Me + My Workplace

Privacy Policy

This survey toolkit and communication portal is managed by Think iDEA Ltd ( iDEA ), who are committed to protecting your privacy and confidentiality. This privacy policy sets out how we use and protect the information that you provide to us when you use this website.

iDEA is committed to ensuring that your privacy is always protected. Should we ask you to provide certain information by which you can be identified, you can be assured that it will only be used in the ways set out in this privacy policy.

iDEA may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes.

This policy is effective from 25/05/18 and complies with the EU General Data Protection Regulation (GDPR) as from May 25th 2018.

What information do we collect?

Where you have been asked to respond to a survey, we will collect your responses to questions about the way you use your workplace, which may include any additional information you provide us in forms and summary pages that appear from time to time. Additionally, when you visit both the survey and the communications portal, we may collect information about your visit such as your IP address, your browser and device, the page you have viewed and when.

By using our services or submitting personal information through this website, you expressly consent to the processing of your personal information according to this privacy policy.

How do we use your information?

Any survey responses you provide us will be aggregated in order to provide a snapshot of how your organisation currently uses its space. This data will be presented in reports as part of the work your organisation has contracted us to provide.

Where you have been given a unique access token to the communication portal, this will provide you with individual access to the website.

Where article comments and discussion topics are enabled and you contribute to these, your responses will be associated with your access token in order to attribute them to you.

How do we share your data?

The data we collect will be solely used for the purpose of the work your organisation has appointed us to carry out and the analysis of results will not refer to individuals. Only anonymous and summarised results will be shared with management. The information we will produce and share with our corporate and research partners will only relate to aggregated analysis and not individual responses. No individual data will be shared with any other third parties.

We will take all reasonable steps to ensure that we fully protect your rights and comply with our obligations under the Data Protection Act 1998, the Privacy and Electronic Communications (EC Directive) Regulations 2003, as amended in 2004, 2011 and 2015, and the General Data Protection Regulation (GDPR) which comes into force from 25th May, 2018.

How long we keep your information?

We will keep your personal information only where it is necessary to provide you with access to the surveys you have been asked to complete, and to provide you with support if required. Once your survey is complete, and we no longer need to contact you for support or project communications, it will be anonymised to retain the confidentiality of your responses.


Data security is of great importance to us, and to protect your data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure data we collect.

Notwithstanding the security measures that we take, it is important to remember that the transmission of data via the internet may not be completely secure and that you are advised to take suitable precautions when transmitting to us data via the internet.

Other websites

This privacy policy applies only to this website and information you provide to iDEA. There may be links to third-party websites over which iDEA has no control. When you click on these links, you will leave this website and thereafter the third-party’s privacy policy will apply.

Where is your information processed?

Information we may collect from you is processed in the UK and European Economic Area (EEA). Where information is processed by suppliers outside the EEA, ensure that these suppliers have accreditations sufficient to acknowledge the safe handling and storage of data from the EEA.

Our legal basis for processing your information

We have a number of lawful reasons that we can use to process your personal information.

These include processing personal information where it is necessary to fulfil a contract with your organisation, where we are required to as a legal obligation and where we have a legitimate interest to do so.

Broadly speaking, legitimate interests means that we can process your personal information if:

We process personal information in order to record your responses to our surveys, to provide support should you need help in order to complete the survey, and to provide access for to the communications portal. If you choose not to provide us with this information, or do not wish us to collect and use this information in these ways, it may mean we will be unable to provide you with support, record your responses to our survey or grant access to the communications portal.

How we use cookies

Cookies are small text files that are sent by web servers to web browsers and can be used by web servers to identity and track users as they view different pages on a website or return to a website. They may be either persistent cookies or session cookies and may contain unique identifiers.

A persistent cookie will be stored by the browser and will remain valid until its set expiry date (unless deleted by the user before this date). A session cookie, on the other hand, will expire at the end of the user session when the web browser is closed.

For more information on the cookies we use and how to manage your cookies, please view our cookies policy.

If you'd like to learn more about cookies in general and how to manage them, visit

Your individual rights

You have several rights in relation to how iDEA uses your information. They are:

Right to be informed

You have a right to receive clear and easy to understand information on what personal information we have, why and who we share it with – we do this in our Privacy Policy and privacy notices.

Right of access

You have the right of access to your personal information.
If you wish to receive a copy of the personal information we hold on you, you may make a data subject access request at no expense by contacting us at [email protected]

Right to request that your personal information be rectified

If your personal information is inaccurate or incomplete, you can request that it is corrected. If the request concerns sensitive data, we will update the necessary databases and store your request as a hard copy in a locked filing cabinet as well as a soft copy on our protected server.

Right to request erasure

You can ask for your information to be deleted or removed if there is not a compelling reason for iDEA to continue to hold it.

We will supply a request form for the erasure of personal data that doesn’t need to be maintained for legal obligations or exercise of official authority. In order to erase this data, we will delete all soft copies off of our server and hard copies will be shredded and disposed of safely.

Right to restrict processing

You can ask that we limit the processing of your personal information for certain reasons. This means that we are still permitted to keep your information – but only to ensure we don’t use it in the future for those reasons you have restricted.

Right to object

You can object to iDEA processing your personal information where:

In which circumstances do we report a data breach?

A loss of personal data does not result in a data breach unless the breach results in a risk to the rights and freedoms of an individual, a detrimental effect on their reputation, financial loss, loss of confidentiality, discrimination or any significant economic or social disadvantage.

Should a data breach occur, we will:

If the breach occurs or is discovered outside normal working hours, it must be reported as soon as is practicable. The DPO or response team lead will act as a point of contact in order to coordinate a response team in carrying out the following procedure:

How to make a complaint

We will always strive to collect, use and safeguard your personal information in line with data protection laws and our Privacy Policy.

If you are still unhappy, you can complain to our Supervisory Authority. You can find their contact details on the ICO website

How to contact us

If you have any other questions about your personal information, please contact us.

The Mill
+44 (0)1743 719070

Somerset House
West Wing
+44 (0)20 7613 0273