This is site is designed for modern browsers.
You seem to be using an out-of-date browser like IE8 or below.
To view this site, please switch to any other browser such as Safari, Chrome, Firefox, Opera, IE9 and above.
Or you can use your phone or tablet.
Tel: +44 (0) 1293 601901
This policy sets out how Bdifferent uses and protects any information that you give when you use this website.
Bdifferent is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, it will only be used in accordance with this privacy statement.
Bdifferent may change this policy from time to time by updating this page. This policy is effective from 1 Feb 2015.
Collection of information
We may collect information such as:
a) contact information including name and email address;
b) demographic information such as postcode, preferences and interests; or
c) other information relevant to customer surveys and/or offers.
What we do with the information we gather.
We require this information, in particular, for internal record keeping and to understand your needs and improve the Bdifferent website. In addition, we may also use your information to contact you for market research purposes.
We may contact you by email or phone.
We will not disclose any information to third parties unless the following applies:
a) if we sell any or all of our business to a third party, in which case we reserve the right to transfer all information collected through this site to the new owner;
b) where we are legally required to disclose information; or
c) fraud protection.
d) storage of your data on physical servers or cloud computing services provided and managed by third parties, such as Google or Rackspace.
e) use of your data within a SaaS (Software as a Service) cloud provided by third parties such as Mailchimp (see below), Google or Rackspace.
Some of this information may be held on servers in the United States, however only companies participating in the Safeharbor Agreement, the mechanism for ensuring personal information has adequate protection when transferred outside the UK, are used for this purpose.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
Bdifferent includes links to third party websites over which we have no control. These websites should have their own privacy policies which we recommend you review. We do not accept any responsibility or liability for their policies whatsoever.
A cookie is a small file which asks permission to be placed on your computer's hard drive. Permission is usually granted by default in your browser settings. The cookie helps analyse web traffic or lets you know when you visit a particular site.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website by tailoring it to customer needs. We only use this information for statistical analysis purposes.
Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie does not give us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Controlling your personal information
You may request details of personal information which we hold about you under the Data Protection Act 1998. A fee of £10 will be payable. If you would like a copy of the information held on you please email us at firstname.lastname@example.org.
If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible at the above address. We will promptly correct any information found to be incorrect.
1. Personal data handling
Bdifferent often handles personal data on behalf of clients for the purposes of conducting research. This personal data can include a client’s customer database; a client’s database of supporters in the form of financial advisers; consumer information gained via the recruitment process and attributed to that individual; information gained via the interview process and attributed to that individual.
1.1 Access to personal data - receipt
Bdifferent uses a secure FTP site to receive personal data from clients; although some clients have their own secure FTP which Bdifferent accesses in some instances to download personal data. Bdifferent’s secure FTP site is structured by client, with each client only having access to their own client folder and no clients or other third parties having general access.
Bdifferent staff are prohibited from receiving personal data in any other form than via a secure FTP site. Email and USB stick usage is not part of company policy.
Further, best practice in the form of file password protection is recommended, so Bdifferent staff will ask the client or other party who is sending the personal data file over to put a password on that file. This password is then communicated via the telephone. In some cases, the password needs to be saved and in this instance Bdifferent have a password spreadsheet saved in a folder on the secure server which is itself password protected and the password only known to senior or established staff members.
Bdifferent staff download the personal data from the secure FTP onto the secure server into a sample folder which is password protected and the password only known to senior or established staff members. Bdifferent staff are forbidden to download personal data onto their desktops; personal drives and USB sticks, or to print out hard copies. Any staff member found doing so will be subject to disciplinary procedures.
Desktops and personal drives on computers and USB checks are regularly spot checked by the Data Protection Manager as part of Bdifferent’s ongoing audit of adherence to data protection policies and information security.
1.2 Transfer of personal data to third party supplier
In some instances, it is necessary for Bdifferent staff to transfer personal data to a supplier for example, for quantitative data collection or for recruitment to qualitative fieldwork. If this is the case, then again Bdifferent staff use the secure FTP site to transfer the information into a folder that is only accessible by that supplier, and additionally set a password to further protect the file; with this password being communicated via the phone.
Equally, if there is a need for a supplier to send the personal data back to Bdifferent, for example, detailing people who have been recruited or updating in terms of personal information; then this is also done via the secure FTP site.
1.3 Update of personal information
Bdifferent, and the third parties we work with, may be required to send a client an update of the personal details such as phone number address etc. In this instance, the authorisation of the customer or other individual on whom the personal data is held is gained before this information is then relayed back to the client. If agreement is not gained then the client will just be informed that the data is inaccurate or not up-to-date.
The secure FTP site is used to transfer any updated personal information between third parties, Bdifferent and the client.
1.4 Destruction of personal data after a project has completed
All client supplied personal data and any personal data gained via the ‘free found’ route except that in the public domain will be destroyed at the end of a project. Here we define the end of a project as 4 weeks after the presentation is delivered or final report is issued. This destruction relates to any electronic files which are held either on the secure server but also any which may remain on the secure FTP site. The client’s confirmation and agreement is sought before this is done.
Once the recruitment or interview process has finished, the information is only reported at the aggregate and not the individual level; so that no attribution back to an individual is possible. Although occasionally a customer or adviser might request their comments are fed back directly. All files – such as a respondent level data file from a quantitative project; a recruitment sheet from a qualitative project or a transcript from a depth interview – to have the personal element deleted after the project ends or if the file is no longer required it will be destroyed completely.
2. Handling of confidential information
Confidential information is here defined as “that which is not personal information but which is confidential in terms of a client’s business, strategy” etc. The projects which Bdifferent works on for our clients are treated as confidential to the client we are working with and details of such projects are not shared with anyone outside of Bdifferent apart from with suppliers and other third parties who are working with Bdifferent on the project and who have agreed to non-disclosure by signing agreements with Bdifferent prior to commencing work. They are told on a ‘need to know’ basis.
The need to maintain client confidentiality throughout the whole project process is understood by all staff members. This particularly relates to core research inputs and outputs such as the proposal, survey content such as recruitment guide, topic guide, stimulus material or quantitative questionnaire, and results presentation or report. It could also include the initial brief from a client but also client information such as advertising campaign details or an overview of company strategy.
Bdifferent staff save all of these research elements and anything else which is confidential on to the secure server. They are forbidden from saving these anywhere else whether that be on a memory stick, desktop of a computer or elsewhere. When transferring these confidential documents to the client or to suppliers, Bdifferent staff are encouraged to use either our secure FTP site or the recipient’s rather than email or any other means. Further, key documents should be password protected and the password communicated via telephone rather than electronically.
Bdifferent best practice is not to print off unnecessary hard copies of key confidential documents. But where these are printed off they are used only during the working day and within the Bdifferent building. They are locked in secure drawers overnight and destroyed via confidential shredding when no longer needed or when a project is complete. Bdifferent also operates a clear desk policy and any staff member found to have left confidential documents out and unlocked overnight will be reprimanded.
In the event that a hard copy of a confidential document is taken outside of the Bdifferent building by one of the client facing members of staff then that staff member takes responsibility for keeping it confidential by taking such steps as: not leaving it outside of a bag or briefcase; by not reading it in front of other people; by not leaving it in a public place; by handing it over to the client; by bringing it back to the Bdifferent building for confidential shredding and destruction.
Further, when out and about and working on confidential documents; Bdifferent staff are required to ensure that their laptop screens are not overlooked ideally by ensuring that their screens are not being watched but also by using privacy screens. If in doubt staff will not work on the confidential document whilst out in public.
Sometimes Bdifferent staff need to have conversations with clients or conduct interviews in public places – either in person or on their mobile. In such instances, it is the responsibility of the Bdifferent staff member to ensure that they can’t be overheard and if they are unsure they should terminate the meeting or interview.
After a project is completed; the folder on the secure server is cleaned up and only final versions of key documents kept – such as the proposal, questionnaire, presentation etc.
3. Seeking respondent consent
Bdifferent carries out both quantitative and qualitative work. Qualitative work often involves groups and depth interviews and these are often recorded for analysis purposes or, in the case of groups, are observed by clients.
In both instances, prior consent is sought from respondents at the recruitment stage so that they are aware that they may be recorded and that they may be observed. Further if clients are observing a group they are told that they are not allowed to identify an individual on the basis of that observation in terms of talking about that individual in a way that may be identifiable.
Bdifferent, in accordance with MRS guidelines, use clips of recorded videos for reporting purposes and for the research project only. If clients are given a copy of the video recording they agree to abide by the MRS code of conduct in only using the video as part of the research project.
When using any client supplied sample, Bdifferent respects any ‘do not contact’ indicators which may already be flagged when the sample reaches us. Additionally, respondents taking part in both quantitative and qualitative research are told the purpose of the interview and given as much background as possible; and given the opportunity to opt out at any stage. If personal data is to be collected respondents are given the reason why. Permission to recontact in the future is also sought.
As with findings from both qualitative and quantitative research, Bdifferent processes the results and only shows results at the aggregate level or in a way which does not identify an individual.
4. Personal data held relating to Bdifferent staff
Bdifferent also holds confidential personal data about its staff; such as age, birthday, address, personal mobile number; results of DBS check; employment and educational history.
This information is held securely in both electronic and paper format on the Bdifferent secure server and a locked cabinet, and are only accessible by Bdifferent’s’ Directors and HR Manager.
Staff have a right to see what data is held about them and may apply in writing to their manager if they wish to see it. Personal data on a Bdifferent staff member must not be disclosed to another staff member without the written permission of the staff member in question.
5. Management of data breaches
Bdifferent takes all data breaches seriously and will act as appropriate and necessary. As detailed in this document Bdifferent has put many measures in place to minimise the risk of a security breach but there is still the possibility either via human accidental error or via malicious intent. In the event of a breach taking place then the action taken will depend on the size and nature of the breach.
In the unlikely event of a loss of a small amount of personal data (10 records or less) the client or recruiter would be notified as relevant and would therefore be given the opportunity of notifying customers if they felt necessary and dependent on the type of personal information lost. All efforts would be made to recover the personal data. The Bdifferent staff member would be reprimanded and action taken accordingly. If accidental then staff member would be reprimanded and reminded of procedures. If malicious then the employment of the Bdifferent staff member would be terminated.
If data inadvertently sent to the wrong recipient via email or loaded into the wrong area of the secure FTP site then initial steps would be made to recall the email and move the data to the correct area of the secure FTP. If needed, the recipient would be notified and asked to delete the file. The staff member would be reprimanded for using email or for not exercising due diligence when loading to the secure FTP, and further action taken dependent on size of the breach.
In the event of a large data security breach then the client would be notified immediately; and other bodies including the ICO if relevant. Then Bdifferent management, the Data Protection Officer and the client would all be involved in resolution of the breach.
6. Management of general incidents
General incidents are managed via the existing management structure which is clear to all staff. Bdifferent is owned by the two Founding Partners who together take full responsibility for managing any incidents and for ensuring business continuity.
At least one of the Founding Partners is available and contactable at all times. It is very clear to staff who to go to in the event of such an incident, and all staff carry a business continuity card which includes contact details by both Founding Partners and for Bdifferent’s IT Consultant
Further, the two Founding Partners are supported by a designated Data Protection Officer, HR Manager and IT consultant – who all work together to ensure plans are in place to ensure business continuity in the event of any incident occurring