SMPL Research

Privacy policy

Who we are

    [SMPL Research] (“we”, “our”, “us”) are social research and evaluation agency. We are committed to protecting the privacy and security of personal data in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

    Our registered office is: Lime House, 75 Church Road, Tiptree, Essex, England, CO5 0HB

    Email: hello@smplresearch.co.uk

    We act as a data controller when we determine the purposes and means of processing personal data, and as a data processor when working on behalf of clients.

    What information we collect

    We may collect the following types of information depending on the nature of the research project:

    • Personal details (e.g., name, age, gender, contact details).
    • Demographic information (e.g., postcode, ethnicity, employment status).
    • Research data (e.g., survey responses, interview recordings, focus group discussions, evaluation notes).
    • Special category data (e.g., health information, ethnicity, or other sensitive data) where necessary and with explicit consent.
    • Technical information (e.g., IP address, browser type, cookies if using online surveys or digital tools).

    How we collect data

    We collect personal data through:

    • Surveys (online, paper, or telephone).
    • Interviews and focus groups.
    • Online engagement tools (e.g., video calls, digital diaries, voice notes).
    • Secondary data shared by our clients, where lawful and necessary.

    Participation in our research is always voluntary.

    Why we use personal data

    We process data for the following purposes:

    • To carry out independent research and evaluation.
    • To analyse results and produce anonymised reports.
    • To ensure diverse and representative participation.
    • To comply with legal obligations.
    • To improve our services and research practices.

    We will never use personal data for marketing or sales.

    Legal basis for processing

    We rely on the following lawful bases under UK GDPR:

    • Consent – where participants voluntarily agree to take part in research.
    • Legitimate interests – where processing is necessary for research purposes and does not override participant rights.
    • Legal obligation – where processing is required to meet statutory responsibilities.
    • Public task – where research supports work commissioned by public authorities.

    For special category data, we will only process with explicit consent or where processing is necessary for research purposes in the public interest (as permitted under Article 9 of UK GDPR).

    How we store and protect data

    • All digital data is stored securely on encrypted servers within the UK/EEA (or with providers compliant with UK GDPR adequacy decisions).
    • Hard-copy data (e.g., written notes) is stored in locked facilities with restricted access.
    • Audio or video recordings are transcribed and anonymised where possible.
    • Data is pseudonymised or anonymised at the earliest opportunity.
    • Access is restricted to authorised staff and project partners under confidentiality agreements.

    Data sharing

    We may share anonymised findings with clients, funders, and stakeholders.

    Personal data will not be shared with third parties unless:

    • Explicit consent has been obtained.
    • Required by law.
    • A third-party service provider is processing data on our behalf under strict data protection agreements.

    Data retention

    We retain personal data only as long as necessary for research purposes and in line with funder requirements. Typically:

    • Identifiable personal data: retained for up to 12 months after project completion.
    • Anonymised research data: may be retained for longer for reporting, archiving, or secondary analysis.

    All personal data is securely destroyed once no longer required.

    Your rights

    Under UK GDPR, you have the following rights:

    • Access – to request copies of your personal data.
    • Rectification – to request correction of inaccurate or incomplete data.
    • Erasure – to request deletion of your personal data.
    • Restriction – to request limits on processing.
    • Data portability – to request transfer of your data to another controller.
    • Object – to object to processing based on legitimate interests.
    • Withdraw consent – at any time, where processing is based on consent.

    To exercise your rights, contact us at hello@smplresearch.co.uk.

    Complaints

      If you are concerned about how your data is being handled, please contact us in the first instance.

      You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO): http://www.ico.org.uk.

      Updates to this policy

        We may update this Privacy Policy from time to time to reflect changes in law, guidance, or our practices. Any updates will be posted on our website with a revised effective date.