GDPR
.jpg)
Data Rights Protected by Process
Our GDPR operating model combines transparent governance, secure handling, and responsive rights management workflows.
At Decision Market Insights, we are committed to protecting your personal data and respecting your privacy rights. This page outlines our commitment to data protection and compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
What is GDPR?
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018, across the European Union. It establishes strict rules for how organizations collect, store, process, and protect personal data of EU residents.
GDPR applies to any organization that processes personal data of individuals in the EU, regardless of where the organization is located. We are committed to full compliance with GDPR and other applicable data protection regulations.
Data Controller Information
Decision Market Insights acts as the data controller for personal data we collect through our website and services. This means we determine the purposes and means of processing your personal data.
Data Controller: Decision Market Insights
Contact Email: [email protected]
Website: https://decisionmarketinsights.com/
Legal Basis for Processing
We process your personal data only when we have a valid legal basis under GDPR. The legal bases we rely on include:
Consent
You have given clear, explicit consent for us to process your personal data for specific purposes (e.g., newsletter subscriptions, marketing communications).
Contract Performance
Processing is necessary to fulfill our contractual obligations to you or to take steps at your request before entering into a contract.
Legal Obligation
Processing is necessary for compliance with legal obligations to which we are subject (e.g., tax records, regulatory requirements).
Legitimate Interests
Processing is necessary for our legitimate business interests or those of a third party, provided these interests don't override your rights and freedoms.
Your Rights Under GDPR
Under GDPR, you have the following rights regarding your personal data:
Right to Access
You have the right to request a copy of the personal data we hold about you. We will provide this information in a commonly used electronic format within one month of your request.
Right to Rectification
You have the right to request correction of inaccurate or incomplete personal data. We will update your information promptly upon verification.
Right to Erasure ("Right to be Forgotten")
You have the right to request deletion of your personal data when there's no compelling reason for us to continue processing it, subject to certain legal exceptions.
Right to Restrict Processing
You have the right to request that we limit the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.
Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.
Right to Object
You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes. We will stop processing unless we have compelling legitimate grounds.
Rights Related to Automated Decision-Making
You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or significantly affects you.
Right to Withdraw Consent
Where we process your data based on consent, you have the right to withdraw that consent at any time. This won't affect the lawfulness of processing before withdrawal.
Our Data Protection Measures
We implement comprehensive technical and organizational measures to ensure the security of your personal data:
Technical Security
- SSL/TLS encryption for data transmission
- Encrypted data storage
- Regular security updates and patches
- Firewall and intrusion detection systems
- Secure authentication mechanisms
Organizational Security
- Staff training on data protection
- Access controls and authorization
- Data protection policies and procedures
- Regular privacy impact assessments
- Vendor security due diligence
Data Processing Activities
We maintain records of our data processing activities in accordance with GDPR requirements. Our processing activities include:
- Website Operation: Managing user accounts, providing services, and website functionality
- Research Services: Conducting market research and analysis for clients
- Communication: Responding to inquiries and providing customer support
- Marketing: Sending newsletters and promotional materials (with consent)
- Analytics: Analyzing website usage and improving our services
- Legal Compliance: Meeting legal and regulatory obligations
Data Retention Periods
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by law:
- Account Data: Retained while your account is active and for a reasonable period thereafter
- Transaction Records: Retained for tax and accounting purposes (typically 7 years)
- Marketing Data: Retained until you withdraw consent or unsubscribe
- Research Data: Retained according to project requirements and contractual obligations
- Analytics Data: Typically anonymized and retained for statistical purposes
International Data Transfers
When we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place:
- Transfer to countries with adequate data protection levels recognized by the EU
- Use of Standard Contractual Clauses (SCCs) approved by the European Commission
- Binding Corporate Rules for intra-group transfers
- Compliance with EU-U.S. Data Privacy Framework where applicable
Data Breach Response
In the unlikely event of a personal data breach, we have procedures in place to:
- Detect and contain the breach quickly
- Assess the risk to individuals' rights and freedoms
- Notify the relevant supervisory authority within 72 hours (where required)
- Inform affected individuals without undue delay (where high risk exists)
- Document the breach and our response
- Take steps to prevent future breaches
Children's Privacy
Our services are not directed to children under 16 years of age. We do not knowingly collect personal data from children under 16 without parental consent. If we become aware that we have collected personal data from a child under 16 without verification of parental consent, we will take steps to delete that information.
Right to Lodge a Complaint
If you believe that your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority, particularly in the EU member state where you reside, work, or where the alleged violation occurred.
However, we would appreciate the opportunity to address your concerns before you approach a supervisory authority, so please contact us first.
How to Exercise Your Rights
To exercise any of your GDPR rights, please contact us using the information below. We will:
- Respond to your request within one month (extendable by two months for complex requests)
- Verify your identity to protect your personal data
- Provide the information or take action free of charge (unless requests are manifestly unfounded or excessive)
- Explain if we cannot fulfill your request and inform you of your right to complain
Updates to This Information
We may update this page from time to time to reflect changes in our practices or legal requirements. We encourage you to review this page periodically to stay informed about our data protection and GDPR compliance efforts.
Contact Our Data Protection Team
For questions about data protection, GDPR compliance, or to exercise your rights, please contact us:
Data Protection Officer: Available upon request
Email: [email protected]
Website: https://decisionmarketinsights.com/