GDPR/Data Protection Policy

GDPR/Data Protection: Fiona Smalley Research
Fiona Smalley: Micro Entrepise  SIRET 88833734200016

Last revised: April 2023


1. Introduction

Fiona Smalley Research (ME) is committed to protecting the privacy and personal data of individuals participating in qualitative market research. This GDPR/Data Protection Policy outlines our approach to data protection, including the collection, processing, storage, and transfer of personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.


2. Equivalency of data protection laws between the United Kingdon and the EU.

Recognising the equivalency of data protection laws between the United Kingdom and the European Union, Fiona Smalley Research acknowledges that the United Kingdom operates under the Data Protection Act 2018 which aligns with the principles and requirements set forth in the General Data Protection Regulation (GDPR). As a French-registered business working for UK-based clients, we ensure that the personal data collected from individuals in the United Kingdom is processed in accordance with both the GDPR and the Data Protection Act, providing an equivalent level of protection for personal data. Our data processing activities adhere to the applicable data protection laws of both jurisdictions to safeguard the privacy rights and personal data of individuals.


3. Data Controller

Fiona Smalley Research (ME) acts as the data controller for the personal data collected and processed during market research activities. As the data controller, we are responsible for ensuring that personal data is processed in accordance with the GDPR and relevant data protection laws.


4. Data Collection and Purpose

 4.1 Types of Personal Data

We collect and process personal data from individuals participating in qualitative market research. This typically falls into the following categories:

- Contact details: Participants' phone numbers and email addresses.

- Demographic information: Participants' ethnicity, family lifestage, and age band.

-Specific information related project objectives: purchasing habits, brand usage etc.

- Video footage: Participants may provide video footage as part of the research project.


4.2 Purpose of Data Collection

The personal data collected is used solely for the purpose of conducting qualitative market research projects. The data enables us to contact participants, gather insights, analyse findings, and deliver research reports to our clients. We do not use the data for any other purposes without obtaining explicit consent from the individuals concerned.


5. Lawful Basis for Data Processing

The lawful basis for processing personal data in relation to market research activities is based on the consent of the participants. Prior to collecting personal data, participants are informed about the purpose of the research, the types of data collected, and their rights regarding their personal data. Participants provide their explicit consent to participate and to the processing of their personal data for the specified purposes.


6. Data Storage and Retention

6.1 Data Security

We implement appropriate technical and organisational measures to protect the personal data we collect and process. These measures ensure the confidentiality, integrity, and availability of the data, guarding against unauthorised access, disclosure, alteration, or destruction.


6.2 Data Retention

Personal data collected during qualitative market research is retained for the minimum necessary period to fulfil the research project's objectives and any legal or contractual obligations. After this period, the data is securely deleted or anonymised.


7. Data Transfers

7.1 Transfers to the UK

As a freelance market research professional based in France, processing data of individuals based in the UK, we acknowledge that the UK has withdrawn from the European Union. We ensure that any transfers of personal data to the UK are carried out in compliance with applicable data protection laws, including the use of Standard Contractual Clauses or other approved transfer mechanisms.


8. Participants' Rights

We respect the rights of individuals regarding their personal data. Participants have the right to access, rectify, erase, restrict processing, object to processing, and data portability, as provided under the GDPR. We provide appropriate mechanisms for participants to exercise these rights and respond to any requests in a timely manner.


9. Data Breach Notification

In the event of a personal data breach, where there is a risk to the rights and freedoms of individuals, we will promptly notify the relevant supervisory authority and affected individuals, as required by the GDPR.


10. Updates to the GDPR/Data Protection Policy

This GDPR/Data Protection Policy is regularly reviewed and updated to ensure ongoing compliance with data protection laws and changes in our business practices. Any updates will be communicated to participants and made available on our website.


If you have any questions or concerns regarding our GDPR/Data Protection Policy or the processing of your personal data, please contact us at