top of page

Privacy Notice

Your Personal Data: 

What we need 

iThoughts Ltd will be what’s known as the ‘Controller’ of the personal data you provide to us. We only collect basic personal data about you which does not include any special types of information or location based information. This does however include name, address, email, demographics etc.


Why we need it 

We need to know your basic personal data in order to be able to reply to your request and if you want to join our panel of recruiters or participants, to be able to let you know when we have a suitable project for you to work on.

What we do with it 

All the personal data we process is processed by our staff in the UK. No 3rd parties have access to your personal data unless the law allows them to do so.  We have a Data Protection regime in place to oversee the effective and secure processing of your personal data. More information on this framework can be found on our website (Privacy Policy). 

if you are a member of our panel of participants, we will use your data to:

  • process your data to see if future research is applicable 

  • contact you for future market research (via phone / text / email)

  • if you are invited to take part we will process your data to: check participation for quality control, send reminders about the research session, send pre-checks for quality control purposes.

If you are not a member of our panel of participants, but have been recruited to take part in research we are helping to organise, we will use your data to:

  • check past participation

  • send reminders about the research session

  • send pre-checks for quality control purposes

Who we will share data with

We will only share data with parties who are directly involved in the research session participants are scheduled to attend. At no point will we share personal data with any body (person or company) who is not directly involved in the research. After the research has been completed, we will only contact participants in relation to that research, only if necessary and within a reasonable time frame from when the research finished. 

We will always tell you who we are sharing your data with and will only do so with your consent. 

Examples of bodies we share data with for research purposes are:

  • Our clients, who commissioned the research. They will use data for research and quality control reasons. Their privacy policies will be shared with you. 

  • Hostesses, when research takes place at a hotel, viewing facility or other venue, we will send your contact information to them for reminding and ID checking purposes only. 


Our client may share your first name and research responses with their client. 

Our client may share your information with other interested parties, but only with your consent. These parties include, but are not limited to:

  • their client (if your full information is shared, you will be informed of their company name).

  • Service providers (such as online platforms who need your email address etc. to set you up on an online board if you were to take part in such research)​.

How long we keep it 

Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or purposes. If you have registered as a participant or recruiter, we keep your data until you do no longer want to take part in research anymore, or no longer want to be on our recruiter panel anymore. Please notify us that you no longer wish to be on our panel(s) anymore and we will delete your personal data.If you have taken part in our research, your personal data will be stored for up to 2 years, after which it is securely disposed of. 

Where do we keep it 

iThoughts Ltd. stores its data in the cloud. We use Microsoft 365. Its data centres are based in the UK. For more information about the Microsoft data centres, please click the link below. The information storage facilities of our web hosting services ( may be located outside of the EEA, such as in the US or Israel. Based on a decision of the European Commission on the adequacy of these countries for the purpose of storing personal data, each of these countries will be protected by appropriate safeguards, such as the use of standard data protection clauses approved or adopted by the European Commission.

Whilst we make all reasonable efforts to ensure our Third Party Data Partners comply with the standards of the GDPR, you acknowledge that we cannot control use of such personal data beyond our reasonable control.

Microsoft 365 datacentres

What are your rights? 

If at any point you believe the information we process on you is incorrect, you request to see this information and even have it corrected or deleted. You also have the right to have your data transmitted to another data controller. You also have the right to restrict processing of the data in certain circumstances. If you would like to received more info or if you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate the matter.

If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law, you can complain to the Information Commissioner’s Office (ICO). Our registration no is ZA303157.

Our Data Protection Officer can be contacted at

bottom of page