
Privacy Policy for Research
About this Policy
Here at Madgex, we are committed to protecting the privacy and security of your personal information. This policy explains what we collect, how and why we collect it, how we use it and how it is protected.
This policy was last updated on November 21st 2019. We may change the policy from time to time so please revisit this page to ensure you’re still happy.
Who we are
We’re Madgex, the market-leading career technology and solutions provider and we’re formed of Madgex Ltd operating from the UK and Toronto and Madgex Inc operating from the USA.
Under the terms of GDPR for the purposes of UX Research, Madgex Ltd acts as the ‘Data Controller’, the company which manages and decides why and how your personal information is processed. This Privacy Policy sets out how we manage and protect that data.
What we collect and how we use it
The Madgex research team continually keep in touch with both recruiter and jobseeker audiences, by running research studies and projects. This way we can be sure our products best serve the people that use them and that we continually improve the user experience.
The type of personal data we collect includes:
- Contact information, such email, telephone number
- Personal information, such as name and gender
- Location
- Employment information and preferences
- Photos, video, audio and screenshots (with consent)
What we use it for
Madgex will use your personal data for the primary purpose of research, to manage and improve our products & services. Your participation in research, together with your individual responses to research questions will be kept strictly confidential. We will not share personal information from research with third parties.
If you take part in research opportunities, we will use the contact information you provide to get back to you as soon as possible or send you service related announcements. Any personal information and data collected and processed is done so in line with the UK Data Protection Act 2018.
Through consent you have expressly agreed to our use of your personal information.
If you have any questions about the lawful basis on which we are processing your personal data, please contact us.
Will we ever share your information?
We may need to disclose your personal information to third parties (provided that they are bound by appropriate obligations to safeguard your information) as follows:
- To our employees, officers, insurers, professional advisors, agents, suppliers or subcontractors to the extent that it is reasonably necessary to do so for the above permitted purposes;
- If we are required to do so by law or in any legal proceedings;
- If we need to for fraud prevention or to protect the rights, property or safety of us, our customers or others.
- To third parties wishing to purchase our business or assets.
- We will not share your personal information with third parties for the purposes of further marketing. We’re good like that.
Where are we storing your data?
The main hosting data centres are located in the EEA.
Transfers to third countries and safeguards
We are an international business with a global customer base. We may need to transfer personal information between any of the countries we operate in and to our suppliers and subcontractors in other countries. We do not transfer any data to third countries or international organisations unless they are deemed by applicable law to have adequate privacy protection or recognized legal mechanisms are in place to ensure adequate protection of your information (e.g. EU Model Contract Clauses or EU-US Privacy Shield or Swiss-US Privacy Shield frameworks).
Any international transfers of your personal information will also be subject to binding privacy and confidentiality terms enabling us to ensure compliance with this Privacy Policy.
How do we protect your information?
We take Data Security very seriously, in fact, we pride ourselves on it.
We regularly review our information collection, storage and processing practices, including physical security measures, to guard against unauthorised access.
We restrict access to personal information to our employees, contractors and agents on a need-to-know basis and ensure that they are subject to contractual confidentiality obligations and may be disciplined or terminated if they fail to meet those obligations.
We will only ever work with trusted third parties, having first completed due diligence, to ensure they also enforce an adequate level of data security to protect your information.
We have multiple layers of security in place to protect the security of our clients and their clients’ information. Details of these measures may be provided upon request.
How long do we hold your information for?
We will only hold your information for as long as is necessary for the purposes of research and analysis.
Where audio or video recording is necessary for research, consent will be obtained first and can be withdrawn at any point later. We will automatically delete audio and video recordings after 5 years.
What are your rights?
We regard the principles of GDPR as the gold standard in Data Protection and therefore will extend the rights outlined below to all our global contacts, regardless of whether you’re within the territorial scope of GDPR.
You have several rights as a data subject as summarised below:
Access:
You have the right to obtain confirmation as to whether your personal information is being processed by us and, if it is, to access your information and details of how we process it, as long as this does not adversely affect the rights and freedoms of others.
Rectification:
We will rectify any errors in the personal information we hold on request.
Erasure:
In addition to any Madgex functionality that enables you to delete information, you may ask us to erase your personal information from our systems in the following situations:
- The information is no longer necessary in relation to the purpose for which it was collected;
- You withdraw your consent on which the processing is based and where there is no other legal ground for the processing;
- You object to the processing and there are no overriding legitimate grounds for the processing;
- The information has been unlawfully processed;
- The information has to be erased for compliance with a legal obligation to which we are subject.
- Right to restrict processing: You have the right to restrict our processing on specified grounds.
Notification:
Where you have asked us to rectify, erase or restrict processing of your information, we shall communicate the same to each recipient to whom your information has been disclosed, unless this proves impossible or involves disproportionate effort, in which case we shall let you know.
Data portability:
You have the right in specific circumstances where processing is based on consent to receive your information in a structured, commonly used and machine-readable format and have the right to transmit the information to another controller without hindrance, provided that our processing is carried out by automated means.
Right to object:
In certain circumstances you have the right to object to our processing of your information, including in relation to profiling, direct marketing or scientific or historical research purposes.
Automated individual decision making:
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you unless this is necessary for our contract, is authorised under applicable law or is based on your explicit consent.
How can I exercise my rights?
If you would like to exercise any of these rights, please email, call or write to us using the contact details below.
We will require additional information from you so that we can correctly verify your identity.
For more information about the circumstances in which these data subject rights apply, see the guidance provided by your local regulatory authority, for example in the UK; https://ico.org.uk/for— organisations/guide— to— the— general— data— protection— regulation— gdpr/individual— rights/
Complaining to the regulator
We hope we can help you to resolve any query or concern you have over the use of your information, however the General Data Protection Regulation also gives you the right to make a complaint with your local supervisory authority where any alleged infringement of data protection law has occurred.
The supervisory authority within the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone at 0303 123 1113 or other channels as updated at https://ico.org.uk/global/contact‑us/.
What happens if a data breach occurs?
Whilst we endeavour to keep your personal information safe, we have an internal investigation procedure in case of data protection security breaches.
In the event of data theft, we may suspend access to our servers, emails and online systems and take other urgent steps to prevent further unauthorized access to information.
If we believe that our data has been compromised, we will report the issue to the Information Commissioner’s Office (ICO).
We will notify you without delay if we believe a data breach is likely to result in a significant risk to your rights and freedoms. Any notification will describe in clear and plain language the nature of the personal data breach and contain all required information.
Changes to this Policy
We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates.
We may also notify you in other ways from time to time about the processing of your personal information.
Our details
If you have any questions regarding this privacy notice or the information we hold about you please reach out through our Data Protection Team via wiley.com/dataprotection