Sapid Research Ltd GDPR

GDPR Compliance Statement for Sapid Research LLC/ Sapid Research Private Limited

At Sapid Research, we are committed to ensuring the privacy and security of personal data. In accordance with the General Data Protection Regulation (GDPR), we adhere to the principles of transparency, fairness, and accountability in our data processing activities. This GDPR statement outlines how we handle and protect personal data when conducting market research within the European Economic Area (EEA) and ensures that we meet GDPR requirements.

1. Data Controller and Data Processor Roles

Sapid Research may act as either a Data Controller or a Data Processor, depending on the nature of our engagement with clients:

• As a Data Controller: When we determine the purposes and means of data collection and processing.
• As a Data Processor: When we process data on behalf of our clients under their specific instructions.

In both roles, we are fully committed to complying with GDPR and ensuring that all data processing activities are lawful, fair, and transparent.

2. Lawful Basis for Processing

 Under GDPR, personal data is processed only when there is a lawful basis for doing so. These lawful bases include:

• Consent: We obtain clear, explicit consent from individuals before collecting or processing their personal data for market research purposes. Consent is voluntary and can be withdrawn at any time.
• Contractual Obligation: We may process data to fulfill contractual obligations with clients or research participants.
• Legitimate Interest: In some cases, we process personal data to pursue legitimate business interests, such as improving services or conducting client-specific research, provided it does not override individuals’ rights and freedoms.
• Legal Obligation: When required to comply with legal obligations, such as regulatory requirements or law enforcement requests.

3. Rights of Data Subjects

Individuals (referred to as “Data Subjects”) whose personal data we collect and process have specific rights under GDPR. These include:

• Right to Access: Individuals can request access to the personal data we hold about them.
• Right to Rectification: Data subjects can request corrections to any inaccurate or incomplete personal data.
• Right to Erasure (“Right to Be Forgotten”): Individuals can request the deletion of their personal data under certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected or when they withdraw consent.
• Right to Restrict Processing: Data subjects can ask us to limit the processing of their data in certain situations, such as if they contest the accuracy of the data or object to its processing.
• Right to Data Portability: Individuals can request their personal data in a structured, commonly used, and machine-readable format and have the right to transmit that data to another controller.
• Right to Object: Individuals can object to the processing of their data based on legitimate interests, direct marketing, or automated decision-making.
• Right to Withdraw Consent: Where consent is the lawful basis for processing, individuals have the right to withdraw consent at any time without affecting the legality of the processing carried out before withdrawal.

4. Data Collection and Processing

We collect and process personal data for specific and legitimate purposes, including:

• Conducting market research studies and surveys.
• Analysing research data and trends.
• Improving our services and client offerings.

We ensure that data is collected lawfully, with transparency, and that it is limited to what is necessary for the purposes outlined.

5. Data Security and Protection

We implement industry-standard security measures to protect personal data from unauthorised access, disclosure, or loss. These measures include:

• Encryption: We use encryption technologies to safeguard data during transmission and storage.
• Access Control: Personal data is accessible only by authorised personnel, with strict access controls in place.
• Data Anonymisation and Pseudonymisation: Where applicable, we anonymise or pseudonymise data to protect the identity of individuals, particularly when sharing research insights or results.

6. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected or to comply with legal and contractual obligations. Once data is no longer needed, it is securely deleted or anonymised to prevent re-identification.

7. Third-Party Data Sharing

We do not share personal data with third parties unless:

• The data subject has given explicit consent.
• The data is shared with service providers who process data on our behalf, in compliance with GDPR and subject to strict confidentiality agreements.
• The data is required by law or in response to lawful requests from public authorities.

Any third-party data sharing is conducted with full transparency, and we ensure that appropriate data protection safeguards are in place.

8. Data Transfers Outside the EEA

If we transfer personal data outside of the EEA, we ensure that the destination country offers an adequate level of data protection, in line with GDPR requirements. In cases where no adequacy decision exists, we use standard contractual clauses (SCCs) or other appropriate safeguards to protect the data during international transfers.

9. Data Protection Officer (DPO)

[Market Research Firm] has appointed a Data Protection Officer (DPO) who is responsible for overseeing GDPR compliance and ensuring that all data protection policies are implemented effectively. The DPO is also the point of contact for any data protection inquiries or requests.

10. Breach Notification

In the event of a data breach that poses a risk to individuals’ rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR. If the breach presents a high risk, we will also inform the affected data subjects without undue delay.

11. Data Subject Requests

To exercise your GDPR rights or make inquiries about how we process personal data, please contact our DPO using the details below:

• Email: [email protected]
• Phone: +91 9821260845
• Mailing Address: SHAMS Business Centre, Al Messaged, Sharjah, UAE

We will respond to all requests within the statutory timeframe, typically within 30 days.

12. Changes to This GDPR Statement

We may update this GDPR Compliance Statement from time to time to reflect changes in our data practices or to stay compliant with new legal requirements. We encourage you to review this statement periodically for any updates.

Contact Information: For any questions, concerns, or to exercise your rights under GDPR, please contact us at:

• Email: [email protected]
• Phone: +971 585341618 / +91 7391895245
• Mailing Address: SHAMS Business Centre, Al Messaged, Sharjah, UAE

This GDPR statement ensures transparency and outlines the firm’s commitment to protecting personal data in compliance with the General Data Protection Regulation.