General Data Protection Regulation (GDPR) Policy for UX Research

This document outlines the General Data Protection Regulation (GDPR) Policy for our User Experience (UX) Research team, in regards to the collection, storage, and processing of email data within a cloud-based solution.

‍

1. Introduction

Our company is committed to ensuring the security and protection of the personal data that we process, and to provide a compliant and consistent approach to data protection.

‍

2. Data Collection

Our UX Research team collects email data from respondents who consent to participate in our research surveys, interviews, and other UX research methods. The email data collected will be used strictly for research purposes only and will not be shared with any third parties, except where necessary for providing and improving our services. We will never sell this data.

‍

3. Data Storage

The collected email data will be stored in a secure cloud solution that is GDPR compliant. The data will be encrypted at rest and in transit to ensure the highest level of protection. Only those roles absolutely required for processing will have access to this data and only for the purposes of their work. We have implemented strict security measures to prevent unauthorized access.

‍

4. Data Retention and deletion

The email data collected will be retained for a period of eight years. It is to be inline with NHS Data retention guidelines. However, this is subject to the data subject's rights and their ability to request the erasure of their data at any point during this period. The deletion of data will be carried out within 30 days of receiving a valid request. If you wish to delete your data and stop receiving UX Research communication from us please let us know at user-experience@doccla.com.

‍

6. Data Subject's Rights

In accordance with the GDPR, data subjects have the following rights:

• The right to be informed: Individuals have the right to be informed about the collection and use of their personal data.
• The right of access: Individuals have the right to access their personal data and supplementary information.
• The right to rectification: Individuals have the right to have inaccurate personal data rectified, or completed if it is incomplete.
• The right to erasure (also known as the 'right to be forgotten'): In certain circumstances, individuals can request the deletion or removal of personal data.
• The right to restrict processing: Individuals have the right to request the restriction or suppression of their personal data.
• The right to data portability: This allows individuals to obtain and reuse their personal data for their own purposes across different services.
• The right to object: In certain circumstances, individuals have the right to object to the processing of their personal data.
• Rights in relation to automated decision making and profiling
• The right to withdraw: The right to withdraw consent at any time (where relevant)
• The right to complain: Individuals have the right to complain to the Information Commissioner

To exercise any of these rights, please send an email request to our Data Protection Officer at dpo@doccla.com. To opt-out of our data collection and processing send an email to user-experience@doccla.com.

‍

6. Data Protection Officer

Our Data Protection Officer is responsible for ensuring compliance with GDPR and with this policy. Any questions about the operation of this policy or any concerns that the policy has not been followed should be referred in the first instance to the Data Protection Officer at dpo@doccla.com.

‍

7. Policy Updates

This policy may be updated from time to time to reflect changes in our practices, technology, legal requirements, and other factors. We encourage you to check this page regularly to stay informed about our data practices.

By participating in our UX research, you consent to the practices described in this GDPR policy.

‍