Data Privacy Framework Policy

Basis Consumer US, including Basis Research LA LLC and Basis Chicago Limited, (Basis)  is committed to adhering to the Data Privacy Framework Principles to the extent necessary to meet national security, public interest, and legal requirements. These Principles apply to all personal data transferred and do not apply to any data from which individuals cannot be identified or where pseudonyms are used.

Basis complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Basis has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Basis has also certified that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.

If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.

To learn more about the Data Privacy Framework (DPF) program, and to view our certification page, please visit https://www.dataprivacyframework.gov/.

U.S. law will apply to questions of interpretation and compliance with the Principles and relevant privacy policies by Data Privacy Framework organizations, except where Basis has committed to co-operate with EU, UK, or Swiss data protection authorities (“DPAs”).

The Federal Trade Commission (FTC) has jurisdiction over Basis in relation to compliance with the Data Privacy Framework.

Definitions

  • “Personal data” / “personal information” – data about an identified or identifiable individual that are within the scope of the General Data Protection Regulation (GDPR), the UK GDPR, or the Swiss Federal Act on Data Protection, received by an organization in the United States and recorded in any form.
  • “Sensitive information / data” – personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sexual orientation, or information specifying the sex life of the individual.
  • “Processing” – any operation or set of operations performed upon personal data, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure or dissemination, and erasure or destruction.
  • “Processor” – a company or person who processes personal data on behalf of a controller.
  • “Controller” – a person or organization which, alone or jointly with others, determines the purposes and means of the processing of personal data.
  • Collection and Use of Data

Basis collects personal information to enable us to contact respondents to take part in market research projects, which may include online surveys, face-to-face interviews, and focus groups. We collect only the minimum amount of personal information needed to fulfil the project parameters.

You may need to provide us with personal information such as your:

  • Name
  • Phone number(s)
  • Physical address and/or regional location
  • Email address
  • Age and life stage
  • IP address
  • Socio-economic information (such as affluence level, ethnicity)

Basis only retains such information for as long as reasonably required for business purposes or as required to comply with our legal obligations.

Principles

Notice

Basis informs individuals about its participation in and commitment to the Data Privacy Framework Principles, the data collected and who has access to it (including third parties and their purposes), the purposes for collection, individual rights and how to exercise them, the independent dispute resolution body designated to address complaints (free of charge), being subject to the investigatory and enforcement powers of the FTC, and the requirement to disclose personal information in response to lawful requests by public authorities.

Basis provides privacy or fair processing notices to all individuals prior to them participating in any fieldwork. Notices explain who has access to their data, where it is being held, for how long, their rights under the Data Privacy Framework (and GDPR, if relevant), and who to contact to exercise their rights.

All notices are written in clear and easy-to-understand language to ensure participants are fully informed and can give informed consent.

Choice

Individuals are offered a clear, conspicuous, and readily available means to opt out of having their personal information disclosed to a third party or used for a materially different purpose than originally collected or subsequently authorised. Express consent (opt-in) is obtained before any sensitive information is disclosed or used for purposes other than those originally collected or subsequently authorised.

Basis provides market research, insight and brand consultancy services to clients in various business fields. In our capacity as a service provider, we may receive, store, and/or process personal data on behalf of our clients. In such cases, we act as a data processor. If information collected is linked back to a client database, individuals are made aware and asked to opt in before participating.

We may disclose personal data to third-party suppliers involved in market research, such as recruitment agencies, venue hosts, panel providers, and survey platform suppliers. Participants are informed of these third parties at the start of their involvement.

Basis does not disclose personal information to third parties for purposes other than those originally specified. Should purposes change, individuals will be re-contacted with the option to opt out.

Accountability for Onward Transfer

Personal data is transferred only for limited and specified purposes, and always in line with the Notice and Choice principles. Basis enters into contracts with third-party controllers specifying that they will provide the same level of protection as required by the Principles and will notify us if they can no longer meet those obligations.

Basis discloses personal data only to third parties who reasonably need to know such data for the purposes it was collected. Such recipients are bound by confidentiality and data protection agreements. Basis monitors its third-party suppliers to ensure ongoing compliance.

We may also disclose personal data to our clients when a data subject has consented or requested such disclosure. Basis remains responsible and liable under the DPF Principles if third-party agents process personal data inconsistently with the Principles, unless Basis proves it is not responsible for the event giving rise to the damage.

Basis may also be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Security

Basis implements reasonable and appropriate physical, technical, and administrative measures to protect personal data from loss, misuse, unauthorized access, disclosure, alteration, and destruction. Safeguards include secure networks, encryption, firewalls, anti-malware, virus protection, user authentication, and access restrictions. Security measures are updated regularly to counter emerging threats.

Data Integrity and Purpose Limitation

Basis limits personal data collection to what is relevant for processing purposes and does not process data in ways incompatible with those purposes. We take reasonable steps to ensure data is reliable, accurate, complete, and current, and retain it only as long as needed.

Personal data is deleted or anonymised once no longer required. For example, survey responses are usually aggregated and not attributed to individuals.

Access

Individuals have the right to access the personal data Basis holds about them and to correct, amend, or delete it where it is inaccurate or processed in violation of the Principles. Requests can be made by emailing DPO@basisresearch.co.uk.

Requests must be in writing and provide sufficient detail to enable us to confirm whether we are processing the data, to locate it, and to verify identity. Requests will be acknowledged and addressed within one month of receipt.

Recourse, Enforcement and Liability

Basis commits to resolving complaints regarding our collection or use of personal data transferred under the Data Privacy Framework. EU, UK, and Swiss individuals with inquiries or complaints should first contact us at DPO@basisresearch.co.uk.

Basis further commits to refer unresolved complaints to the BBB National Programs consumer complaints system, an independent dispute resolution mechanism. This service is provided free of charge. If you do not receive timely acknowledgement of your complaint, or if your complaint is not satisfactorily addressed, you may visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers.

Where complaints are not resolved through these channels, binding arbitration may be invoked as a last resort, as described in Annex I of the Data Privacy Framework (link here). Arbitration decisions are binding on both parties.

Basis remains liable under the Principles if it or its agents process personal data inconsistently with the Principles, unless we prove we are not responsible for the event giving rise to the damage.

Renewal

Basis will renew its EU-U.S., UK Extension, and Swiss-U.S. Data Privacy Framework certifications annually, unless it determines that certification is no longer required or another adequacy mechanism is used. Certification status will be publicly confirmed on the Data Privacy Framework website.

As part of this process, Basis will review and update its information security and Data Privacy Framework policies annually to ensure compliance and alignment with the Principles.

Basis

Consumer

B2B

Health

Studio

Ideas (AI)

Multi-colored letter b's laying stacked on their side
Stylized C for consumers
b2b icon
3D H icon for Health
studio icon
Black I icon for ideas with glowing white markings

The global insight consultancy that digs deeper, challenges assumptions, and turns uncertainty into real business results.

Learn more

Basis Consumer helps brands decode what drives behavior, predict future shifts, and turn research into a competitive advantage.

Learn more

Basis B2B helps brands navigate long sales cycles, niche audiences, and high-stakes decisions with speed and precision.

Learn more

Basis Health helps pharma, biotech, and med device companies translate complex data into strategic clarity—fast.

Learn more

Bring your insights to life with executive-ready creative. We craft high-impact deliverables that go beyond reports, ensuring your insights are acted upon.

Learn more

Basis Ideas builds bespoke data ecosystems to surface early signals, uncover hidden opportunities, and fuel bold moves. It’s innovation strategy, backed by intelligence your competitors don’t have.

Learn more