top of page

​

Privacy Policy - Solo Research Lab

 

Introduction:

 

This document is committed to protecting Solo Research Lab's clients, staff members, partners and the company from illegal or damaging actions by individuals. Solo Research Lab is a research business and it is critical that it ensures all project and corporate data is used and protected appropriately.

 

Information covered by this Privacy Policy:

1- Personal information from research studies, collected from any methodology (such as but not limited to: Quantitative, qualitative, usability tests)

2- Corporate information related to G-Suite company’s account (such as but not limited to: email, contacts, drive, calendar).

3- Human resources information including 3rd part vendors and freelancers hired by project

 

Internet/Intranet/Extranet-related systems, including but not limited to computer equipment, software, operating systems, storage media, network accounts providing electronic mail, WWW browsing, and FTP, are the property of Solo Research Lab. These systems must be used for business purposes only.

 

1. Physical Security

 

1.1 Physical Security Access Controls for Research and other business facilities

 

All Research and Tests facilities must operate an access control system to its site(s) e.g. swipe cards,

combination door locks, lock & key, to ensure that only authorized people are able to access its premises.

 

2. Access to Company’s networks

 

2.1. All systems are supplied with default user account name and password settings. Passwords and usernames must be changed where the system allows this to be done. Solo Research Lab is a G-Suite client, and this is the exclusive network to be accessed by staff, vendors, freelancers and/or clients.

 

2.2. Access should be provided to all staff based on their need, role in the project and the department/team in which they work; staff should not have unrestricted access to all Operating Company data. Administration access must be limited, documented and controlled.

 

2.3. When access is given to freelancers, vendors and other temporary staff, particular care should be given to the level of permissions given and named accounts should be created with a termination date matching their agreed engagement period.

 

2.4. Whenever a vendor, member of staff or freelancer leaves, all access is removed and deactivated. In cases where a member of staff or freelancer is serving notice or on standby, the access privileges must be reviewed by appropriate senior management to ensure that any access protects clients and project data.

 

2.5. All email accounts must be stored for a minimum 12-month period.

 

2.6. When someone re-joins the business, their old account can be used but their new rights and access rules should reflect their new role only.

 

2.7. End-user password configuration:

2.1.7.1. Password Expiration: 60 days.

2.1.7.2. Minimum Password Length: 8 characters.

2.1.7.3. Must contain both alpha, special characters (e g @, $, *) and numeric characters is required.

2.1.7.4. Minimum # Passwords Before Reuse: 20 cycles.

2.1.7.5 Certain applications may not support this particular list of criteria; in that case this list is to be used as good practice and complied with so far as is possible.

2.1.7.6. Passwords and other login criteria should not be given to other staff except where required by IT support to assist in resolving issues.

 

2.7. All documents to be exchanged with clients, partners, vendors, freelancers and staff should be shared by Google Drive. In case of exception, if a client is not able to access, a PDF or any other secure source will be provided primary by email.

 

 

2.2. Prohibitions

Under no circumstances is a staff member, freelancer, vendor of Solo Research Lab authorized to engage in any activity that is illegal under local, state, federal or international law while utilizing Solo Research Lab owned resources.

 

The following activities are strictly prohibited, with no exceptions:

  1. Violations of the rights of any person or company protected by copyright, trade secret, patent or other intellectual property, or similar laws or regulations, including, but not limited to, the installation or distribution of "pirated" or other software products that are not appropriately licensed for use by Solo Research Lab.

  2. Unauthorized copying of copyrighted material including, but not limited to, digitization and distribution of photographs from magazines, books or other copyrighted sources, copyrighted music, and the installation of any copyrighted software for which Solo Research Lab or the end user does not have an active license is strictly prohibited.

  3. Accessing data, a server or an account for any purpose other than conducting Solo Research Lab business, even if you have authorized access, is prohibited.

  4. To sell or share in any kind of transaction, research participant’s information.

  5. Exporting software, technical information, encryption software or technology, in violation of international or regional export control laws, is illegal. The appropriate management should be consulted prior to export of any material that is in question.

  6. Introduction of malicious programs into the network or server (e.g., viruses, worms, Trojan horses, e-mail bombs, etc.).

  7. Revealing your account password to others or allowing use of your account by others. This includes family and other household members when work is being done at home.

  8. Using a Solo Research Lab computing asset to actively engage in procuring or transmitting material that is in violation of sexual harassment or hostile workplace laws in the user's local jurisdiction.

  9. Making fraudulent offers of products, items, or services originating from any Solo Research Lab account.

  10. Making statements about warranty, expressly or implied, unless it is a part of normal job duties.

  11. Effecting security breaches or disruptions of network communication. Security breaches include, but are not limited to, accessing data of which the employee is not an intended recipient or logging into a server or account that the employee is not expressly authorized to access, unless these duties are within the scope of regular duties. For purposes of this section, "disruption" includes, but is not limited to, network sniffing, pinged floods, packet spoofing, denial of service, and forged routing information for malicious purposes.

  12. Port scanning or security scanning is expressly prohibited unless prior notification to Infosec is made.

  13. Executing any form of network monitoring which will intercept data not intended for the employee's host, unless this activity is a part of the employee's normal job/duty.

  14. Circumventing user authentication or security of any host, network or account.

  15. Introducing honeypots, honeynets, or similar technology on the <Company Name> network.

  16. Using any program/script/command, or sending messages of any kind, with the intent to interfere with, or disable, a user's terminal session, via any means, locally or via the Internet/Intranet/Extranet.

  17. Providing information about, or lists of, Solo Research Lab employees to parties the company.

 

Email and Communication Activities

When using company resources to access and use the Internet, users must realize they represent the company. Whenever a staff member or freelancer state an affiliation to the company, they must also clearly indicate that "the opinions expressed are my own and not necessarily those of the company". The following activities are, in general, prohibited.

  1. Sending unsolicited email messages, including the sending of "junk mail" or other advertising material to individuals who did not specifically request such material (email spam).

  2. Any form of harassment via email, telephone or paging, whether through language, frequency, or size of messages.

  3. Unauthorized use, or forging, of email header information.

  4. Solicitation of email for any other email address, other than that of the poster's account, with the intent to harass or to collect replies.

  5. Creating or forwarding "chain letters", "Ponzi" or other "pyramid" schemes of any type.

  6. Use of unsolicited email originating from within Solo's networks of other Internet/Intranet/Extranet service providers on behalf of, or to advertise, any service hosted by the company or connected via Solo’s network.

 

3. Client Data

Data developed, used or received in connection with a client must be retained as required by client contract.

 

Solo Research Lab management must ensure that all applicable staff (i.e. those handling or

responsible for client data) are familiar with the client’s contractual requirements relating to the length

of time that client data should be kept by Solo Research Lab.

 

Client contracts frequently contain specific provisions on how data may be retained, disposed of or

returned to the client. Company staff must also ensure that they can comply with those requirements.

 

If an Operating Company does not have a contract in place or is operating under terms and conditions

that do not specifically address data retention it is always good practice to discuss with the client how

long it requires its data to be held on Company systems or premises and to record those requirements in writing (which may be via email).

 

If client data supports the accounting records, the information should be maintained in accordance with the accounting records retention periods and in the event of any conflict with the client contract, the accounting record’s retention periods will prevail.

 

4. Data Disposal

In the event that any Client’s or Company’s data is no longer needed and/or required to be kept by law or contractual obligation it may be disposed of in a secure and confidential manner.

 

5.Policy Compliance

All staff member, freelancers, vendors or partner in any kind, must read, agree and sign this Policy in order to start servicing Solo Research Lab.

 

5.1. Exceptions

Any exception to the policy must be approved by the Solo Research Lab owner in advance.

​

5.2. Non-Compliance

Any staff member (including freelancers and vendors) found to have violated this policy may be subject to disciplinary action, up to and including termination of contract.

​

CNPJ 33.779.345/0001-44

bottom of page