Data Protection Policy

Policy Information

OrganisationThe Data Controller is Smart Insider Limited, a limited company registered in England and Wales (registration number 09896696) the registered office of which is at Bourneside, Bourne Lane, Much Hadham, Hertfordshire, United Kingdom, SG10 6ER. You can contact the data controller by writing to Smart Insider Ltd, Bourneside, Bourne Lane, Much Hadham, Hertfordshire, United Kingdom, SG10 6ER, or sending an email to Insider has no Data Processors, in relation to personal data, i.e. any person (other than an employee of the data controller) who processes the data on behalf of the data controller.
Policy operational date25/05/2018
GDPRThe European General Data Protection Regulation, came into force on 25th May 2018 and is the basis of this Data Protection Policy.


Purpose of PolicyThis Data Protection Policy sets out how we, Smart Insider Limited, collect, store and use information about you when you use our website, and where we otherwise obtain or collect information about you.The reasons for the policy are to comply with the law, follow good practice, to protect clients, staff and other individuals and to protect the company.
Types of DataWe collect individual information from our company staff and individual and company information from consumers of our research.
Policy StatementThis Data Protection Policy complies with both the law and good practice and respects individuals’ rights. The company will be open and honest with individuals whose data is held and provide training and support for staff who handle personal data, so that they can act confidently and consistently.In the event of data breaches the Supervisory Authority (the ICO) will be notified within 72 hours. In addition, for major breaches the data subjects will be notified without delay. A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.


The Board / Company DirectorsThe Board has overall responsibility for ensuring that the organisation complies with its legal obligations.
Data Protection OfficerThe Data Protection Officer is Michael Tindale, CEO of Smart Insider. His responsibilities include:Briefing the Board on Data Protection responsibilitiesReviewing Data Protection and related policiesAdvising other staff on Data Protection issuesEnsuring that Data Protection induction and training takes placeNotification to the ICO if requiredHandling subject access requestsApproving unusual or controversial disclosures of personal dataApproving contracts with Data Processors
EmployeesAll staff should read, understand and accept any policies and procedures that relate to the personal data they may handle in the course of their work.

Types of Information collected

Individuals’ namesWe record the names and contact details of the individuals within institutions with whom we have research supply agreements.
Business name and contact detailsWe record the names, ‘know your client’ information and contact details of the institutions with which we have research supply agreements.
UpdatingWe have a regular cycle of checking, updating or discarding old data on our staff and research clients.

Lawful basis for processing information

Underlying principlesThe lawful basis for the personal data processed is one or more of the following, described in Article 6 (1) of the General Data Protection Regulation:(a) Consent: the individual has given clear consent for us to process their personal data for a specific purpose.(b) Contract: the processing is necessary for a contract we have with the individual, or because they have asked us to take specific steps before entering into a contract.(c) Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations).(d) Vital interests: the processing is necessary to protect someone’s life.(e) Public task: the processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.(f) Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.)Data collected from our research clients is on the basis of (b) Research contracts and (f) Our legitimate interests.Data collected from our Appointed Representatives is on the basis of (a) Consent, (b) AR Agreements, (c) Legal obligations and (f) Our legitimate interests.
Withdrawing consentOnce given, consent can be withdrawn, but not retrospectively.  There may be occasions where Smart Insider has no choice but to retain data for a certain length of time, even though consent for using it has been withdrawn.

How information is collected and stored

Web server informationWe record the name, email address, postal address and telephone number of individuals filling in the form on the Contact page on the website. This information is not transferred outside the EEA and is stored on our own web server in the United Kingdom.
CookiesCookies are small files of information which are stored on your computer. Web sites you visit ask your computer to store this information and retrieve the information from your computer so that they can keep track of things like other web sites you visit or how you navigate our website or other files which provide you with the Site. For more information about what cookies are and how they work, visit revisiting our website or in using the files, our computer server will recognise the cookie and give us information about your use of the Site. Most browsers accept cookies automatically, but usually you can alter the settings of your browser to prevent automatic acceptance. If you choose not to receive cookies, you may still use the Site but you may find that the Site may not function properly or is slower than when you allow a cookie to be installed on your machine.
EmailWe collect and store emails on three personal computers and on our email server in the United Kingdom. Information is not transferred outside the EEA.
Hard drive and back upsWe store information on the hard drives of computers and back it up on Dropbox, Office 365 and Google cloud-based systems.
DisclaimerTransmission of information over the internet is not entirely secure, and if you submit any information to us over the internet (whether by email, via our website or any other means) you do so entirely at your own risk.We cannot be responsible for any costs, expenses, loss of profits, harm to reputation, damages, liabilities or any other form of loss or damage suffered by you as a result of your decision to transmit information to us by such means.
PhoneWe log all telephone calls with research clients for monitoring purposes but do not record conversations.
Paper copiesInformation from compliance procedures, such as on-boarding, research handling and quarterly compliance meetings, is stored on hard copy files and kept in secure storage.

Disclosure and use of information

CommitmentSmart Insider is committed to ensuring that Data Subjects are aware that their data is being processed andfor what purpose it is being processedwhat types of disclosure are likely, andhow to exercise their rights in relation to the data
Delivering researchWe retain contact details of research clients so that we can provide them with research products in accordance with the Agreements we have with them.

Your rights in relation to your information

Your rights in relation to informationSubject to certain limitations on certain rights, you have the following rights in relation to your information, which you can exercise by contacting the Data Protection Officer by email at, in writing to: Smart Insider Ltd, Bourneside, Bourne Lane, Much Hadham, Hertfordshire, United Kingdom, SG10 6ER, or by phone on 02034053356:– to request access to your information and information related to our use and processing of your information;
– to request the correction of your information;–  or request the erasure of personal data (right to be forgotten) providing there is no overriding legitimate grounds;
– to request that we restrict our use of your information;
– to receive information which you have provided to us in a structured, commonly used and machine-readable format (e.g. a CSV file) and the right to have that information transferred to another data controller;
– to object to the processing of your information for certain purposes; and
– to withdraw your consent to our use of your information at any time where we rely on your consent to use or process that information. Please note that if you withdraw your consent, this will not affect the lawfulness of our use and processing of your information on the basis of your consent before the point in time when you withdraw your consent.The controller will provide information on action taken on request to the data subject without undue delay and in any event within one month of receipt of the request.In accordance with Article 77 of the General Data Protection Regulation, you also have the right to lodge a complaint with a supervisory authority, which is the Information Commissioner’s Office (ICO), whose website is below.

Employee training & acceptance of responsibilities

InductionAll employees of Smart Insider and those who have access to any kind of personal data will have their responsibilities outlined during their induction procedures.
Continuing trainingData Protection issues will be covered during employee training, team meetings, supervisions, etc.

Your rights in relation to your information

For more information
Scroll to Top