Privacy Policy

The Purpose of this privacy notice is to explain how Motivo Insights processes personal data and our responsibilities when providing its various services. Motivo Insights has global reach which makes it challenging to create an explanation that covers all jurisdictions. It is the case, therefore, that this notice is based on Motivo Insights’s obligations to the European Union (EU) and UK requirements as stated in their respective versions of the General Data Protection Regulation (GDPR) as this is deemed to set an appropriate level for the responsible processing of personal data.

Motivo Insights is an insights-driven strategic consultancy that works with brand teams across healthcare, consumer and technology on domestic and global projects. All aspects of these services process personal data primarily that of client’s potential customers. Motivo Insights is based in the US.

Personal Data (PD) as defined by the GDPR will be used in this notice although the term Personal Information (PI) is used in North America and the California Consumer Privacy Act (CCPA) in particular. For completion, the general term of Personally Identifiable Information (PII) is used more broadly across North America. PD and PII are not mutually exclusive. In broad terms, PII is often used to differentiate one person from another, whilst PD includes any information related to a living individual, regardless of whether it can determine one individual from another.

The Role of Motivo Insights in data protection terms is that of a data controller where it determines the purpose and use of personal data collected. Our Privacy Manager (PM) ensures that all processing accords with the latest UK, EU data protection legislation as well as relevant US legislation where appropriate.

The sort of personal data collected by Motivo Insights will be basic contact details sufficient to be able to respond to general enquiries, sales purposes, future engagement and fulfil the needs of the particular market research being commissioned. The latter may include information about health, health status, diagnosis and prognosis referred to as both special category data or sensitive information. Motivo Insights processes personal data collected either directly or via third-party market research companies. In the latter case, the market research companies are data controllers in their own right with their inherent legal obligations to provide an equivalent privacy notice, among other things.

The Motivo Insights websites use cookies and similar technologies to generate aggregated information including site traffic statistics, page views, impressions, and operating system and browser type. When pages are requested, the Motivo Insights servers automatically log IP addresses. Those cookies not deemed to be essential to the running of the website will not be enabled unless the user has given prior consent via the consent management platform. Please refer to our cookie notice for further details.

Motivo Insights’s duty of confidentiality means that Motivo Insights staff will treat your personal data with due respect and in confidence. It is only disclosed to those that need to know it. We expect the same duty of confidentiality from all third parties with whom Motivo Insights shares personal data and where appropriate, data processing agreements are in place. Motivo Insights uses reasonable organisational and technical measures to ensure personal data is kept secure.

Motivo Insights is committed to compliance with the new EU-US Data Privacy Framework that entered into force on 10 July 2023. Whilst the majority of processing takes place in North America, Motivo Insights uses personal data collected from people in the EU and the UK. The framework is enforced by the US Federal Trade Commission and ensures there is broad equivalency in the handling of personal data by a US based organisation as would happen where that processing would take place in the EU. This is particularly relevant for the exercise of people’s rights as defined by the EU & UK GDPR as well as the handling of complaints.
Motivo Insights uses appropriate technical and organisational measures to safeguard all personal data for all of its global operations.

Motivo Insights processes personal data against a lawful basis and such instances are described below:

• To process any personal data that we collect from you via surveys and/or focus groups, we will seek your consent to do so – but please note you can withdraw your consent at any time by using the contact details above
• We will pursue our legitimate interests to respond to your general enquiries and stay in touch with you for marketing purposes
• To comply with our legal obligations.
• We sometimes process personal data using AI tools (CoLoop and ChatGPT). We sometimes process pseudomised personal data when using AI tools. We may also upload pseudomised data when using AI tools to analyse data.

In all cases the processing of personal data by Motivo Insights shall be done in accordance with the principles of data protection.

Motivo Insights will share and/or disclose personal data, on a ‘need to know’ basis under the following circumstances, with some or all of the following:
Another business in conjunction with a sale to that third-party as the personal data collected by Motivo Insights forms a portion of its assets.
Motivo Insights also share personal data with the following third-parties:

• IRS in the US
• Solicitors/ attorneys appointed by us to handle any client matters as required
• A third-party IT support company
• Third-party accountants
• Contractors for outsourced services.

Motivo Insights will not use or share your personal data in ways unrelated to the ways described above without first notifying you, or where appropriate, capturing your consent. You also have the option of updating the information you provided on the contact form and in some circumstances, you may opt out to receiving notifications from us. To do so, please contact us the privacy manager using the details above.

Motivo Insights does not knowingly collect personal data from children under the age of 18. To respect the privacy of children and to comply with the Children’s Online Privacy Protection Act, we expect parents and guardians to supervise their children’s online activities accordingly.

Motivo Insights follows a retention schedule to determine the length of time it holds different types of personal data. The retention schedule is shown below:

• Routine correspondence for casual and contract related business in hard copy or in emails will be stored for 2 years after last contact for routine correspondence.
• Contact data is stored indefinitely unless a valid request to erasure is received from the interested data subject
• For former customers, we will retain your details for a minimum of 6 years after the conclusion of our contractual obligations to you
• Invoice related information will be retained for 6 years after the tax year in which they were created.
• By exception, documentation that includes personal data may be retained by Motivo Insights beyond the schedule, but only for a specific purpose and only when Motivo Insights believes it has a legitimate interest or a legal obligation to do so.

At the end of the retention schedule Motivo Insights will either return, destroy or delete your personal data and any associated emails or relevant documentation. If it is technically impractical to delete electronic copies of personal data, it will put it beyond operational use. Motivo Insights conducts its retention schedule at regular intervals. Any data due for deletion, archive etc falling between those two intervals will be deleted during the next cleansing period.

We have appropriate physical and technical security measures in place to protect your personal data. We store your personal data on our internal, paper, and digital systems as well as on our Data Processor systems. We ensure that we have provisions in place to ensure that only authorised persons have access to personal data, that your data is kept secure, and that we have processes and procedures in place to prevent accidental loss, destruction, alteration, unauthorised access, or disclosure of your personal data. When engaging independent consultants, sub-contractors, and Data Processors, we carry out due diligence to ensure that they employ appropriate levels of security.

The EU & UK General Data Protection Regulation defines the rights that you have, although these do not apply in all situations. For convenience, these rights are shown below:

• Right to be informed as to how Motivo Insights is processing your personal data – this is done through this notice or other specific to target privacy notices
• Right to access your personal data held by us which is done by making a ‘Data Subject Access Request’ (DSAR) by contacting us
• Right to rectification of your personal data if you believe we have collected it incorrectly or it needs to be updated
• Right to erasure of your personal data for which we no longer have a legitimate purpose to process
• Right to restrict processing under certain circumstances, during which time your personal data but will be out of operational use until the related matter is resolved
• Right to data portability of your personal data in a machine-readable version, but this only applies to data that has been provided with consent or under contract
• Right to object to Motivo Insights processing your personal data for which it does not have a legal or contractual obligation
• Rights related to automated decision making and profiling.

Further details on data subjects’ rights can be found on the Information Commissioner’s Office (ICO) website: https://ico.org.uk for those living in the UK or the relevant supervisory authority (SA) if living in an EU country. If you reside in the EU, then for information on how to find the most relevant SA for you, please click on https://edpb.europa.eu/about-edpb/about-edpb/members_en.
For residents of California, their equivalent rights are found in the CCPA but please contact the privacy manager in the first instance if you wish to exercise your rights. You can do so by making a written request to:

Att: Customer Service/California Disclosure Information
23 Headquarters Plaza, North Tower, 7th Floor
Morristown, NJ 07960
It should be noted that although the UK has left the EU, the rights afforded are virtually the same.

Raising concerns, exercising rights or making queries about our processing of your personal data can be done by contacting the Privacy Manager using the contact details above. Be aware that we will need to verify your identity before responding fully. This may involve asking you for documentary proof that, in context, will enable us to confirm your identity. Alternatively, you may contact your SA directly without referring to us first, although naturally we would welcome the first opportunity to address your concerns or queries.