Future Thinking Group Privacy Policy: 3rd May 2018

Future Thinking takes your privacy seriously and, as a company, we are committed to protecting and respecting your privacy. This policy contains important information about the personal information it collects about you, how we will use this data, the conditions under which it may be disclosed to other parties and how it is secured. Please read it carefully. Please note that our policy may change over time, so do check this page to ensure you are aware of any policy changes.

We may be required to comply with requests for personal data from regulatory bodies and legislative authorities.

If you have any questions relating to our policy please email privacy@futurethinking.com. Or by post addressed to the Operations Director:

  • UK: Future Thinking, 25 Lavington Street, London SE1 0NZ
  • France: Future Thinking, 6 rue de Saint Petersbourg, 75008, Paris, France
  • Bulgaria: GemSeek, 18 Shipchenski Prohod Blvd, Office 701, Sofia 1113, Bulgaria
  • Bulgaria: cQuest, 18 Shipchenski Prohod Blvd, Office 302, Sofia 1113, Bulgaria
  • UAE: Future Thinking, 25 Lavington Street, London SE1 0NZ

Or by telephone:

  • UK: +44 (0) 3333 208 220
  • France: +33 (0)1 42 93 69 16
  • Bulgaria: +359 2 904 2702
  • UAE: +44 (0) 3333 208 220

Privacy Policy contents
Our Privacy Policy references five key sections including:

  • Who we are
  • Data security
  • Market research
  • Marketing communications
  • Client information

Who we are
Future Thinking conduct market research and provide business consulting services across the globe. We are committed to conducting our business lawfully and to the highest professional industry standards. This website is operated by Munro Market Research Limited, part of the Future Thinking Group, whose registered offices are listed below:

  • Munro Market Research Limited (Registered in England No: 01193016, Registered Office: 25 Lavington Street, London, SE1 0NZ, UK)
  • The Oxford Market Research Agency Limited (Registered in England No: 03597907, Registered Office: 25 Lavington Street, London, SE1 0NZ, UK)
  • Future Thinking France, 6 rue de Saint Petersbourg 75008 Paris, France. 531 661 866 R.C.S Paris
  • GemSeek, 18 Shipchenski Prohod Blvd, Office 701, Sofia 1113, Bulgaria
  • cQuest, 18 Shipchenski Prohod Blvd, Office 302, Sofia 1113, Bulgaria
  • Future Thinking Dubai, Office 2302, Building 3 – JLT Cluster X, Jumeirah Lakes Towers, Dubai, United Arab Emirates

The legal basis for using your personal data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we have your express consent to do so.
  • Where we need to perform the contract, we are about to enter into or have entered into with you or to perform other legal obligations.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal or regulatory obligation.


DATA SECURITY:

How we keep your personal information secure
We take great care to ensure our business information systems are protected against the potential for malicious intrusion, for both stored and transmitted data. We use professional, reputable systems and suppliers and strong data encryption. We train all our staff to our information security standards. In addition to data protection legislation (for example, the EU General Data Protection Regulation) we work to market research industry professional standards and best practice.

Sending EU citizens’ data outside of the EU
We keep EU citizens’ data within the European Union as standard. If we have a technical or business requirement for EU citizens’ data to transfer beyond the EU, then we obtain the individuals’ permission for this or we will ensure that there is a formal written contract in place approved by the European Commission which gives personal data the same protection as it has in the European Union; in the event that any personal data is transferred to the United States, we shall ensure that the party receiving personal data has signed up to the Privacy Shield which requires them to provide similar protection to that afforded in the European Union. We ensure any data transfer and repository beyond the EU is secure to the standards of EU data protection legislation.


MARKET RESEARCH:

Information about our market research activities
Future Thinking collects and processes personal information as part of our business activity of conducting market research.

Future Thinking Group complies with data protection legislation as applicable to the rights of citizens in the geographic areas in which our research activities are conducted. In the EU, as from 25th May 2018, this is the General Data Protection Regulation (Regulation (EU) 2016/679), commonly known as GDPR, which replaces the 1995 Data Protection Directive (Directive 95/46/EC). This new GDPR ruling means that there is a single set of data protection rules across all EU member states for the protection of its citizens’ personal data. This includes Rights for Individuals.

GDPR – Summary of Individual Rights

  1. The right to be informed – right to be informed about the collection and use of personal data
  2. The right of access – right to access their personal data and supplementary information
  3. The right to rectification – right for individuals to have inaccurate personal data rectified, or completed if it is incomplete
  4. The right to erasure – right for individuals to have personal data erased in certain situations
  5. The right to data portability – right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services
  6. The right to object – right to restrict processing of their personal data in certain situations, for example the right to object to use of personal data for direct marketing purposes
  7. Rights in relation to automated decision making and profiling – right to be informed about and object to automated processing of data which may which may produce a potentially damaging decision
  8. The right to withdraw consent at any time – this applies where we are relying on consent to process your personal data.

Why we collect and process personal data
The definition of personal data is where an individual can be identified directly or indirectly by that data on its own or together with other data.
As part of our market research activities we may collect and/or process personal data that helps us:

  1. To know who to approach for participation in our research projects. This could be name, email address, telephone number, address. This may be from our clients if we are helping them assess their customers’ views of their products and services, or to conduct research amongst their own employees. It may be from a professional supplier of potential market research participants, where prior informed consent from the individuals will have been obtained by such suppliers. We may collect information from public sources on who to approach for research. In all cases we will obtain informed consent at the point of participation to proceed.
  2. To control the design of the data collection.
  3. For quality control purposes. For example, IP address is often used at this stage prior to anonymising the data collected from surveys.
  4. To provide information for analysis.

In order to run our business to provide services to our clients and/or to comply with other legal obligations, we also process personal data which includes:

  • Financial data – receiving and making payments
  • Transaction data – details of products and services you have purchased from us
  • Data related to employee administration
  • Commercial data

We also collect, use and share Aggregated Data as part of the delivery of our service to our clients. Aggregated data may be derived from your personal data but is not considered personal data in law as this does not directly or indirectly reveal your identity. If we combine or connect any aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

We may collect Special Categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. This Special Category data is subject to even stricter rules than apply to standard personal data and is only collected with your permission or where we have another specific legal ground to do so.

Collecting information from you
We collect personal information from people who take part in our market research related activities including, surveys (on-line or face to face, telephone), focus group discussions and other market research related activities. We will always explain what we require and obtain consent before it is collected.

We collect information for market research by;

  • Web/internet surveys
  • Telephone surveys
  • Interviews by one of our interviewers either in-home or in a specific location (e.g. in a shopping centre, on a train station, at a venue) – this could be by using equipment such as a tablet or on paper forms
  • Self-completion surveys printed on paper forms – by post or in a specific location, site or event
  • Focus groups
  • Technology-based solutions (e.g. tracking website usage, behavioural data including eye-tracking data and collecting skin-response data)
  • Digital social media/interactive web platforms – in accordance with contractual terms and conditions as specified by the provider and relevant legislation
  • Mobile devices in accordance with contractual terms and conditions as specified by the provider and relevant legislation

Sending personal information outside of the Future Thinking Group

  • We will respond to requests for personal information in accordance with legislative and regulatory requirements.
  • We may use a research solution that requires personal information in order to proceed. For example, when we run online interactive research sessions, or ask participants to undertake certain tasks using mobile apps. This would be explained at the point of participation to proceed. We undertake stringent scrutiny of such services to check data security. We use solutions that restrict data to the EU as standard. Contrary to this, we would obtain consent.
  • We may ask you to attend a focus group discussion or go somewhere to test a new product, and it is possible we would need to send your contact details to our organisers for this.
    It may be beneficial to pass your answers to the client who has commissioned the research about their product or service. This would all be explained and your permission sought before we would do this.
  • Your answers may be held on a database that is used by our clients to view and manipulate anonymised and aggregated research data via a website we have built for this purpose. We will gain your consent for any personal data or personally identifiable information that is available to be viewed by our clients.
  • We may use an approved research supplier to provide specialist services such as data collection, analysis, consultancy, digital production or research tools, specialist techniques such as biometric data collection and analysis.

Keeping your personal information
We only keep personal information for as long as required for the purposes of the research. Our data retention policy states that we will not keep personal information for longer than a year, except where previously agreed with our research participants.

Wherever possible, we work with data that does not have personal information in it. For example, we will detach personal information to make a data set that combines hundreds of completed surveys in order to produce statistical analysis. From focus groups and small-scale research, we mask the identity of participants with labels such as ‘Male, 25-34, London’.

Use of cookies as part of our market research activities
If the use of cookies is required, this will be explained at the time and we will clarify how they will be used.

Access to your personal data and processing restriction
Please contact privacy@futurethinking.com to request your data and/or data erasure or processing restriction. We will confirm receipt of your request within 5 working days and take the appropriate steps to consider your request in line with GDPR legislation. Please note, it is likely you will be asked for proof of identification prior to commencing any work in response to your request.


MARKETING COMMUNICATIONS:

How we collect information from you
We collect, store and retain information about you in a variety of ways when visiting our website:

  • Registering to receive our marketing communications
  • Registering to download content from our website
  • Applying for vacancies listed on our websites
  • When you contact us via our enquiry email

The type of personal information we collect
By personal information we mean any information that you provide via our website that we have collected and may include (but not limited to): Forename, Surname, Postal address, Email address, Telephone number, Job title.

How we use your information
If you are (i) an existing client (ii) interacting with our marketing communications (iii) engaging with us through business development and potential future work (iv) have given express consent to us to use personal information for marketing purposes, Future Thinking may at times use your personal information to provide you with marketing communications related to products, services and information relating to conferences and events.

Sending your personal information outside of Future Thinking Group
We may share information with our third-party service providers for services such as data analysis, website hosting, infrastructure provision, IT services, e-mail delivery services, auditing services, business development and lead generation, marketing services or to comply with legal or regulatory requirements.

Use of cookies on our website
Cookies are commonly used across websites and mobile applications which may be used by Future Thinking to provide you with, for example, customised information from our website. The cookie will allow us to recognise you when you visit our website. A cookie is an element of data that a website can send to your browser which may then be stored on your system. It does not contain confidential information such as your home address, telephone number or credit card details.

We do not exchange cookies with any third-party websites or external data suppliers. If you wish, you can usually adjust your browser preferences so that your computer does not accept cookies. Turning off cookies may mean that there is a loss of functionality when using our website.

Use of Google Analytics
We use Google Analytics which is a web analytics service offered by Google to track and report our website traffic. For more information about Google Analytics please visit: https://www.google.com/analytics/#?modal_active=none

Unsubscribing from marketing communications
You have the right to withdraw consent to receiving direct marketing messages making use of your personal data at any point. If at any point you would like to opt out from receiving any marketing communications, simply click on the unsubscribe link at the bottom of any emails you receive.

Links to other websites
The Future Thinking website will contain links to other websites. Please note that this Privacy Policy only applies to the Future Thinking Group and our website. If you are taken to another website please read their own privacy policies. We do not control any third-party websites and are not responsible for their privacy policies. When you leave our website, you should read the privacy notice of every website that you visit.

Data Protection complaints
Individuals have the right to lodge complaints about data protection issues with their national supervisory authority of their EU Member State about alleged breaches of GDPR.

UK – https://ico.org.uk/
France – https://www.cnil.fr/en/home
Bulgaria – https://www.cpdp.bg/