During its business, Belmana will have access to and be required to store sensitive personal data. This will be data either collected specifically by Belmana or provided by a client for an assignment under an appropriate data access agreement. Such data must be protected so that it cannot be obtained by an unauthorised person.

Unlawful or accidental disclosure of sensitive personal data will cause major reputational damage to the company and could result in a significant monetary penalty. Belmana also fully supports the aims of the General Data Protection Regulation (GDPR), such as standardising data protection across countries.

This policy will be reviewed from time to time, and when there are legal changes . Should there be any questions with regard to this policy or other need to contact Belmana about data privacy, then get in touch with Prabhat Vaze, through the contact page.

General principles

Belmana will establish the legal basis for the holding and processing of personal data on a project basis, typically research purpose in the public interest.

All handing of personal data must be in line with GDPR, the Data Protection Act and any requirements set out by the client. In particular:

  • Explicit consent would be established at the start of a survey interview, involving us saying what the data is used for including re-contact;
  • Explaining research participants’ rights to see the personally-identifiable data we hold on them, to change this data, or to have it deleted;
  • Storing personal and sensitive data securely, with access on a ‘need to access’ basis – with the need for access confirmed by the Research Manager on the study;
  • Only collecting data when there is a legitimate business need to do so and only holding the minimum amount of personal data required and for a limited amount of time.