Privacy Policy

Privacy Policy

1. Introduction

This Privacy Policy sets out the commitment of Lightspeed Research Limited, trading as Lightspeed Health, 4 Millbank, Westminster, London, SW1P 3JA, UK, and Lightspeed, LLC, 3 Mountainview Road, Suite 300, Warren, New Jersey 07059-6711 USA (each individually and collectively, “Lightspeed”), each a Kantar group company (“Kantar”), , to the privacy of the visitors and users (collectively defined as “Users”) of the Lightspeed websites (“Sites”) , and governs Users’ rights regarding privacy and data protection.

The Sites are operated by Lightspeed and Lightspeed is the data controller. By using the Sites, or by registering as a User to the Services that we provide (“Services”), you confirm that you have read the terms of this Privacy Policy. We ask you to read this Privacy Policy carefully.

For the purpose of this Privacy Policy, “personal data” means any information which relates to an identifiable living individual.

2. Lawful Collection and Use of Data

Lightspeed collects information in several ways from different parts of our Sites, our mobile application and other activities such as social media, apps and surveys. Examples of these activities are explained below and include:

Registration to our services: some personal data is gathered when you register for our Services, including when you fill out request forms on our Sites, such as name, email address, postal address, job title and mobile device ID.

Research Activities: personal data may also be collected from you when you participate in a survey or in a research activity proposed by Lightspeed to the Users.

The main purposes for which we use your personal data are to:

  • Contact you in relation to our Services via email, through mobile notifications or texts or any other proposed communication options you have consented to
  • Inform you of updates to our Services, new features and details relevant to you
  • Help you when you contact us
  • Protect Lightspeed from fraudulent behaviour
  • Update, enrich and clean your data to better understand your needs and how we can improve our Services

We have set out below more detailed information about how we use your personal data. We are also required by law to explain the legal basis for processing your personal data. These legal bases are listed below and could be different for each use case:

  • we have your consent for the use of your personal data
  • we need to use your personal data in order to perform a contract with you
  • we need to process your data to comply with a legal obligation
  • we need to process your data in order to protect your vital interests or someone else
  • the processing is necessary to perform a task in the public interest or
  • the use of your personal data is necessary for our (or our clients’) legitimate interests (in which case we will explain what those interests are).

We will never misrepresent ourselves or what we are doing. If you receive an email that concerns you, purporting to be from us, please let us know as shown below in ‘How to Contact Us’.

Case Purpose Data collected/processed
Fraud Protection Protection of our business interests against fraudulent behaviour IP address, browser specifications, device specifications, postal addresses, email addresses
Survey Participation Uniqueness Prevention of multiple entries in surveys by the same individuals IP address, browser specifications, device specifications
Data Matching and Enrichment We enrich the data we hold on file about you by matching your personal data with third parties. This will help us to improve our Services and ensure that we contact you for the Services relevant to you.We utilize matching services (i.e. third parties who are specialized in data management) to acquire additional information about you from public and private data sources (such as social networks, B2B databases and content subscription services with whom you have an account) or to use your personal data as an aid to develop new offers and services (i.e. we identify particular needs and we package an offer to answer those needs). The matching service (our partner) holds the personal data we share for a short time, uses it to assemble the additional information, and then return the combined information to us. Partners are contractually bound to delete the data we share with them and are not authorised to use it in any way other than for this specific purpose. Contact details, email address, social login, cookie, mobile device ID


We will not make your personal data available to anyone else without your agreement unless it is for research purposes or if required by law and/or by regulators or authorities. In these cases, the legal basis of our disclosure of your personal data is it is necessary to comply with a legal obligation. The data that we disclose may include your name and e-mail address.

Our third party partners are all contractually bound to keep any information they collect and disclose to us, or that we collect and disclose to them, confidential and must protect it with security standards and practices that are equivalent to our own.

Where We Store Your Personal Data

For personal data subject to the GDPR and transferred to a country or territory outside the European Economic Area (EEA), we shall put adequate safeguards in place to ensure the transfer is made by a lawful method for the purposes of EU data protection law and secure. For personal data which is not subject to the GDPR, Lightspeed shall strictly follow any other applicable data protection laws.

Lightspeed’s data storage servers are located in Europe and in the United States of America (USA) and are managed by third party service providers in the cloud.

We take appropriate technological and organisational measures to protect your personal data, both during transmission and once we receive it. Our security procedures are consistent with generally accepted standards used to protect personal data.

All our employees are contractually obliged to follow our policies and procedures regarding confidentiality, security and privacy.

Your account information and personal data are password-protected so you and only you have access to your information. In order to keep your personal data safe, we recommend you do not divulge your password to anyone. Lightspeed will never ask you for your password in an unsolicited phone call or in an unsolicited email.  Also, please remember to sign out of your Lightspeed account and close your browser window when you have finished visiting our site. This is to ensure others cannot access your personal data and correspondence if you share a computer with someone else or are using a computer in a public place like a library or Internet cafe. Please change your password regularly.

3. Confidentiality and Industry Requirements

Whenever Lightspeed handles personal data as described above, regardless of where this occurs, Lightspeed takes steps to ensure that your information is treated securely and in accordance with this Privacy Policy. Unfortunately, no data transmission can be guaranteed to be 100% secure. As a result, while we strive to protect your personal data, Lightspeed cannot ensure or warrant the security of any information you transmit to us or from our online products or services, and you do so at your own risk. Once we receive your transmission, we will take reasonable steps to ensure our systems are secure.

Ultimately, you are solely responsible for maintaining the secrecy of your passwords and/or any account information. Please be careful and responsible whenever you’re online.

We adhere to standards and industry requirements, including:

  • American Marketing Association (AMA)
  • British Healthcare British Intelligence Association (BHBIA)
  • Insights Association
  • European Pharmaceutical Market Research Association (EphMRA)
  • European Society for Opinion and Market Research (ESOMAR)
  • Italian Society for Opinion and Market Research (ASSIRM)
  • Market Research Society (MRS)
  • Intellus Worldwide
  • And also: ARF, DGOF, AMSRS, Baqmar, Jmra, Kora, Moa, Mria-Arim, MRS Singapore, MRS New Zealand, Women in Research

4. Cookie Disclosure

Cookies are small text files stored on your computer or mobile device by a website that assigns a numerical user ID and stores certain information about your online browsing. They are used to help users navigate websites efficiently and perform certain functions. The website sends information to the browser which then creates a text file on the user’s computer or mobile device. Every time the user goes back to the same website, the browser retrieves and sends this file to the website’s server.

We gather certain information automatically and store it. This information may include things like Internet Protocol addresses (IP address), browser type, Internet service provider (“ISP”); referring/exit pages, operating system and date/time stamp.

We use this automatically collected information to analyse trends such as browser usage and to administer the site, e.g. to optimise the Sites experience depending on your browser type. We may also use your IP address to identify your country and also to protect our business against fraudulent behaviour.

Lightspeed defines cookies within 3 categories:

  • Required to use the Sites
  • Security-specific
  • Behavioural or advertising research cookies

For more information, please log in and access your cookie preferences page for your account where you are able to adjust your cookie settings.

As you use the Internet, a trail of electronic information is left at each website you visit. This information, which is sometimes referred to as ‘clickstream data’, may be collected and stored by a website’s server. Clickstream data can tell us the type of computer and browsing software you use and the address of the website from which you linked to the Site. We may collect and use clickstream data as aggregated information to anonymously determine how much time visitors spend on each page of our Sites, how visitors navigate throughout the Sites and how we may tailor our web pages to better meet the needs of visitors. This information will be used to improve our Sites and our Services. Any collection or use of clickstream data will be anonymous and will not intentionally contain any personal data.

5. Accuracy

We take reasonable steps to keep personal data in our possession or control accurate, complete and current, based on the most recent information made available to us by you and/or by our client.

We rely on you to help us keep your personal data accurate, complete and current by answering our questions honestly. You are responsible for ensuring that you notify us of any changes to your personal data.

6. Children’s Data

Lightspeed recognizes the need to provide further privacy protections with respect to personal data collected from children. Our Sites are not intended or designed to attract children under the age of 16. We do not knowingly collect personal information from or about any person under the age of 16. If you are under 16 years old and wish to ask a question or use this Site in any way which requires you to submit your personal information, please ask your parent or guardian to do so on your behalf.

7. Rights of Individuals

To request access to personal data that we hold about you, you should submit your request in writing to the e-mail address or postal address shown below in “How to Contact Us”.

You have the following rights in relation to your personal data:

  • Right to change your mind and to withdraw your consent
  • Right to access your personal data
  • Right to rectify your personal data
  • Right to erase your personal data from our systems, unless we have legitimate interest reasons for continuing to process the information
  • Right to port your personal data (portability right)
  • Right to restrict processing of your personal data
  • Right to object to the processing of your personal data

We shall also notify third parties to whom we have transferred your personal data of any changes that we make on your request. Note that while Lightspeed communicates to these third parties, Lightspeed is not responsible for the actions taken by these third parties to answer your request. You may be able to access your personal data held by these third parties and correct, amend or delete it where it is inaccurate.

As part of the Lightspeed Business Continuity Plan, and as required by ISO 27001, ISO 9001, ISO 20252 and in certain instances the law, our electronic systems are backed up and archived. These archives are retained for a defined period of time in a strictly controlled environment. Once expired, the data is deleted and the physical media destroyed to ensure the data is erased completely.

8. Data Storage and Retention

Personal data will be retained only for such period as is appropriate for its intended and lawful use. Lightspeed will retain your personal data for as long as you have not unsubscribed from our database. In case you unsubscribe from our database, we shall retain data for no longer than 3 months after you unsubscribe, unless otherwise required by law. Personal data that is no longer required will be disposed of in ways that ensure their confidential nature is not compromised.

As part of the Lightspeed Business Continuity Plan, and as required by ISO 27001, ISO 9001, ISO 20252 and in certain instances the law, our electronic systems are backed up and archived. These archives are retained for a defined period of time in a strictly controlled environment. Once expired, the data is deleted and destroyed to ensure the data is erased completely.

9. Notification of Material Change

We reserve the right to change, add to, or remove portions from this Privacy Policy at any time. You should read this page regularly to ensure you are updated as to any changes. However, if any material change is made to this Privacy Policy, we will notify you of that change. Non-material changes to this Privacy Policy will be announced through the Sites only. Your continued access to the Sites and Services after such changes conclusively demonstrates your consent to any changes.

We will always display the most up-to-date privacy policy on this web page.

10. How to Contact Us

If you have any questions or concerns relating to your privacy or to Lightspeed privacy practices, you can contact Lightspeed:

11. Complaints and Country Specific Disclosure

If you consider that our processing of your personal data infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state or jurisdiction of your habitual residence, your place of work or the place of the alleged infringement. To find the contact details of your country supervisory authority, please consult our dedicated page.