.
Generally, they are destroyed no later than 2 months after the end of the study. In other cases, the reasons, conditions and shelf life are clearly explained. And every respondent has the permanent right to request the erasure of his/her Personal Data.
Respondents may withdraw consent to be contacted for surveys.
One respondent no longer wishes to be contacted by PRS IN VIVO: PRS IN VIVOagrees not to contact him /her anymore!
Each respondent has the right to have their data protected against the risk of theft, modification or deletion.
PRS IN VIVO continuously improves its tools and procedures to enhance the security of your Personal Data.
If a respondent to a survey wishes to access his personal data, request a modification or deletion of his/her data or no longer to be contacted for a survey by one of the PRS IN VIVO Group companies, he must connect to https://rgpd.bva-group.com/?param=site and specify the channel by which he was contacted (face to face, by phone, by e-mail …) as well as the subject of the survey and / or the brand for which this survey was made.
All applications must be accompanied by proof of identity to be admissible.
Have you received a survey by internet or phone and intend to respond? We thank you very much.
In its surveys, the PRS IN VIVO group will never ask for your credit card number, either on a website, by email or by phone.
If you have any questions, please contact our Data Protection Officer by email: email@example.com