Latenta Privacy Notice
Protecting your privacy | September 2025 | V3.0
Latenta Ltd, trading as Latenta, is a company registered in England (no: 08481027). Our registered address is 18 Dane House, Exeter Place, London, UK, SE26 6AE. References in this Privacy Notice to ‘we’, ‘us’ or ‘our’ mean ‘Latenta’. Information about Latenta and our services can be found on our website, www.latenta.com.
Latenta is a ‘data controller’ for the Data Protection Act 2018 (‘DPA 2018’) and the UK General Data Protection Regulation (‘UK GDPR’): we are registered with the Information Commissioner’s Office (ICO), registration number ZB596915.
Our Data Protection Officer (DPO) can be contacted via: dpo@latenta.com.
This Privacy Notice contains important information about who we are and how and why we collect, store, use and share personal information. It tells you about your data subject rights and how to contact us and/or the UK Regulator if you have a complaint.
We are committed to respecting and protecting your privacy. This Privacy Notice will answer any questions about our processing activities. If not, please contact us using any of the methods shown below in the “How Do I contact you?” section.
In this Privacy Notice, “personal information” means data relating to you that allows us to identify you directly or in combination with other information we may hold.
The UK GDPR defines special categories of personal data as information about a person’s race and ethnicity, religious or philosophical beliefs, trade union memberships, political opinions, genetic data, biometric and health data, and information concerning a natural person’s sex life or sexual orientation.
Criminal offence data is information relating to criminal convictions and allegations of criminal activity. This includes information disclosed by the Disclosure and Barring Service (DBS) under the Government’s employment vetting scheme.
The lawful bases for processing personal information are set out in Article 6 of the GDPR. At least one of these must apply whenever we process personal information:
Conditions to process special category personal data
We rely on the following conditions (as appropriate) under Article 9 of the UK GDPR to process special categories of personal data:
We collect the least special category data possible for our processing purposes.
Our policies and procedures cover the processing of special category data, and all processing activities involving the processing of special category personal data are listed in our ‘Record of Processing Activity’.
Further legal controls are applied to the processing of criminal offence data. Such data is processed under the substantial public interest conditions listed in Schedule 1, DPA 2018.
The law requires us to
If you choose to participate in one of our surveys, we may collect personal information about your lifestyle, opinions, behaviours, needs, and priorities through anonymous surveys. This information may include demographic information, such as your age, gender, location, and media and aesthetic preferences.
We may also collect information about your device, including its IP address, to prevent duplicate responses and ensure we have a diverse range of respondents from designated countries or regions.
We may also collect your personal information if you apply for a job with us or use one of our products. This information may include but is not limited to your name, address, telephone number, email address, and date of birth.
We use your personal information for the following purposes:
We use your personal information to send you surveys and request feedback. These messages will not include any fundraising requests or direct marketing, and they do not require prior consent when sent by email.
Your responses are collected under the provisions of the UK Data Protection Act 2018, UK GDPR and the Market Research Society’s Code of Conduct, Fair Data Principles and used for statistical and analytical purposes.
It is in our legitimate interest to send these messages as doing so is helping us render or improve our services and make them more relevant to our customers. You can opt out of receiving survey requests if you do not wish to participate.
Your responses will not identify you as an individual, and when you complete the survey, your responses are aggregated to provide anonymous insights.
Latenta uses your personal information to operate and provide services to our clients. However, we also process your personal information based on our legitimate interests to manage and improve our operations, systems, and services and provide you with the content, products, or services you access via our website (e.g., to download content).
Latenta uses your personal information to understand and analyse trends to identify future opportunities for developing, promoting, and improving our clients' services. We do this in our legitimate interests, i.e. to develop and improve their products and services. Alternatively, we process your personal information with your consent, freely given when you complete the survey we send you.
Latenta analyses the personal information we collect from you in a non-identifiable form to develop new features, capabilities, or products, improve user experiences, assess capability requirements, and identify customer opportunities. We also may send push notifications to your device. You have choices regarding the communications you receive from us.
Latenta uses the personal information we collect to communicate with you. We do this under the lawful basis of legitimate interests. For instance, to respond to your inquiries by sending e-mails to an e-mail address you provided for customer service or technical support purposes; to troubleshoot and diagnose technical problems to help us provide, improve, and secure our products, services, and training; and to investigate security incidents.
Latenta processes your personal information in reliance on our legitimate interest to maintain the safety, integrity and security of our services, including detecting, preventing, or otherwise addressing fraud, verifying accounts and activity, investigating suspicious activity, and enforcing our terms and policies, and protecting our rights and the rights of others.
Latenta uses your personal information to send you promotional communications about Latenta, including product recommendations and other non-transactional communications (e.g. marketing newsletters or push notifications) according to your marketing preferences. Such communications may include information about our products, which are sent for our legitimate interest purposes and yours, or under the lawful basis of consent if you have previously consented to receive direct marketing communications. You can stop receiving direct marketing emails from Latenta by contacting us using any of the methods shown in the ‘How do I contact you?’ section (see below).
Latenta uses your personal information to send you relevant advertisements, provide personalised information about our services, and provide other personalised content based on your activities and interests to the extent that doing so is in our legitimate interest, i.e. to advertise our services, or where necessary, to the extent that you have provided your prior consent. For these purposes, we may link or combine information about you with other personal information we get from third parties to help understand your needs and provide you with a better and more personalised service or content.
Latenta may use your personal information for other legitimate business purposes in reliance on our legitimate interests, such as updating, expanding, and analysing our records, identifying new customers, and data analysis to protect, investigate, and deter against fraudulent, unauthorised, or illegal activity, developing new products, enhancing, improving or modifying our services, identifying usage trends, determining the effectiveness of our promotional campaigns, free trials and operating and expanding our business activities.
When you visit our website, we may collect your IP Address, page visited, web browser, any search criteria entered, previous web page visited and other technical information. This information is used solely for monitoring web servers and delivering the best visitor experience.
We may use technology such as cookies to help us deliver relevant and interesting content in our communications in the future. We may profile you to learn more about you but in the least intrusive way. We may use our collected information to display your most interesting content on our website. We may use the information we hold about your previous visits. Please see our Cookie Policy here.
If, at any time, you do not wish to receive further information about us or our services, contact us by using any of the methods shown below in the section entitled ‘How do I contact you?’.
Sometimes, we need to inform you about specific changes or events that are taking place. For instance, when planned maintenance will be carried out on our website. We do so by using service messages sent by email that do not require your prior consent. These messages ensure we comply with our legal obligations and support you by providing excellent ongoing customer service. Service messages do not include any marketing material.
Links To Other Websites
Our website may also contain links to other third-party websites of interest. This Privacy Notice does not cover these websites, and we encourage you to refer to the privacy notices on the third-party website to find out what they do with your personal information.
Sharing Your Personal Data
Your personal information will not be sold to or shared with third-party organisations or published or made available on publicly accessible platforms. However, your responses will be aggregated with other participants’ responses to create summative insights and visualisations that might be published or shared with third-party organisations.
We may disclose your personal information to third parties if we are obliged to disclose or share your personal information to comply with any legal obligation, enforce or apply any agreements, or protect the rights, property, or safety of the organisation or other individuals. Such disclosures include but are not limited to, exchanging information with other companies and organisations under statutory regulations for safeguarding purposes.
Latenta may disclose your personal information when cooperating with public and government authorities, courts or regulators under our legal obligations under applicable laws, to the extent that the processing or disclosure of personal information is done to protect our rights or is necessary for our legitimate interest in protecting against misuse or abuse of our services, protecting personal property or safety, pursuing remedies available to us and limiting our damages, complying with judicial proceedings, court orders or legal processes, or to respond to lawful requests.
How long will we retain your Personal Data?
The length of time we retain your personal information in a live environment depends on the type of information collected, the reason it was collected and how it is to be used. Typically, the retention period for personal information collected in relation to a research project is a year from the date the research project ended. If, for technical reasons, we are unable to delete your personal information from our systems, we will put in place appropriate measures to prevent any further use of your personal information.
We maintain a retention schedule to help manage our storage limitation responsibilities. However, we may keep your personal information longer to establish, exercise, or defend our legal rights and yours. Where such a need exists, your personal information will be securely archived with restricted access, and other appropriate safeguards will be applied.
Alternatively, we may completely anonymise your personal information (so that you can no longer be identified) for research and analysis purposes. We may retain this information indefinitely without further notice to you.
For further information about applicable retention periods, please contact us using any of the methods shown below in the ‘How do I contact you?’ section.
The services we offer are not directed at children under 18, and we do not knowingly collect, maintain, or use personal information from children under 18 years of age.
If you learn that your child has provided us with personal information without your consent, you may alert us using any of the methods shown below in the ‘How do I contact you?’.
If we learn that we have unwittingly collected personal information from a child under 18, then we will promptly take steps to delete such information.
We take the privacy and security of your personal information very seriously. Accordingly, we have implemented appropriate technical and organisational measures to protect your personal information against unauthorised or unlawful processing and accidental loss, destruction, or damage.
The measures we’ve applied include having clear internal policies and procedures in place and maintaining the physical security of our premises and IT security technologies to prevent unauthorised access, damage, and loss of your personal information. Additionally, we have implemented appropriate security procedures, including access controls, to ensure confidentiality. We limit access to your personal information to only those who genuinely need to know.
It should be noted that the transmission of information via the Internet is not completely secure, and whilst we will do our very best to protect your personal information, we cannot guarantee the security of any personal information transmitted to our website; any such transmission is carried out at your own risk. We do have procedures to deal with any suspected data security breach, and we will notify you and the UK regulator of any actual security breach once the breach is confirmed and if we are legally required to do so.
The personal information we collect from you is processed on our servers located in the UK. We will ensure that your personal information is provided with adequate protection if it becomes necessary to transfer it to a country without a finding of adequacy by the European Commission (EC) or the UK regulator.
Transfers of personal information outside of the European Economic Area (EEA) to a country that has not been granted a finding of adequacy either by the EC or the UK regulator will be carried out using ‘appropriate safeguards’, i.e. Binding Corporate Rules (BCR), Standard Contract Clauses (SCC) (also known as Model Contract Clauses) supported by the UK Addendum, or an International Data Transfer Agreement (IDTA) supported by a Transfer Risk Assessment (TRA) (as required under UK law). Alternatively, we may rely on approved Codes of Conduct (once published by the UK regulator), or we will seek your consent (where appropriate) on a case-by-case basis.
What are my data subject rights?
We support your data subject rights concerning the processing of your information under the DPA 2018 and the UK GDPR, including your:
You can exercise any of these rights, including your right to request a copy of any information we hold about you (otherwise referred to as a Subject Access Request), by contacting us using any of the methods shown below in the ‘How do I contact you?’ section.
We will usually respond within one month of receiving your request.
To protect the confidentiality of your information and in our interests, we may ask you to verify your identity before proceeding with any request to access your information.
If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to request such information.
You may correct, update, or delete your personal information by contacting us at any time using any of the methods shown below in the ‘How do I contact you?’ section.
If you have opted-in to receive communications from us, your preferences will remain in effect until you tell us that you want to opt out of receiving any further communications.
You can change your mind anytime by contacting us using any of the methods shown below in the ‘How do I contact you?’ section.
Where we process your information based on your consent, you may withdraw your consent at any time. You can do this by contacting us using the methods below in the ‘How do I contact you?’ section.
We hope you’ll never need to do so. Still, if you do want to complain about our use of your personal information or our facilitation of your data subject rights requests, you can contact us using any of the methods shown below in the ‘How do I contact you?’ section.
Our DPO will investigate your complaint and provide a prompt and appropriate response.
You may contact us using any of the following methods:
By post: Data Protection Officer, 18 Dane House, Exeter Place, London, UK, SE26 6AE
By email: dpo@latenta.com.
You can complain to the Information Commissioner at any time. For instance, if you are unhappy with how we are processing your information or have failed to facilitate your data subject rights.
The Information Commissioner can be contacted as follows:
By post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
By phone: 0844 496 4636 (local rate)
Further information on how to complain to the ICO can be found here: ICO Make a Complaint.
Changes to this Privacy Notice
We continuously review the content of our Privacy Notice to ensure it accurately reflects what we do with your information, or we may change this Privacy Notice to reflect changes in the law. Please check this page regularly to keep up to date.
This Privacy Notice was last updated in September 2025.
