Data Handling Policy for Research

---

This policy outlines the procedures and protocols for handling data collected through the research. The aim is to ensure the confidentiality, integrity, and availability of the data, in compliance with relevant data protection laws and regulations.

The purpose of this policy is to:

• Safeguard the privacy and rights of survey participants.
• Ensure the secure collection, storage, and processing of research data.
• Define the responsibilities of all parties involved in handling research data.

This policy applies to all individuals involved in the collection, handling, and processing of data from the research. 

• Informed Consent: All participants will be provided with information about the research’s purpose, the nature of the data being collected, and how it will be used. Participants must give their explicit consent before participating.
• Data Minimisation: Only data essential for the research's objectives will be collected. Personal data will be minimised to the extent possible.

• Secure Storage: Research data will be stored in secure databases.  
• Physical copies, if any, will be stored on encrypted drives in locked, secure locations. 
• Access Control: Access to the research data will be restricted to authorised personnel only. Only those with permission can access the data.

• Anonymisation: for analysis or reporting, data will be anonymised when exported from DB to protect participants' identities.
• Confidentiality: All data will be treated as confidential. Research results will be reported in aggregate form to prevent the identification of individual participants.

• Internal Sharing: Data will only be shared for the purpose of analysis and reporting.
• Third-Party Disclosure: Data will only be shared with those third parties explicitly identified as partners in the research and only with the explicit consent of participants, except where required by law.
• Data will be shared with external party only through OneDrive or MS Sharepoint, secured by password, that will be delivered separately.

• Retention Period: Research data will be retained only for as long as necessary to fulfil the research's objectives and in accordance with legal and regulatory requirements.
• Data Disposal: Upon expiration of the retention period, all data will be securely deleted or destroyed to prevent unauthorised access.

• Access and Correction: Participants have the right to access their data and request corrections if necessary.
• Withdrawal of Consent: Participants can withdraw their consent at any time, and their data will be removed from the research database.
• Complaint Mechanism: Participants can lodge complaints regarding data handling practices, which will be addressed promptly.

• Technical Measures: Implementing firewalls, and regular security audits to protect data against unauthorised access and breaches.
• Organisational Measures: Training staff on data protection principles and ensuring compliance with this policy.

• Legal Compliance: This policy is in accordance with the General Data Protection Regulation (GDPR) and other relevant data protection laws.
• Policy Review: This policy will be reviewed annually or as needed to ensure its effectiveness and compliance with legal requirements.

For any queries or concerns regarding this policy, please contact: 

Data Protection Officer for Research:  Nikola Bozadziev

Email: nikola@e1133.co