Privacy And Security

Privacy and information security policies

CROP is committed to respecting the principles of fair information practices embodied in sections 4 to 8 of the Privacy Act and the principles of the Personal Information Protection and Electronic Documents Act in every research mandate it undertakes, including explicit (not implicit) consent from respondents if they are drawn from lists.

CROP Inc. is a member of the Marketing Research and Intelligence Association (MRIA) and is therefore required to respect the MRIA's rigorous ethical rules, guaranteeing free and informed consent from participants, protection and confidentiality of all data collected and transmitted, as well as exclusivity of the data.

CROP will preserve the accuracy, confidentiality, security and the private nature of information about our survey respondents, our clients, their employees, their clients, their suppliers and shareholders.

CROP respects and safeguards confidential information, unless the disclosure is permitted by law or required by court order. Without limiting the generality of the foregoing, records, internal reports, procedures, documents, business plans, descriptions of technological infrastructures, software and programs in use at our client, patent applications, trademarks, copyrights, industrial designs, client lists, non-public financial results, strategies and methodologies specific to the client, audit reports, as well as personal notes related to client records are confidential and will not be disclosed without specific authorization.

Unless disclosure is permitted by law or required by court order, CROP employees will not disclose any personal information they became aware of while conducting their duties, including those related to a respondent, to a third party or to any other employees whose duties do not require such information.

It is understood that CROP will observe all confidentiality measures regarding the data and the work and that they will not be used in any manner other than as stipulated in the contract with the client. No list of phone numbers developed as part of a research project will be used for another mandate.

CROP ensures at all times to protect confidential and personal information in its possession, whether on its premises or elsewhere, and regardless of the medium used to communicate this information.

CROP takes the necessary measures to protect confidential and personal information that employees become aware of or use when conducting their duties, including:

  • Not leaving records and documents containing confidential and personal information visible to the public or to other employees who are not involved and maintaining such materials in a secure location to be accessed solely by those individuals who are authorized to do so for performing their duties

o Specifically, the staff dedicated to the task of data collection, processing, and coding of data only has access to respondent database files and the client's clientele files

o Conversely, CROP professionals do not have access to software and software modules used by the IT, research assistance and data collection departments

o In addition, professionals who are not assigned to the client's projects cannot access electronic files regarding that client

  • By not discussing the client's business in a manner that discloses confidential and personal information to any other parties other than members of the CROP team assigned to the client's projects
  • By being careful when using any equipment or computer, electronic, or communications tool, such as a laptop, handheld computer, cordless phone or cell phone

o Specifically, each CROP employee has a computer for their own use with a unique password that is changed every six months, to access the company's computer network either from their office or from one of the company's laptops

  • By protecting our equipment and computer tools from theft and loss of information

o Specifically, all client information (database, client list, data collection tools, reports, internal documents, etc.) are hosted on the CROP server, the latter being located in a specific, locked room. Only authorized personnel, which are the director of the IT department as well as two computer technicians, have access to this room. In addition, laptops are also stored in this room where they can be accessed upon request from the director of the IT department

o A backup of the CROP server is made once a day

o A backup copy is stored in a safe place once a week outside the CROP office. In the event of a disaster in the CROP office, only a week's worth of data will be destroyed at most

o When requested by its clients, CROP also stores confidential information outside its office

  • By respecting security standards when confidential and personal information is consulted or transmitted by fax or by electronic means

o Specifically, CROP computers all have firewalls that are updated regularly

o CROP also uses data encryption software (e.g. PGP) for the transmission of confidential files via e-mail

  • By taking appropriate measures to dispose of or archive documents containing confidential and personal information

o Unless otherwise stated, CROP archives all documents relating to clients' projects in a safe place with access that is restricted to authorized personnel only

o In addition, printed materials intended to be destroyed are done so by shredding while electronic documents are completely removed from the server or stored in a secure location with restricted access

  • CROP also ensures that the aforementioned security and confidentiality obligations and policies are respected at all times by its staff in the performance of their duties, including beyond the end of client contracts
  • Finally, CROP ensures that the contract workers, consultants and service providers that it deals with uphold privacy and security policies at the same high standard in order to safeguard the confidential and personal information that is shared with them.