Privacy Policy

1. Who We Are

Trilogy Research Ltd (“Trilogy”) is the controller of personal data processed through our websites, platforms, and services. This Policy applies globally in compliance with UK GDPR, the Data Protection Act 2018, EU GDPR, and other applicable international data protection laws.

2. Our Role

We act as a controller when processing personal data for our own business purposes, such as through our website, email, or marketing. When providing services to clients, we may also act as a processor under their instructions.

3. Data We Collect

We collect personal information including your name, business contact details, job title, and records of communications. We may also collect related technical data such as IP addresses and browser information. We also use cookies and similar technologies to monitor website usage and improve performance.

4. How We Use Your Data

We use personal data to provide and enhance our services, manage relationships, respond to enquiries, monitor quality, ensure security, and meet legal obligations. The legal bases for processing are performance of a contract, legitimate interests, legal requirements, and where required, your consent.

5. Professional and Business Data

We may process information relating to client relationships, transactions, or collaborations, including data provided by business partners and professional advisers. We do not make decisions with legal or similarly significant effects solely by automated means without safeguards and the option of human review.

6. Marketing and Consent

Where consent is required, such as for certain marketing communications, we will obtain it in advance. You can opt out of marketing at any time. We comply with the Privacy and Electronic Communications Regulations (PECR), EU ePrivacy rules, and equivalent laws in other jurisdictions where applicable.

7. Sharing Your Data

We may share data with trusted service providers such as hosting, analytics, and security vendors, as well as professional advisers and group entities. All recipients are bound by confidentiality and data protection obligations. We do not sell personal data.

8. International Transfers

If we transfer your data outside the UK or EEA, we apply safeguards such as the EU Standard Contractual Clauses and the UK International Data Transfer Addendum to ensure protection.

9. Security and Retention

We apply appropriate technical and organisational measures to protect personal data, including encryption and access controls. Data is retained only for as long as necessary to fulfil its purpose or as required by law.

10. Your Rights and Contact

You have rights under data protection law, including the right to access, correct, delete, or restrict your data, to object to certain processing, and to request data portability or withdraw consent where processing is based on consent. To exercise your rights, please contact us. If you are in the UK, you may also contact the Information Commissioner’s Office (ICO). If you are in the EEA, you may contact your local supervisory authority.