GDPR & Data Protection
Protecting data. Preserving Trust.
Every research project involves a responsibility that extends beyond collecting data. It involves protecting the people behind it.
At Signal & Noise, data protection is integrated into every stage of the research process, from study design and participant recruitment to data storage, analysis and final reporting.
While our work complies with the General Data Protection Regulation (GDPR) where applicable, our approach is guided by broader principles of responsible data stewardship. We apply these standards across all research projects, regardless of where they are conducted, because protecting participants is a professional responsibility, not simply a legal obligation.
Our data protection practices are informed by the ICC/ESOMAR International Code on Market, Opinion and Social Research and Data Analytics and ESOMAR guidance on primary data collection, duty of care and data protection.
Privacy by design
Privacy is considered before data collection begins, not afterwards.
Every project is designed to collect only the information necessary to achieve its research objectives. Before fieldwork starts, we evaluate what personal information is required, why it is needed, who will have access to it, how long it will be retained and how it will be protected throughout its lifecycle.
Data protection is therefore built into the design of our research rather than added as a final compliance step.
Data Minimisation
We collect only the information that is necessary for the research.
Wherever possible, personal identifiers are avoided, removed or separated from research data. Information is never collected “just in case” it might become useful later.
This principle reduces privacy risks while helping maintain participant trust.
Lawful and Transparent Processing
Participants have the right to understand how their information will be used.
Before taking part in a study, participants receive clear information about:
- the purpose of the research;
- the type of information being collected;
- how their data will be processed;
- who is responsible for the research;
- long data will be retained;
- they can exercise their rights.
Depending on the nature of the project and applicable legislation, personal data is processed on an appropriate lawful basis, including informed consent or other legal grounds recognised under applicable data protection laws.
Confidentiality
Research data is not marketing data.
Information collected for research purposes is used exclusively for research and statistical analysis. We do not use participant data for direct marketing, sales activities or individual profiling outside the agreed research purpose.
Unless explicitly authorised or legally required, participant identities are never disclosed to clients.
Whenever possible, research findings are reported in aggregated or anonymised form so that individuals cannot be identified.
Data Security
Protecting research data requires both technology and disciplined processes.
Depending on the project, appropriate technical and organisational safeguards may include:
- secure data transfer;
- encrypted storage where appropriate;
- controlled access based on project responsibilities;
- password-protected research environments;
- secure research platforms and technology providers;
- regular review of access permissions;
- secure deletion or anonymisation once personal data is no longer required.
Access to research data is limited to authorised personnel involved in the project.
Working with Partners
Some research projects involve trusted external suppliers, such as sample providers, recruitment agencies or specialist technology platforms.
When external partners process personal data on our behalf, we expect them to maintain data protection standards consistent with applicable legislation and recognised professional research practices.
Where required, appropriate contractual safeguards are established before any data is shared.
Only the minimum amount of personal information necessary to perform the agreed services is disclosed.
International Research
Many research projects involve participants, suppliers or clients located in different countries.
Where personal data is transferred across jurisdictions, we take appropriate measures to ensure that transfers comply with applicable legal requirements and that participant information continues to receive an appropriate level of protection.
Participant Rights
We respect the rights of every participant whose personal information we process.
Subject to applicable legislation and the specific circumstances of a research project, participants may have the right to:
- access their personal information;
- request correction of inaccurate data;
- request deletion where legally applicable;
- restrict or object to certain forms of processing;
- withdraw consent where consent is the legal basis for processing;
- raise concerns regarding the handling of their personal information.
Requests are handled promptly and in accordance with applicable data protection requirements.
Accountability
Protecting personal data is a shared responsibility across every stage of the research process.
Our internal procedures are designed to ensure that data protection considerations remain part of project planning, fieldwork, analysis and reporting, not separate from them.
We regularly review our practices as technology, legislation and professional standards evolve.
Our Commitment
Good research depends on trust.
Participants trust researchers with their opinions, experiences and, in some cases, sensitive personal information. Clients trust researchers to protect that information while producing reliable evidence.
We take both responsibilities seriously.
Protecting personal data is not simply about regulatory compliance, it is essential to conducting research that people are willing to participate in and organisations are willing to rely upon.
PRIVACY POLICY AND INFORMATION FOR MARKET RESEARCH PARTICIPANTS
(Last updated: 23.04.2026)
I. PRIVACY POLICY
Last updated: 23.04.2026
1. Data Controller
The data controller is Signal & Noise (legal entity name), a company specialized in data, analytics, and market research services, registered in (●), with registered office at (●).
For any questions regarding the processing of personal data, you may contact us at: )● email address).
2. What Data We Collect
We may collect and process the following categories of personal data:
-
For recruitment or collaboration purposes: name, surname, address, date of birth, nationality, gender, phone number, email address, professional and/or social experience, education, skills, and other personal data included in your CV or provided during interviews.
-
For the conclusion and execution of contracts or collaborations: name, surname, ID/passport details, gender, address, bank account number, email address, phone number, education level.
-
When submitting a contact form on our website: name, surname, email address, phone number, and any additional information you voluntarily provide.
-
For website visitors: we may collect data through cookies or similar technologies such as IP address, browser type, location, pages visited, time spent on the website, device used, and internet provider. For more details, please refer to our Cookie Policy.
3. Purposes of Processing
We process your personal data for the following purposes:
-
To analyze website traffic and improve website functionality (via cookies);
-
To respond to inquiries submitted through the website;
-
To communicate with you, including for marketing purposes such as newsletters (based on your consent);
-
To manage recruitment and collaboration processes;
-
To fulfill contractual and legal obligations.
You may withdraw your consent for marketing communications at any time via the unsubscribe link or by contacting us directly.
4. Legal Basis for Processing
Your personal data is processed based on:
-
Performance of a contract or pre-contractual steps;
-
Legal obligations;
-
Your consent (e.g., marketing, recruitment participation);
-
Legitimate interests of Signal & Noise (e.g., business operations, security, legal claims).
5. Data Retention
We store personal data only as long as necessary for the purposes outlined in this Policy or as required by applicable law.
Cookie-related data is stored according to the durations specified in the Cookie Policy.
6. Data Transfers
Your personal data will not be disclosed to third parties, except in the following cases:
-
Public authorities or institutions, when legally required;
-
Service providers and partners (e.g., hosting, IT, marketing services);
-
Other third parties, only with your explicit consent.
All third parties are bound by confidentiality and data protection obligations.
7. Technical and Organizational Measures
Signal & Noise implements appropriate technical and organizational measures to ensure data security, including:
-
Secure IT systems and infrastructure
-
Access control and authentication
-
Internal data protection policies
-
Regular audits and monitoring
-
Staff training on data protection
8. Your Rights
Under GDPR, you have the following rights:
-
Right of access
-
Right to rectification
-
Right to erasure
-
Right to restrict processing
-
Right to data portability
-
Right to object
-
Right not to be subject to automated decision-making
To exercise your rights, you may contact us at: (● email address) or at our registered office: (● address).
You also have the right to lodge a complaint with the relevant data protection authority.
II. INFORMATION FOR PARTICIPANTS IN MARKET RESEARCH STUDIES
Last updated: 23.04.2026
1. Purpose of this Notice
This document explains how Signal & Noise processes personal data when you participate in market research activities and how your privacy is protected, in accordance with GDPR and applicable laws.
2. Data Controller
This study is organized by Signal & Noise [legal entity name], registered under [●], with registered office at [●].
Signal & Noise acts as the data controller for personal data collected within the study.
For data protection inquiries, contact: [● email address]
3. Collection of Personal Data and Legal Basis
We collect personal data directly from you based on the information you provide during the study.
The legal basis for processing is your informed consent, expressed by agreeing to participate.
Types of data collected may include:
-
Name, surname
-
Gender, age
-
Contact details (phone, email, address)
-
City of residence
-
Identification data (where necessary)
-
Image (photo/video)
-
Voice recordings
Note: Audio and video recordings may be made during interviews, focus groups, or similar research activities.
4. Purpose of Data Collection
Your personal data is used for:
-
Communication regarding your participation (scheduling, reminders, updates)
-
Confirming participation and logistics (location or online access details)
-
Providing participation incentives (if applicable)
-
Inviting you to future research studies (only with your consent)
We may contact you via phone, email, SMS, or other provided communication channels.
5. Data Retention
We retain your data:
-
As long as you agree to be part of our research database;
-
Until you withdraw consent or request deletion;
Audio/video recordings are stored for the duration of the project and contractual obligations, after which they are permanently deleted.
6. Your Rights
You have the right to:
-
Access your data
-
Request correction
-
Request deletion
-
Restrict processing
-
Withdraw consent at any time
-
File a complaint with the supervisory authority
To exercise your rights, contact us at: [● email address]
7. Disclosure of Data
Your data may be shared with:
a) Service providers and authorities
(e.g., legal advisors, auditors, public institutions when required)
b) End clients (research beneficiaries)
Selected recordings (audio/video) may be shared securely with the client for internal analysis purposes only.
These materials will not be made public.
8. Security Measures
We implement industry-standard measures to protect your data, including:
-
Secure data storage
-
Restricted access
-
Encryption where applicable
-
Continuous monitoring of systems
-
Staff training on confidentiality
9. International Transfers
As a rule, data is processed within the European Economic Area (EEA).
If transfers outside the EEA are necessary, we ensure appropriate safeguards such as Standard Contractual Clauses (SCCs).
10. Complaints
If you believe your data has been processed unlawfully, you may contact the relevant supervisory authority:
(Insert authority details based on country)
- In-Lab & Remote
- Romania HQ Global Research