Privacy Notice

Last updated: 13/02/2026

Folk Research Ltd (“Folk Research”, “we”, “us”, “our”) is an independent research agency. We carry out research on behalf of organisations to understand people’s experiences, opinions, and behaviours.

This notice explains how we use personal data when you take part in our research.

1. Who we are

Data Controller: Folk Research Ltd
Email: matt@folkresearch.com

We are responsible for deciding how your personal data is used in our research projects.

2. Why we collect your information

We collect and use personal data so we can:

  • Recruit suitable participants for research studies

  • Organise and run interviews, groups, or online communities

  • Provide incentives/payments for participation

  • Analyse research findings and produce reports for our clients

  • Keep research records where required for quality and audit purposes

We only collect information that is relevant and necessary for the research.

3. What information we may collect

Depending on the project, we may collect:

 Contact & recruitment details

  • Name

  • Email address

  • Phone number

  • General location (e.g. city or region)

  • Basic background information (such as age range, job role, or household details) to ensure a good mix of participants

Research data

  • Your opinions, experiences, and feedback shared in interviews, groups, diaries, or online communities

  • Audio or video recordings (where you have been told about this in advance)

  • Written responses, chat messages, or community posts

  • Research notes and transcripts

Incentive information

If we pay you for taking part, limited information needed to arrange payment may be processed via our incentive payment provider – typically this is Ayda.

We try to avoid collecting more personal data than we need. Where possible, we separate your contact details from your research responses and use participant ID numbers instead of names. 

4. Lawful basis for using your data

Under UK data protection law, we rely on the following lawful bases:

  • Consent – for taking part in research activities and for recordings where used

  • Legitimate interests – to organise research, manage projects, prevent fraud, and keep appropriate business and audit records

  • Legal obligations – where we are required to keep certain financial or tax records

If we collect any special category data (such as health information or ethnicity), we will make this clear to you and explain why it is needed. This is usually processed with your explicit consent for research purposes.

5. How your data is used in research outputs

Your personal identity is not normally shared with our clients.

Reports, presentations, and other outputs are designed so that:

  • Participants are not named

  • Quotes are anonymised or use pseudonyms

  • Information that could directly identify you is removed wherever possible

In rare cases where a client needs access to more detailed material (for example, to observe a session or review recordings), we will make this clear in advance.

6. Who we share your data with

We may share personal data with trusted suppliers who help us deliver research projects, such as:

  • Participant recruiters

  • Transcription services

  • Research platforms (for example, online community or diary tools)

  • Incentive payment providers

These organisations are only allowed to use your data on our instructions and must keep it secure.

We use secure business systems (such as Microsoft 365) to store and manage research data. 

7. International data transfers

Some of the research tools and service providers we use may store data outside the UK. Where this happens, we ensure appropriate safeguards are in place, such as approved contractual clauses, to protect your information.

8. How long we keep your data

We keep personal data only for as long as necessary for research and operational purposes.

Typical retention periods are:

  • Recruitment contact details: deleted within 3 months after fieldwork ends

  • Audio/video recordings: deleted within 6 months after the final research deliverable

  • Transcripts and research notes (usually pseudonymised): deleted within 12 months

  • Incentive payment details: deleted as soon as practical after payments are completed and accounts are reconciled

Final anonymised reports may be kept for longer for our records, but these do not identify individual participants.

9. How we keep your data secure

We use a combination of technical and organisational security measures, including:

  • Restricted access to project data

  • Multi-factor authentication on our systems

  • Encrypted devices and secure cloud storage

  • Secure file sharing rather than open email attachments

  • Procedures for handling and deleting data safely

10. Your rights

 Under UK data protection law, you have the right to:

  • Access the personal data we hold about you

  • Ask us to correct inaccurate information

  • Ask us to delete your data (in some circumstances)

  • Restrict or object to certain types of processing

  • Withdraw consent at any time (this will not affect processing already carried out)

  • Complain to the Information Commissioner’s Office (ICO) if you are unhappy with how we use your data

To exercise any of these rights, contact us using the details below.

11. Contact us

If you have any questions about this notice or how your data is used, please contact:

Folk Research Ltd
Email: matt@folkresearch.com

You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO):
https://www.ico.org.uk