Privacy Policy
Who we are
Day One Strategy Limited and Day One Strategy Inc. (“Day One Strategy”) is an independent market research agency. We conduct surveys with both healthcare professionals, like doctors and nurses, and patients. Our aim is to support the healthcare industry to develop medicines which meet the needs of patients and medical staff. In doing so, we are committed to maintaining and respecting your privacy.
This Privacy Policy applies to Day One Strategy companies operating within and outside of European Economic Area (‘the EEA’).
This Privacy Policy explains why we require data, how we use any personal information we collect about you, and your rights. Our research is underpinned by policies, procedures and contracts that ensure we and our third-party suppliers comply with regulations and legislation that govern the conduct of research; this includes data protection legislation such as the General Data Protection Regulation (GDPR), the Data Protection Act 2018 (DPA 2018), the U.S. Sunshine Act and applicable U.S. state transparency laws.
It also includes the Legal and Ethical Guidelines of the British Healthcare Business Intelligence Association (BHBIA), the European Pharmaceutical Market Research Association (EPhMRA) and The Insights Association of the USA.
Confidentiality and transparency
Any information you provide us with will be treated as confidential, and it will be combined with feedback from other participants. You will remain anonymous unless you give permission to be identified.
How we obtain your personal data
-
Your interactions with us via email, phone and in person
-
Your interactions with us through social media or our enquiry form on our website
-
Selling and buying services
-
Through events and conference
-
If you’re a respondent in any of our research projects, we may obtain personal data through:
-
Online surveys, telephone interviews, online research, face to face interviews
What personal data we obtain
What personal data we obtain depend on the interaction, such as:
If you interact with us we may obtain contact details and personal details such as, but not limited to:
-
Name, contact details, organisation, employment details
If you contact us for employment or collaboration, we may keep your information on file for future use. This does not affect your rights to have your data erased or deleted.
If we work together we may obtain the above and below, but not limited to:
-
Business details, bank and financial details, educational history, personal details regarding family, communication and correspondence
If you’re a respondent in one of our research projects we may obtain the above and below, but not limited to:
-
Respondent identifier assigned by third party fieldwork partner
-
Information submitted by you during a research interview or internet questionnaire, such as age, gender, nationality, health data: including, for example, disease specific and treatment specific experiences as well as drug purchasing/prescribing history if you’re a healthcare professional
-
If, in some circumstances, we have received your agreement to share your personal data with the sponsoring client, or others, it will have been with your express written consent, and only for the purposes explained to you.
-
You have the right to refuse to answer any questions or withdraw at any time. If you change your mind, and want to opt out, please contact us using the contact information provided in this notice.
-
Your bank account details; for remuneration/fees for service in relation to participation in the project.
Any personal information we collect from you is used for market research purposes only, to help pharmaceutical companies develop and improve their products and services.
If we obtain and process “Sensitive Personal Data” (Special Category Data) we will only do so with your explicit consent. For the avoidance of doubt Special Category Data are: Health Details, Racial or Ethnic origin, Genetics, Biometrics, Political Opinions, Sexual Orientation, Criminal Convictions, Trade Union Membership, Religious Details
How we use your personal data
Day One and its suppliers use your personal data for the following purposes:
-
Performance of research and analysis on behalf of our clients
-
Sharing of information if needed with third party vendors when performing research on behalf of our clients
-
Monitoring and keeping records of communications between you and us
-
Compliance with contractual obligations
-
Adherence and compliance with legal and regulatory obligations
Voice Data Processing
With your permission, we sometimes process voice data to get additional insight into your responses.
These recordings are provided voluntarily by our participants during our surveys / discussions, and we will always tell you in advance when we plan to do this.
When we process your voice data, the following may happen:
-
We use a platform which uses AI to identify emotion in your voice data via its tone, rhythm, speed, and pitch
-
Some of these platforms are based outside the UK, but will still comply with data protection requirements
-
Whilst your voice data is transferred / processed, it will not be linked to other personal information about your such as your name or contact details
-
The original recordings will be stored by Day One for up to 5 years and may be stored in another country by a third-party cloud service provider contractually bound to provide outstanding security protection. The reason for this is in case we need to re-analyse any of the data in future, due to new questions arising
-
If you do submit a recording, you may at any given time contact us and withdraw your consent and we will cease to process your voice data and delete your recordings
The purpose of obtaining data
-
The purpose(s) we will collect and process your data are shown below:
-
To manage our relationship and administer our business either as a part of a contract or where we believe we have a legitimate interest to do so
-
To execute a contract or request (the services we sell to clients)
-
Sending you marketing and information about our business via e-mail if you have consented to it
-
Undertaking legal obligations or regulatory requirements
Observation of the interviews by the sponsoring client
In some cases, the sponsoring client may want to view or listen to the actual interviews themselves, in order to gain a first-hand experience of the issues that are being discussed. This could be done either at the time of the interview or at some time afterwards. In all cases, you will be informed of this in advance, and your consent sought. Again, you have the right to refuse and to opt out at any time.
The client’s observation of the interview could also be at the same location, eg an interview facility, or remotely, via the internet. We ask all clients who want to view or listen to the interview material to sign a consent form to ensure that they are aware and will abide by our strict rules governing your right to anonymity and confidentiality.
How we store and delete data
Unless you have given your consent, all personal information is anonymised at the first opportunity (so it cannot be linked back to you).
We maintain all reasonable physical, electronic and procedural security measures to keep your personal data safe.
All personal data will be stored by Day One Strategy for the minimum required period to effectively complete its work, or for the purposes of quality control.
We will delete personal data such as name, phone number, email or address – information typically required for data subjects to participate in market research – at the end of all data subjects’ participation in any specific market research project.
Remaining personal data, such as audio and video recordings will be stored for the minimum time period required and will be deleted after 5 years, unless a recording is required to be kept for longer for the purposes of auditing by the Client.
How we share your data
If you’re a respondent in one of our research projects, we may share some of your personal data with the following categories of third parties; but only if you have given explicit consent for us to do so:
-
Fieldwork partners, third party data processors
If we ever have to share personal data originating from the European Economic Area (EEA), UK, Switzerland with companies based outside of the European Economic Area (EEA), for example a company based in the US, we will make sure that they adhere to the same type of data protection standards as Day One Strategy and use all reasonable actions to maintain the integrity and security of your personal data through electronic security, including encrypted file transfer.
Your data – your rights
You have the following rights in relation to the personal information we hold about you:
-
The right to ask whether we’re processing your personal data and, if we are, to find out details of the data and the data processing and copies of the same
-
The right to ask us to correct any personal data that we hold about you that’s inaccurate or incomplete
-
The right to ask us to delete personal data that we hold about you
-
The right to object to how we’re processing your personal data, and to ask us to restrict how we’re processing your personal data
-
The right to have the personal data that you’ve provided to us provided to you in a structured and commonly-used electronic format
You also have the right to lodge a complaint with the supervisory authority if you have a concern about any aspect of our privacy practices, including the way we’ve handled your personal information, you can report it to the UK Information Commissioner’s Office (ICO). You can find details about how to do this on the ICO website at https://ico.org.uk/make-a-complaint/
Please note that if you are a respondent and we have not obtained your name and your contact details during research we will be processing your data as anonymous aggregated data and you cannot exercise these rights without going via the fieldwork partner we worked with and who recruited you for the project and in some cases, depending on the project, deletion may still not be feasible.
Who is the data controller?
A data controller oversees how data is used, controls and oversees the duties of the staff who process the data ie the data processors, and ensures that data is used, stored, and processed in accordance with the guidelines of the General Data Protection Regulation (GDPR), as outlined by the Data Protection Act 2018.
For the purpose of the Data Protection Act 1998, the data controller is Day One Strategy Ltd, 33 Foley Street, London, W1W 7TL
For some of the studies we conduct, the client who sponsors the study will be the data controller. If this is the case, their identity will be provided to you during your participation in the relevant market research study. We prefer to reveal the sponsoring company at the end of the interview rather than at the beginning, just in case their identity influences any of the answers you may give.
For any questions about our privacy policy or your data please contact:
Contact details
Email: privacy@dayonestrategy.com
Phone: +44 (0)7946474183
Website: www.dayonestrategy.com
Address: 33 Foley Street, London, W1W 7TL
Changes to this Privacy Policy
Day One Strategy may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on our Website. You are advised to review this Privacy Policy periodically for any changes.
This Privacy Policy was last updated on 16th June 2022.