Our Research Participant Privacy Policy

Privacy Policy for Research Participants

Introduction

Welcome to The Foundation Growth Consulting LLP's privacy policy for research participants.

The Foundation Growth Consulting LLP respects your privacy and is committed to protecting your personal data. This privacy policy will inform you about how we collect, use, and store your personal data when you participate in our research projects and explain your privacy rights and how the law protects you.

1. IMPORTANT INFORMATION AND WHO WE ARE

Purpose of this Privacy Policy

This privacy policy is intended to inform you about how The Foundation Growth Consulting LLP collects and processes your personal data when you take part in our research studies.

It is important that you read this privacy policy so that you understand how and why we use your data. This policy supplements any other privacy notices you may receive in relation to specific research projects and does not override them.

Controller

We are the data controller responsible for your personal data (collectively referred to as "The Foundation Growth Consulting LLP", "we", "us", or "our" in this privacy policy). If you have any questions about this policy, including any requests to exercise your legal rights, please contact us using the details set out below:

  • Full name of legal entity: The Foundation Growth Consulting LLP

  • Email address: info@the-foundation.com

  • Postal address: 207 King’s Cross Road, London WC1X 9DN

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). Our registration number is ZA472524. However, we would appreciate the opportunity to address your concerns before you approach the ICO, so please contact us first.

 

 2. THE PERSONAL DATA WE COLLECT ABOUT YOU

When you participate in our research, we may collect different kinds of personal data, including:

  • Identity Data (e.g., name, age, gender, occupation)

  • Contact Data (e.g., email, phone number)

  • Research Data (e.g., responses to surveys, interviews, and discussion groups)

  • Technical Data (e.g., IP address if participating in online research)

  • Audio/Visual Data (e.g., recordings of interviews or focus groups, photographs, where applicable and with consent)

We do not collect any Special Categories of Personal Data (e.g., health, race, political beliefs) unless explicitly required and with your explicit consent.

3. HOW IS YOUR PERSONAL DATA COLLECTED?

We collect data directly from you when you:

  • Complete surveys, interviews, or focus groups

  • Provide information via email or phone

  • Participate in recorded sessions and/or online sessions (only with your consent)

We may also receive data from third parties, such as recruitment agencies or publicly available sources. If you participate in online surveys, please refer to the relevant platform’s cookie notice for information on how technical data may be collected

Where we conduct research involving minors or vulnerable adults, we obtain appropriate parental or guardian consent and take additional precautions to protect their data and privacy

4. HOW WE USE YOUR PERSONAL DATA

We use your personal data for research purposes only, including:

  • Conducting qualitative and quantitative research studies

  • Analysing insights to inform business strategy

  • Sharing anonymized findings with our clients

  • To facilitate incentive payments

  • For quality control purposes

We do not use your personal data for automated decision-making or profiling.

In exceptional cases and only with your consent, we may share identifiable recordings or transcripts with clients where necessary for the purpose of understanding participant responses in context.

We rely on the following legal bases to process your data:

  • Consent – when you agree to participate in research and share your data with us

  • Legitimate Interests – when processing is necessary to conduct our research activities and does not override your rights

5. DISCLOSURES OF YOUR PERSONAL DATA

We may share your data with:

  • Internal team members involved in the research process

  • External service providers (e.g., transcription services, survey platforms)

  • Clients (anonymized or aggregated findings)

  • Clients (research output including photographs and footage, when applicable, and with consent)

We will never sell your personal data or share it with third parties for marketing purposes.

6. USE OF ARTIFICIAL INTELLIGENCE (AI) SERVICES

In some cases, we may use carefully selected AI-powered services to support our research activities. This may include: (a) transcription tools to convert audio recordings into text; (b) video processing services to analyse visual material; (c) generative AI tools (such as ChatGPT) to assist with summarising or analysing fully anonymised responses or text.

Where we use these tools: (a) we ensure that no personal identifiers or special category data are input into AI systems unless they are hosted securely within the UK or another jurisdiction with appropriate safeguards; (b) we use only reputable service providers who implement strong data protection and security measures; (c) any data shared with AI services is either pseudonymised or fully anonymised, and cannot be used to identify individual participants.

Our use of these tools is always assessed for compliance with applicable data protection laws, including the UK GDPR, and subject to data processing agreements where required.

7. INTERNATIONAL TRANSFERS

If your data is transferred outside the UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission in Decision (EU) 2021/914of 4 June 2021 (Modules Two and Three), as supplemented by the UK International Data Transfer Addendum issued by the Information Commissioner’s Office.

8. DATA SECURITY

We have implemented security measures to prevent unauthorized access, disclosure, or loss of your personal data. Access is restricted to employees and third parties on a need-to-know basis.

9. DATA RETENTION

We will retain your personal data only for as long as necessary for the research study, after which it will be securely deleted or anonymized.

  • Audio/visual recordings – deleted within two (2) years unless otherwise specified

  • Photographs – deleted within two (2) years unless otherwise specified

  • Survey/interview responses – stored securely and anonymized as soon as possible

  • Transcripts – stored securely, anonymized

If retention is required beyond the periods set out above (e.g., for longitudinal studies), we will inform you and explain the reason and duration at the time of data collection.

10. YOUR LEGAL RIGHTS

Under GDPR, you have the following rights:

  • Access – Request a copy of your personal data

  • Correction – Request correction of inaccurate data

  • Erasure – Request deletion of your data

  • Objection – Object to processing under legitimate interests

  • Restriction – Request a pause on processing your data

  • Withdrawal of Consent – You can withdraw your consent at any time (If withdrawal occurs during an active session, we will stop recording and exclude your data. If you withdraw after your session, we will delete all identifiable data unless already anonymised or aggregated.)

To exercise any of these rights, please contact us at: info@the-foundation.com.

If you require this privacy policy in an alternative format or language, please let us know and we will do our best to provide it.

This privacy policy applies to all research participants engaging with The Foundation Growth Consulting LLP and replaces any previous versions.

Last review 23 June 2025