1. Introduction
M31 Research is committed to safeguarding the privacy, confidentiality, and security of all participant data collected during research and evaluation activities. This policy outlines the principles, responsibilities, and procedures to ensure compliance with data protection regulations and ethical standards. The policy applies to all staff, consultants, and partners involved in data collection, processing, storage, and reporting.
2. Data Collection and Informed Consent
All data collection activities must be guided by informed consent. Participants must be fully informed about the purpose of the study, how their data will be used, stored, and protected, as well as their right to withdraw at any stage without consequences. Consent forms must be written in clear, accessible language and signed or verbally agreed upon by participants before any data is collected.
3. Data Minimization and Purpose Limitation
M31 Research adheres to the principles of data minimization, collecting only the data necessary for the stated research purpose. Data will not be used for purposes beyond those explicitly communicated to participants. Any secondary use of data will require additional consent.
4. Data Storage and Security
Participant data will be securely stored using encrypted digital systems and, where applicable, locked physical storage facilities. Access to data will be restricted to authorized personnel only. M31 Research will implement appropriate technical and organizational measures to prevent unauthorized access, data breaches, or loss.
5. Data Anonymization and Confidentiality
To protect participant identities, all personal identifiers will be removed or anonymized during data processing and analysis. Confidentiality agreements will be signed by all staff and consultants handling sensitive data.
6. Data Sharing and Third-Party Access
Participant data will not be shared with third parties unless explicitly authorized by participants or required by law. Any data shared with external parties for research purposes will be anonymized, and data-sharing agreements will be established to ensure compliance with this policy.
7. Data Retention and Disposal
Data will be retained only for the period necessary to fulfill the research objectives and in compliance with relevant legal and regulatory requirements. Once the retention period has expired, data will be securely disposed of, either through permanent deletion or physical destruction.
8. Roles and Responsibilities
All M31 Research staff, consultants, and partners share responsibility for adhering to this policy. Data protection training will be provided to ensure a clear understanding of roles and responsibilities in safeguarding participant data.
9. Reporting and Addressing Data Breaches
In the event of a data breach, M31 Research will immediately investigate the incident, mitigate any risks, and notify affected participants and relevant authorities in compliance with applicable laws.