Since its inception in 2004, the Lana Porter Group Inc. has conducted strategic market research to empower our clients to make the right business decisions. In doing so, we have proven ourselves to be a trusted protector of the personal information belonging to those who participate in our surveys, focus groups and interviews, as well as the confidential information of our clients. We recognize that continuing to safeguard confidential and personal information is vital to our continued success.
We offer superior client services around the globe from our boutique firm in Vancouver, British Columbia. Our experience includes having conducted over 300,000 quantitative surveys in 25 countries and in 10 languages and over 4,000 focus groups in 15 countries and 10 languages. To do so, we may engage reputable service providers to work with us on a particular client project. We ensure that each of our employees and service providers are contractually obliged to: maintain confidences, have the appropriate information security safeguards in place, and be familiar with and comply with this Privacy Policy and our Breach Response Protocol.
We ensure at all times that our privacy protection practices are compliant with all applicable privacy laws. In this Privacy Policy, we set out our privacy protection practices, what personal information we collect – with informed consent – and what we do with it, and how we ensure at all times confidential and personal information is safeguarded.
Personal information defined
This Privacy Policy describes our practices with respect to “personal information.” Personal information is information about an identifiable individual. Any information which is capable of identifying the individual, either alone or with other available information, is personal information. Personal information also includes employee personal information.
We discuss the applicable privacy laws below. Some of these privacy laws have exceptions to the definition of personal information; for instance, Canada’s Personal Information and Electronic Documents Act, S.C. 2000, c. 5 excludes business contact information from the definition of personal information.
What personal information we collect, use, and disclose with consent
We often conduct surveys, focus groups and interviews of individuals on behalf of our clients to arrive at strategic solutions to their business endeavors as well as assist in the development of new products or services. For surveys and focus groups, we always ensure that we have the participant’s informed consent for our collection and use of personal information. We ensure that the participant understands our purpose for collecting the personal information and how we will use it. For phone interviews, we – 2 – obtain consent verbally during the call after explaining the purpose of our interview and how the personal information will be used. We only use personal information for the purposes explained at the time of obtaining the participant’s consent.
The type of personal information that we receive will vary depending on the research we are conducting on behalf of our client. For instance, a participant may provide us with name and contact information, family composition, occupation, racial or ethnic origin, demographics, information about his or her product or service needs and preferences, and at times financial information. We protect this information with safeguards and privacy practices that are appropriate given the level of its sensitivity.
We do not knowingly collect personal information from minors who are under the age of 16, unless we first obtain the consent of their parent or legal guardian. If we become aware that a minor provided us with personal information without us first having the consent from his or her parent or legal guardian, we will immediately dispose of such information by way of secure means.
We do not disclose the personal information we obtain from our research participants through surveys, focus groups and interviews to our clients or any other parties; rather, we report our aggregate findings to our clients. In particular, we de-identify the information obtained from our participants, and ensure that the participant cannot be identified in the information that we report to our clients. The only exception for this is if a participant provides prior written consent for us to share personal information with our client, such as a video-clip of our interview with the participant
Each person who works with and for us has an individual responsibility to ensure that personal information is protected at all times in accordance with this Privacy Policy. In particular, we ensure that our employees and service providers sign a confidentiality agreement, and undertake to comply with this Privacy Policy and our Breach Response Protocol.
At times, our clients provide us with the personal information of its customers, including contact details and product or service variables. However, our clients only provide us with personal information in circumstances where the individual about whom the information pertains has provided his or her consent to the disclosure of the information being disclosed to us for research purposes. An individual may change or withdraw his or her consent at any time. All communications with respect to such withdrawal or variation of consent should be in writing and addressed to our Privacy Officer.
Applicable Laws
We comply with all applicable privacy laws governing the collection, use, and disclosure of personal information and the safeguarding and retention of this information.
We recognize our obligations under the Personal Information Protection Act, S.B.C. 2003, c. 64 (“PIPA”) for personal information that we collect, use, and disclose within the Province of British Columbia.
Where personal information crosses a provincial or national boarder, we ensure compliance with the Canadian Personal Information Protection and Electronic Documents Act, S.C. 2000, c. 5 (“PIPEDA”).
Where we provide services to public bodies within British Columbia, we recognize our client’s need to ensure that we, as its service provider, comply with the Freedom of Information and Protection of Privacy Act, R.S.B.C. ch. 165 (“FIPPA”). For those public bodies we ensure that we comply with FIPPA’s requirement to store personal information only within Canada.
We also comply with the Canada Anti-Spam Legislation (“CASL”) and any similar law that may apply in other jurisdictions with respect to commercial electronic messages.
Where the Lana Porter Group Inc. or its service providers obtain or process personal information from data subjects within the European Union, we ensure compliance with the General Data Protection Regulation (EU) 2016 / 679 (“GDPR”). Likewise, we work with our US clients to ensure compliance with their applicable state privacy and data protection laws.
Our retention and destruction practice
We dispose of personal information in an appropriate and secure manner and once it is no longer necessary for us to retain it for business or legal purposes. The length of time that we retain information depends on the nature of the information and the purpose for collecting it. We securely dispose of customer information provided by our client 30 days after delivery of our report, unless otherwise specified in the contract.
We may retain our aggregate information, but only after taking diligent steps to ensure that any personal information is stripped from the aggregate information being retained
Online Privacy
When one visits our website, our web servers automatically capture the person’s IP address, domain name, the referring web page from which the person has entered our site, the pages visited on our site, and the amount of time spent here. All websites are capable of capturing this information and most do.
If any personal information is collected in this manner, it will not be used by or disclosed to any other party other than our website service provider. The information we gather that is not personal information (e.g. browser statistics, etc.) may be used to improve our site.
When one visits our site, we may place a cookie on their computer that will allow us to customize and enhance the visitor’s experience and improve the services we offer on our website, or to report site activity. Our cookies will never be used to track one’s activity on any third party websites or to send spam (e.g. unsolicited) e-mails.
A person may also use our Contact Us page or enter their personal information to sign up for our newsletters. We only use this information for the purpose in which is it provided.
Privacy Breach Response
Our computer systems and physical storage practices are designed to prevent unauthorized access. We make reasonable security arrangements to prevent unauthorized access, collection, use, disclosure, copying, modification, disposal or similar risks.
Despite our diligent steps to safeguard personal and confidential information, we recognize that no company is immune to malicious cyber-attacks or other breaches. As such, we have comprehensive cyber insurance in place. This insurance provides us with immediate access to breach response experts, including legal and cybersecurity experts, to respond to and mitigate any attempted or actual breach. The Lana Porter Group Inc. also has its own privacy counsel who is a member of a global team of cyber legal counsel.
As mentioned, our employees and service providers are required to be familiar with and comply with our Privacy Policy and our Breach Response Protocol, as updated from time to time. This requires them to immediately report to our Privacy Officer any breach or potential breach. A breach or potential breach includes but is not limited to the unauthorized external or internal access to our physical records or electronic records, misdirected communications, the loss or theft of physical records or electronic records stored on data storage devices, or malicious cyber-attacks.
We will respond and action any reports of breaches or potential breaches, and engage our expert consultants as required. If we become aware of a privacy breach concerning personal information, we ensure that we comply with all applicable laws regarding breach response and notification and take action to minimize resulting risks. We have a Breach Response Protocol in place to ensure that we are ready to respond in the unlikely event of a breach.
How to access and modify your personal information
Any individual who has personal information with the Lana Porter Group Inc. has the right, upon submitting a request to us, to be informed of the existence, use and disclosure of his or her personal information under our control, subject to certain exceptions set out in applicable law. Any request for access to one’s personal information should be made to our Privacy Officer. We may request that we be provided with sufficient detail and information to verify the identity of the person making the request and to enable us to adequately respond. We will attempt to respond to requests promptly and, in any event, within such timelines as may be stipulated by applicable law. We may charge a minimal fee to access one’s personal information; however, we will advise of any fee in advance. In the event we cannot provide access to one’s personal information, we will endeavour to inform the person of the reasons why, subject to any legal or regulatory restrictions.
It is important that the personal information we collect is accurate and complete. A person may update, correct, and otherwise revise personal information by contacting our Privacy Officer.
Questions or concerns about our Privacy Practices or one’s Personal Information
The Lana Porter Group Inc. has designated a Privacy Officer who ensures compliance with this Privacy Policy and with The Lana Porter Group Inc.’s obligations generally under all applicable privacy legislation. The contact information for our Privacy Officer is as follows:
Attention: Dr. Lana E. Porter, President and Privacy Officer
Email: Lana@LanaPorterGroup.com
Telephone: 604-637-9001
Address: LA
Any complaints, concerns, questions, or other feedback concerning our privacy practices, procedures, and this Privacy Policy can be submitted directly to our Privacy Officer.
If you have raised a concern with our Privacy Officer and are not satisfied with how the Lana Porter Group Inc. performed its duties under PIPA, or wish to seek a review of our response to your privacy concern, access or correction request you can contact the Office of the Information and Privacy Commissioner.
WebPortal: www.oipc.bc.ca
Phone number: (250) 387-5629
Email: info@oipc.bc.ca
This Privacy Policy may be updated from time to time. Any updates to this Privacy Policy will be posted on our website at LanaPorterGroup.com.
