Our Privacy Notice
Protecting your privacy | January 2026 | V4.0
Latenta Ltd, trading as Latenta, is a company registered in England (no: 08481027). Our registered address is 18 Dane House, Exeter Place, London, UK, SE26 6AE. References in this Privacy Notice to ‘we’, ‘us’ or ‘our’ mean ‘Latenta’. Information about Latenta and our services can be found on our website, www.latenta.com.
Latenta is a ‘data controller’ for the purposes of the Data Protection Act 2018 (‘DPA 2018’) and the UK General Data Protection Regulation (‘UK GDPR’). We are registered with the Information Commissioner’s Office (ICO), registration number ZB596915. Where we process personal data on behalf of our clients pursuant to their instructions, we act as a 'data processor' and our clients act as the 'data controller'.
Our Data Protection Officer (DPO) can be contacted via: dpo@latenta.com.
This Privacy Notice contains important information about who we are and how and why we collect, store, use and share personal information. It tells you about your data subject rights and how to contact us and/or the UK Regulator if you have a complaint.
We are committed to respecting and protecting your privacy. This Privacy Notice will answer any questions about our processing activities. If not, please contact us using any of the methods shown below in the “How Do I contact you?” section.
In this Privacy Notice, “personal information” (also referred to as "personal data") has the meaning given in Article 4(1) of the UK GDPR, namely any information relating to an identified or identifiable natural person ('data subject'). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
The UK GDPR defines special categories of personal data as information about a person’s race and ethnicity, religious or philosophical beliefs, trade union memberships, political opinions, genetic data, biometric and health data, and information concerning a natural person’s sex life or sexual orientation.
Criminal offence data is information relating to criminal convictions and allegations of criminal activity. This includes information disclosed by the Disclosure and Barring Service (DBS) under the Government’s employment vetting scheme.
GDPR. At least one of these must apply whenever we process personal information:
Conditions to process special category personal data
We rely on the following conditions (as appropriate) under Article 9 of the UK GDPR to process special categories of personal data:
We collect the least special category data possible for our processing purposes.
Our policies and procedures cover the processing of special category data, and all processing activities involving the processing of special category personal data are listed in our ‘Record of Processing Activity’.
Further legal controls are applied to the processing of criminal offence data. Such data is processed under the substantial public interest conditions listed in Schedule 1, DPA 2018.
The law requires us to
If you choose to participate in one of our surveys, we may collect personal information about your lifestyle, opinions, behaviours, needs, and priorities. This information may include demographic information, such as your age, gender, location, and media and aesthetic preferences. While we design our surveys to collect data in a manner that protects your identity, the data collected may not be fully anonymous at the point of collection. We will pseudonymise your data by separating direct identifiers from survey responses, and subsequently anonymise aggregated data sets where technically feasible and appropriate for the research purposes.
We may also collect information about your device, including its IP address, device type, operating system, and browser type, to prevent duplicate responses, ensure we have a diverse range of respondents from designated countries or regions, and to maintain the integrity and security of our surveys. IP addresses are considered personal data under UK GDPR and will be processed in accordance with the lawful bases set out in this Privacy Notice.
We may also collect your personal information if you apply for a job with us or use one of our products. This information may include, but is not limited to, your name, address, telephone number, email address, and date of birth.
We use your personal information for the following purposes:
We use your personal information to send you surveys and request feedback based on our legitimate interests in conducting market research and improving our services. These messages will not include any fundraising requests or direct marketing. Where we have obtained your contact details in the course of providing our services or where you have otherwise provided them to us, we may send survey invitations without prior consent, provided you have been given a clear opportunity to opt out of such communications, both when your details were initially collected and in each subsequent message.
Your responses are collected and processed in compliance with the UK Data Protection Act 2018 and UK GDPR. We also adhere to the Market Research Society’s Code of Conduct and Fair Data Principles as industry best practice standards. Your responses are used for statistical and analytical purposes to generate insights for our clients and to improve research methodologies.
It is in our legitimate interest to send these messages as doing so is helping us render or improve our services and make them more relevant to our customers. You can opt out of receiving survey requests if you do not wish to participate.
Your responses will be processed in a manner designed to protect your identity. When you complete the survey, your direct identifiers (such as name and email address, if collected) will be separated from your survey responses through pseudonymisation techniques. Your responses are then aggregated with those of other participants to generate insights. Once aggregated and anonymised, the resulting data will no longer constitute personal data under UK GDPR.
Latenta uses your personal information to operate and provide services to our clients, which may include processing your data as a data processor on behalf of our clients (who act as data controllers for such processing). We also process your personal information based on our legitimate interests as a data controller to manage and improve our operations, systems, and services and to provide you with the content, products, or services you access via our website (e.g., to download content). When processing data on behalf of clients, we do so pursuant to data processing agreements that comply with Article 28 UK GDPR.
Latenta uses your personal information to understand and analyse trends to identify future opportunities for developing, promoting, and improving our clients' services. We do this in our legitimate interests, i.e. to develop and improve their products and services. Alternatively, we process your personal information with your consent, freely given when you complete the survey we send you.
Latenta analyses the personal information we collect from you in a non-identifiable form to develop new features, capabilities, or products, improve user experiences, assess capability requirements, and identify customer opportunities. We also may send push notifications to your device. You have choices regarding the communications you receive from us.
Latenta uses the personal information we collect to communicate with you. We do this under the lawful basis of legitimate interests. For instance, to respond to your inquiries by sending e-mails to an e-mail address you provided for customer service or technical support purposes; to troubleshoot and diagnose technical problems to help us provide, improve, and secure our products, services, and training; and to investigate security incidents.
Latenta processes your personal information in reliance on our legitimate interest to maintain the safety, integrity and security of our services, including detecting, preventing, or otherwise addressing fraud, verifying accounts and activity, investigating suspicious activity, and enforcing our terms and policies, and protecting our rights and the rights of others.
Latenta uses your personal information to send you promotional communications about Latenta, including product recommendations and other non-transactional communications (e.g. marketing newsletters or push notifications) according to your marketing preferences. Such communications may include information about our products. Where we rely on legitimate interests as the lawful basis for direct marketing, we have balanced our interests against your rights and freedoms and determined that such processing is necessary and proportionate. Alternatively, where required by law, we will only send direct marketing communications where you have provided your prior consent. You can stop receiving direct marketing emails from Latenta by contacting us using any of the methods shown in the ‘How do I contact you?’ section (see below).
Latenta uses your personal information to send you relevant advertisements, provide personalised information about our services, and provide other personalised content based on your activities and interests. Where we rely on legitimate interests as the lawful basis, we have conducted a balancing test and determined that our interest in advertising our services does not override your fundamental rights and freedoms. Where required by law or where our legitimate interests assessment indicates consent is more appropriate, we will only process your personal information for these purposes where you have provided your prior consent, which you may withdraw at any time. For these purposes, we may link or combine information about you with other personal information we receive from third parties to better understand your needs and provide you with a more personalised service or content.
Latenta may use your personal information for other legitimate business purposes in reliance on our legitimate interests, such as updating, expanding, and analysing our records, identifying new customers, and data analysis to protect, investigate, and deter against fraudulent, unauthorised, or illegal activity, developing new products, enhancing, improving or modifying our services, identifying usage trends, determining the effectiveness of our promotional campaigns, free trials and operating and expanding our business activities.
When you visit our website, we may collect your IP Address, the page you visited, your web browser, any search criteria you entered, the previous page you visited, and other technical information. This information is used solely to monitor web servers and deliver the best visitor experience.
We may use technology such as cookies to help us deliver relevant and interesting content in our communications in the future. We may profile you to learn more about you, but in the least intrusive way. We may use our collected information to display your most interesting content on our website. We may use the information we hold about your previous visits. Please see our Cookie Policy here.
If, at any time, you do not wish to receive further information about us or our services, contact us by using any of the methods shown below in the section entitled ‘How do I contact you?’.
Sometimes, we need to inform you about specific changes or events that are taking place. For instance, when planned maintenance will be carried out on our website. We do so by using service messages sent by email that do not require your prior consent. These messages ensure we comply with our legal obligations and support you by providing excellent ongoing customer service. Service messages do not include any marketing material.
Links To Other Websites
Our website may also contain links to other third-party websites of interest. This Privacy Notice does not cover these websites, and we encourage you to refer to the privacy notices on the third-party websites to find out what they do with your personal information.
Sharing Your Personal Data
Your personal information will not be sold to or shared with third-party organisations or published or made available on publicly accessible platforms. However, your responses will be aggregated with other participants’ responses to create summative insights and visualisations that might be published or shared with third-party organisations.
We may disclose your personal information to third parties if we are obliged to disclose or share your personal information to comply with any legal obligation, enforce or apply any agreements, or protect the rights, property, or safety of the organisation or other individuals. Such disclosures include but are not limited to, exchanging information with other companies and organisations under statutory regulations for safeguarding purposes.
Latenta may disclose your personal information when cooperating with public and government authorities, courts or regulators under our legal obligations under applicable laws, to the extent that the processing or disclosure of personal information is done to protect our rights or is necessary for our legitimate interest in protecting against misuse or abuse of our services, protecting personal property or safety, pursuing remedies available to us and limiting our damages, complying with judicial proceedings, court orders or legal processes, or to respond to lawful requests.
How long will we retain your Personal Data?
The length of time we retain your personal information in a live environment depends on the type of information collected, the reason it was collected and how it is to be used. Typically, the retention period for personal information collected in relation to a research project is a year from the date the research project ended. If, for technical reasons, we are unable to delete your personal information from our systems, we will put in place appropriate measures to prevent any further use of your personal information.
We maintain a retention schedule to help manage our storage limitation responsibilities. However, we may keep your personal information longer to establish, exercise, or defend our legal rights and yours. Where such a need exists, your personal information will be securely archived with restricted access, and other appropriate safeguards will be applied.
Alternatively, we may completely anonymise your personal information (so that you can no longer be identified) for research and analysis purposes. We may retain this information indefinitely without further notice to you.
For further information about applicable retention periods, please contact us using any of the methods shown below in the ‘How to contact us’ section.
The services we offer are not generally directed at children under 18. However, in special circumstances where our research specifically requires input from minors, we may collect personal information from children under 18 years of age with the explicit consent of a parent or legal guardian. We do not knowingly collect, maintain, or use personal information from children under 18 years of age without such parental or guardian consent.
Where we conduct research involving minors, we take additional safeguards to protect their personal information. This includes:
We take the privacy and security of your personal information very seriously. Accordingly, we have implemented appropriate technical and organisational measures to protect your personal information against unauthorised or unlawful processing and accidental loss, destruction, or damage.
The measures we’ve applied include having clear internal policies and procedures in place and maintaining the physical security of our premises and IT security technologies to prevent unauthorised access, damage, and loss of your personal information. Additionally, we have implemented appropriate security procedures, including access controls, to ensure confidentiality. We limit access to your personal information to only those who genuinely need to know.
It should be noted that the transmission of information via the Internet is not completely secure, and whilst we will do our very best to protect your personal information, we cannot guarantee the security of any personal information transmitted to our website; any such transmission is carried out at your own risk. We do have procedures to deal with any suspected data security breach, and we will notify you and the UK regulator of any actual security breach once the breach is confirmed and if we are legally required to do so.
The personal information we collect from you is processed on our servers located in the UK. We will ensure that your personal information is provided with adequate protection if it becomes necessary to transfer it to a country without a finding of adequacy by the European Commission (EC) or the UK regulator.
Transfers of personal information outside of the European Economic Area (EEA) to a country that has not been granted a finding of adequacy either by the EC or the UK regulator will be carried out using ‘appropriate safeguards’, i.e. Binding Corporate Rules (BCR), Standard Contract Clauses (SCC) (also known as Model Contract Clauses) supported by the UK Addendum, or an International Data Transfer Agreement (IDTA) supported by a Transfer Risk Assessment (TRA) (as required under UK law). Alternatively, we may rely on approved Codes of Conduct (once published by the UK regulator), or we will seek your consent (where appropriate) on a case-by-case basis.
What are your data subject rights?
We support your data subject rights concerning the processing of your information under the DPA 2018 and the UK GDPR, including your:
You can exercise any of these rights, including your right to request a copy of any information we hold about you (otherwise referred to as a Subject Access Request), by contacting us using any of the methods shown below in the ‘How do I contact you?’ section.
We will usually respond within one month of receiving your request.
To protect the confidentiality of your information and in our interests, we may ask you to verify your identity before proceeding with any request to access your information.
If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to request such information.
You may correct, update, or delete your personal information by contacting us at any time using any of the methods shown below in the ‘How do I contact you?’ section.
If you have opted-in to receive communications from us, your preferences will remain in effect until you tell us that you want to opt out of receiving any further communications.
You can change your mind anytime by contacting us using any of the methods shown below in the ‘How do I contact you?’ section.
Where we process your information based on your consent, you have the right to withdraw your consent at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal. You can withdraw your consent by contacting us using the methods set out in the ‘How do I contact you?’ section below. We will action your withdrawal request without undue delay and in any event within one month of receipt.
If you wish to complain about our use of your personal data or how we have handled your data subject rights requests, you can contact us using any of the methods shown in the ‘How do I contact you?’ section below. We are committed to resolving complaints fairly and promptly.
Our Data Protection Officer will investigate your complaint and provide a written response within one month of receipt. In complex cases, we may extend this period by a further two months, in which case we will inform you of the extension and the reasons for the delay within the initial one-month period.
You may contact us to exercise your data protection rights, withdraw consent, or raise any queries or complaints using any of the following methods:
By post: Data Protection Officer, 18 Dane House, Exeter Place, London, UK, SE26 6AE
By email: ask@latenta.com
You have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues, at any time under Article 77 of the UK GDPR. This right exists regardless of whether you have first raised the matter with us. You may contact the ICO if you are unhappy with how we are processing your personal data or how we have handled your data subject rights requests.
The Information Commissioner's Office can be contacted as follows:
By post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom
By phone: 0303 123 1113
Online: https://www.ico.org.uk
Further information on how to complain to the ICO can be found at: https://ico.org.uk/make-a-complaint/
We may update this Privacy Notice from time to time to reflect changes in our processing activities, legal obligations, or regulatory guidance. When we make material changes to this Privacy Notice, we will notify affected data subjects through appropriate means, which may include direct communication (such as email where we have your contact details) and/or prominent notice on our website. The method of notification will be proportionate to the nature and significance of the changes. We recommend that you review this Privacy Notice periodically to stay informed about how we protect your personal data. Previous versions of this Privacy Notice are available upon request.
This Privacy Notice was last updated on 20 January 2026 (Version 4).
.png)