R.A. Malatest and Associates Ltd. (Malatest) is committed to ensuring the protection of your privacy through responsible personal information management practices. Malatest is an active participant in, and proud supporter of, the Canadian Evaluation Society (CES). Malatest is also a member of the Canadian Research Insights Council (CRIC) and is a supporter of the Certified Analytics and Insights Professionals (CAIP) of Canada.
As members of these organizations, we pledge ourselves to maintain the highest standards of scientific competence, integrity, and transparency in conducting, analyzing, and reporting our work; establishing and maintaining relations with research participants and our clients; and communicating with those who eventually use the research for decision making purposes and the general public.
When you visit our website, or complete a survey through our data collection platforms, our web server automatically collects a limited amount of standard information essential to the operation and evaluation of the sites through the use of web cookies. Such information includes the following:
Links to Other Websites: Our websites may contain links to other websites that are not affiliated with us. We do not monitor or maintain the privacy practices of these websites, and do not have authority over them. We do not assume any responsibility for their privacy policies and procedures.
Collection: The personal information you provide (such as your name, address, date of birth) in response to our data collection is protected under, the Personal Information and Electronic Documents Act (PIPEDA) as well as other privacy legislation applicable to your provincial/territorial jurisdiction. We collect, use, disclose, secure, and retain of your information compliance with these prtections.
Use: We only use collected information to fulfill the purpose for which it was originally collected or for a use consistent with that purpose.
Disclosure: We do not disclose your information without your permission. We will not share your information with other third parties, including any public bodies, corporate entities, or individuals except as authorized by law or as directed by you. We will not sell, your information to any type of mailing list. Only authorized staff members will ever have access to your information.
Retention: We retain personal information only as long as necessary to fulfill research or as required by law. We have established protocols for the destruction of personal information that conform with the provincial/territorial, and federal legal requirements, as well as the contracts with our clients.
Access: We recognize that research participants have a right to review the information collected on them subject to some exceptions. To access your personal information, please make a request in writing and provide sufficient detail to identify the personal information being sought. We will make the requested information available within 30 business days, or will provide written notice of an extension where additional time is required to fulfill your request. A minimal fee may be charged for providing access to personal information; in such cases you will be notified of the fee in advance and provided the opportunity to either continue or discontinue with your information request.
Our online survey instruments automatically record website usage information. This information does not identify you personally, and we do not use this information to track or record information about individuals. We will disclose this information to third parties only in aggregate form or as may be required by law. For each survey instrument the following information is collected:
Personal information is any information that permits an individual to be identified. This information may include, but is not limited to, your name, mailing address, telephone number(s), email address(es), personal educational, healthcare and financial history, personal identification numbers (such as social insurance number, health care number) and, in certain circumstances, your opinions and individual preferences. Personal information, however, does not include your business contact information including your name; business title; or business address, business telephone number, or business fax number. However, if you participate in one of our surveys in your capacity as an employee of an organization, your responses will be treated as personal information.
We will always collect your personal information directly from you, by fair and lawful means (for instance, when you respond to one of our surveys). We collect your personal information when we have obtained your consent and as otherwise permitted by law. Sometimes we may have been provided your personal information from the client who hired us; in such cases, they have only provided information that they are legally able to share in order for us to conduct their research.
When we connect with you, we identify the purpose for which we use your personal information. We will obtain your consent, in any case, prior to such use. One of the primary purposes for which we collect your personal information is to conduct social research by conducting surveys. If you provide us with sensitive personal information such as health or financial information, we will obtain your express consent for the collection, use, and disclosure of that information.
We identify to whom, and for what purposes, we will disclose your personal information at the time we collect such information from you and obtain your consent to such disclosure. For most studies, your specific personal information is never shared—a unique identifier code is attached to your survey results and only that ‘code’ is forwarded to the client to link results to any one record. Any personally identifiable information is ‘stripped’ from the collected data to ensure anonymous results. For some studies, however, personal information may be released to a third party with the prior approval of the participant. For example, we may ask the participant to disclose their personal information for the following reasons: • To our client for the client’s purposes of conducting further research; • To our client to identify specific survey results for an individual as part of the research process (such identification of results is detailed to respondents in the opening survey script); • To a third party we engage to perform functions on our behalf (such as a mailing house with which we have a long-standing business relationship and a non-disclosure agreement in order to send you a notification letter in advance of the survey). Such parties are restricted from using your personal information in any way other than to provide services to Malatest; • Such other disclosures of personal information to such designated persons/parties for which you provide your written consent; and • As otherwise permitted by law when applicable and required
We obtain your consent prior to collecting and prior to using or disclosing your personal information for any purpose. You may provide your consent to us either orally or in writing. For example, when you respond to a survey, you provide your consent to allow us to use your personal information for the purposes of conducting social research and, in certain circumstances, to disclose your personal information to our clients. From time to time, we may collect, use, or disclose your personal information based on your consent and as permitted by law.
Occasionally, we conduct surveys with children under 13 but only with the appropriate parental or legal guardian consent for the survey. Depending on the sensitivity of the survey topic, we may seek parental or legal consent for interviewing young people between the ages of 13 and 17. If we become aware that personal information from a child under 13 has been collected without the appropriate consent of such child’s parent or guardian for the survey, we will use all reasonable efforts to delete such information from our records.
The security and privacy of your personal Information is very important to us. We have put in place physical, administrative, electronic, contractual and technological security procedures to protect your personal information. Only those employees who need access to your information to perform their duties have access to your personal information. Every Malatest employee and our business partners (contractors) are responsible for maintaining the confidentiality of all information to which they have access. Our employees and contractors are informed about the importance of privacy and receive ongoing updates on privacy related policies. We are committed to ensuring the security of your personal information to protect it from unauthorized access, collection, use, disclosure, copying, modification or disposal, or similar risks. Security measures in place to protect your personal information include the use of physically secured office spaces; locked filing cabinets; the use of user IDs, passwords, and firewalls; and restricted employee access, as appropriate.
We will use, disclose, or retain your personal information for as long as necessary to fulfill the purposes for which it was collected and as permitted or required by law. We have established minimum and maximum retention periods and procedures for maintaining and destroying your personal information.
At your written request, and to the extent permitted by law, we will make available to you any specific personal information on you that is in our custody or control for any data collection method that contains personally identifiable information. We will make such information available to you in a form that is generally understandable, including explaining any abbreviations or codes. To ensure the privacy of all individuals, proof of your identity will be required prior to the release of any information. To request access to your personal information which is in our control, we ask that you contact our Privacy Officer at email@example.com.
We will ensure that your personal information is kept as accurate as possible. When we collect personal information from you, we rely on you for its accuracy.
You can, at any time, write to us about the accuracy of the personal information we have collected. If the personal information is inaccurate, we will gladly modify it. Where appropriate, we will transmit the amended information to third parties that may also be impacted by this change.
We will attempt to respond to your written request within thirty days of receipt of the request; we will advise you in writing if we cannot meet your request within this time. As provided for by PIPEDA, you have the right to make a complaint to the federal Privacy Commissioner with respect to our compliance with this time limit. Please ensure that all written correspondence includes a method of contacting you (such as your mailing or email address) to enable us to provide you with the requested feedback.
We will request that you provide sufficient identification to permit access to the existence, use, or disclosure of your personal information. Any provided proof of identity will be used only for this purpose.
We have implemented physical, organizational, contractual, and technological security measures to protect your personal information from loss or theft, unauthorized access, disclosure, copying, use, or modification. The only employees who can access your personal information are those with a research need to know or whose duties reasonably require such information. All employees who have access to personal information have appropriate security clearances, have been trained in their privacy obligations, and hold positions of trust within our company. As we are a 100% Canadian owned and operated company, data, including your personal information that we collect, never leaves Canada. As a result, your personal information is not subject to the information sharing provisions of the USA Freedom Act or to any other non-Canadian legislation.