Shift Insight is a market research company based in London and specialising in the education, sustainability and membership sectors. This privacy policy explains how we use any personal information we collect about you when you use our website, opt in to receive details about future research projects or have contact with us as a research participant or potential participant.
Your privacy is important to Shift Insight. This privacy statement provides information about the personal information that Shift Insight collects and the ways in which Shift Insight uses that personal information. It also outlines how we protect your data and your rights to access, correct or delete it.
This privacy policy only applies to the following websites: www.shift-insight.co.uk, www.shift-membership.co.uk, www.shift-sustainability.co.uk and www.shift-learning.co.uk, and not to any that may be linked from them. When you visit other websites, you should read their own privacy policies.
Privacy and the Shift Insight Website
Personal information collection and cookies
Our websites use cookies and other related technologies. Cookies are also placed by third parties we have engaged. Please read our UK cookie policy for further information.
Privacy and being a Shift Insight respondent
What information do we collect about you?
Expressions of interest
We may collect information about you when talking to you about potentially being involved in a research project, prior to your involvement being confirmed. This allows us to assess your suitability.
Research projects
We collect information about you when you participate in a research project for us. This could be via a survey, an interview or another research activity. We always collect explicit, informed consent before collecting any data.
Financial information
We may also collect financial information required to send an incentive payment to you.
In all cases, we will not ask you for more personal information than is necessary and aim to keep requests for sensitive data to a minimum.
How will we use the information about you?
We use the information we collect from you to address specific research issues, often for external clients. We operate to the highest industry standards and , the purpose of the research, the degree to which you can expect to be anonymous, how the data will be collected and any issues around confidentiality and incentive payments. Your consent will be explicitly obtained as part of this process, including for the transfer of any personally identifiable data. In some cases the client may be anonymous. In these cases, you have the right to find out who they are, either after participating or at that time. Please note, if we disclose this information, you will no longer be able to participate in that piece of research.
When we use any information you provide during the course of a project, any personal identifiers, such as your name, institution and job title, will be removed before any analysis or reporting. Please note that while we aim to protect your anonymity as far as is possible, there may be cases in which you supply us with information that by itself, or in combination with other statements in your response, make you identifiable – particularly to someone who knows you – in a way that we cannot reasonably detect whilst anonymising your responses.
We may contact you after your participation in a research project to ensure our researchers have met our high standards. Note that we operate within the Market Research Society and ESOMAR codes of conduct, in addition to the Data Protection Act 2018 and GDPR.
Privacy and Shift Insight’s Panel
What information do we collect about you?
We collect information about you if you opt in to be contacted by us for research purposes. This may have been through a form.
How will we use the information about you?
We will use it to contact you about other research projects we think may be of interest to you. We don’t want to contact people who won’t be interested, so the more information you give us, the more precisely we can target projects to your situation and interests. We will also contact you a few times in the year, asking if you want to update your details. We won’t share your information with companies outside Shift Insight or use your details for sales or marketing purposes. For further details and exceptions, please see the section on third parties later in this document. You can rectify or withdraw the data we hold on you at any time.
Privacy and being a Shift Insight client or business contact
What information do we collect about you?
We collect information about clients and other business contacts in a variety of ways:
- when you contact us to ask about our services
- when we attend conferences and face-to-face or virtual meetings
- using public sources such as LinkedIn or institutional webpages
We do not collect more personal information than is necessary.
How will we use the information about you?
We use the information we collect from you to allow us to contact you when we’re working together or, if we’re not, to occasionally contact you regarding white papers, published research, syndicated research projects, new services, examples of projects in your sector, or just to keep in touch. We endeavour to ensure that we only send you information about things that will really be of interest.
Our telephone systems
Please note, both our incoming and outgoing phone calls are recorded for monitoring purposes. These recordings are destroyed after 90 days.
Your rights
Access to your information and correction of data
Whatever your contact with us, you have the right to request a copy of the information that we hold about you. If you would like a copy of some or all of your personal information, please email or write to us at the address located at the end of this policy. We will reply in full within 1 month unless the information is particularly complex. If we need more time we will let you know.
Withdrawing consent and objections to processing
You have the right to withdraw consent and to request for us to delete your data, and the right to object to it being processed in any particular way. If you wish to do this, please email or phone us using the contact details given below.
Please note that, in accordance with the law around data protection, we aim to reduce risk by removing all personal identifiers from research This process will always be carried out no later than 3 months after the end of the research project.
Your right to lodge a complaint
If you would like to complain about how your data has been treated by us, please contact our Data Protection Officer, Jack Wilson at Jack.Wilson@shift-insight.co.uk. To take your complaint further, contact our Managing Director, Jane Powell, at Jane.Powell@shift-insight.co.uk.
Under the GDPR, you also have a right to lodge a complaint with the supervisory authority in your state of residence, place of work or where the alleged breach of GDPR occurred. In the UK this is the ICO.
Keeping your data safe
Shift Insight takes information security risks very seriously and takes all reasonable technical and organisational precautions to prevent the loss, misuse and / or alteration of your personal information.
Our accreditation
We have been certified with the Cyber Essentials Certificate.
Shift Insight policies relating to data security
Shift Insight will securely store all the personal information you provide.
A number of our company policies relate to this. These include policies on:
- BYOD (Bring Your Own Device)
- Monitoring for breaches and breach protocols
- Employee access and password changes
- Leavers and starters policies
- Work station security
- Wireless communication use
- VPN use
- Software installation
- Server Malware Protection
- Router Security
- Remote access
- Mobile Employee Endpoint Responsibility
- Information sensitivity
- Bluetooth security
- Email & IM use
- Acceptable use
- Acceptable encryption
- Anti-virus
Policies are revised at a minimum annually with discussions on requirements to change built into our monthly directors’ meeting. All staff are given training on cyber security risks and policies annually or when policies change.
Retention of your data
We will keep your data no longer than is necessary. Please click here to see our retention policy.
International data transfers
The GDPR imposes restrictions on the transfer of personal data outside the EEA, to third countries or international organisations.
We follow these regulations, meaning that without your explicit consent your personal data will only be transferred outside of the EEA under the following circumstances:
- Where the Commission has decided that a third country, a territory or one or more specific sectors in the third country, or an international organisation ensures an adequate level of protection.
- Where the organisation receiving the personal data has provided adequate safeguards, e.g. certification under an approved certification mechanism.
Third parties
With the exceptions below, Shift Insight does not share, sell, rent, or trade personally identifiable information with third parties for their promotional purposes.
However, we may need to share your information with our agents or sub-contractors, such as companies we use to recruit participants for research projects or individual interviewers acting on a freelance basis. When this is the case, for these purposes, the agent or sub-contractor in question will be obligated to use that personal information in accordance with the terms of this privacy policy.
If the ownership of our business changes (for example, if we are bought by or merged with another company), we would need to transfer your data to this new owner. We would ensure that your data is transferred to them securely and in accordance with our privacy policies.
In addition to the disclosures reasonably necessary for the purposes identified above, Shift Insight may disclose your personal information to the extent that it is required to do so by law, in connection with any legal proceedings or prospective legal proceedings, and in order to establish, exercise or defend its legal rights.
Legal basis for processing
The following legal bases for processing apply:
- Legitimate interest: Communications with previous, current and prospective clients and business contacts, and research invitations sent to those not on Shift Insight’s Panel, or who have not given previous consent to be contacted by us. Please note, a Legitimate Interest Assessment (LIA) is produced on these occasions, to which you can request access.
- Consent: Communications with Panel members, data provided by clients where permission for use in research has been granted, communication with and data collection from respondents who have given informed consent.
Documentation for those located outside of the UK
If you are located in the EU or US, or a citizen of these territories, please refer to the following documents for further information on the way we treat your data in accordance with local legislation:
Citizens of the EU
Citizens of the United States
Do not sell my personal information (CA)
Changes to our privacy policy
We keep our privacy policy under regular review and we will place any updates on this web page. Please read our disclaimer. This privacy policy was last reviewed on 5th January 2023.
How to contact us
Please contact us if you have any questions about our privacy policy, or information we hold about you, by email to our Data Protection Officer, Jack Wilson at jack.wilson@shift-insight.co.uk or phone us on +44 (0)207 253 8959. Please contact our Managing Director, Jane Powell, at jane.powell@shift-insight.co.uk
Shift Insight Limited
Suite 3.3 The Department Store Studios
19 Bellefields Road
London SW9 9UH
United Kingdom
Please include your contact details on any correspondence and we will contact you to let you know it has been received
Identity and contact details of our nominated representative in the EU
OBSECOM GmbH
Königstr. 40
70173 Stuttgart
Germany
Telephone: 0049 711 / 4605025-40
Telefax: 0049 711 / 4605025-49
Email: shift-insight@obsecom.eu
Website: https://www.obsecom.eu
