|
(General Data Protection Regulation)  |
|
Who is MOAÏ?
MOAÏ is a research institute that belongs to communication group THE LINKS.
With some exceptions, MOAÏ is contracted by client organisations to collect and process survey data(https://moai-etudes.fr/).
The purpose of the research is to identify a qualitative trend (perception, association, etc.) or to measure a quantitative indicator (knowledge, satisfaction, etc.). MOAÏ usually supplies its client organisations with a report showing anonymised quotes and/or statistics.
What personal data does MOAÏ hold?
Although processing is anonymous, the collection is personal by its very nature.
For data collection: whether in panel discussions, face-to-face, over the phone or by digital means, and whether data are “active” (stated) or “passive” (obtained through data capture), the purpose of the research is always clearly stated and the respondent may refuse to answer.
To build the sample and contact people, MOAÏ must have access to personal data (phone number, email address, etc.). This information is only matched up to survey data where necessary (collection, controls and cross-checks). Identifying data are generally erased after twelve months, unless they are required as part of the methodology (historical comparisons, ongoing panels, cohort monitoring, etc.).
Data privacy is guaranteed: MOAÏ does not send any personal data to its client organisations unless the respondent explicitly agrees or requests it, or unless it strictly relates to the research, as specified at the start of the survey.
How does MOAÏ secure data?
With some exceptions, survey data is hosted by MOAÏ, whose secure servers are hosted in France. Information is sent via secure protocols (HTTPS). Access to personal data is limited to persons whose work or role in the research requires it. Education and training is provided on a regular basis.
Compliance guarantees are requested if work is subcontracted. Subcontracting mainly applies to file transfers and invitation to reply routing (e-mails, SMS, etc.). More specifically, it can be used for hosting specific data and data collection applications, or for special processing.
How can I exercise my rights with MOAÏ?
Whilst the MOAÏ research institute does use personal data, its role does not involve managing the personal data of respondents, which are generally owned by MOAÏ's client organisations. The rights of access, the right to rectification, the right to be forgotten and the right to data portability must therefore be raised with MOAÏ's client organisation. MOAÏ may act as an intermediary by relaying a request, provided that it is explicit, documented and unambiguous, and the one-month processing time required under GDPR only starts once MOAÏ's client organisation confirms receipt.
For digital research and during periods of recurring surveys, the person contacted may request not to be re-interviewed for the same survey by taking simple action (categorical refusal on the telephone, link at the bottom of an email, replying with 'STOP' to an SMS, etc.). There may be a delay between when this request is acknowledged and when it is actually processed; we apologise in advance for any inconvenience caused by being followed up too soon.
A respondent may request to be sent the data collected as part of a study (right of access). As it is confidential, the data will only be sent if the recipient is clearly identified as the respondent, which, depending on the nature of the questions, may go so far as to request a letter with acknowledgement of receipt and a photocopy of an identity document. Typically, a request can be sent to dpo@moai-surveys.com, providing the details required for identification (the study in question, the unique response link if there is one, contact details, etc.). Depending on their complexity, it may take up to one month to produce the data collected. With some exceptions, the data collected are not editable after processing or analysis has begun.