Privacy Notice
Who we are
Navigator Insight Ltd (referred to hereafter as Navigator) is a Market and Social Research Company based in the UK. Navigator unites Blue Marble, Pye Tait and Qa Research and our company registration is 3186539. We are part of the EMB Group and our registered address is 5 Merus Court, Meridian Business Park, Leicester, LE19 1RJ. Our postal address is Merchant House, 11a Piccadilly, York, YO1 9WB. We are a Company Partner of the Market Research Society and are registered to ISO 20252 (The International Standard for market, opinion and social research including insights and data analytics).
Our sole activity is conducting research projects in response to the needs of our diverse range of clients, which come from the public, private and third (charity) sectors.
In most cases our client will be the Controller for the research and we will be acting as a Processor, acting on their instructions.
Participation in the research we conduct is always entirely voluntary. This Privacy Notice outlines the processes and procedures we follow when collecting and using personal data for research projects, including processing personal data for quality control purposes.
The personal data we collect
For every research project we undertake, we take care only to collect information that is needed for that research. We will never use the information you provide for any purpose other than research, and you will not be adversely affected by taking part.
We will collect your views and opinions about the subject we are researching. We never sell, promote or market any products and services provided by our clients.
We may also ask you for sensitive personal information about yourself (for example; your gender, age and postcode, ethnic background or origin, religious or philosophical beliefs, health, trade union membership, political beliefs, sex life or sexual orientation). Usually, you don’t have to answer any question we ask if you don’t want to. However, for some research projects we need an answer to some questions to be able to include your views in the research. If this is the case we will let you know at the start, so you can decide if you want to take part or not.
If we ask you to give us your name and contact details, we will always explain what they will be used for at the time we collect them and obtain your permission to use them for that purpose. We’ll also ensure they are only used for that purpose.
The main reasons we would ask for your name and contact details are as follows;
-
To record your consent to take part in the research
-
For quality control purposes so we can check the work of our interviewers
-
To administer prize draws or incentives, (if offered as a thank you for the time you take to participate in a research project)
-
To invite you to take part in further research
-
So our client can contact you to resolve a specific issue or cause for dissatisfaction you have raised.
If you take part in an online survey, we collect your IP address which may be used for quality control purposes.
The lawful basis for collecting your data
Under the General Data Protection Regulation (GDPR)or EU General Data Protection Regulation 2016/679 (together referred to throughout this notice as the "GDPR"), there are 6 lawful bases that can be used to legally collect personal data. For our research projects we will generally rely on consent, legitimate interest or public task/public interest as the lawful basis for data collection. However, each project differs, so the lawful basis will be made clear to individuals on a project-by-project basis in an accompanying privacy notice.
Where Navigator uses personal data for the purpose of quality control, the lawful basis is legitimate interest.
Other data we may hold about you
We may hold data about you that you have not provided directly to Navigator, as follows;
-
If you have an existing relationship with one of our clients and they have provided your details so we can invite you to take part in research (for example, a company you’re a customer of). To do this, the client will be legally allowed to pass on your data and we will confirm this with them.
-
If we purchase a database of contacts from a commercial sample provider. We might do this so we can call people to take part in a survey by phone. Again, contact details will only be provided to us where there is a lawful basis for doing so.
-
Your telephone number may have been randomly generated or your address taken from publicly available sources. In these situations, we don’t hold any personal data about you or anyone in your household.
How we use your data
We use your personal data in the following ways:
-
For research purposes, including analysing data and writing research reports for our clients.
-
To re-contact you or store data for quality control purposes, so we can check the interviewer was polite, clarify answers you have given, or check the interviewer has followed the instructions they were given.
-
To check the interviewer interviews different people to the previous year (only for repeat annual surveys for the same client).
-
To administer prize draws or incentives (if offered for the research you took part in).
-
To re-contact you to take part in further research (if you gave your permission when we first contacted you).
We always explain how your data will be used at the time we invite you to take part in the research, including confirming that the research is anonymous or confidential; in most cases our client will not know who took part in the research.
If we want to re-contact you for a specific purpose at a later date, we always ask your permission at the time you take part in the research and will only contact you for that purpose.
We use the data we collect about you to undertake genuine research. As soon as possible, we will anonymise your data by removing anything that could identify you. We usually report research findings in an anonymised (it will not be possible to identify you) and aggregated (which means mixed in with the views of many other people) format.
On some occasions, we may ask for your permission to identify you to our client, but we will explain why we want to do this and we will only identify you with your permission.
Access to your personal data is strictly controlled and limited to Navigator employees on a need-to-know basis.
Call recording
If you have been contacted by phone, all calls are recorded from the moment the call is connected. Once we have explained our reason for calling you (to carry out research) and you have expressed an interest in taking part, we ask for your consent to recording the rest of the call. Recordings will only be used for the following purposes:
For quality control purposes – We record calls for quality control purposes so that we can check the work of our interviewers, to ensure they are following the MRS Code of Conduct, and to comply with the requirements of ISO 20252, (the International Standard for market, opinion and social research, including insights and data analytics) to which Navigator is registered. Hence the legal basis for processing this personal data is our legitimate interest.
For research purposes – If we need to record your interview for research purposes, we will explain how the recording will be used and who will have access to it and ask for your consent to the recording. The recording will only be used for the purpose you consented to, and will not be passed on to our client or any other third party unless you gave your consent.
Participant data base
If you are recruited by one of our interviewers to take part in discussion at a focus group or deliberative event, we keep a record of the date, your name and telephone number, along with the recruiter’s name. We only use this information to make sure the recruiter has followed the instructions we give them about how to find people to take part in the research. It is not used for any other purpose and it is not shared with any other organisation. Navigator is the Controller for this data, and the legal basis for processing is legitimate interest.
How we process your data
Data is processed/stored on encrypted systems on-premises and hosted cloud services such as Microsoft 365 and Zoom. You can request a list of our sub processors from us using the contact details below.
As such, some data will either be in UK and EU data centres or on US based servers. We may also process limited data in countries outside the UK or European Union from time to time in other aspects of our business.
If your data is transferred or processed outside of the UK or EEA where adequacy decisions are not in place, we ensure the safeguards of International Data Transfer Agreements (IDTAs) or Addendums are enforced.
If your data is transferred or processed outside the UK or EEA where adequacy regulations or decisions are not in place, we ensure relevant safeguards are in place to protect such transfers.
We will ensure an appropriate UK International Data Transfer Agreement (IDTA) or EU-approved Standard Contractual Clauses with UK Addendum (plus supplementary measures) are entered. For data transfers to the USA, we may rely on the UK Extension to the EU-US Data Privacy Framework (DPF) if the data receiver is signed up to the Framework.
If you accept an offer of a Vex eGift Card (voucher) as an incentive to take part in research, your data is processed in the United States by Voucher Express and is safeguarded under the UK Extension to the DPF. The Voucher Express privacy notice can be viewed here: Privacy Policy – Voucher Express. We regularly review suppliers for data security compliance to ensure your data is safe and track where your data is held. All our processes are subject to various internal policies to ensure your data privacy and security are upheld.
Use of large language models “LLM” / artificial intelligence “AI”
We utilise AI tools for a variety of purposes including transcription of participant sessions and analysis of responses as part of a project.
For example, we sometimes utilise CoLoop as a primary content analysis tool. We have nominated that data is stored in the UK, however, some of this processing occurs in the USA. You can see their sub processors here: Trust Center – CoLoop
If we do use an AI tool for the purposes of research and analysis, your data will not be processed for the purposes of machine learning and the data will be encrypted in transit and at rest. We remove data from locations outside of the EU and UK following the completion of a project or sooner.
All LLMs in use go through a strict review process including a Data Protection Impact Assessment (DPIA) that complies with advice from the Information Commission.
Sharing your data with others
There are some very limited circumstances under which we would share your personal data with third parties, as follows;
-
We may employ the services of a mailing house to print and post out large postal mailers or surveys – your name and address would be supplied to them for this purpose only.
-
If we offer you a Vex eGift Card as an incentive to take part in research and you accept this offer, we may upload your email address to the Vex Rewards Platform to send you your eGift Card. You will also need to provide delivery details directly to Vex when you redeem your eGift Card.
-
Other circumstances where this is deemed necessary for the successful completion of a research project.
In these circumstances the third party would act as a Processor to Navigator and a sub-contractor agreement would be in place to confirm that they are dealing with personal data legally.
How long we will keep your data for
We will only keep your personal data for as long as we need it, then we will securely delete or destroy it.
When a client shares your personal data with us so we can invite you to take part in research, or we purchase a database of contacts from a commercial sample provider, we delete this data within four months of completing the research project.
We keep personal data collected for research purposes (including completed questionnaires and audio recordings of in-depth interviews and discussion groups) for 12 months after completion of the research project, in line with the requirements of ISO: 20252, the International Standard for Market and Social Research to which Navigator is registered.
IP addresses collected when you take part in an online survey are kept for 12 months after completion of the research project.
Call recordings made for quality control purposes will be deleted within 4 months of the date of the call.
Personal data in our participant database is kept for two years and then deleted.
If you have contacted us to request that you are not contacted again by Navigator, we will keep a record of your contact details so we can exclude you from our future research projects, where it is possible to do so. If we do not do this we may contact you inadvertently against your wishes.
Your rights under GDPR
Individuals have certain rights under GDPR over their personal data and Controllers have a responsibility to fulfil these rights.
In some , Navigator will be the Controller (or Joint Controller) for an individual research project, but in most cases we will be acting as a processor and our client would be the controller. For each project, we will clearly specify who the controller is, so you know who to contact to exercise your rights.
Navigator is the Controller for any personal data we use for quality control purposes.
The rights of individuals under GDPR are explained below. Different rights apply to individual research projects, depending on the legal basis being used for the research. So which rights apply to you will be made clear in a privacy information notice for the research project you have been asked to take part in. This notice will be made available to you when you are invited to take part in research or at an appropriate point in the interview.
An individual’s rights under GDPR are;
-
Right to be informed – you have the right to be informed about the collection and use of your personal data. We will always explain how your data will be used.
-
Access to personal data – a right to get copies of personal data we hold about you (commonly known as making a ‘subject access request’).
-
Rectification of personal data – a right to have any personal data we hold about you corrected if it is inaccurate.
-
Erase personal data (‘right to be forgotten’) – a right to have personal data deleted applies in certain circumstances. It automatically applies when the lawful basis for processing your data is consent and you withdraw your consent. When the lawful basis for processing is the legitimate interest of Navigator, you have the right to object to our use of your data. We must consider your objection and if your interests outweigh our legitimate interest, we must delete your data.
-
Restrict processing – If you are concerned about the accuracy of your data or how it is being used you have a right to limit the way your data is used.
-
Object to processing – a right to object to the use and storage of your personal data. Where the lawful basis is legitimate interest, you do not have to give a reason for your objection.
-
Withdrawal of consent – if we are processing your personal data on the lawful basis of having your consent to do so, you have a right to withdraw this consent and any personal data will be deleted from any research study or research database in which you are identifiable. You can withdraw from any research study you take part in up until the time we analyse the data. If you withdraw after this, your responses will be included in the research study, but we will delete any personal data we hold about you.
-
Data portability – a right to obtain and reuse your personal data for your own purposes across different services.
-
Not be subject to decision making based on automated processing – Decisions about you as an individual are not made using the data we collect (decision making based on automated processing is not a research purpose)
-
The right to register a complaint with the Controller of your personal data if you believe it has been mishandled or processed unlawfully (UK only).
We will respond to your request within legal time limits and in line with current data protection legislation. Normally,
we will not charge for the fulfilment of your rights and would only do so when legally entitled to.
How we keep your information safe
We use a wide range of technology to ensure that any personal data we hold is processed, stored and transferred in a secure way. This includes encryption, password protection and limiting access to personal data to key staff only.
We hold Cyber Essentials certification and we regularly review our processes, hardware, software and policies to ensure we process personal data securely.
How to contact us
If you would like to exercise your statutory data protection rights, or if you have any concerns or questions about how we handle Personal Data, please contact us at dataprotectionenquiries@emb-group.co.uk.
We use Evalian Limited, specialists in data protection, information security and cyber security as our Data Protection Officer, to ensure we fulfil our data protection responsibilities.
We will respond to your request within legal time limits and in line with current data protection legislation. Normally, we will not charge for the fulfilment of your rights and would only do so when legally entitled to.
For further information about Market Research and to confirm that we are a bona fide market research company you can contact the Market Research Society on their Freephone number 0500 39 69 99.
Your right to make a complaint
We take our responsibilities in relation to personal data very seriously, so if you have any concerns or a complaint about how we process your data, please contact us as we would appreciate the opportunity to address them in the first instance.
Once you have exhausted our internal complaints procedure, you have the right to make a complaint to the Information Commission (IC) if you still believe we are mishandling or unlawfully processing your personal data.The ICO can be contacted at ico.org.uk or by calling 0303 123 1113.
Last updated: 27 February 2026