Privacy Policy Bureau Fris

Privacy Policy Bureau Fris

This document describes the total number of security measures taken by Bureau Fris to protect the data of Bureau Fris and its relations as optimally as possible. This document contains a combination of rules of conduct within Bureau Fris, a concise summary of the technical security of the environment and the agreements made with its staff.

Certificates and hallmarks

Bureau Fris has the following ISO certificates:

- ISO 9001: 2015
- ISO 20252: 2012

Bureau Fris is also a member of the Market Research Association (MOA), a trade association that looks after the interests of respondents, users and market research providers. Only organizations that are members of the MOA, and therefore comply with strict quality requirements in the area of ​​personal data, are allowed to use the Fair Data quality mark and thereby make their customers and consumers aware that data and privacy are in safe hands with them. . Bureau Fris meets the strict quality requirements of the MOA and has the Fair Data quality mark.


Physical security

The offices of Bureau Fris are physically secured by means of locks and alarm systems. All visitors must be registered in advance with first and last name. External parties are always accompanied by an employee of Bureau Fris.

A "Clean Desk" policy applies to all employees of Bureau Fris so that information can not be read by third parties. In addition, a security check is performed twice a day (in the morning and in the evening) to prevent or detect possible data leaks. This is always reported to the Data Protection Officers.

Data exchange

Within Bureau Fris, the rule is that all data of customers, companies or persons is not shared with third parties without explicit permission from the owner of the data. This applies to conversations, e-mail, writing and other communication forms.

Customer registration

All customer-specific information is stored in a custom-made web application that is hosted internally. Identification takes place based on user name and password. The connection from the workstation to the server is encrypted by means of SSL (Secure Socket Layer). The application is only accessible to those who are authorized to work with the application. Employees change their passwords twice a year.

Server security

The server is placed in a locked cabinet. The cabinet is equipped with a lock. The key is kept by the board members. The server in the cabinet is also equipped with a lock, the key of which is also kept by the board members. The lock on the server ensures that disks can not be removed from the server. The data is stored in a Raid 1 configuration. Every week, Ronin-ICT, the responsible organization for performing the server management, checks for security patches and updates. Bureau Fris does not use externally hosted servers.

UPS

The server is equipped with a UPS or emergency power supply. In the event of a power outage, the virtual servers are closed to prevent the possibility of data becoming corrupt.

Workplace security

The workstations are secured in a number of ways:
- No data is stored on the local workstations
- The workstations are protected with an antivirus / malware / anti-spyware package secured
- Users may not connect data carriers such as DVDs, CDs, external hard drives or USB sticks to their computer without the permission of the management.
- All workstations are regularly checked for security patches and updates
- User rights are protected by means of policies, as a result of which they only have access to the data for which they are authorized by the Management and Security Officers
- Users are obliged to "lock" their system when they leave their workplace

Recruitment and personal data

The AVG (General Data Protection Regulation) & GDPR (General Data Protection Regulation), which is effective from 25 May 2018, we only communicate the first names of our respondents. The Bureau Fris is also not allowed to share e-mail addresses, residential addresses and telephone numbers, IBAN, with third parties without the consent of the respondents. If a customer wishes, administration costs will be charged for this (10.00 p.p.). If it concerns a telephone interview or an online community, the administrative costs are included in the recruitment costs. If a client does receive personal data from the respondents, the client must sign the NDA for this.

It is not allowed to approach respondents, recruited by Bureau Fris, before / during or after the investigation for your own file or for the file of third parties. Contact always goes through Bureau Fris. If the client (you or your client) abuses this, we are forced to take legal action. data leaks. This is included in the NDA of Bureau Fris.

If Bureau Fris receives a customer list / call list from its customer, an appropriate processor agreement must be signed for this. This includes the information that Bureau Fris receives and how Bureau Fris handles the received data and the purpose of processing. When calling from customer lists, we can only view files containing the requested information (criteria). If there is more information than necessary, we can not use the file in connection with the ISO 20252. We will send back the files directly and destroy them from our mail server. Bureau Fris does not return any specified information about the customer base. This means that Bureau Fris does not give feedback on who does not want to participate or whose phone number is not correct.

Bureau Fris can only give feedback in the form of a peat list. This list consists of interested, not interested, incorrect number and voicemail voiced. Bureau Fris may not pass on which respondents of the list do not want to participate i.v. anonymity. Bureau Fris advises its customers to encrypt the files and to call the password. If this is not done, Bureau Fris encrypts the file on its own server. When calling customer lists we will always mention the final client. M.a.w. veiled inviting customer lists is i.v. the AVG (General Data Protection Regulation) is not possible. We keep the customer list at the latest 6 months and give a notification after 4 months that the lists will be deleted. If desired, the list is removed sooner after written instructions from the customer.

Facility

Recordings are given to the customer on a USB stick or sent via WeTransfer if desired. Back-up recordings of studies are removed from the hard disk after two weeks. Hard disks are stored in a case protected by a key. These hard disks are defragmented every six months. Minutes are sent securely via WeTransfer and stored on our server for 2 weeks. Then they are destroyed.

For additional information about the Data Security of Bureau Fris, you can send an e-mail to Imane@bureaufris.nl or coen@bureaufris.nl.
Voor respondenten
English