Agile Research –  UX and user research

Mission statement and Policies

1. Mission statement

2. Data privacy policy and notice

3. Safeguarding

1. Mission statement

We research to make systems and services work for everyone:
Illuminating journeys and constraints, and discovering what it takes for people to succeed first time.

2. Data privacy policy and notice

Feb 2020
Author MS – Data Controller and safeguarding officer
Date of next review 11 November 2019


Agile Research is committed to respecting privacy and responsibly managing personal information according to current legislation.
This policy sets out how personal information is used and kept, and applies to both our clients and the people who participate in the activities we undertake.
We only collect information for specific purposes e.g. organising sessions, and we do not collect or store personal information unnecessarily.
Defining personal data

Personal data relates to a living individual who can be identified from that data e.g. a photograph. The processing of personal data is governed by the General Data Protection Regulation (GDPR).

The Data Controller

Agile Research has a nominated data controller who decides how your personal data is processed and for what purposes.  Any data queries about personal data should be addressed to them using the information at the bottom of this policy.

How we process and use personal data

Agile Research –

  • Is committed to complying with UK GDPR legislation and has ensured that all its data held online is stored with Google in compliance with that legislation.

    Data Processing Amendment to G Suite and/or Complementary Product Agreement

    And for any further queries please email –

  • Reviews personal data annually to ensure sic data is accurate and if the person is still relevant to our business.
  • Stores physical research data in locked cabinets on secure premises.
  • Never shares personal data with third parties other than those specified in this policy
  • Deletes data collected from research, promptly and in agreement with the client
  • Deletes data upon request or if the person has twice not responded to being contacted e.g. from the annual review.
  • We only work with third parties, e.g. organisations that might supply participants for our research, who also comply with GDPR.
We use anonymous, personal data to: –
  • Administer and conduct research – (individuals are referred to by a coded ref e.g. “RIN01”)
  • Advertise and market (additional, specific written consent is obtained for these purposes)
  • Maintain our records
  • Inform potential participants of research activities, and to survey with participants
Online – Google Analytics and Cookies

Agile Research uses third party services e.g Google Analytics and Hotjar, to track and collect visitor behaviour to our website and internet use relating to research. Both use cookie technology. This data is anonymous and does not allow us to identify specific people.

Google’s privacy policy is available at:

Social Media

When you sign up to our social media feeds e.g. LinkedIn page, we do not collect any personal details and your activity is subject to the provider’s policies.

Sharing your personal data

We do not share personal data that could identify individuals with third parties except for images used in reports or for marketing purposes. And before we do that, we’ll first obtain specific, informed consent.

How long do we keep personal data?

We record when personal records are added to our database and annually review all records to ensure data is accurate and not retained indefinitely. 

Your rights and your personal data

You have the following rights with respect to your personal data: –

  • The right to request a copy of the personal data which we hold about you
  • The right to request that we correct any personal data if it is found to be inaccurate or out of date
  • The right to withdraw your consent to us using your data at any time
  • The right to request your personal data is erased where it is no longer necessary for us to retain such data
  • The right to request that the data controller provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller (known as the right to data portability)
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing
  • The right to lodge a complaint with the Information Commissioners Office


Further processing

If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will publish a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions.

Before using or processing personal data differently to how you have already consented to it being used, we will seek your consent.



Changes to our privacy policy

We review our privacy policy annually or sooner as required.


Communicating with Agile Research – phone and email

We use Transport Layer Security (TLS) to encrypt and protect email traffic in line with government guidelines. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.

We do not record telephone calls other than those which go to voicemail.

How to contact us

Please contact us if you have any questions about our privacy policy or information we hold about you:
Tel: 01206 259276

Or write to The Data Controller, Agile Research, Innovation Centre, Boundary Rd, Essex University, CO4 3ZQ.

You can contact the Information Commissioners Office on 0303 123 1113 or via email or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AY




3. Safeguarding policy

February 2019
Author NR – Data Controller and safeguarding officer 
Next review –  February 2020


Agile Research is committed to ensuring that matters of safeguarding are taken seriously and any reports or concerns are acted upon promptly. Agile Research is committed to ensuring its staff are trained and equipped to keep themselves and research participants safe and aware of this policy. This extends to data about research participants as specified in the data privacy notice.


Definitions and scope
  • Safeguarding is about protecting the safety, independence and wellbeing of people at risk of abuse
  • This policy relates to all children, young people and adults who become known to the organisation through the course of its work
  • A child is defined as a person under the age of 18
  • An adult at risk of abuse is defined as “someone who has care support needs and is therefore unable to protect themselves from either the risk of, or the experience of, abuse or neglect”
Responsibilities of the organisation and employees
  • Agile Research has a nominated safeguarding officer
  • The safeguarding officer ensures that management and workers are kept up to date with safeguarding policy and information
  • The safeguarding officer is responsible for the implementation of safeguarding procedures and training
  • The safeguarding officer will deal with instances relating to safeguarding and will make appropriate referrals to the relevant authorities
  • Employees will be provided with information to enable them to recognise signs of abuse and respond appropriately. It is the responsibility of the workers to familiarise themselves with this information
  • All employees have a responsibility to report suspected or disclosed incidents of abuse and to be knowledgeable about how to recognise the signs of abuse
  • It is not the responsibility of Agile Research or its workers to assess whether or not abuse has actually taken place
Safeguarding whilst researching
  • Most work involving members of the public happens offsite in hired premises. When vulnerable people are attending two members of staff will be onsite
  • Children and vulnerable adults will be asked if they would like to bring a chaperone along to the research (e.g. a friend or family member)
  • Agile Research does not usually research with children (below 18), but If they are to be involved, then consent from a responsible adult (parent, or adult in a loco parentis role) must first be obtained beforehand.
  • Agile Research may conduct research which relates to adult’s or children’s personal affairs such as health or finance. In this case the individuals will be alerted to the topics to be covered prior to the sessions and specific consent obtained.
  • Whilst personal experience is probably relevant to the research, the research focus is on improving the service rather than investigating individual cases
  • Members of the public and individuals are free to terminate their involvement in the research sessions at any point. Individuals will receive the relevant remuneration regardless of premature termination of the session
Record Keeping
  • In the event of a safeguarding disclosure or concern, a written record will be made by the person receiving the information as soon as possible following Agile Research procedure for recording concerns and disclosures
  • These records will be stored securely, in a locked drawer or password protected file, indefinitely
  • Only the safeguarding officer or relevant manager will have access to these files
Confidentiality and information sharing
  • Agile Research staff have a duty to share information about adults and children at risk of abuse
  • Agile Research staff have a procedure in the event of a disclosure or concern regarding a child or adult at risk of abuse. This includes that staff and members of the public are informed that information will be shared with the relevant authorities in the event of a disclosure or concern about the welfare of an adult or child at risk of abuse
  • Information will be shared on a strictly need to know basis within the guidelines of Safeguarding reporting and GDPR regulation
  • Workers who receive information about the welfare of an adult or child at risk of abuse will inform the Safeguarding officer
  • In the event of a disclosure efforts will be made to gain consent from the person making the disclosure before a referral is made to the relevant authority. However, a referral may be made without consent if the person does not give consent and there are concerns about the welfare of a child or adult at risk
  • The Safeguarding officer, worker and/or managers will discuss the concern and decide whether the relevant authority should be contacted i.e. the local authority social care service or police
  • Information will be shared within Agile Research on a strictly need to know basis and kept to a minimum. Staff directly involved with a welfare concern, the Safeguarding Officer and relevant manager, if needed, will share information and no other workers will be notified of the safeguarding concern


Changes to this policy

We review our safeguarding policy annually or sooner as required.


How to contact us

Please contact us if you have any questions about this policy:
Tel: 01206 934 096