Tom Fleming Creative Consultancy (TFCC) Privacy policy

Data privacy is very important to TFCC: for our client-commissioned projects, and for our own marketing and communications. We are open and transparent about our processing of personal data and we have a policy setting out how this is processed and protected.

1. What personal data do we collect and why?

As a global research consulting company, TFCC provides strategic, policy and research for our clients. We use many methodologies to do this including literature reviews, analysis of existing datasets and use of publicly available data via multiple analytical methods. We also conduct primary research with businesses, visitors, audiences, practitioners, participants and policymakers We capture this personal data in a variety of ways: inperson and online surveys and online consultations, but also via interviews and focus groups.

2. Who is the Controller of your personal data?

This depends on who you are and the context in which you have provided personal data to us.

If you are a client, or a research participant in a client-commissioned project, TFCC acts as a Data Processor on behalf of our clients.

3. How and where is your data stored, protected and used?

There are a number of general principles and processes that we use across all the activities for which we collect and hold personal data (as described above in 1). In particular, these cover what we will (and will not) use your data for, how your data is protected, and how you can contact us regarding the data that we may hold on you.

After the ‘General principles and processes’ section below, we also provide more detailed information according to whether you are a Client or Research participant.

General principles and processes

The data that we collect is stored within the European Economic Area (“EEA”) but may also be transferred to and processed in a country outside of the EEA. Any such transfer of your personal data will be carried out in compliance with applicable laws. For transfers outside the EEA, TFCC will use Standard Contractual Clauses and Privacy Shield (e.g. the EU-US Privacy Shield Program) as safeguards for countries without an 'adequacy decision' from the European Commission.

TFCC is committed to keeping personal data safe and secure. We maintain all necessary physical, electronic and procedural security measures to help safeguard client data and personal information. Third parties that provide us with support or services (e.g. subcontractors) may also receive client data or personal information, and we require them to maintain security measures similar to ours with respect to such information.

Our security measures include using IT companies and platforms that protect our IT infrastructure from external attack and unauthorised access, as well as proactively guaranteeing to meet the requirements of the EU General Data Protection Regulation. We also have internal policies setting out our data protection approach and training for our employees.

TFCC will take reasonable steps to ensure personal data is accurate, complete, current and relevant, being used only to fulfill our obligations to our clients. On request, we are very happy to provide people with access to the personal information that we have collected about them. We will correct any information that is inaccurate or incomplete, change their consent status, or have their personal information deleted all upon request.

From time to time, we may need to update our Privacy Notice. The latest version of the Privacy Notice will always be available on our website. We will communicate any material changes to the Privacy Notice, for example the purpose of why we use your personal data or your rights.

Client information

We treat all information we receive from clients as confidential and do not use the information for any purpose other than to fulfill our obligations to them. We keep client information secure at all times, and prevent the misuse and unauthorised disclosure of it by our employees or any third parties.

Research Participant information

We collect data and information in our studies for research purposes. Our use of that information is typically limited to the specific research contract that we are undertaking for a client. Responding to a survey is legally understood to be providing ‘implicit consent’ for personal data to be used in relation to a specific project covered by a contract between TFCC and a client.

However, there are some occasions where we additionally ask research participants if their details can be retained and used for follow-up activity(s) not connected to the initial research work (e.g. to register interest in follow-up research opportunities, to register to receive a copy of the subsequent research report, or to receive future information from either the relevant client on whose behalf we are conducting the research, or directly from TFCC). In these limited instances, ‘explicit consent’ will be sought from research participants for any and each additional use of data that is sought.

Individual responses provided by participants in our research work are held in strict confidence. By default, they will not be shared directly with our clients, nor published for public consumption. The only exceptions to this default principle are instances where it is deemed materially important to the research that responses provided by individuals / individuals representing particular organisations should be directly identifiable (e.g. in the case of attributed quotations, or material provided for case studies by named individuals). Again, in any and all of these instances ‘explicit consent’ will be sought from research participants for disclosure of this information.

We do not lease, sell or give personal information to third parties (i.e. organisations that are not TFCC or the relevant Data Controller) for the purpose of directly marketing any products or services. In some cases we may need to share personal information with third parties that provide research services in support of the specific research project (e.g. subcontractors working with TFCC to deliver a client-commissioned project). Any third party that receives personal data from us is obligated to follow all of the same privacy protection regulations as followed by TFCC.

We do not contact children under the age of 18 without consent from a parent, guardian, or organisation working with children who are also responsible for their safekeeping while in their care (e.g. a school, youth club, arts organisation) and who have complied with relevant statutory safeguards.

TFCC website visitors

We use cookies - small text files which are transferred to your browser by our website to identify data traffic patterns. They do not provide any information which might disclose the identity of a specific person but they may potentially identify your computer, your browser and your internet settings – though TFCC will never use cookies for this purpose. You may change the storing of cookies in your browser settings at any time by selecting the function “accept no cookies”.

If you have any further queries regarding our privacy policy please contact