Privacy Notice

1. Who we are

Frame is a UK-based research, insight and engagement organisation. We work with public-sector bodies, higher education institutions and voluntary-sector organisations to understand people’s experiences and support learning, improvement and systems change.

For the purposes of data protection legislation, Frame is the data controller for the personal data described in this notice.

2. Personal data we collect

The personal data we collect depends on the nature of the project.

This may include:

  • Name

  • Job title and organisation

  • Work contact details (such as email address or telephone number)

  • Professional views or opinions shared in a work context

In some research and evaluation projects, we may also collect information relating to people’s lived experiences. Where this includes special category data (for example, information about health or personal circumstances), this is handled with additional care and safeguards.

We collect only the minimum personal data necessary for each project.

3. How we collect personal data

Personal data may be collected directly from individuals (for example, through interviews, workshops, surveys or correspondence) or provided by commissioning organisations where appropriate and lawful.

When data are collected directly, individuals are informed about how their data will be used as part of the research process.

4. How we use personal data

We use personal data to:

  • Deliver research, evaluation and engagement projects

  • Communicate with participants, stakeholders and project partners

  • Analyse information and produce reports or learning outputs for clients

Personal data is used only for the purposes agreed at the outset of each project.

5. Lawful basis for processing

We process personal data under one or more lawful bases set out in UK GDPR, depending on the project. These may include:

  • Consent

  • Performance of a contract

  • Legitimate interests

  • Compliance with a legal obligation

The appropriate lawful basis is identified and considered for each project.

6. Research recordings, transcription and anonymisation

In some projects, interviews or discussions may be audio-recorded to support accurate analysis.

Where audio recordings are used:

  • Participants are informed in advance

  • Recordings are stored securely with restricted access

  • Audio is used only for transcription and analysis

  • Audio files are deleted once transcription and checking are complete, unless there is a clear and agreed reason for retention.

Transcription may be carried out by Frame or by trusted transcription providers operating under confidentiality and data protection agreements.

Where appropriate, data is anonymised or de-identified, including by removing names and other direct identifiers. Findings are reported in ways that minimise the risk of individuals being identified.

7. How we store and protect personal data

Personal data is stored securely using reputable cloud-based systems, including Google Workspace.

Security measures include:

  • Restricted access to authorised users only

  • Strong passwords and multi-factor authentication where available

  • Secure storage and transfer of files

  • Use of supported devices and software with regular security updates

Security arrangements are proportionate to the nature and sensitivity of the data being processed.

8. Sharing personal data

We do not sell personal data.

Personal data may be shared:

  • With commissioning organisations, where appropriate and agreed

  • With trusted service providers (such as transcription services) where necessary to deliver a project

Any third parties must meet appropriate confidentiality and data protection standards.

9. International transfers

We do not actively transfer personal data outside the UK.

Where cloud-based services are used, any international processing is managed by the service provider under UK GDPR-compliant safeguards.

10. How long we keep personal data

We retain personal data only for as long as necessary to deliver the project and meet any legal or contractual requirements.

Data is then securely deleted, anonymised or returned to the commissioning organisation, in line with agreed arrangements.

11. Your rights

Under UK GDPR, you have rights in relation to your personal data, including the right to:

  • Access your personal data

  • Request correction or deletion

  • Object to or restrict processing

If you wish to exercise your rights, please contact us using the details below.

12. Contact details

If you have any questions about this Privacy Notice or how we handle personal data, please contact our team.
Email: hello@framecollective.org.uk