Applicability of GDPR

General Data Protection Regulation

PortMA respects the privacy of its survey respondents, business partners, and employees—regardless of where they reside. When we collect or process personal data, we follow the applicable data privacy laws of those jurisdictions. When we collect personal data from residents in the European Union (EU), we comply with all aspects of the General Data Protection Regulation (GDPR). These compliance measures include, among others, informing the consumer about its rights under the GDPR, collecting consent when it is required, and safeguarding consumer data according to the GDPR’s standards. When necessary, we enter into the European Commission’s model contracts for the transfer of personal data to third countries.

While we are prepared to comply with all data privacy regulations, the GDPR’s application is limited in many cases. For organizations established outside the EU, the GDPR applies only when those organizations target residents in the EU by offering them goods or services* or when they monitor the behavior of residents in the EU*. When we conduct surveys that require us to collect an EU resident’s personal data, we comply with the GDPR. But for survey respondents outside of the EU—even ones that happen to be EU citizens—the GDPR does not apply, and we follow the relevant data privacy laws applicable to that survey. In cases where the GDPR does not apply, mandating compliance with its provisions is unnecessary and may limit our ability to process the respondent data.

We are committed to upholding strict data privacy standards, and we actively monitor developments in the regulatory and legal landscapes. One such development we have been tracking closely is the California Consumer Privacy Act (CCPA), a law that requires certain organizations to implement transparency measures and grant certain rights to consumers. In preparation for the CCPA, we are putting into effect even more procedures to shore up our data privacy practices.

Regardless of the jurisdiction, we believe a robust privacy practice starts with strong organizational measures, and we take steps to ensure we collect only the personal data we need to perform the survey, anonymize personal data when possible, and automatically delete data when it is no longer needed. If you have questions about our data handling practices, please reach out to the following company officer:

Chris Clegg, President
Portland Marketing Analytics


*REF: GDPR Article 3(2)(a) and GDPR Article 3(2)(b)