Privacy policy

1. INTRODUCTION

Caledonia Market Research Ltd is an independent market research company, incorporated and registered in the UK with company number SC250815 and registered company address at C/O Goldwells (Argyll)/Wm Duncan & Co, The Old Surgery, School Road, Tarbert, Argyll. PA9 6UL.

We are registered with the ICO under registration number: Z2913192

We respect the privacy of all our clients, research participants, suppliers and users of our website and are committed to protecting your personal information. We are committed to compliance with UK data protection laws, regulation and rules. This policy adopts the fundamental principles of the UK General Data Protection Regulation (“GDPR”), the Data Protection Act 2018 and the Data Use and Access Act 2025 as the minimum standard to which Caledonia Market Research, its employees, associates and suppliers will have to adhere to.

This privacy policy explains how we collect, use and protect your personal information when you use our website (www.caledoniauk.com), or have contact with us either as a research participant, a potential participant, a client or a business contact. It also highlights how we protect your personal data and your rights to access, correct or delete it.

Caledonia Market Research is the data controller (referred to as “we”, “us” or “our” in this privacy policy).

If you have any questions about this policy or how we handle personal data, you can contact us at:
• Email: research@caledoniauk.com
• Postal address: Caledonia Market Research Ltd, C/O Goldwells (Argyll) / Wm Duncan & Co, The Old Surgery, School Road, Tarbert, Argyll, PA29 6UL

You also have the right to contact the Information Commissioner’s Office (ICO): www.ico.org.uk.

2. WHAT PERSONAL DATA WE COLLECT ABOUT YOU

Personal data means any information capable of identifying an individual. It does not include anonymised data.

The personal data we collect about you will vary depending on the purpose of our interactions with you (e.g. as a new client, as a research participant, as a supplier to our business). We may collect information such as:

• Contact data such as name, telephone, postal address, email address
• Demographic data such as your age, gender, job title, company
• Image and/or voice captured through authorised video or audio recording (as part of a research project)

Special category personal data

We do not routinely collect or process special category personal data (such as information relating to health, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, or data concerning sex life or sexual orientation). If such information is ever required as part of a research project or provided to us voluntarily, we will only process it where one of the permitted conditions applies under the UK GDPR. In most cases, this would be based on your explicit consent, which we will request clearly and separately, explaining the purpose and how the information will be used. You may withdraw your consent at any time, and we will stop processing this data unless we have another lawful basis to retain it or are required to do so for legal reasons.

3. HOW WE COLLECT INFORMATION ABOUT YOU

There are various channels through which we might collect information about you:

• When you provide us with information directly via email or telephone or in person
• Through our website, if you decide to get in touch through our ‘contact us’ form
• Through information from our clients where they require us to contact you on their behalf for a market research project (with your permission)
• Through market research projects we conduct which you take part in, such as online surveys, focus groups or interviews.
• Through publicly available sources, for example, Companies House, the Electoral Register and LinkedIn

Where we receive your information from a client or third party for the purpose of research participation, we will provide you with this privacy notice at the earliest opportunity — typically at first contact — to ensure you are aware of how your data will be used.

Please note that any person under the age of 16 should not disclose any personal information to us without the prior permission of a parent or guardian.

4. WHAT WE DO WITH THIS INFORMATION

Depending on the nature of the project, we may act as either a data controller or a data processor on behalf of a client. Where we act as a processor, we only process personal data in line with the documented instructions of the client who remains the data controller. We enter into appropriate data processing agreements with clients to ensure GDPR-compliant protection of personal information.

Your personal data will be treated as strictly confidential and used only by us to contact you in relation to the business services we offer, for potential or actual participation in a market research project and to respond to any queries you may have.

For market research projects, we would generally contact you for one of the following purposes:

• To invite you to participate in research.
• To confirm the details of research you have agreed to take part in.
• To conduct research with you.
• To validate answers/views you gave in a recent research we conducted (if you have consented to us doing so).
• To update and to ensure that our records of your personal information are correct (applicable to those consenting to being part of an ongoing community or panel).
• To notify you if you have won a prize draw that we administered or to provide you with an incentive for taking part.

The personal information we collect in market research projects is combined with the responses/views/opinions of others who participated in the same research and reported back anonymously to the client who commissioned the study, unless you have explicitly given permission to be identified.

Where research participants receive an incentive or prize, we may need to collect payment details (such as bank details or email for electronic vouchers) solely for this purpose. These details are used only to administer incentive payments and are deleted within 30 days of payment unless required for financial record-keeping.

5. DISCLOSURES OF YOUR PERSONAL DATA

We may have to share your personal data with the parties set out below:

• Government bodies that require us by law to report processing activities.
• Research associates with whom we might work on specific market research projects. We only allow such associates to process your personal data for specified purposes in accordance with our instructions and with the law.
• Suppliers of survey/research incentives where express consent has been given by the research participant.
• Service providers who provide our company with IT and system administration services.
• Professional advisers including lawyers, bankers, auditors and insurers.

Where we use third-party service providers to support our business (such as IT support, or panel recruiters), they act as data processors on our behalf. We ensure that such parties are bound by written data processing agreements requiring compliance with UK GDPR and confidentiality obligations.

We do not disclose any personal information you give us to other third parties without your explicit consent.

6. THE LEGAL BASIS FOR PROCESSING YOUR INFORMATION

As part of the General Data Protection Regulation (GDPR), one or more of the following lawful bases will be relied upon for using your data:

Your consent: where you have provided your explicit consent for us to use your personal information in a certain way (for example, if you have taken part in an online survey we have conducted and you then provide your contact details to enter the free prize draw, your permission for us to contact you about participation in further, specified research we are conducting, for the collection of special category data).
Legitimate interest: where there is a legitimate interest in us doing so if it is reasonably necessary in order to achieve our or others’ legitimate interests (as long as that processing is fair, balanced and does not unduly impact your rights). We carry out and document Legitimate Interests Assessments (LIAs) where appropriate.
To comply with a legal obligation: if we are required to share your personal information with regulatory bodies which govern our work and services.

7. HOW WE KEEP YOUR PERSONAL DATA SAFE

We take data security risk very seriously and have put in place security measures to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed without authorisation.

We will only allow access to your personal data to those employees and partners who have a business need to know such data. They will only process your personal data on our instructions and they must keep it confidential.

We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach if we are legally required to. In the unlikely event of a data breach, we will notify the ICO without undue delay and, where feasible, within 72 hours of becoming aware of it. If the breach presents a high risk to your rights and freedoms, we will also inform you directly.

We have put managerial procedures in place to ensure all internal staff and associates safeguard and secure any personal information we obtain, use and store.

We have also taken considerable measures to protect our electronic handling of personal data, for example, using:

Cyber Essentials Scheme: we are certified under this government-backed scheme.
Secure storage and transmission: encryption in transit and at rest where possible; secure file-sharing tools (e.g. Microsoft Sharepoint); minimal use of email for sensitive data; secure destruction of paper records.
Device and system security: up-to-date operating systems and security patches; anti-malware tools (MalwareBytes); encrypted laptops (Bitlocker) and mobile devices used for work.
Access control and authentication: unique user accounts; least-privilege access; strong passwords and (where supported) multi-factor authentication.
Confidentiality commitments – NDAs and confidentiality clauses in staff and contractor agreements.

8. HOW LONG WE KEEP YOUR PERSONAL INFORMATION FOR

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, taking into account:

• Contractual requirements with clients;
• Limitation periods for legal claims;
• Information Commissioner’s Office (ICO) guidance on retention; and
• Small-business legal recommendations for core record retention.

The specific retention period may vary depending on the nature of the data and the context in which it is processed — for example, research project data may be retained for a defined period to allow analysis and reporting, after which it will be anonymised or securely deleted. Where we rely on consent to process information, we will retain it only until consent is withdrawn or the stated purpose is complete. We review the personal data we hold periodically and securely delete or anonymise data that is no longer needed. You may contact us at any time for a copy of our Data Retention Policy which outlines how long we keep your information or to request deletion where legally permissible.

When deciding what the correct time is to keep the data for we look at its amount, nature and sensitivity, potential risk of harm from unauthorised use or disclosure, the processing purposes, if these can be achieved by other means and legal requirements.

For tax purposes the law requires us to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they stop being customers.

9. YOUR LEGAL RIGHTS

Under UK data protection laws you have rights in relation to your personal data that include the right to be informed, to request access, correction, erasure, restriction, transfer or portability of data, to object to processing, to withdraw consent (where the lawful ground of processing is consent) and to complain to the Information Commissioner.

You can see more about these rights at:
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
If you wish to exercise any of the rights set out above, please email us at: research@caledoniauk.com
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive or refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We aim to acknowledge all data subject requests within 48 hours and complete all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you.

If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We should be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.

10. COOKIES

“Cookies” are small text files that allow websites to store and retrieve information about you from your computer system.

Our website uses cookies to improve the user experience. Our website uses cookies and similar technologies only where they are necessary for the proper functioning and security of the site (for example, to remember your cookie preferences). We do not use any analytics, tracking or marketing cookies.

When you visit our website for the first time, you will see a cookie notice asking you to confirm whether you accept cookies. As we only use essential cookies, declining them may mean that certain basic features will not function correctly. You can change your cookie preferences at any time by clearing cookies in your browser settings.

Strictly necessary cookies may be session-based (deleted when you close your browser) or persistent (remaining for a defined period to remember your preferences). We keep cookie durations to what is operationally necessary.

11. LINKS TO OTHER WEBSITES

Our website (www.caledoniauk.com) may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

12. REVIEW OF OUR PRIVACY POLICY

We keep our privacy policy under regular review and we will place any updates on this webpage. This privacy policy is effective from 1 December 2025.

©Caledonia Market Research LTD

 

MRS logo

 


CONTACT US
PRIVACY POLICY
COOKIE POLICY

© Caledonia Market Research LTD 2026. All rights reserved.
Registered UK company number SC250815
VAT registration number 860 6428 20
phone-icon
07802 816478
phone-icon
research@caledoniauk.com