top of page

Privacy Policy

Privacy notice

 

Who we are

 

Somatic Footsteps Research and Evaluation (“we”, “us”) provides research and evaluation services.  You can contact us at contact@somaticfoosteps.org.

 

How to contact us about data protection

 

For any questions about this notice or your data rights, email contact@somaticfootsteps.org.

 

What data we collect

 

We only collect the minimum personal data needed to deliver our services and run our business.

  • Enquiries and clients: name, role, organisation, email, phone, correspondence, project brief, billing details.

  •  Research participation: only what is necessary for the study (for example, interview recordings/transcripts, notes, survey responses, consent records).

  • We avoid collecting direct identifiers unless essential and approved by you and/or your organisation.

  • Website: basic technical logs (IP address, browser type, pages visited, time and date). If you enable analytics or cookies, see “Cookies and analytics” below.

  • Suppliers/associates: contact details, CV/credentials, contracts, payment information. Special category data (e.g. health, ethnicity, experiences of trauma) is only processed if it is strictly necessary for the research purpose, with an appropriate lawful basis and safeguards (see section 5) and with explicit consent where required.

 

Why we collect it (purposes)

 

  • To respond to enquiries and deliver commissioned work.

  • To design and conduct research/evaluation, including scheduling, fieldwork, analysis and reporting.

  •  To manage our relationship with clients, participants, suppliers and associates.

  •  To meet legal, financial and insurance obligations and maintain our records.

  •  To improve our services and website.

Our lawful bases

 

We use these UK GDPR bases, depending on the context:

 

• Contract: to take steps at your request before entering into a contract and to perform a contract with you (e.g. scope, deliver, invoice a project).

• Legitimate interests: to operate and secure our business; to communicate with clients and prospective clients; to manage suppliers; to keep necessary records; to protect our legal rights. We balance our interests against your rights and expectations.

• Consent: for optional activities (e.g. mailing lists) and, where required, for participation in research and for any special category data. You can withdraw consent at any time.

• Legal obligation: to meet obligations under tax, accounting and other laws. For research containing special category data, our additional condition is usually explicit consent (UK GDPR Art. 9(2)(a)), and where relevant the research condition in the Data Protection Act 2018 Schedule 1 Part 1(4), with appropriate policy and safeguards.

 

How we collect data

 

• Directly from you by email, phone, web forms, video calls or in interviews/surveys.

• From your organisation when you are a commissioning contact or research participant (with appropriate information sharing).

• From publicly available sources relevant to B2B contact (e.g. organisational websites, professional directories).

• Automatically via our website (technical logs; see cookies).

 

What we do—and don’t do—with your data

 

• We use personal data only for the purposes described above.

• We do not sell your data.

• We may share limited data with trusted processors who help us deliver our services (e.g. secure survey tools, transcription, cloud storage, email, accountants). They act under contract, follow our instructions and must protect your data.

• Research outputs are anonymised unless you have explicitly agreed to be identified. We aggregate findings and remove direct identifiers wherever possible. International transfers: Some service providers may process data outside the UK/EEA (for example, cloud/email). Where this occurs, we ensure an appropriate safeguard is in place (e.g. UK IDTA/Standard Contractual Clauses, adequacy decision, or approved certification) and assess risks before use.

 

How we keep data secure

We use proportionate technical and organisational measures, including:

 

• Access control and least‑privilege on devices and accounts.

• Encrypted storage and transmission where supported.

• Pseudonymisation/anonymisation of research data as early as practical.

• Processor due diligence and data processing agreements.• Regular backups and security updates.

 

How long we keep data

 

We retain personal data only as long as necessary for the purpose collected.

 

• Enquiries: up to 12 months after last contact.

 

• Client/project files: normally 6 years after project close (to meet contractual, audit and legal requirements).

 

• Research source data: retained per protocol/contract; typically up to 5 years for audit/verifiability, or shorter where agreed; special category data is minimised and anonymised where possible.

 

• Financial records: 6 years plus current year, as required by law. When retention expires, we securely delete or anonymise data.

 

Your rights

 

You have the right to:

 

• Access your personal data and receive a copy.

• Rectify inaccurate or incomplete data.

• Erase data (where applicable).

• Restrict or object to processing (particularly where based on legitimate interests).

• Data portability (for data you provided to us where processing is based on consent or contract and carried out by automated means).

• Withdraw consent at any time (where processing relies on consent).To exercise your rights, contact contact@somaticfoosteps.org. We will respond within one month. You also have the right to complain to the ICO.ComplaintsIf you have concerns, please contact us first at contact@somaticfoosteps.org. You can also contact the UK Information Commissioner’s Office: ico.org.uk, 0303 123 1113, or Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.

 

Children

 

Our services are directed to organisations and adult participants. We do not knowingly collect children’s data. If a project requires work with under‑18s, it will follow specific ethics, consent and safeguarding protocols agreed with the commissioner.

 
Updates to this notice

 

We may update this notice to reflect changes to our services or the law. Changes apply from the date posted here. We recommend checking this page periodically. Last updated: 02/06/2026

bottom of page