Because we are a research company and it's important to honour privacy, we'll honour both your privacy and the privacy of participants.

We abide by both the European General Data Protection Regulation (GDPR) and the Australian Privacy Amendment (Notifiable Data Breaches) Act 2017. As individual members of the Australian Market & Social Research Society ( the company directors and primaries (Gary Bunker and Andrea Garin) also ensure and commit to the Privacy (Market & Social Research) code 2014.

Which all means, we take your privacy seriously. Read our Privacy policy below.

Information collection and use

Personal information

We collect personal information in order to recruit participants for our research. This information can include names, email addresses, phone numbers and other details provided during research recruitment to identify how well people fit the profile we are looking for. We collect personal information in the following ways:

  • When you provide that information to us directly 
  • When you provide that information to a recruitment firm working on our behalf
  • We do not collect your personal information via cookies or any other automated means.

We use personal information in order to process our Contract of Engagement with our clients. This includes organising and running research and providing our expert services to our customers. We do not sell, distribute or re-use your personal information.

The personal information we keep may include your full name, contact details (email and phone) and classification information such as gender, age and product/service usage. If we need to make a direct banking payment to you then we may temporarily keep your banking details, but these will be deleted once used. Details of the payment will be retained by our banking service as is required by law.

At certain times we may need to process or use your personal information as required by law, or to safeguard our legal rights (for example in establishing and defending legal claims). 

When you provide information to us directly in order to enquire about or purchase our services we may store your personal information within our email and CRM system, for the purposes of making contact with you again in the future. We do not use this to add you to any contact or mailing lists, and will delete this information immediately upon request.

When your information is provided to us b a recruitment firm we will use that information only for the purposes of the single project for which it has been gathered. Your information may be stored within our project files but will be deleted at the end of the project. We have processes in place to ensure that all your personal data apart from your first name is deleted or obscured permanently once the project is complete.

Personal information of people who take part in research is not passed on to companies who buy our research - only non-personal information is provided.

We built a research tool to help us run research. We use this tool to record the observations and the feedback we capture during our sessions. This tool stores information within Australia and is therefore subject to the same laws and responsibilities as our company. Personal information (including name, email and phone number) stored within this tool is permanently encrypted 1 month after the completion of a project to protect your privacy.


Non-personal information

In order to provide our services we record non-personal information. This information can include behaviour, comments, perceptions, responses to questions or your actions during research. We collect non-personal information in the following ways:

  • When you take part in research and we observe you during that research. We capture this information in text-form, but also sometimes in video and/or audio form.
  • When we later review our notes and observations taken during your research session
  • When we later review video or audio recordings taken during your research session
  • When we review any research data provided by you, including surveys, diary studies and/or documents you send to us as part of a research activity.
  • We do collect non-personal information via cookies when you visit our website. These are not third party cookies and we don’t track your use beyond our site. We don’t sell or share that information with anyone else.

We use non-personal information in order to process our Contract of Engagement with our clients. This includes providing insights and understanding via our research.

We also store videos during one-on-one user testing sessions, and audio for other forms of research. We will clearly inform you of when we are recording sessions, and what will happen with those recordings. These recordings are provided to the companies that ask us to run the research, without your personal identifying information. We delete all video and audio recordings at the completion of all projects. 


What we keep from our research

We do not keep personal information provided as part of our research. What we do keep is:

  • Your first name and session number
  • Your comments and responses to questions
  • Your behaviours and performance within the research environment (for example how you use a website or how long it takes to complete a task)

This information is provided to our customers as part of providing our services. It may be visible on a combined basis (for all people who took part in the research) or on an individual basis against your first name and session number. 

If you are a paying client then we keep the following information:

  • Your contact details
  • Your project details (including the outputs and deliverables provided but excluding videos and audio files and the personal information of participants, which are all deleted upon completion of the project)
  • Any analysis and insights provided to you by our team

We may also retain other files and contacts provided during the project, such as briefing documents, emails and reports provided to us by your team.


Where we keep your information

We keep all person and non-personal information about you both within our FlexUX research tool and within the professional Google Enterprise application world.

FlexUX research uses Australian Servers and stores all information within Australia.

At this point in time Google uses a range of servers which are not all based in Australia. 

Third parties

We only share your personal data with third parties if stipulated herein, if required under the applicable law (e.g. when we are obligated to share personal data with the authorities) or under your consent.


We have built FlexUX to be secure. We use Secure Socket layer Protocol (SSL) encryption, to make sure others can’t see what we are storing or sharing via FlexUX. We use well trusted online servers to manage access and security, and will always keep our security as up to date as possible. We are concerned about safeguarding the confidentiality of your personally identifiable information, so all information we capture is stored in Australian-based servers.

We will make any legally-required disclosures of any breach of the security, confidentiality, or integrity of your unencrypted electronically stored personal data to you via email or conspicuous posting on this website in the most expedient time possible and without unreasonable delay, consistent with (i) the legitimate needs of law enforcement or (ii) any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.

Your rights

You have rights over your own information and we respect that fact. Your rights include the following:

  • You can request to access your personal information
  • You can request a copy of your personal information
  • You can request that we rectify inaccurate or incomplete personal information
  • You can request that we permanently delete or destroy your personal information
  • You can request that we stop using your personal data and/or do not store your personal data online

You can also request that we stop using, delete or destroy your non-personal information collected as part of our research. We will do this, although please note that any payment made to you for the research will need to be refunded first. In cases where your non-personal information has already been provided to our customer will will request the destruction or deletion of such information on your behalf, but cannot guarantee this will take place.

We will honour all requests in relation to your personal information. Your information is yours.

Amending this Privacy Policy

Should there be a need to amend our Privacy Policy under the applicable data protection regulations, other applicable legal acts, case-law or guidelines issued by competent authorities, we will amend this Privacy Policy and may do so at any time. Please refer to this web page to see our Privacy Policy.

Governing law

As we are a company registered within Australia, the processing of your personal information shall be governed by the laws of Australia.


We welcome comments and suggestions regarding FlexUX and our Privacy Policy. Please send questions to If you believe your personal information has been misused or handled in such a manner contrary to the policy stated above, please contact us at

Contact us

If you’d like to talk to us directly then please contact