IFF Research is a full service research agency that has become one of the largest independent research companies in the UK. Our registered office is 5th Floor St Magnus House, 3 Lower Thames Street, London, England, EC3R 6HD and our company registration number is 00849983.

Your privacy is very important to us. We go to great lengths to preserve your privacy and protect the personal data used in our processing activities. This Privacy Policy describes how we collect, use and share information, and what choices you have with respect to any information we may hold about you.


Privacy statement

The work that we do inevitably involves us handling individuals’ personal data, including contact details; and sometimes involves us asking for data from individuals that is classed as sensitive.

Collecting and processing this personal (and sometimes sensitive) data is an inherent part of our core business, and we are committed to reducing the risk of such data being misused, exposing stakeholders in our research to potential detriment.

We are committed to meeting the requirements of all applicable data protection legislation and requirements, including the following laws, codes and standards:

  • UK Data Protection Act 2018
  • The UK / EU General Data Protection Regulation (GDPR)
  • Market Research Society’s (MRS) Code of Conduct
  • ISO/IEC 27001:2013 – Information Security Management quality standard (certified)
  • UK Cyber Essentials Plus (certified)

Any information that you supply to IFF Research is used solely for legitimate market research or statistical purposes and will never result in an attempt to sell you anything based on your data.

Our Data Protection Officer (DPO)

If you would like to receive any further information regarding this Privacy Policy or would like to submit a Subject Access Request please contact our DPO

Email: DPO@iffresearch.com
Data Protection Officer
IFF Research
5th Floor St Magnus House,
3 Lower Thames Street, London,

What personal data do we process in market research activities?

The work that we do inevitably involves us handling your personal data, including contact details; and sometimes involves us asking for data from individuals that is classed as sensitive.

The type of personal data we process will vary with each research project. For survey coordination purposes we would typically process:

  • Name and contact details (telephone number and email address)
  • Profession, age, gender and location to ensure we speak to a demographically representative group of people.
  • Your IP address and which type of web browser you are using if you participate in an online market research survey.

We also keep the data you, and other research participants gave, when taking part in the research, to allow us to analyse and interpret the data to answer the research questions our clients have asked us to answer (you will have been told the purpose of the study when we asked you to take part). This data will ordinarily be recorded in text, audio and sometimes video format, depending on the project and anonymised for analysis.

If there is a requirement to collect and process sensitive personal data (such as gender, ethnicity, political opinions, religious beliefs, trade union activities, physical or mental health or sexual life) we will obtain your explicit consent and / or provide a full description of how it will be used and where it will be located.

On rare occasions, we may use cookies (a cookie is a piece of information that web servers send to your browser file when you access a website, then when you come back to a website again, that website will detect whether you have cookies on your browser file) and other similar devices sparingly for quality control, validation, or to prevent bothersome repeat surveying. You can configure your browser to notify you when cookies are being placed on your computer or to reject cookies altogether. Please see the Cookies section for more information on the cookies we use.

We do no other invisible processing of your data, nor do we attempt to obtain any data from your computer or mobile device.

How is your personal data collected?

Collecting and processing your personal (and sometimes sensitive) data is an inherent part of our core business, and we are committed to reducing the risk of such data being misused.

The legal basis for IFF Research processing personal data varies according to the project and the data being collated, but is typically based on:

  • It being used for research purposes in the public interest; and/or
  • Explicit consent of the data subject.

If we require your consent, we establish and record it at the start of each survey interview. This will be explicitly and separately obtained in relation to sensitive categories of personal data in addition to our obtaining consent to participate in general.

The research studies that we conduct typically involve both IFF Research and our clients acting in the capacity of both data processors and data controllers.

Depending on the project, IFF Research will get contact details in several ways. These include:

  • From an organisation you’ve been in contact with in the past, as their customer or service user.
  • From a research panel that you have signed up to in the past and for which you have consented your personal information to be used for invitations to future market research studies.
  • From one of our third parties who have previously made contact to invite you to conduct market research activities.

Our clients will sometimes give us additional information about you, along with your contact details, but this will only be information needed for conducting or reporting the research. We will not seek to pass back any information which could identify you without your explicit consent, unless you are otherwise informed during the research.

We want to make sure that you are happy for us to use your information for market research purposes. If you think that your details should not have been passed to us, please inform us by emailing dpo@iffresearch.com, so that we can raise the concern with the organisation that provided us with your contact details.

How will your personal data be used?

Our approach to handling, collecting and processing personal (and sometimes sensitive) data about you is tailored to each project, in agreement with our clients.

Your personal data is used by us to assist in our market research activities. These activities include:

  • Contacting you to invite you to participate in a market research survey
  • Attendance checking and coordination activities during face-to-face research interview sessions
  • For internal quality control purposes
  • Recording your research data as either audio / video files or as text files, depending on the research methodology used.
  • Sharing with carefully selected third party partners to conduct additional processing activities relating only to the research survey you have participated in
  • Reviewing your research data in combination with the data obtained from others to identify trends and key messages
  • Feed back to our client unattributed findings we believe to be of interest to them

We will not send you unsolicited email or pass on your email address(es) to others for this purpose. If we want to send you future email or contact you using other methods, we will ask your explicit permission for this.

Who has access to your personal data?

It is our intention to be as transparent with you as possible with regards to who we may need to share your personal data with to fulfil our research. Before you start your research with us start answering survey questions we will let you know who we will share your information with strictly for the purposes of conducting necessary and legitimate additional market research activities.

Most of our research activities are conducted internally by authorised IFF staff. However, during some research programmes your personal information may be shared with the following types of organisation:

  • Research viewing facilities (who provide rooms, recording facilities and coordination services for our interviews)
  • Video streaming and web conference services (if we conduct any live streaming of any face-to-face interviews)
  • Our clients (only if we have obtained your permission and communicated our intention to share with them upfront)
  • Transcribers (who may transcribe recordings)
  • Mail houses (for sending paper based material)
  • Cameramen and video editors (who may perform editing activities on our behalf)
  • Law enforcement (only if required to do so)

IFF Research uses a very limited and carefully selected network of third-party partners for market research related data processing and analysis. These organisations are contractually obliged to solely use your information for research and statistical purposes and safeguard your information from unauthorised disclosure or modification. They are also contractually obliged to delete your information in line with an agreed retention period.

All of IFF’s data storage and processing takes place in in the UK. On the very rare occasion we need to transfer your data outside of the EU in order to complete research activities, we will always make sure we do the following:

  • We’ll ask for your consent to do this before you start your research session with us
  • We’ll ensure there are acceptable cross border adequacy measures in place (e.g. EU standard contractual clauses for transfers to other organisations outside the EU)
  • We’ll ensure adequate security mechanisms are in place to protect your information (as per our ISO 27001 certified procedures).

How do we secure your personal data?

We take information security very seriously at IFF Research and have invested a lot of resource in designing and implementing our Information Security Management System (ISMS) in order to safeguard the confidentiality, integrity and availability of your personal data.

All of our storage, handling and processing or personal and sensitive data is conducted within the UK; and in line with ISO27001 (the international data security quality standard, with which IFF Research is certified). This means that our security measures are frequently assessed both internally by us, and externally by quality assessors and security testers.

We also assess our relevant suppliers to ensure they are GDPR-compliant and operate a secure environment.

How long will we keep your personal data?

Our clients agree with us, at the start of each project, a date by which we will destroy any data files of your contact details that we used as the starting point for conducting fieldwork.

We will only hold your personal information on our systems for the period necessary to fulfil the purposes outlined in this Privacy Policy or until you request it is deleted. The default period for this is 12 months after the project finishes.

All other personal information held about you by us in order to conduct our market research activities will be retained for 12 months after the completion of the work. This is to ensure we can respond to any validation requests from our clients or otherwise complete the provision of our services to our clients.

All information is securely deleted (in line with our ISO/IEC 27001 certified procedures) or anonymised as soon as the retention period has been met.

If you have a privacy or personal data request, please email us at dpo@iffresearch.com