Home Data Privacy Directors Our Expertise Coverage Our Clients Qualitative Services Syndicated Studies Data Collection Our Partners Careers News & Reports Contact

Download our Profile

Data Privacy

Infinite Insight Data Privacy Statement


As a market research and opinion polling agency, the privacy of our respondents is a prime concern. Members of the public will only voice their opinions if they can be certain that no breach of confidentiality will occur.

From its inception in 2010, Infinite Insight has firmly committed to complying with the ICC/ESOMAR Code of Practice and the Market & Social Research Association’s (MSRA) Code of Ethics.

Since it came into effect in 2018, Infinite Insight has voluntarily complied with the General Data Protection Regulation (GDPR) by the European Union in those African countries, which have not yet formulated their own country-specific guidelines.

The Data Protection Act of 2019 has come into effect in Kenya, Infinite Insight is complying with the regulations laid out therein.


1. Infinite Insight Ltd. (also “We”, the “Company”) is registered in Kenya as a research agency; we engage in market, social, and public opinion research. We operate on the basis of a research permit, issued annually by NACOSTI. The Company is not involved in e-commerce or any type of marketing activity which involves the sale of personal details to third parties.

2. “Respondents” are defined as members of the public, who have given their consent to participating in a research project.

3. “Staff” of Infinite Insight includes directors, permanent employees, and temporary contract staff, including field interviewers, moderators, and external consultants.

4. “Clients” are defined as local and international companies, research agencies, or academic institutions, who commission us to provide research services in Kenya. Such research services include consumer research, public opinion polls, and social research.

Section I: Research Activities

Data Collection:

Infinite Insight collects data in three major ways:

1. Personal Interviews (F2F: face-to-face): respondents are randomly selected, following probability sampling techniques. Interviews occur at private homes or respondents’ place of work. Remote interviewing via Zoom, Teams, Skype, WhatsApp, etc. is an extension of personal interviewing.

2. Telephonic Interviews (CATI): respondents’ phone numbers are randomly generated (i.e. random digit dialing), at times supplemented with geographically targeted calling among respondents, who had given prior Informed Consent to be contacted for telephonic interviews.

3. Online Interviewing (CAWI): Links to the survey are sent to randomly generated phone numbers, or emailed to respondents, who had given their Informed Consent to being contacted; in addition, links may be posted on social media.

Participation in all research projects is voluntary. Respondents must give prior Informed Consent to participation; in telephonic surveys, Informed Consent can be given verbally, once the Informed Consent statement has been read out aloud and the respondent has understood its content.

Data Collection among Minors:

In the case of minors (respondents below the age of 18), parents or legal guardians are required to have given their consent to their wards’ participation.

Contact details (personal identifiers) of minors will only be retained for verification and quality control purposes; once this has been completed, they will be deleted.

Should we, at any time, learn that a minor has been interviewed without parental consent, all data (identifiers, classification data, and survey responses), will be deleted.

Parental consent is a necessary condition, but not a sufficient one; i.e. underage respondents retain their right to refuse answering all or part of the questionnaire.

Types of Data Collected:

There are three categories that are collected in a research project:

1. Personal Information (Identifiers):

Identifiers include respondents’ names, addresses, phone numbers, and email addresses. These data are collected only for Quality Control purposes. All personal identifiers are kept separated from the bulk of the survey data and can only be linked via serial numbers. Should verification reveal that data were collected erroneously, fraudulently, or without Informed Consent (or if Consent is revoked at this stage), both survey responses and contact information will be deleted with immediate effect.

Once the veracity of an interview has been established, the Data Processing Manager will permanently delete these identifying data. Thereafter, survey data cannot be traced back to any individual respondent. Nobody, including Infinite Insight Staff, will be able to ascertain who gave what answers


Respondents’ identifiable information may only be shared and/ or retained, if:

2. Classification Data (Demographics):

Classification data include sex, age (or age band), marital status, ethnicity, religious affiliation, socio-economic status, occupation, affiliation to a political party, or product category usage; these will be used to analyse demographic sub-groups within aggregated data sets. Respondents are free to refuse to respond to any given question. Demographic data cannot be traced back to any individual, as respondents are distinguished only by serial number, not personal identifiers.

3. Survey Responses:

Survey Responses comprise all opinions or behaviours volunteered by the respondent during an interview. These data are of interest only in aggregated form. Various statistical operations can be performed to establish group behaviour or preferences; thus, while collective tendencies can be established, no prediction on the behaviour or opinions of any given respondent can be made.

Data Retention Schedule:

1. Data Type: Identifiers (Contact Details)

Retention Period: 2 weeks; alternatively, if Informed Consent has been given, for the duration of the project.

Identifiers will be deleted as soon as the commissioning client has accepted the data and all queries on data collection have been resolved; this typically occurs within two weeks following completion of fieldwork.

If Informed Consent has been given to retain contact information to allow follow-up surveys, identifiers will be stored for the duration of the project.

2. Data Type: Classification Data & Survey Responses

Retention Period: minimum of 1 year

Aggregated anonymised data is retained for two purposes:

(1) To assist clients with data analysis, when in need of information on local context.

(2) To facilitate longitudinal studies (tracking of consumer habits or public opinion)

3. Data Type: Reports & Presentations

Retention Period: indefinite

Analytical reports and graphic presentations are based on aggregated data; they never contain identifiers. These reports and presentations are archived permanently (see section on Data Security).

Purpose of Data Collection:

Data collected during fieldwork is analysed to provide insights on trends among Kenyan consumers and Kenyan general public. These include the establishment of category usage or brand shares; media usage; opinions on national or international issues.

Data collected in Kenya is processed in Kenya; commissioning clients only receive the analytical reports and aggregated anonymised data in electronic format. Data are transferred using secure transfer protocols (e.g. DropBox).

Data Processing & Data Security:

In field, irrespective of data collection mode, data collection platforms (e.g. Dooblo Survey to Go) are used. Interviewers log in with their ID and password; then interviews are uploaded onto a cloud server upon completion; all information on the interview is automatically deleted from the device at that moment.

Only the Data Processing Manager has access to the cloud server. At the end of each day, the data is downloaded to his system; in the process, all data will be removed from the cloud server.

The DP system is password-protected; data is stored on an external device (and therefore, inaccessible to online incursions). The DP manager will assign contact details to Field for quality control. The cases for verification consist only of contact details and do not contain respondents’ confidential answers to the questionnaire. Upon verification, contact details will be permanently deleted.

The survey data (excluding identifiers) are stored on an offline external device in the office of the Managing Director.

Infinite Insight adopted a home-office policy at the start of the pandemic. This policy was made permanent in 2021. Hence, all systems are decentralized; hence, risk of intrusion by unauthorized outsiders is minimised. Individual systems are protected by Windows/Apple firewalls as well as anti-virus and anti-malware software (MalwareBytes or equivalent). All security packages are kept up-to-date at all times.

Data back-ups are done using external devices that are offline, once the back-up has been concluded. Infinite Insight uses no cloud storage. Cloud services are used for secure data transfers to commissioning clients (DropBox). Data files are always compressed (WinZip) and are locked with strong passwords prior to transfer, following guidelines on password strength provided by our IT Consultant (combination of capital and miniscule letters, special characters, and numbers).

Since 2014, Infinite Insight has adopted data collection on mobile devices. Paper documents, such as lists or questionnaires, do not accrue to the same extent as in the past. Paper documents, such as Informed Consent Forms, corporate records, tax records) are stored in strongboxes in a secured storage room at the house of the Managing Director.

Cookie Policy:

On our home page (www.infiniteinsight.net), no cookies are used; we do not track page traffic or conduct page analytics.

In online surveys, cookies will be deployed by our cloud service provider only to prevent multiple entries.

Summary of Respondents’ Rights:

Section II: Employees’ Data Privacy

In compliance with the Data Protection Act, and The Employment Act (Amendment) Act of 2022, Infinite Insight maintains all personal data of its employees within individual Employee Personnel Files which are securely stored with access to only authorized personnel within the Company. All collection and processing of information and data contained within the Employee Personnel File is in accordance with the employees’ right to privacy.

All data and information is lawfully and legitimately collected and not used for purposes other than as outlined within this Policy document.

The Employees’ Personal data consensually collected from the employee and stored in individual employee personnel files include:

New Employees are requested to provide personal information prior to the confirmation of employment. Employees are further requested to periodically verify and update their personal data to ensure its accuracy and that any inaccurate personal data is promptly deleted or rectified.

Additional information contained within Personnel Files include:

An employee is provided with a copy, or original of all documents generated by the Company and held within an employee’s file. The information contained within the employee’s personnel file is limited to its relevance and necessity for the purpose of which it may be required or processed.

Data and information contained within Employee Personnel files are a documented written history of the employment and are maintained for the employees’ Employment Lifecycle and duration of employment.

Personal Data Access

Personal Data Storage and Safety

Transparency and Employee Awareness

o The employee’s Letter of Employment,

o Employment Induction

o The Company’s HR Manual

o Annual MSRA Ethics Training for all staff; this includes data privacy regulations that must be adhered to.

o Project briefings and training sessions always contain the MSRA Ethics Training, including the sensitization to data privacy regulations.

Employees Obligations to Infinite Insight’ Clients

Section III: Data Privacy Officer & Handling of Complaints

The Role of the Data Protection Officer

Dispute Resolution:

The Data Protection Officer serves as liaison between the public and the company. And if privacy concerns arise, it will be the Data Protection Officer’s task to see that a revocation of Informed Consent will be acted upon without delay.

If a respondent had previously agreed to participate in future research projects, but has changed his/her mind, the Data Protection Officer will assure that Name, Phone Number, Address, and Email Address are deleted from the database with immediate effect.

Contact Us:

For any questions regarding our data privacy policies, contact us on dpo@infiniteinsight.net

Or contact us by mail or phone:

Data Protection Officer

Infinite Insight Limited

Mirage Tower 2, Pent Floor, Room 32

Chiromo Road

P.O. Box 1324, 00606 Nairobi

Tel: +254 774157784

Last updated on 28/10/2022

Download Our Data Privacy Statement as PDF

Infinite Insight is registered as a Data Controller and a Data Processor with the Office of the Data Protection Commissioner (ODPC), Kenya.