Overview

CanvasU is a market research data collection company based in NSW. In the course of conducting market research we often collect personal data from individuals or businesses. This document outlines what happens to that data. 

The type of personal information we might collect and sometimes hold, depending on each project and each client request may include the following: 

• Name of individual or business

• Phone number and or email address details

• Account or membership information 

• Family structure

• Household income or business turnover 

There are multiple ways personal information can be collected and sometimes held by CanvasU: 

• Where a client entrusts CanvasU with a list containing personal information, i.e.  ‘Client List’

• Where CanvasU asks a respondent for information through a phone survey

• Where CanvasU asks a respondent for information through an online survey

• Where CanvasU asks a respondent for information through a tablet or paper survey 

There are several purposes for which CanvasU collects, holds, or discloses personal information: 

CanvasU sometimes obtains personal information from a Client List in order to conduct market research and make contact using one of the above methods. Some of this information is used in aggregate form to create reports, do analysis or segment the data into certain behaviours or trends based on personal information either obtained from respondent or given to us in a data base. 

Accessing Personal Information 

Any individual providing personal information has the right to request that information they have supplied and/or to correct it. After confirming the person requesting that information is the person whose details we have, an individual making such a request to CanvasU would be sent by mail or emailed that information or confirmation by email that their details have been updated or corrected. 

Complaints of a breach by an individual 

In the event of a potential or actual data breach being raised by an individual:

• The Project Manager or person taking details of the complaint, would immediately inform the General Manager or other senior staff member.

• Individuals are always provided with the office phone number and appropriate email addresses if they have any queries relating to the research we are conducting. 

• CanvasU’s Privacy Officer and Managing Director would assess the situation and identify whether the breach meets criteria which triggers notifiable obligations. Examples of this include: 

  • Financial Fraud including unauthorised credit card transactions or credit fraud 

  • Identity theft causing financial loss or emotional and psychological harm

  • Family violence

  • Physical harm or intimidation 

• CanvasU would contain the data breach by ensuring there is no further risk of compromising other personal information. This should be done immediately. 

• All affected individuals would be notified including the Office of the Australian Information Commissioner if required as soon as possible when all facts have been gathered. 

• The incident would be reviewed by CanvasU’s Privacy Officer and steps taken to prevent further breaches. 

Disclosing information 

• CanvasU will never disclose any personal information to any third party unless express permission has been obtained from an individual. *

• Personal information is never disclosed to any overseas recipients under any circumstances.

* Circumstances where personal information may be passed on to a third party would be where the client has requested that a part of the research feedback be reported individually. In this instance CanvasU would always ask the individual and keep record of that permission if they are happy for their data to be passed on with identifying details or if they wish to remain anonymous. An individuals’ right to remain anonymous is honoured. 

Details for individuals

CanvasU respects peoples’ privacy and all of our operations adhere to the Privacy (Market and Social Research) Code 2014 

• We won’t pass on any contact details to a third party unless we have express permission. This applies to your name(s), contact phone number(s), address, email address, and other personal information. 

• We will never promote, market to you or sell anything or any product.

• The feedback you give is de-identified (your name is not tied to your responses) before it is passed on to our clients.

• If you take part in a focus group it may be recorded – but we’ll ask you permission for this before you enter the group.

• We will never question if you do not want to take part in research, or if you want to be removed from a list. You are absolutely within your rights to refuse to take part in a survey and we don’t mind if you refuse.

• We will not keep contacting you if you tell us you don’t want to take part. If you have signed up to CanvasU Panel you can either remove yourself (by logging in) or call CanvasU on 02 9316 3366 at any time and ask to be removed. Or you can click on the “Unsubscribe” link in any of our email invitations and this will remove you from our system. 

Privacy Policy in more detail

CanvasU (ABN 19165890308) respects and upholds your rights under the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) ("Privacy Act"). CanvasU also adheres to the Privacy (Market and Social Research) Code 2014 (“Code”). For more information about the Privacy Act, the Australian Privacy Principles and the Code go to https://researchsociety.com.au/standards/privacy-information

This Privacy Policy for CanvasU lets you know what personal information of yours we hold, what we do with it, who we will disclose it to and how you can access the personal information we hold about you. You can also find out here how to change inaccurate personal information and how to opt out of receiving communications from us. 

What personal information does CanvasU collect and hold... 

    ...about the general public.

CanvasU have access to a list of phone numbers, similar to an electronic version of the White Pages. We make calls from this list when we are doing a survey of the general public. This list may have have surnames, street names and numbers and phone numbers. If you choose to participate in a survey in this way, your answers and feedback will not be tied to your contact details (your responses will be de- identified). 

   ...about people registered with other organisations.

Sometimes our clients wish to carry out independent research with their customers. In this case we might be provided with a list of names, phone numbers and/or email addresses from which we make the contact. Sometimes this list might include some other information such as the type of account that you hold with them (in the case of a survey on behalf of bank) or the type of insurance policy you have (in the case of a survey on behalf of an insurance provider). Again, this information is kept safe and will only be used in connection with the clients’ survey (we don’t keep your details on record to contact you again for other surveys in the future). 

How does CanvasU collect and hold your personal information? 

CanvasU will collect your personal information directly from you when you answer a survey. This data is stored electronically, securely on our data processing software which is housed in data rooms in Australia. 

What are the purposes for which CanvasU uses, handles and discloses your personal information? 

We will only use and disclose your personal information for the purpose of conducting our research and in accordance with this Privacy Policy. We will not use or disclose your personally identifiable information for the purpose of advertising, promotions or direct marketing activities. If you have participated in our research, will only re-contact you if you were informed of this or we have valid reasons to believe a genuine research concern warrants such re-contact. 

Who will CanvasU disclose your personal information to? 

• CanvasU will not disclose any personally identifiable research information we collect from you unless we have your express prior consent (for example when you attend a focus group that is recorded).

• We will only report the information you provide in an aggregate form that will not personally identify you. For example we sometimes do research into customer satisfaction, and we might ask particularly disgruntled customers whether they would like to receive a follow-up phone call from the organisation in question. If they say yes we will pass on their details, if they say no, no problem – they stay anonymous. 

• We will not disclose any personal information or personally identifiable research information to a third party for a purpose other than conducting research unless we have your express prior consent or are required to do so by an Australian law or court/tribunal order. 

Openness 

• You have the right to request access to any personal information we hold about you. You can request this information by contacting the Privacy Officer at the details listed below.

• Where we hold information that you are entitled to access, we will respond to your request in a reasonable time and endeavour to provide you with a suitable range of choices as to how access is provided (eg, emailing or mailing it to you). A fee may be charged to cover the cost of retrieval. However this fee will not be excessive and will only apply to the facilitation of your request. 

• If at any time you believe that personal information we hold about you is incorrect, incomplete or inaccurate, then you may request amendment of it and we will either amend the information or make a record of your comment, as we think appropriate. In the case of profiles on WestSense, members have the ability to log in and update their own records, if they want to. 

Questions and complaints 

If you have any questions about this Privacy Policy or believe that we have at any time failed to keep one of our commitments to you to handle your personal information in the manner required by the Privacy Act, the APPs or the Code, then we ask that you contact us immediately using the following contact details: 

Privacy Officer

Peter Snow

CanvasU Pty Ltd.
Unit 702, 88-90 George St, Hornsby, NSW, 2077

peter@canvasu.com.au 

T. 02 8097 1950
www.canvasu.com.au 

We will respond and advise whether we agree with your complaint or not. If we do not agree, we will provide reasons. If we do agree, we will advise what (if any) action we consider it appropriate to take in response. If you are still not satisfied after having contacted us and given us a reasonable time to respond, then we suggest that you contact the Office of the Australian Information Commissioner by: 

Phone: 1300 363 992 (local call cost, but calls from mobile and pay phones may incur higher charges). If calling from overseas (including Norfolk Island): +61 2 9284 9749 

TTY: 1800 620 241 (this number is dedicated to the hearing impaired only, no voice calls)

TIS: Translating and Interpreting Service: 131 450 (If you don’t speak English or English is your second language and you need assistance and ask for the Office of the Australian Information Commissioner) 

Post: GPO Box 2999 Canberra ACT 2601 Fax: +61 2 9284 9666 

Email: enquiries@oaic.gov.au 

Data Held On-site 

No Data is held on-site

Data Held Off-site 

• CanvasU uses Contact Profiler and Web Survey Creator software packages for the management and handling of data. Contact Profiler and Web Survey Creator are web-based programmes owned and developed Dipolar Pty Limited (www.dipolar.com.au). 

• All CanvasU’s sites and data are stored in a data centre located in Sydney, NSW. The servers run behind a fully managed Cisco Firewall which is constantly monitored. It has been configured to only publicly allow http and https traffic. All packets are inspected and any prohibited requests are stopped at the firewall before they reach the actual target destination. All servers are backed up daily with a full backup performed weekly and a differential backup performed daily. If a differential backup were to fail for any reason a full backup is performed instead. 

• The Sydney data centre is world class. Only trained data centre technicians and certified security and networking teams are present at the centre. The centre is protected by 24x7 surveillance and secure keycard access and biometric scanning. The centre uses N+1 redundant HVAC (humidity, ventilation and air conditioning) systems and state of the art fire suppression system. Routing equipment is enterprise-class and fully redundant. 

Retention and Destruction of Personal Information 

• CanvasU will destroy or de-identify your personal information as soon as practicable once it is no longer needed for the purpose for our research. However, we may in certain circumstances be required by law to retain your personal information after our research has been completed. In this case your personal information will continue to be protected in accordance with this Policy. If we destroy personal information we will do so by taking reasonable steps and using up-to-date techniques and processes. 

• The information or feedback that you provide will be used solely for research purposes. Information that identifies you personally will be removed before data is passed on. It is your right as a respondent to access the information you have provided to us and/or have this destroyed, however this will not be possible once the data has been deidentified. 

Security of Information 

CanvasU will take reasonable steps to protect your personally identifiable information as you transmit your information from your computer to our website and to protect such information from loss, misuse, and unauthorised access, use, modification, disclosure, alteration, or destruction. 

However, you should keep in mind that the transmission of information over the Internet is not completely secure or error-free. In particular, e-mail sent to or from this website may not be secure, and you should therefore take special care in deciding what information you send to us via e-mail. 

Miscellaneous

In this policy "personal information" has the same meaning as under the Privacy Act. 

This policy is effective from 15th September, 2015. We may change this policy from time to time. Although we intend to observe this Privacy Policy at all times, it is not legally binding on CanvasU in any way. From time to time we may regard it as necessary or desirable to act outside the policy. CanvasU may do so, subject only to any other applicable contractual rights you have and any statutory rights you have under the Privacy Act or other applicable legislation.