Privacy Policy

Effective as of September, 2025

About Us
FirstLight Insight Limited is an independent insight and strategy consultancy incorporated in England and Wales with a company registration number 16599183, and registered office in 4th Floor, Silverstream House/45, Fitzroy Street, Fitzrovia, London, W1T 6EB.

Our work involves gathering opinions, experiences, and perspectives through a variety of market research techniques.  We then transform these insights into meaningful strategies and creative solutions for our clients. 

Protecting the information we collect and use is fundamental to how we operate. FirstLight Insight Ltd may act as a Controller (independent or joint) or Processor when conducting our consultancy. This privacy policy sets out our approach to data protection in our research activities.

Our Commitment
Your privacy matters. At FirstLight Insight Ltd, we handle all personal data with care, transparency, and respect. This policy explains what information we may collect, how we use it, who we share it with, and the choices available to you.

We comply with:

  • The Data (Use and Access) Act, 2025

  • The UK General Data Protection Regulation (UK GDPR)

  • The Data Protection Act 2018

  • The Market Research Society (MRS) Code of Conduct

We will never sell your information or use it for marketing. Everything we do with your data is for legitimate research purposes only.

The types of personal data we collect
Depending on the project, we may process the following information about you:

  • Name and contact details (phone and email) for logistical purposes and in the event we need to re-contact you

  • Address, if any research is to be conducted in home

  • Bank details (if your incentive is paid through us with BACS)

  • Other demographic information such as profession, age and location

  • Product information you may have with one of our clients

  • Photos of you

  • Audio and video recordings of the market research sessions

We collect your information under the lawful basis of consent. So, we will only ever process personal information in the way you have agreed to. If we ever need to collect sensitive personal data (such as gender, ethnicity, political views, religious beliefs, health information, or sexual orientation), we’ll always ask for your explicit consent and explain exactly how it will be used and stored.

How We Collect It
We may receive your details directly from you, from a client you’ve engaged with, or from trusted recruitment partners/panels. We will always explain why your information is being collected and how it will be used before any research starts.

How We Use Your Data
Your data is used solely for research purposes, such as:

  • Inviting you to participate in studies

  • Conducting interviews, surveys, or workshops

  • Analysing responses to identify themes and insights

  • Producing anonymised findings for our clients

  • Sharing insights in reports, workshops, or creative outputs

We may record sessions (audio or video) to improve reporting.  These recordings are deleted 12 months after a project has ended unless we advise you otherwise at the start of the project.

Use of Artificial Intelligence (AI)

At FirstLight Insight Ltd, we sometimes use AI-assisted tools to help analyse and interpret research data. This may include tasks like:

  • Transcribing interviews or focus groups

  • Identifying recurring themes in qualitative responses

  • Supporting analysis of large datasets

Whenever AI tools are used, we ensure:

  • Your personal data is protected and anonymised where possible

  • Only secure, reputable providers are used

  • AI outputs are always checked and validated by a human researcher before being shared with clients

We do not use AI to make automated decisions about you, and your information is never shared with AI tools for marketing purposes.  Your personal data will not be used for training models.

Who We Share Your Data With

Your information may be shared with:

  • Recruiters and fieldwork partners (who help organise research)

  • Online platforms or research tools we use

  • Viewing facilities or streaming partners (if sessions are observed live)

  • Transcribers, editors, or technical partners (to process recordings or notes)

  • Our clients (only in anonymised form, unless you’ve consented otherwise)

All partners we work with are contractually required to meet all applicable data protection legislation, use your data only for research and to keep it secure.

Where else your personal data go?

During our research activities, it may sometimes be necessary to transfer your personal data outside the U.K. and EU to carefully selected partners and service providers. Some countries may have different data protection standards, which might not be as strict as those in the U.K. or EU.

We ensure that these organisations comply with data protection requirements and have adequate safeguards in place. Transfers are managed through mechanisms such as data processing agreements, standard contractual clauses, adequacy decisions, or other legal measures.

Additionally, our clients who receive personal data from research outputs may share it with other parties involved in the research, but only for research purposes.

How Long We Keep Your Data

  • Research data is usually kept for 12 months after a project has ended unless we advise you otherwise at the start of the project

  • Incentive records (for tax purposes) are kept for up to 7 years

  • Anonymised research outputs may be retained longer, but cannot identify you

  • Panel data: reviewed every 24 months

How We Protect It

  • Data is encrypted and securely stored

  • Access is limited to authorised people on a need-to-know basis

  • Secure transfer and destruction methods are used

  • Trusted partners (like recruiters, research platforms, and transcribers) are bound by strict agreements

Your Rights
You have the right to:

  • Access the information we hold on you

  • Correct or update your details

  • Withdraw consent or request deletion

Raise concerns or lodge a complaint with the Information Commissioner’s Office (ICO) using their contact details found at https://ico.org.uk/Review of this policy

We review this policy regularly and keep it up to date.  Last updated: September, 2025

Contact Us
For any questions, or to exercise your rights, contact:

DPC@firstlight-insight.com