Supporting recruitment, fieldwork, and validation across Thailand & APAC

Contact Us

GDPR & Data Privacy Compliance

Last updated: July 2026

Our Commitment to Data Privacy

At Yamada Research Co., Ltd., we take the privacy and protection of personal data seriously. As a global research panel provider operating across 60+ countries — including markets within the European Union and European Economic Area — we are committed to full compliance with the General Data Protection Regulation (GDPR) and applicable local data protection laws.

Our compliance framework governs how we collect, store, process, and use personal data from research participants, clients, and all individuals who interact with our panels and services.

What Data We Collect

We collect personal data only for legitimate research purposes. This may include:

  • Demographic information — age, gender, country of residence
  • Professional information — job title, industry sector, employer type
  • Health information — self-reported health conditions, professional medical credentials (Healthcare Panel only)
  • Contact information — email address, phone number (for panel communication)
  • Survey responses — opinions, behaviours, and preferences collected during research studies

We do not collect sensitive personal data beyond what is necessary for the specific research purpose, and we never sell personal data to third parties.

Legal Basis for Processing

Under GDPR, we process personal data on the following lawful bases:

Consent

All panel members provide freely given, specific, informed, and unambiguous consent before participating in any research. Consent is recorded and can be withdrawn at any time.

Legitimate Interests

In certain cases, we process data based on legitimate interests — such as maintaining panel quality, preventing fraud, and ensuring research integrity — where these do not override the rights of the individual.

Contractual Necessity

Where we process data as part of a contractual obligation with clients or partners, we do so only to the extent necessary to fulfil that obligation.

Your Rights Under GDPR

If you are a resident of the EU, EEA, or any jurisdiction with equivalent data protection rights, you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — request correction of inaccurate or incomplete data
  • Erasure — request deletion of your personal data (“right to be forgotten”)
  • Restriction — request that we limit how we use your data
  • Portability — request your data in a structured, machine-readable format
  • Object — object to processing based on legitimate interests
  • Withdraw Consent — withdraw consent at any time without affecting prior processing

To exercise any of these rights, contact us at: privacy@ymdonline.com. We will respond to all requests within 30 days in accordance with GDPR requirements.

Data Retention

We retain personal data only for as long as necessary for the purpose it was collected:

Data TypeRetention Period
Panel member profilesDuration of panel membership + 12 months
Survey responses (anonymised)Up to 5 years for research validity
Client contact dataDuration of contract + 3 years
Consent records5 years

Upon expiry of the retention period, data is securely deleted or anonymised.

Data Security

Yamada Research implements industry-standard technical and organisational measures to protect personal data, including:

  • Encryption of data in transit and at rest
  • Access controls and role-based permissions
  • Regular security audits and vulnerability assessments
  • Staff training on data protection and privacy obligations
  • Incident response procedures in line with GDPR breach notification requirements (72-hour notification)

International Data Transfers

As a global panel provider, data may be transferred across borders. Where data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements (DPAs) with all clients and subprocessors
  • Assessment of third-country adequacy decisions where applicable

Cookies & Website Data

Our website uses cookies to improve user experience and analyse site performance. We use only:

  • Essential cookies — required for the site to function
  • Analytics cookies — to understand how visitors use our site (with consent)

You can manage or disable cookies at any time through your browser settings. Please note that disabling essential cookies may affect how the website functions.

Data Processing Agreements

For clients who engage Yamada Research as a data processor, we offer fully executed Data Processing Agreements (DPAs) that define:

  • The scope and purpose of data processing
  • Technical and organisational security measures
  • Sub-processor disclosure and approval
  • Data subject rights obligations
  • Breach notification procedures

To request a DPA, contact: legal@ymdonline.com.

Our Data Protection Officer

Yamada Research has designated a Data Protection Officer (DPO) responsible for overseeing our GDPR compliance programme.

Data Protection Officer

Yamada Research Co., Ltd.
209 Comet Building, 35/5-7 Krungthonburi Road,
Klongtonsai, Klongsan, Bangkok 10600, Thailand

dpo@ymdonline.com+66 95 289 1878

Complaints & Regulatory Authorities

If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local data protection supervisory authority. For EU residents, this is your national Data Protection Authority (DPA).

In Thailand, data protection is governed by the Personal Data Protection Act B.E. 2562 (PDPA), enforced by the Office of the Personal Data Protection Committee (PDPC).

Policy Updates

This policy was last updated: July 2026.

We review and update this policy regularly to reflect changes in law, regulation, and our business practices. Material changes will be communicated to panel members and clients directly.

Return to homepage