Participant data privacy policy

Welcome to our data privacy policy for members and non-members of our database and participants in paid research. This page details how we collect, store and process the personal data you provide to us as part of the sign-up process and when you apply to questionnaires, as well as any other interaction you may choose to have with us that involves you sharing your personal data with People for Research.

1. Introduction

1.1 People for Research Ltd., a company based in the UK, are registered with the Information Commissioner’s Office (ICO), the organisation that regulates data protection in the UK. You can find proof of our registration here.

1.2 People for Research works in a fully compliant manner, in line with the current data protection legislation. You can find out more about the Data Protection Act 2018 here or about the GDPR here.

1.3 Our main goal is to keep your data safe while working to get you involved in paid research. We will never sell your personal data to a third-party and will only share it with a client running paid research after you have specifically consented to this.

2. Legal grounds, nature and purpose of the processing 

2.1 We process your personal data based on your informed consent. This means that, when you decide to sign up to our database and apply to our studies, you are doing so because you have read this data privacy policy and you consent to People for Research collecting, recording, organising, storing and generally using your data for the purpose of getting you involved in paid research studies.

2.2 If you are recruited for one of our paid research studies, the nature of the processing may also include disclosing some of your data to our clients during the recruitment process. For example, a client may need your email address so they can send you a link to the prototype you are testing. If this is required, we will ask for you to further confirm your consent specifically for this purpose during screening telephone calls.

3. Personal data and special category data

3.1 Personal data is any information that relates to an identified or identifiable individual.

3.2 Some types of data are considered special under the GDPR. The current legislation singles out some types of personal data as likely to be more sensitive, and gives them extra protection. This includes:

• personal data revealing racial or ethnic origin;
• personal data revealing political opinions;
• personal data revealing religious or philosophical beliefs;
• personal data revealing trade union membership;
• data concerning a person’s sex life;
• data concerning a person’s sexual orientation;
• genetic data;
• biometric data (where used for identification purposes);
• and/or data concerning your health.

3.3 We may ask you to share special category data at different stages, from signing up to our database to applying to paid research studies.

3.4 During the sign-up process, for example, we will ask you to confirm your ethnicity and will ask you if you live with any accessibility needs, impairments or long-term conditions. By completing the sign-up form and joining our community, you are providing PFR with explicit and informed consent to collect, process, store and use this special category data.

3.5 The same applies to our online questionnaires, which we use to determine if you are suitable to take part in our studies. These questionnaires may include questions about special data – by completing these questionnaires and submitting them, you are providing PFR with explicit and informed consent to collect, process, store and use this special data.

4. Sharing your data during the sign-up process

4.1 When you share your personal data during the sign-up process, you are sharing it directly and exclusively with People for Research.

4.2 PFR are the sole controller of the information shared during the sign-up process. This means no third-parties, including our clients who run the paid research projects you may end up taking part in, have access to or control over this information.

5. Sharing your data during the application process

5.1 When you complete one of our questionnaires, we ask you to share information about yourself that goes beyond what we capture during the sign-up process or in the ‘My account‘ area.

5.2 If you are suitable to take part in one of our studies, we may go through a telephone screening with you if you are applying to take part in moderated research (e.g. a 1-2-1 session with a researcher). If you are applying to take part in unmoderated research (e.g. a survey or an online task you can do by yourself), we don’t usually collect any extra data over the phone. If the client running the research asks to access any of your personal data, we will collect your informed consent during the application process and ask you to confirm you are happy for the client to receive specific data provided during the application and screening stages. We may collect your consent directly either by asking you in writing or verbally on the phone. Additionally, the client may ask you to sign a consent form.

5.3 If you apply to take part in research by completing our questionnaires or surveys you agree to be contacted by PFR.

5.4 If you confirm your consent during the screening stage and we pass some of your data to the client, both the client and People for Research will process this data as independent controllers, which means the client must also work in a GDPR compliant manner and follow the law when it comes to your personal data.

5.5 As part of our terms and conditions, our clients must always agree to not use any of your data to involve you in future research or studies without PFR’s involvement and/or get you involved in marketing-related activities or similar.

6. Sharing your data during a paid research study

6.1 The client is the sole controller of any data collected during a paid research study or task that you may have been recruited for, which means People for Research have no involvement in this part of the process. When it comes to your personal data, you enter into an agreement with the client at this stage.

6.2 If you are asked to sign a consent form before taking part in a paid research study, the client will use this document to detail how they will process, store and use your data. This also means you have the right to request the permanent destruction of your data at any stage after the end of the study. The client’s consent form should mention how to get in touch with them to request the destruction of your data, so ensure you make a note of this when signing the document or keep a copy of it.

6.3 If you are not asked to sign a consent form, you can get in touch with PFR and ask us how to request the deletion of data shared with a client during a paid research study.

6.4 The client is unlikely to ask you to share any contact details during the session, unless originally agreed with PFR (which we will make you aware of), and they should not ask you to create accounts using your real data, purchase any products, or similar.

6.5 If a client requests any information during a paid research session that you don’t feel comfortable sharing, please make them and People for Research aware of this.

7. Data we collect when you visit our website

7.1 By using our website, you consent to our use of cookies in accordance with the terms of this policy. Find out more about our cookie policy here.

7.2 When you visit our website, we may collect, store and use information about your computer and use of our website, including your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths. This is collected via Google Analytics and is anonymised.

8. How we store your data

8.1 We store your data across both our internal systems, like our own database, and external systems, such as Airtable or Sharepoint.

8.2 All the systems or platforms we use to store and process personal data are encrypted both in transit and at rest.

8.3 Before we onboard any external platforms that we may use to store your data, we ensure they are fully compliant with the GDPR and always put in place a Data Protection Agreement with these organisations to ensure both People for Research and your personal data are fully protected.

9. How long we keep your data for

9.1 If you sign up to our database, we will keep your data for as long as your account remains active (this means you apply to take part in paid research at least once every five years).

9.2 If you don’t apply to take part in research for a period of five years, we consider your account dormant. The next step is to email you and ask if you are still interested in keeping your account open. We will need you to actively confirm your interest – if you don’t take any actions to keep your account open within the deadline specified, we will close your account.

9.3 We keep your closed account on our system for two years. After this period of time has passed, we permanently delete your personal data from our systems.

9.4 We keep personal data related to your applications to paid research in compliant external systems such as Sharepoint for five years and permanently delete it once this period has ended, even if your account remains active on our database. This does not affect the application data we keep in our internal database, which remains saved in the system as per the timeframes detailed in points 9.1, 9.2 and 9.3 or until you request the deletion of your account.

9.5 When we delete your data, we permanently remove it from the system accessed by our team. Under Article 17 of the GDPR, and only if you have attended any paid research projects, we keep a record of your email address, phone number, notes on your profile and the project(s) you took part in. for an indefinite period of time. If you have never been recruited for any paid research projects, we will not keep any of your data. The reason we keep this data is for archiving purposes where erasure is likely to render impossible or seriously impair the achievement of proper processing and record-keeping. The data we keep following deletion from our main system is stored in a blacklisted area of our internal system that only a restricted number of users can access. This data is strictly and exclusively used for record-keeping purposes and it’s not used for any other purposes.

10. Sharing your data and taking part in research if you’re not registered with us

10.1 If you share data with us while applying to take part or while taking part in research, but you don’t have an account on our system, you give us consent to collect, store and process your data for the purpose of getting you involved in the project you are applying for.

10.2 If you apply to one of our projects without having an account on our system, we will keep your application data for five years or until you request its deletion. We won’t use any of your personal data to contact you for future projects or for any marketing purposes.

10.3 Under Article 17 of the GDPR, and only if you have attended any paid research projects, we keep a record of your email address, phone number, notes on your profile and the project(s) you took part in for an indefinite period of time. If you have never been recruited for any paid research projects, we will not keep any of your data. The reason we keep this data is for archiving purposes where erasure is likely to render impossible or seriously impair the achievement of proper processing and record-keeping. The data we keep following deletion from our main system is stored in a blacklisted area of our internal system that only a restricted number of users can access. This data is strictly and exclusively used for record-keeping purposes and it’s not used for any other purposes.

11. Sharing your data and taking part in research if a client is running research with their customers via PFR

11.1 Companies and organisations will sometimes engage People for Research to organise research with their customers or subscribers. If this happens, we will always ask for your consent before capturing any of your data.

11.2 If we or our client gets in touch with you for the purpose of getting you involved in a specific research project, we will ask you to complete an application form. We only keep the data captured in this form for the length of the project and up to a maximum of three months.

11.3 If you are suitable and one of our team members calls you for a screening interview and/or to book you in for research, we keep all data associated with this process for one year after your participation in the project. Once this period ends, we permanently delete all the data.

11.4 Any data that we keep under these circumstances is strictly kept for archival reasons and never used for any other purposes other than involving you in research with the client that has referred you.

12. Disclosing your personal data

12.1 Our employees have access to your personal data for the purposes set out in this policy.

12.2 We may also be required to disclose your personal information under the following circumstances:

(a) to the extent that we are required to do so by law;
(b) in connection with any ongoing or prospective legal proceedings;
(c) in order to establish, exercise or defend our legal rights and prevent fraud;
(d) to the purchaser (or prospective purchaser) of any business or asset that we are (or are contemplating) selling; and
(e) to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information.

13. International data transfers

13.1 The personal data stored by PFR may be subject to an international data transfer for one or both of the following reasons:

• Because we use a digital tool to store or process your data whose headquarters and/or servers are based outside of the UK/European Economic Area. As previously stated in this policy, before we onboard any external platforms that we may use to store your data, we ensure they are fully compliant with the GDPR and always put in place a Data Protection Agreement with these organisations to ensure both our organisation and your data are fully protected.
• Personal data that we collect may be transferred, processed and stored by clients whose headquarters are based in other countries. Some of these countries may not have data protection laws equivalent to those in force in the UK/European Economic Area. In these cases, People for Research will set up a contract with these clients that safeguards any personal data, using standard data protection contract clauses.

14. How to request the deletion of your data

14.1 The informed consent you provide during the sign-up process can be revoked at any time, which means you can ask PFR to permanently close your account and delete all your data at any point after signing up to join our online community. To do so, please email gdpr@peopleforresearch.co.uk from the same email address you used to register with People for Research (you must email us from the same email address so we can indeed verify it’s the account owner contacting us).

14.2 When you ask PFR to permanently delete your account and any personal data you may have shared with us, this does not cover any personal data, as well as audio and video recordings, captured during paid research sessions with clients. As mentioned in these terms, PFR have no control over the data that is shared during research sessions and you must contact the client directly to request the deletion of this data if you wish to do so.