Privacy & Cookies

This privacy policy covers Step Beyond Ltd.

  1. Purpose Of The Policy

Step Beyond Ltd values the right to privacy and is committed to ensure all personal data is obtained, processed and used in a safe, secure, ethical and transparent way. Your privacy is important to us, and we appreciate your trust that we will use your personal data both carefully and sensibly, in conformity with the principles laid out in this Privacy Policy.

This Privacy Policy is meant to help you understand what personal data we collect about you, why we collect it, and what we do with it. References to personal data in this Privacy Policy include any information which directly or indirectly identifies you, such as your name, surname, demographic and personal information, online identifiers and e-mail address.

Please note that this Policy applies in conjunction with other policies and procedures. It does not establish contractual or legal rights for any persons, but intends to comply with Regulation (EU)  2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter, the ‘General Data Protection Regulation’ or ‘GDPR’).

As your data controller, we determine why and how we process your personal data. This privacy policy outlines which personal data we collect about you (Section 3.1), what legal grounds we rely on to collect your personal data (Section 3.2), how we protect your personal data (Section 4), to whom we disclose your personal data (Section 5), if necessary outside the European Union (Section 6). In addition, we also define for how long we need to keep your personal data (Section 7) and which measures we adopt in order to securely and permanently remove your personal data when the right time comes (Section 8).


  1. Who Controls Your Personal Data

Step Beyond Ltd is the controller of the personal data you submit to us and is responsible for the processing of your personal data under the applicable data protection legislation. Our registered address is Maltings, Aston, Stone ST15 0BW


  1. How We Collect & Process Your Personal Data

3.1 Personal Data We Collect About You

Because data privacy is of high importance for us, we intend to remain open and transparent about how we use your personal data. Step Beyond will only collect your personal data where necessary for our research projects.

We may collect, use and disclose (i.e., process) the following types of personal data about you: your contact information, such as a name, surname, address, e-mail address, IP address and telephone number. We may also collect demographic information to ensure our surveys are representative of the wider population and to use in our analysis to help us understand the needs of specific groups.

Although we are technically considered ‘data controllers’, the ultimate control over your personal data remains with you at all times. Provided you give us a proof of your real identity, you have the right to request access to a copy of the personal data we currently maintain about you in a structured, commonly used and machine-readable format and obtain information regarding the processing, including whether we process your personal data for profiling purposes. In case you notice an error in your personal data, you may also request that we rectify the inaccurate personal data or complete your personal data.

3.2 Legal Grounds For Processing

Under the applicable data protection legislation, personal data may only be collected and processed based on a limited number of legal grounds. At Step Beyond, we rely on one of the following grounds to process your personal data:

  1. Legitimate interests of Step Beyond (e.g. for our analysis of our market research surveys to understand needs and experiences of different types of people);
  2. Your explicit and informed consent (e.g. when you agree to take part in one of our surveys)

You may object at any time to the use of your personal data for profiling by Step Beyond, provided that we process your personal data based on our legitimate interests, by contacting our data protection officer using the contact details below, without any additional cost.


  1. How We Protect Your Personal Data

Step Beyond is committed to the processing of your personal data in a lawful, fair and transparent manner. Accordingly, we will only use your personal data if we have a valid reason for doing so and provided you have been informed of the processing purposes beforehand, at the time we collected your personal data.

Moreover, Step Beyond guarantees that any processing of your personal data will be limited to what is necessary, adequate and relevant in order to achieve the purposes for which personal data is collected. Step Beyond will use anonymized or pseudonymized data, e.g. for our internal analysis and reporting purposes, in compliance with the Market Research Society’s Code of Conduct.

Because the protection of your personal data is of the upmost importance to us, Step Beyond is also dedicated to protect your personal data and the systems it is held in. We have defined and implemented adequate technical and organisational measures against any unauthorised access, unlawful use, accidental loss, corruption or destruction. This way, Step Beyond is confident that your personal data will be processed on a strictly ‘need to know basis’, when and where appropriate and necessary.

As we are fully aware threats evolve and diversify we regularly review and update our security measures and infrastructure, with a view to mitigate operational risks and maintain our security programs up to the latest industry-accepted standards and best practices.

We will securely delete your personal information 12 months after you have taken part in any research project. We will also keep your personal data separate to the answers you give to our surveys.


  1. External Parties With Whom We May Share Your Personal Data

Where relevant and necessary for the purpose of the processing activity, we may occasionally need to disclose your personal data to other appropriate organisations who have a need to know (so-called ‘third party recipients’), based on our legitimate interest. This might for example include our data processing partners or fieldwork quality supervisors.

Each time your personal data is shared externally, this will be covered by strict data processing agreements, where Step Beyond remains the data controller and the third parties involved act as data processors. Step Beyond shall restrict the access and transfer of your personal data to trusted third party recipients who demonstrate an adequate level of data protection. Moreover, these third-party recipients will be required to delete or return all the personal data to Step Beyond after the end of the provision of Services relating to the processing and delete existing copies, unless the law requires storage of the personal data.


  1. International Transfers Of Your Personal Data

Insofar as your personal data needs to be transferred from the European Economic Area to a country outside of it which does not offer adequate protection of personal data, appropriate safeguards will be put into place to protect personal data to standards which are equivalent to the standards contained in this Privacy Policy. In other words, Step Beyond will remain responsible for the processing of your personal data and will take the necessary measures to protect the processing thereof by relying e.g. on the EU-U.S. Privacy Shield.


  1. How Long We Keep Your Personal Data

Step Beyond only keeps your personal data for as long as necessary to fulfil the purpose for which we initially collected it. Under the MRS Code of Conduct we are obliged to keep it for a minimum of 12 months after you take part in the survey. After 12 months we will securely erase your data.


  1. How We Erase Your Personal Data

Under certain circumstances, and provided you give us a proof of your real identity, you may exercise your right to request the erasure of your personal data. Please be aware that this is only possible to the extent that the personal data is no longer necessary for the initial purpose (i), if the processing was based on your consent and you withdrew it (ii), or where you have already objected to the processing based on our legitimate interest (iii).

Except when we need to keep a copy of your personal data for statistical purposes, or insofar as we are legally required to retain a copy of your personal data, you can rest assured Step Beyond shall either securely dispose of or permanently anonymize your personal data once we have fulfilled the initial processing purpose and when further retention of your personal data is not necessary anymore.


  1. Your Rights As Data Subjects

For further information or if you wish to exercise one of your above-mentioned rights, please contact us at We will do our best to reply to your e-mail as soon as possible, and in any case within one month. If fulfilling your request necessitates more time, we will keep you informed of this and come back to you within two additional months. Step Beyond will charge you nothing for this request, unless we have already provided you with the requested information previously or it appears unreasonably difficult for us to retrieve it. In such case, we will inform you beforehand of the administrative fee.

If you are not satisfied with the way we handled your request, you have the right to request the restriction of our use of your personal data and lodge a complaint with the supervisory authority responsible for the protection of personal data in your country of residence. Although we sincerely hope this won’t be necessary, we have provided the contact details of the relevant data protection authorities below.


The Information Commissioner’s Office

Water Lane, Wycliffe House, Wilmslow – Cheshire SK9 5AF
Tel: +44 1625 545 745