The Rocca Data Collection Inc. Corporate Privacy Policy
Overview
At Rocca Data Collection Inc., maintaining the highest standards of privacy is an important part of our commitment to respondents and the broader communities we serve.
When you participate in any data collection initiatives conducted by our organization, you can be confident that any personal information that you share will stay with us. Your individual responses will be kept confidential and never linked to your personal identifying information without your permission. Your personal identifying information will never be sold to anyone. You are always free to choose whether or not to participate and can always discontinue participation at any time.
The Rocca Data Collection Inc. Corporate Privacy Policy is a statement of the principles we abide by to provide a high level of protection of personal information of respondents and the general public. We manage personal information in a manner consistent with the provisions of the Personal Information Protection and Electronic Documents Act (Canada).
We are committed to staying up-to-date on changing industry standards, technologies, and laws, and will update the Privacy Policy to reflect any of these changes.
If you have any questions about how your privacy is protected at Rocca Data Collection Inc., please contact our founder by e-mail at josh@roccadata.com.
Scope and Application of Rocca Data Collection Inc. Privacy Policy
The ten principles forming the foundation of the Rocca Data Collection Inc. Privacy Policy are interrelated, and Rocca Data Collection Inc. adheres to these principles as a whole. Each principle should be read in conjunction with the accompanying commentary. As permitted by the Personal Information Protection and Electronic Documents Act (PIPEDA), the commentary in the Rocca Data Collection Inc. Privacy Policy has been tailored to address issues specific to Rocca Data Collection Inc.’s activities.
The scope and application of the Rocca Data Collection Inc. Privacy Policy are as follows:
The Rocca Data Collection Inc. Privacy Policy applies to personal information collected, used, or disclosed by Rocca Data Collection Inc. during the course of its commercial activities.
The Rocca Data Collection Inc. Privacy Policy applies to the management of personal information in all forms, including oral, electronic, or written.
The Rocca Data Collection Inc. Privacy Policy does not limit the collection, use, or disclosure of the following information by Rocca Data Collection Inc.:
Non-personally identifiable information;
The name, title, business address, and/or telephone number of an employee of an organization; and
Other information about an individual that is publicly available and specified by regulation pursuant to the Personal Information Protection and Electronic Documents Act (PIPEDA).
The application of the Rocca Data Collection Inc. Privacy Policy is subject to the requirements and provisions of the Personal Information Protection and Electronic Documents Act (PIPEDA), the regulations enacted thereunder, and any other applicable legislation or regulation.
Definitions
Collection: The act of gathering, acquiring, recording, or obtaining personal information from any source, including third parties, by any means.
Consent: Voluntary agreement for the collection, use, and disclosure of personal information for defined purposes. Consent can be express or implied and can be provided directly by the individual or an authorized representative. Express consent can be given orally, electronically, or in writing and is unequivocal, requiring no inference on the part of Rocca Data Collection Inc.. Implied consent is consent that can reasonably be inferred from an individual’s actions or inaction.
Disclosure: Making personal information available to a third party.
Employee: An employee of or independent contractor to Rocca Data Collection Inc..
Personal Information: Information about an identifiable individual but does not include the name, title, business address, or telephone number of an employee of an organization. It also excludes descriptive or factual information about an organization.
Respondent: A member of the public who provides personal information to Rocca Data Collection Inc. during a survey or data collection activity. For example, a respondent may disclose personal information during a consumer research study or product test conducted by Rocca Data Collection Inc..
Third Party: An individual or organization outside of Rocca Data Collection Inc..
Use: The treatment, handling, and management of personal information by and within Rocca Data Collection Inc. or by a third party with the knowledge and approval of Rocca Data Collection Inc..
Principle 1: Maintaining accountability
Rocca Data Collection Inc. is responsible for the personal information under its control and is committed to ensuring compliance with the principles outlined in this Privacy Policy.
Responsibility for compliance with this Privacy Policy rests solely with the founder, Josh Larock, who can be reached at josh@roccadata.com. As the sole full-time operator, Josh Larock also manages the day-to-day collection and processing of personal information.
Rocca Data Collection Inc. will use contractual or other appropriate means to provide a comparable level of protection for personal information while it is being processed or used by a third party.
Principle 2: Identifying the purposes of personal information collection
Rocca Data Collection Inc. collects personal information from the public only for the following purposes:
To conduct consumer research studies and product tests;
To contact those who consent to being notified when new consumer research studies and product tests are being run; and
To meet legal and regulatory requirements.
Further reference to “identified purposes” means the purposes outlined above.
Rocca Data Collection Inc. will specify the identified purposes orally, electronically, or in writing to respondents at or before the time personal information is collected. Upon request, individuals collecting personal information will explain these identified purposes or refer the individual to the founder Josh Larock, who can provide further clarification.
If personal information that has been collected is to be used or disclosed for a purpose not previously identified, the new purpose will be identified prior to its use. Unless the new purpose is permitted or required by law, the respondent’s consent will be obtained before the information is used or disclosed for the new purpose.
Rocca Data Collection Inc. may provide clients or other third parties with aggregated information from any survey or data collection activity. In its aggregated form, it is impossible to identify individual respondents’ personal information.
Principle 3: Obtaining consent for personal information collection, use, and disclosure
The knowledge and consent of an individual are required for the collection, use, or disclosure of personal information, except where inappropriate.
Participation by respondents in Rocca Data Collection Inc.’s research activities is always voluntary. When a respondent agrees to participate in a consumer research study or product test, they give consent by their participation.
Generally, any personal information collected during a consumer research study or product test is not disclosed to third parties. However, in some cases, a client sponsoring a research project may wish to contact respondents directly. In such instances, Rocca Data Collection Inc. will explain the reason for disclosure to the respondent and obtain express permission before making any such disclosure.
Respondents are always free to:
Choose whether or not to participate in an activity,
Refuse to answer specific questions, and
Discontinue participation at any time.
In obtaining consent, Rocca Data Collection Inc. will use reasonable efforts to ensure respondents are advised of the identified purposes for which their personal information will be used or disclosed. These purposes will be stated in clear, understandable language.
Generally, Rocca Data Collection Inc. will seek consent to use and disclose personal information at the same time it collects the information. However, consent may be sought after collection but before any new use or disclosure of personal information for a purpose not previously identified.
In determining the appropriate form of consent, Rocca Data Collection Inc. will consider the sensitivity of the personal information and the reasonable expectations of its respondents.
Participation in consumer research studies or product tests may constitute implied consent for Rocca Data Collection Inc. to collect, use, and disclose personal information for the identified purposes.
Principle 4: Limiting the collection of personal information to only what is necessary
Rocca Data Collection Inc. limits the collection of personal information to what is necessary for the purposes identified by Rocca Data Collection Inc. Personal information is collected by fair and lawful means.
In conducting consumer research studies and product tests, Rocca Data Collection Inc. limits the amount and type of personal information collected. We collect only the information needed for the purposes clearly communicated to respondents.
Rocca Data Collection Inc. collects personal information primarily from the individual or, where appropriate, a member of that individual’s household. Except as permitted by law, Rocca Data Collection Inc. will only collect personal information from external sources, such as client organizations, with the individual’s prior consent.
Principle 5: Limiting the use, disclosure, and retention of personal information to only what is necessary
Rocca Data Collection Inc. will not use or disclose personal information for purposes other than those for which it was collected, except with the consent of the individual or as required or permitted by law. Personal information will only be retained as long as necessary to fulfill those purposes.
Rocca Data Collection Inc. may disclose a respondent’s personal information to:
A client of Rocca Data Collection Inc. where the respondent has consented to such disclosure;
A third party engaged by Rocca Data Collection Inc. to perform functions on its behalf;
A public authority or agent of a public authority if, in the reasonable judgment of Rocca Data Collection Inc., it appears that there is imminent danger to life or property which could be avoided or minimized by disclosing the information; or
A third party or parties where the respondent consents to such disclosure or where disclosure is required or permitted by law.
Only employees or contractors of Rocca Data Collection Inc. with a legitimate business need-to-know, or whose duties reasonably require it, are granted access to personal information about respondents.
Rocca Data Collection Inc. retains personal information only as long as it is necessary or relevant for the identified purposes or as required by law. If a respondent needs to be re-contacted to clarify survey responses or provide additional information, Rocca Data Collection Inc. will retain the personal information for a period reasonably sufficient to allow this re-contact.
Rocca Data Collection Inc. maintains reasonable and systematic controls, schedules, and practices for the retention and destruction of information and records. Personal information that is no longer necessary or relevant for the identified purposes, or that is no longer required by law, will be securely destroyed, erased, or anonymized.
Principle 6: Ensuring accuracy of personal information
Rocca Data Collection Inc. ensures that personal information is as accurate, complete, and up-to-date as necessary for the purposes for which it is to be used.
Personal information used by Rocca Data Collection Inc. will be sufficiently accurate, complete, and up-to-date to minimize the risk of using inappropriate information when making decisions related to a respondent.
Rocca Data Collection Inc. updates personal information about respondents as necessary to fulfill the identified purposes or upon notification by the individual.
Principle 7: Using appropriate safeguards for stored personal information
Rocca Data Collection Inc. protects personal information by employing security safeguards appropriate to the sensitivity of the information.
We protect personal information against risks such as loss, theft, unauthorized access, disclosure, copying, use, modification, or destruction through appropriate security measures, regardless of the format in which the information is held.
Rocca Data Collection Inc. ensures that personal information disclosed to third parties is protected through contractual agreements that stipulate the confidentiality of the information and the purposes for which it is to be used.
All employees and contractors of Rocca Data Collection Inc. with access to personal information are required to respect its confidentiality and adhere to our privacy and security policies.
Principle 8: Staying open and transparent about personal information policies and practices
Rocca Data Collection Inc. is committed to transparency and will make readily available specific information about its policies and procedures relating to the management of personal information.
We ensure that information about our privacy policies and procedures is easy to understand and includes:
The title and contact information of the person accountable for Rocca Data Collection Inc.'s compliance with its Privacy Policy, to whom inquiries and/or complaints can be directed.
The process by which individuals can gain access to their personal information held by Rocca Data Collection Inc.
A description of the types of personal information held by Rocca Data Collection Inc., including a general account of its use.
A description of any personal information that may be made available to related organizations, if applicable.
Principle 9: Providing individuals access to their personal information
Upon written request to Rocca Data Collection Inc., individuals will be informed of the existence, use, and disclosure of their personal information and provided access to that information. Individuals will also have the opportunity to challenge the accuracy and completeness of the information and have it amended as necessary.
In certain situations, Rocca Data Collection Inc. may not be able to provide access to all the personal information it holds about a respondent. For example, access may be denied if providing the information would:
Reveal personal information about a third party.
Pose a threat to the life or security of another individual.
Disclose confidential commercial information.
To safeguard personal information, individuals may be required to provide sufficient identification to allow Rocca Data Collection Inc. to verify the existence, use, and disclosure of the requested personal information and authorize access to the individual’s file. This identification information will only be used for this purpose.
Rocca Data Collection Inc. will promptly correct or complete any personal information found to be inaccurate or incomplete. Any unresolved differences regarding accuracy or completeness will be noted in the individual’s file. Where appropriate, Rocca Data Collection Inc. will inform third parties with access to the personal information in question of any amendments or unresolved differences.
Individuals can obtain information or request access to their personal files by contacting Rocca Data Collection Inc. at josh@roccadata.com.
Principle 10: Allowing compliance to be challenged
Rocca Data Collection Inc. maintains procedures for addressing and responding to all inquiries or complaints from respondents regarding the handling of personal information.
On written request, Rocca Data Collection Inc. will inform respondents about the existence of these procedures and the availability of complaint mechanisms.
Rocca Data Collection Inc. may seek external advice where appropriate before providing a final response to individual complaints.
All complaints concerning compliance with this Privacy Policy will be investigated. If a complaint is found to be justified, Rocca Data Collection Inc. will take appropriate measures to resolve the complaint, including, if necessary, amending its policies and procedures. Respondents will be informed of the outcome of the investigation regarding their complaint.
For inquiries or to address a challenge concerning compliance, respondents can contact Rocca Data Collection Inc. at josh@roccadata.com.
Additional information
For more information regarding the Rocca Data Collection Inc. Privacy Policy, please contact us by e-mail at josh@roccadata.com.
You may also visit the Privacy Commissioner of Canada’s website at https://www.priv.gc.ca/en/.