Privacy notice for customers and other platform users
You may just be visiting this website or are using our app as a participant or our customer webapp.
The app is owned and operated by Field Notes Communities Limited on behalf of the Research Companies who use it to collect responses to their research questions.
Our registered Office: Field Notes Ltd, 12 Sigdon Road, London E8 1AP United Kingdom, Company No. 10907286 We provide contact details at the end of this policy.
What information do we collect from platform users?
“Transactional Information”: Information for login and communication purposes (your email address). This is held for a minimum amount of time and deleted when no longer needed (when your project ends, or when you request to delete it).
“Debugging Information": We use tools to automatically capture errors in our apps in order to fix bugs. Some personal information may (rarely) be captured as part of these logs, but all the logs are removed after the error is resolved and we regularly usage of these tools to delete personal information (e.g. emails and passwords are automatically removed already). Error traces are kept for a maximum of 3 months.
“Audit logs”: We keep logs to prove that certain information has been removed. We keep two different types of audit log: A project compliance log and an audit trail. The project compliance log is fully anonymized and tracks the length of time project data is held and authorization for retention or deletion. The audit-trail necessarily keeps personal information but is held for a shorter-term in order to prevent violations of our terms and to provide an audit trail in the event of disagreements. This audit trail is not available to Research Companies and is only used by Field Notes Ltd to verify that data changes or deletions have or haven’t taken place (e.g. if you contact us to check if your information has been removed). We keep audit logs indefinitely at present, though may remove them for space purposes a significant time after projects end.
How do we process & where do we store your personal data?
The information you provide to us is mostly stored and processed in the EEA or the UK, however it may be transited or held by service providers and clients outside of the European Economic Area (“EEA”). Countries outside the EEA may not always have as strong data protection laws as the UK and the EEA. However, in each case a strong data-protection guarantee has been entered into with this company which complies with GDPR rules. In any case, we will always ensure that your information is used by third parties in accordance with this privacy statement and that it is kept secure.
We do not host ads in our website, app or platform and we do not sell any of your personal data.
We follow strict security procedures in the storage and disclosure of information which you have given us, to prevent unauthorised access in accordance with the UK and EU data protection legislation including GDPR.
We may disclose your personal information when we believe we are required to do so by law or governmental, police enforcement or regulatory authorities or for the purposes of preventing or detecting crime.
You have several rights about your personal data such as to restrict processing, to delete, to ask us not to use it for marketing purposes. You can exercise your rights by contacting our Data Protection Officer: firstname.lastname@example.org
Our site may, from time to time, contain links to and from the websites of our partner networks and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
If you are unhappy with the way in which we process your personal data or have any other complaint in relation to that processing, you are entitled to ask the UK Office of the Information Commissioner to review the matter. Details about your rights in relation to your personal data, and about how to contact the UK Office of the Information Commissioner are on their website at www.ico.org.uk.
For platform users, we need to store your email address in order to allow you to login with it, reset your password with it, and also send you email notifications of significant events with your projects. We also have a legitimate interest in using this data for improving our services as stated above, but only where these interests aren’t overridden by your interests or rights and freedoms in relation to personal data.
Field Notes Ltd may update these Terms and Privacy Statement at any time.
Terms for customers and other platform users
Platform users are anyone who uses our platform to create tasks for participants and/or to review the content they produce. This includes project managers who review all the content and project reviewers who only view anonymized data.
Your Security and Privacy Responsibilities
In addition to complying with their obligations under applicable data protection legislation, as a platform user, you must comply with the following data security requirements (where you have those access controls):
- Ensure access controls for project managers and viewers is limited to specific projects and only those to whom access is strictly required;
- Ensure that logins (users) are not shared between people and that login passwords are secure, and kept confidential. Customer shall impose this obligation on each of its employees and subcontractors who use the Software, and shall request that each of its clients and other third parties also comply;
- Ensure that only the minimum number of people (users) as strictly necessary have organization-wide access. This shall be reviewed by the Customer at least quarterly;
- Ensure that only the minimum number of people (users) as strictly necessary have access to participant data for projects which are in the field. This shall be reviewed by the Customer at least quarterly; and
- Ensure that any data downloaded (using either individual download links or bulk download / sync tools) is managed in accordance with applicable data control and privacy laws.
The Customer shall also use the compliance tools provided to:
- Review those users who continue to have access to participant data for completed projects on a monthly basis using the built-in compliance tools;
- Anonymize participant data fully using the tools as soon as possible (and review this for completed projects at least monthly); and
- Review participant data for anonymized projects on a monthly basis and mark the participant data for secure removal as soon as no longer needed.
If you are a customer, please contact us via your normal email and support channels.