top of page

Privacy Policy

This private policy describes how and why iThoughts obtain, store and process data which can identify persons directly or indirectly, such as name and location data.

iThoughts Research is a trading name of iThoughts Ltd., registered in England and Wales with registration number 06641099, registered at 84 Birkbeck Road, Beckenham, Kent, BR3 4SP. Our ICO registration number is ZA303157.

In this policy "we", "us", and "our" refer to iThoughts Ltd.

This privacy policy applies where we are acting as a data as a data controller for the personal data of any individual or group of individuals who use our service as a business seeking research services ("Clients") or conduct business with us as a supplier ("Suppliers") and or as participants in research ("Participants") and or between you, the visitor and user of our website and iThoughts Ltd, the owner and  provider of our website, and therefore acting as a data controller with respect to the personal data of our website visitors and or when recruiting and employing people.

iThoughts Ltd. reserves the right to change this privacy policy as we deem necessary from time to time, or as may be required by law. The latest version is published on this page and was updated on 15th January 2024.  This policy will be reviewed at least annually.


​Persons are deemed to have accepted the terms of the privacy policy on your first use of the website following changes. Any questions about this policy, can be emailed to or in writing to our registered office.

This privacy policy applies only to the actions of iThoughts Ltd (and users with respect to our website). It does not extend to any websites that can be accessed from our website including, but not limited to, any links on our website to other (social media) websites.


References to the processing of information includes the collection, use, storage and protection of data. For individuals’ security, personal data collected by us will only be processed in accordance with this privacy policy.

References to Clients, Recruiters and Participants include any potential clients or potential recruiters or potential market research participants who visit our website but are yet to participate in our services.

References to “data”, “data controller” and “personal data” shall have the meaning given to them in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regards to the processing of personal data and on the free movement of such data, known as General Data Protection Regulation (GDPR).

In this privacy policy, unless the context requires a different interpretation:

  • the singular includes the plural and vice versa;

  • a reference to a person includes firms, companies, government entities, trusts and partnerships;

  • "including" is understood to mean "including without limitation";

  • reference to any statutory provision includes any modification or amendment of it;

  • the headings and sub-headings do not form part of this privacy policy.

Your security

We take privacy and data security very seriously. We will ensure that any information obtained from you is treated as private and confidential by us and anyone else involved in market research.


To prevent unauthorised access or disclosure, misuse, damage, or destruction of personal data, we have put in place suitable physical (such as using locks), electronic (such as using strong encryption and passwords) and managerial procedures (e.g. limiting access to personal data files via permission settings depending on seniority or need to access data) to safeguard and secure the data we process. Anyone processing personal data in our team or on our behalf must do so in accordance with this policy and on the basis that we are satisfied that they can and will adhere to our high standards for data protection and security.


Privacy incidents


In the unlikely event of a data privacy incident or breach, clients (and where applicable relevant authorities with 72 hours), and individuals if a breach is likely to result in a high risk to the rights and freedoms of individuals, will be notified as soon as a data privacy incident has become known to iThoughts.


iThoughts will assess both the severity of the potential or actual impact on clients and individuals as a result of a breach. If the impact of the breach is more severe, the risk is higher; if the likelihood of the consequences is greater, then again, the risk is higher. In such cases, iThoughts will promptly inform those affected, particularly if there is a need to mitigate an immediate risk of damage to those individuals or clients concerned. One of the main reasons for informing individuals and clients is to help those affected to take steps to protect themselves from the effect of a breach.


Notification will be either by telephone or email, depending on the circumstances of the breach. The notification will include a description of the incident or breach, when it happened, when iThoughts first became aware of the incident, if know the scale of the incident, and what has been done to contain any further fallout from the incident. iThoughts will work closely with the client to come to a satisfactory solution to the incident or breach and will take appropriate measure to avoid any incident or breach from happening again. Any data privacy incident will be logged in the event log, regardless of whether the company is required to notify.


What additional information do we provide to individuals or clients when informing telling them about a breach or incident?


iThoughts will describe, in clear and plain language, the nature of the personal data incident and, at least:

  • the name and contact details of any data protection officer you have, or other contact point where more information can be obtained;

  • a description of the likely consequences of the personal data breach; and

  • a description of the measures taken or proposed to deal with the personal data breach and, where appropriate, a description of the measures taken to mitigate any possible adverse effects.

Where possible, iThoughts will give specific and clear advice to individuals on the steps they can take to protect themselves, and what you are willing to do to help them. Depending on the circumstances, this may include such things as:


  • forcing a password reset;

  • Advising individuals to use strong, unique passwords; and

  • Telling individuals to look out for phishing emails or fraudulent activity on their accounts.


Making a Data Privacy complaint


Any data privacy complaints can made by contacting iThoughts as follows:


  • Send an email to: clearly outlining the nature of the complaint.

  • Write to us at our registered address (see introduction above)


Once a complaint has been received, our Managing Director will investigate the complaint by looking into the nature of the complaint, where needed speaking with the relevant individuals(s) and once all relevant facts have been looked into, come to a conclusion and appropriate action will be taken. All complaints will be logged in the event log.


What data we gather and why

We gather and use certain information about individuals in order to provide services and to enable certain functions on our website. We also collect information to better understand how visitors use our website and to present timely, relevant information to them.


Website/panel data

We may collect data from website visitors in the following circumstances:

  • When visiting our Site (“Site Data”).

  • When providing information to us within the registration form of the ‘Take part in Research' or ' Become a Recruiter' tab of our Site or through a physical sign-up process (“Sign-up Data”) or via the "Contact Us" form. In the case of Clients, when providing us with information either online "Contact Us", in person or on calls, when commissioning us or considering commissioning us to undertake market research on your behalf (“Client Data”).

  • In the case of Participants, when participating in market research with us ("Participant Data”, “Market Research Data”).

  • When recruiting and employing staff ("Staff Data").

Website data (in addition to data submitted via our ‘Take part in Research’ page), may include your IP address, email address, browser type and version, location, source of referral, length of visit, pages you view, search queries you make and general use of our Site. We may process website data to analyse access to and use of our Site by Clients and Participants. We do this in order to monitor, track and improve our Site and the services we provide. We use Site Data collected to maintain accurate internal records of our engagement with Clients and Participants. These records impact our business activities and decision-making. We may also use Site Data to engage with Clients and Participants in the future, for example to market our services and/or provide information to them by email or otherwise.

Sign-up Data

Sign-up Data may include any of the requested information fields on our online sign-up or registration forms, such as name, email address, gender, occupation, date of birth, home address, home/mobile number, number of adults/children in household etc. This data may be processed for the purpose of registering your interest in using our services, contacting you in relation to market research opportunities or generally in relation to our business, services or partners, and/or performing analysis on our Participant, Recruiter and Client databases. Where a client, or Participant/Recruiter provides an email address to us, they provide their express consent to receiving communications from us about our service.

Client Data

Client Data may include any confidential or other business information provided to us by Clients during our dealings with them and any correspondence between us and them. We use this information to understand our clients’ businesses and to ensure that any Participant we engage with for a client is suitable and appropriate for any market research commissioned. We may use this information to contact Clients for marketing and business development purposes, partnership opportunities, or generally to provide you with newsletters and other updates concerning our or your business and/or industry.

Participant Data

Participant Data may include any of the information submitted to us through the "Take part in Research" page, or otherwise provided to us by Participants, including in any correspondence with them. The "Take part in Research" information provided is used to create a thorough socio-economic profile of all Participants, which we use to accurately and efficiently assess and identify appropriate individuals for market research following a client instruction. Clients provide very specific criteria for the Participants they want for their market research, and the more thorough our Participants profile is, the more effectively we are able to provide our service to our clients.

Market Research Data

Market Research Data includes any and all information provide to us with in the course of any market research study. We provide this information to Clients in an edited and user-friendly report so as to provide them with actionable insights and data for their relevant projects. Market Research Data is processed and only sent to Clients on an anonymised basis unless you give your express consent for your personal details to be passed on to them.

Any of the above forms of data may include information which communicated electronically, in writing, in a meeting or over the phone. We sometimes record phone calls for the purposes of collecting Sign-up Data, Client Data, Recruiter Data and Participant Data.

We are entitled to process any personal data listed here where necessary to comply with any legal obligations which we are subject to; to establish or defend any legal claims so as to protect our or your legal rights or the legal rights of other interested parties; or to obtain or maintain our own insurance coverage or obtain professional advice; or to otherwise manage business risks (including the risk of selecting the same Participant for a Client on more than one occasion).

Staff and applicant Data

Applicant data includes information needed for the job application process. If successful we process data needed for employment purposes (HR, Payroll etc.).

​Information we disclose.

We are permitted to disclose personal information in the following cases:

  • If we want to sell our business, or our company, we can disclose it to the potential buyer.

  • We can disclose it to other businesses in our group.

  • We can disclose it if we have a legal obligation to do so, or in order to protect other people’s property, safety or rights.

  • We can exchange information with others to protect against fraud, credit risks, or other similar business risks where it is in our or your vital interests to do so.

We use third parties to store personal data, such as Wix.Com and Panel Fox. (“Third Party Data Partners”). Where any of your data is required for such a purpose, we will take all reasonable steps to ensure that personal data will be handled safely, securely, and in accordance with individuals’ rights, our obligations, and the obligations of the Third-Party Data Partners under GDPR and the law. However, we cannot control the data protection policies of Third-Party Data Partners.

International Transfers of Data outside the European Economic Area (“EEA”)

The information storage facilities of our web hosting service, and of some of our Third-Party Data Partners are located outside of the EEA, such as in the US and Israel. Based on a decision of the European Commission on the adequacy of these countries for the purpose of storing personal data, each of these countries will be protected by appropriate safeguards, such as the use of standard data protection clauses approved or adopted by the European Commission.

Whilst we make all reasonable efforts to ensure our Third Party Data Partners comply with the standards of the GDPR, website visitors and those submitting data through our “Take part in Research” registration form, acknowledge that we cannot control use of such personal data beyond our reasonable control.

Cookies and how we use them.

What is a cookie?

A cookie is a small file placed on a computer’s hard drive. It enables our website to identify visitors’ computers as they view different pages on our website.

Cookies allow websites and applications to store preferences in order to present content, options, or functions that are specific to visitors. They also enable us to see information like how many people use the website and what pages they tend to visit. All cookies used by this website are used in accordance with current UK and EU cookie law.

How we use cookies

We may use cookies to:

  • Analyse our web traffic using an analytics package. Aggregated usage data helps us improve the website structure, design, content and functions.

  • Identify whether visitors are signed into our website. A cookie allows us to check whether a visitor signed into the site.

  • Test content on our website. For example, 50% of our users might see one piece of content, the other 50% a different piece of content.

  • Store information about preferences. The website can then present visitors with information they find more relevant and interesting.

  • To recognise when visitors return to our website. We may show relevant content or provide functionality used previously.


Cookies do not provide us with access to individuals computer or any information about visitors, other than that which they choose to share with us.

Controlling cookies

Visitors can use their web browser’s cookie settings to determine how our website uses cookies. If a visitor does not want our website to store cookies on their computer or device, they can set their web browser to refuse cookies. However, please note that doing this may affect how our website functions and some pages or services may become unavailable to visitors. Unless a visitor has changed their browser to refuse cookies, our website will issue cookies when visited.

How do I disable cookies?

If a visitor wants to disable cookies, they will need to change their website browser settings to reject cookies.  How this can be done will depend on the browser used.   Further details on how to disable cookies for the most popular browsers are set out below:

For Microsoft Internet Explorer:

1. Choose the menu “tools” then “Internet Options”.

2. Click on the “privacy” tab

3. Select the setting the appropriate setting

For Google Chrome:

1. Choose Settings> Advanced

2. Under "Privacy and security," click “Content settings”.

3. Click “Cookies”.

For Safari:

1. Choose Preferences > Privacy

2. Click on “Remove all Website Data”.

For Mozilla Firefox:

1. Choose the menu “tools” then “Options”.

2. Click on the icon “privacy”.

3. Find the menu “cookie” and select the relevant options

For Opera 6.0 and further:

1. Choose the menu Files”> “Preferences”.

2. Privacy

Controlling information about you

When completing a form or providing details on/via our website, one may see one or more tick boxes allowing to:

  • Opt-in to receive (marketing) communications from us by email, telephone, text message or post.

  • Opt-in to take part in market research (projects)


If consented, we can use personal information provided for the above purposes. Anyone can change their consent easily, via one of these methods:


We will never lease, distribute or sell personal information to third parties unless we have express permission, or the law requires us to. This includes our affiliates and / or other companies within the group.

Any personal information we hold is stored and processed under our data protection policy, in line with the Data Protection Act 1998 and GDPR.

Retaining and deleting personal data

Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or purposes. Subject to overriding legal requirements, we will retain personal data as follows:

Personal data provided to us when registering as a client (name, contact details) for as long as required to provide our services to you as our client.

Personal data provided to us when registering as a recruiter (name, contact details) for as long as someone works for us as a recruiter.

Personal data provided to us when registering as a participant (name, contact details, demographics, and other information provided) for as long as someone is an active member on our panel of participants.

Personal data provided to us when taking part in research (name, age, contact details) for a period of two years to check against past participation and quality control purposes.

Personal data provided to us when asking us to not contact again (telephone number and/or email address) to ensure we do not contact again).

Personal data provided when applying for a job will be retained for a period of 6 months unless there is a legitimate reason to retain it for any longer.

Notwithstanding the other provisions mentioned above, we may retain personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect individuals’ interests or the interests of another natural person.


Individual rights

Individuals, as the data subject, may request deletion of personal data at any time in writing, subject to any overriding legal requirement for its retention. This can be in writing to us at our above stated address or alternatively, an email can be sent to: to get in touch.

Individuals are entitled to:


  • request access to, deletion of or correction of personal data

  • request personal data to be transferred to another person or company.

  • make a complaint to a supervisory authority.

  • object to direct marketing communications and/or limit the publication of personal information to third parties.

  • have personal data restricted or blocked from processing?

  • be informed (this privacy policy does that)


Individuals can modify or withdraw consent at any time by notifying us, although please note this may affect the extent to which we are able to provide our services or interact in the future whether as a client or Participant.


Please note that we are not permitted under our commitments to Clients to send a Participant or participant information to them more than once for market research within a certain period. For this reason, we reserve the right at all times to retain relevant information required to ensure that we meet this commitment, particularly in relation to records of previous attendance at market research.


​​Links from our website


Our website may contain links to other websites.

Please note we have no control of websites outside the domain. If an individual provides information to a website to which we link, we are not responsible for its protection and privacy.


iThoughts ltd may, from time to time, expand or reduce our business and this may involve the sale and/or transfer of control of all or part of iThoughts Ltd. Data provided by users will, where it is relevant to any part of our business so transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this website privacy policy, be permitted to use the data for the purpose for which it was originally supplied to us. We may also disclose data to a prospective buyer of our business or any part of it. We will take steps with the aim of ensuring your privacy is protected.

Individuals may not transfer any of their rights under this privacy policy to any other person. We may transfer our rights under this privacy policy for market research purposes where we reasonably believe individuals’ rights will not be affected.

If any court or competent authority finds that any provision of this privacy policy (or part of any provision) is invalid, illegal or unenforceable, that provision or part provision will, to the extent required, be deemed to be deleted, and the validity and enforceability of the other provisions of this privacy policy will not be affected.

This agreement will be governed by and interpreted according to the law of England and Wales. All disputes arising under the agreement will be subject to the exclusive jurisdiction of the English and Welsh courts.

Data protection officer

Our data protection officer's contact details are: Please use as subject matter "Data protection query".


The following links can provide you with more information:

Guide to GDPR

Google Privacy Policy

Facebook Privacy Policy

LinkedIn Privacy Policy

Privacy and Electronics Communications Directive

(EC Directive) regulations 2003

Where does iThoughts store its data?


bottom of page