Last updated: January 2025
TOFI-VDMA is committed to operating with the highest standards of data protection, research ethics, and regulatory compliance.
1. GDPR & Data Protection
Data Controller
Tree of Insights, LLC acts as data controller. Contact: [email protected]
Data Subject Rights
- Right of Access — Request a copy of personal data we hold about you
- Right to Rectification — Request correction of inaccurate data
- Right to Erasure — Request deletion of your data
- Right to Restrict Processing — Limit how we use your data
- Right to Data Portability — Receive your data in a machine-readable format
- Right to Object — Object to processing based on legitimate interests
- Right to Withdraw Consent — Withdraw at any time
To exercise any right: [email protected]. We respond within 30 days.
2. Double Opt-In Process
All panel membership applications use a mandatory double opt-in process:
- Member submits application with corporate work email
- A verification email is sent immediately to the provided address
- Member must click the verification link to confirm their identity and consent
- Applications are not reviewed or processed until email verification is complete
- This ensures the accuracy of all contact information and provides a verifiable consent record
3. Research Ethics Standards
Informed Consent
- Panel members consent to participation at registration (via double opt-in) and before each study
- Participation is always voluntary — members may withdraw from any study at any point
- Study topics are disclosed at screening level before full participation is requested
Respondent Anonymity
- Individual respondent data is never shared with research clients
- Survey responses are delivered as aggregated, anonymised datasets
- Respondents are not identifiable in any report or deliverable
4. Anti-Fraud & Quality Controls
- Multi-layer identity verification at panel entry
- Digital fingerprinting to prevent duplicate or fraudulent registrations
- Post-field data quality review on every project
- Re-contact validation sampling
- Permanent removal of confirmed fraudulent accounts
5. Data Security
- All data transmitted via encrypted HTTPS connections
- Access to data restricted on a need-to-know basis
- Vendors bound by data processing agreements (DPAs)
6. Data Retention Schedule
- Active panel members: duration of membership + 2 years
- Unverified applications (email not confirmed): deleted after 30 days
- Former panel members: anonymised after 6 months, deleted after 2 years
- Client project data: 3 years
7. CAN-SPAM & Anti-Spam
- Contact limited to research study invitations and essential service communications
- We never use data for third-party marketing
- All communications include an unsubscribe option
8. Contact & Complaints
For compliance or data protection queries: [email protected]