Data privacy is of the utmost importance to BOP: for our client-commissioned projects, and for our own marketing and communications. We simply cannot function as a business without respecting the wishes of the people who provide us with personal data. We therefore want to be open and transparent about our processing of personal data and we have a policy setting out how this is processed and protected.
 

1. What personal data do we collect and why?

As an international research consulting company, BOP is in the business of providing strategic, policy and commercial insight to our clients. We use many ways to generate this insight. Some projects only call for secondary research, for instance, evidence and literature reviews, statistical and spatial analysis of both existing datasets and unstructured publicly-available data collected via data mining, AI and machine learning techniques. However, many more of our projects involve primary research with businesses, visitors, audiences, practitioners, participants and policymakers (among others). We capture this personal data in a variety of ways: in-person and online surveys and online consultations, but also via interviews and focus groups.
 

Lastly, we like to keep in touch with our clients and other people around the world who are interested in our work. This means that we also store some limited personal data in order to send updates via email newsletters.

2. Who is the Controller of your personal data?

This depends on who you are and the context in which you have provided personal data to us.

For personal data captured in relation to BOP’s own marketing and communications, in particular if you have signed up to our company email newsletter, BOP Consulting is the Controller of your data.
 

If you are a client, or a research participant in a client-commissioned project, BOP Consulting acts as a Data Processor on behalf of our clients.
 

3. How and where is your data stored, protected and used?

There are a number of general principles and processes that we use across all the activities for which we collect and hold personal data (as described above in 1). In particular, these cover what we will (and will not) use your data for, how your data is protected, and how you can contact us regarding the data that we may hold on you.
 

After the ‘General principles and processes’ section below, we also provide more detailed information according to whether you are a Client, Research participant, or someone interested in how we use data for BOP’s marketing and communications.
 

General principles and processes

The data that we collect is stored within the European Economic Area (“EEA”) but may also be transferred to and processed in a country outside of the EEA. Any such transfer of your personal data will be carried out in compliance with applicable laws. For transfers outside the EEA, BOP will use Standard Contractual Clauses and Privacy Shield (e.g. the EU-US Privacy Shield Program) as safeguards for countries without an 'adequacy decision' from the European Commission.
 

BOP Consulting is committed to keeping personal data safe and secure. We maintain all necessary physical, electronic and procedural security measures to help safeguard client data and personal information. Third parties that provide us with support or services (e.g. subcontractors) may also receive client data or personal information, and we require them to maintain security measures similar to ours with respect to such information.
 

Our security measures include using IT companies and platforms that protect our IT infrastructure from external attack and unauthorised access, as well as proactively guaranteeing to meet the requirements of the EU General Data Protection Regulation. We also have internal policies setting out our data protection approach and training for BOP employees.
 

BOP Consulting will take reasonable steps to ensure personal data is accurate, complete, current and relevant, being used only to fulfill our obligations to our clients. Upon request, we are very happy to provide people with access to the personal information that we have collected about them. We will correct any information that is inaccurate or incomplete, change their consent status, or have their personal information deleted all upon request.
 

From time to time, we may need to update our Privacy Notice. The latest version of the Privacy Notice will always be available on our website. We will communicate any material changes to the Privacy Notice, for example the purpose of why we use your personal data or your rights.
 

Client information

We treat all information we receive from clients as confidential and do not use the information for any purpose other than to fulfill our obligations to them. We keep client information secure at all times, and prevent the misuse and unauthorised disclosure of it by our employees or any third parties.
 

Research Participant information

We collect data and information in our studies for research purposes. Our use of that information is typically limited to the specific research contract that we are undertaking for a client. Responding to a survey is legally understood to be providing ‘implicit consent’ for personal data to be used in relation to a specific project covered by a contract between BOP Consulting and a client.
 

However, there are some occasions where we additionally ask research participants if their details can be retained and used for follow-up activity(s) not connected to the initial research work (e.g. to register interest in follow-up research opportunities, to register to receive a copy of the subsequent research report, or to receive future information from either the relevant client on whose behalf we are conducting the research, or directly from BOP Consulting). In these limited instances, ‘explicit consent’ will be sought from research participants for any and each additional use of data that is sought.
 

Individual responses provided by participants in our research work are held in strict confidence. By default, they will not be shared directly with our clients, nor published for public consumption. The only exceptions to this default principle are instances where it is deemed materially important to the research that responses provided by individuals / individuals representing particular organisations should be directly identifiable (e.g. in the case of attributed quotations, or material provided for case studies by named individuals). Again, in any and all of these instances ‘explicit consent’ will be sought from research participants for disclosure of this information.
 

We do not lease, sell or give personal information to third parties (i.e. organisations that are not BOP Consulting or the relevant Data Controller) for the purpose of directly marketing any products or services. In some cases we may need to share personal information with third parties that provide research services in support of the specific research project (e.g. subcontractors working with BOP to deliver a client-commissioned project). Any third party that receives personal data from us is obligated to follow all of the same privacy protection regulations as followed by BOP Consulting.
 

We do not contact children under the age of 18 without consent from a parent, guardian, or organisation working with children who are also responsible for their safekeeping while in their care (e.g. a school, youth club, arts organisation) and who have complied with relevant statutory safeguards.
 

BOP also has an Ethical Research Policy that is available upon request.

BOP Newsletter subscribers and website visitors

At BOP, we manage our own company email newsletter through a password protected Mailchimp account, which only BOP employees have access to. Our newsletters are available to anyone that proactively opts-in and gives their explicit consent to receive it. We do not lease, sell or give this personal information to any third parties. We will contact BOP newsletter subscribers at least every two years to check-in with them and re-establish their consent for us to contact them. We also give our subscribers the option to opt-out at the bottom of every newsletter we send to them.
 

We use cookies - small text files which are transferred to your browser by our website (https://www.bop.co.uk) to identify data traffic patterns. They do not provide any information which might disclose the identity of a specific person but they may potentially identify your computer, your browser and your internet settings – though BOP will never use cookies for this purpose. You may change the storing of cookies in your browser settings at any time by selecting the function “accept no cookies”. 

Google Analytics, a web analytics service provided by Google, Inc. (“Google”) also places cookies on your computer, to enable Google to provide us with activity reports relating to our website (https://www.bop.co.uk). Google uses this data only to provide us with information on how users use the website and does not associate your IP address with any other data held by Google. The information generated by Google cookies about your use of the platform (including your IP address) will be transmitted to and stored by Google on servers in the United States. You may refuse these cookies by selecting the appropriate settings on your browser or by downloading and installing the browser plug-in available under https://tools.google.com/dlpage/gaoptout?hl=en-GB.
 

We use Google Analytics to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.

​

BOP500

As part of our new Service, ‘BOP500’ we store information on people who sign up to our product and services. This includes when they: 

• create an account with us (for example, to book a call); 

• sign in to use our product and services through trials or as paid users (including our GIS Platform) 

 

As part of our operations, we engage third-party service providers to assist us in various aspects of our business. This includes HubSpot and WIX, which we use for our CRM systems and marketing purposes.  

​

We collect and store certain personal information in our HubSpot CRM system when you interact with us, including but not limited to: 

• Full name 

• Contact information (e.g., email address, phone number) 

• Job title/position 

• Company name 

• Interaction history (e.g., communications, purchases, support requests) 

 

We use this information for the following purposes: 

• Managing and maintaining customer relationships 

• Providing customer support and services 

• Sending relevant communications and updates 

• Analyzing customer needs and preferences to improve our offerings 

• Conducting market research and analysis 

 

We use WIX to create accounts and enable call bookings. We collect and store certain personal information in WIX when you interact with us, including but not limited to: 

• Full name 

• Contact information (e.g., email address, phone number) 

• Job title/position 

• Company name 

• Interaction history (e.g., communications, purchases, support requests) 

​

Hubspot and WIX act on our behalf and are obligated to handle your information securely and confidentially.  

Please note that HubSpot and WIX may process your personal information in locations outside of your country of residence. By using our services, you consent to the transfer of your data to these locations, which may have different data protection laws than your jurisdiction. 

​

We also use Google Analytics, and the above policy applies. 

 

We retain your personal information, as long as necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. 

 

We use cookies - small text files which are transferred to your browser by our website (https://bop500.bop.co.uk) to identify data traffic patterns. They do not provide any information which might disclose the identity of a specific person but they may potentially identify your computer, your browser and your internet settings – though BOP will never use cookies for this purpose. You may change the storing of cookies in your browser settings at any time by selecting the function “accept no cookies”.