top of page

Data Protection and Privacy Policy

UNPITCHD LTD. 

1. Introduction

UNPITCHD LTD. (“UNPITCHD”) is committed to protecting the privacy and security of personal data collected and processed in connection with our research activities. This policy sets out how we gather, use, store, and share personal data, in compliance with the UK Data Protection Act 2018, the UK GDPR, and other applicable laws.

For commissioned research, the commissioning organisation acts as the data controller, and UNPITCHD acts as a data processor.


2. Consent and Lawful Basis

  • Explicit Consent: Before any personal data is collected, participants provide explicit consent via a signed form, tick-box confirmation, or other clear affirmative action.

  • Participation as Confirmation: In cases where participants have been clearly informed about the research and choose to participate (e.g. by responding to a research message), such engagement will be treated as confirmation of consent for the agreed purpose.

  • Sensitive Data: Any special category data (e.g. health, ethnicity, biometric information) will always require explicit, written consent.

  • Right to Withdraw: Consent can be withdrawn at any time without affecting the lawfulness of processing based on consent before withdrawal.


3. Confidentiality and Non-Disclosure

  • Participants: Participants agree not to disclose, share, or use confidential information received during research for any purpose other than participation.

  • Employees and Contractors: All UNPITCHD employees, associates, and contractors are bound by confidentiality agreements and trained in data protection and security.

  • Duration: Confidentiality obligations apply indefinitely unless otherwise agreed in writing.


4. Collection, Use, and Storage of Personal Data

  • Types of Data: Personal data may include names, contact details, demographic information, photographs, video/audio recordings, and research responses.

  • Purpose: Data is collected solely for research and insight purposes, enabling commissioning organisations to better understand customer behaviour.

  • Platforms:

    • WhatsApp – first name, phone number, photos, videos.

    • Airtable – names, contact details, demographics, responses.

    • Other third-party software – used securely to support collection, analysis, and storage.


5. International Data Transfers

Where personal data is transferred outside the UK/EEA (for example, where third-party software providers store data on overseas servers), UNPITCHD ensures appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions, in line with GDPR requirements.


6. Data Retention and Deletion

  • Retention Period: Personal data is retained for up to 15 months after the conclusion of the research, unless otherwise required by law or contract.

  • Deletion: After this period, all personal data is permanently deleted from our systems.


7. Children’s Data

UNPITCHD does not knowingly recruit participants under the age of 16 without verified parental or guardian consent. Where under-16s are included in research, explicit parental consent is required and recorded.


8. Data Subject Rights

Participants have the following rights under GDPR:

  • Access to their personal data.

  • Rectification of inaccurate data.

  • Erasure of their data (“right to be forgotten”).

  • Restriction or objection to processing.

  • Data portability.

  • Right to lodge a complaint with a supervisory authority.

UNPITCHD will manage rights requests where it processes data directly, or forward requests to the commissioning organisation where applicable.


9. Use of Photo, Video, and Audio Materials

  • Scope: Such materials are used only for internal research purposes by UNPITCHD and the commissioning organisation.

  • Consent: Additional explicit consent is required before any external or public use.

  • IP Rights: By providing such materials, participants transfer copyright and related rights to UNPITCHD for the purpose of research.


10. Security and Risk Management

  • Safeguards: Personal data is stored on encrypted servers with access limited to authorised personnel only.

  • Employees: All staff and contractors are trained in data protection, confidentiality, and security procedures.

  • Third-Party Providers: UNPITCHD works only with providers who demonstrate appropriate security standards.

  • Disclaimer: While robust measures are in place, no system is entirely risk-free. UNPITCHD cannot guarantee absolute security of data.

  • Limitation of Liability: UNPITCHD is not responsible for losses, damages, or breaches caused by third-party providers or circumstances beyond its reasonable control.


11. Monitoring and Auditing

Regular audits of privacy and security practices are conducted. Outcomes are used to improve policies, processes, and systems on a continuous basis.


12. Contact Information

Data Protection Officer (DPO):
Stéphanie Renucci
Email: steph@unpitchd.com
 

13. Updates to This Policy

This policy may be updated periodically to reflect legal, contractual, or operational changes.
Last updated: September 2025

bottom of page