Privacy Notice

Last Updated January 2024

1.   Scope of this Privacy Notice

This Privacy Notice aims at informing website visitors, our business and research partners, and other stakeholders with whom we engage, about how we process their personal data. We are committed to processing personal data responsibly, securely, and proportionally throughout our business.

Please visit our Recruitment Privacy Notice for information on how we process personal data as part of recruitment at Trilateral Research.

2.   Who we are

Trilateral Research Ltd (“we” or “us”) is a UK limited liability Company. We are registered in England and Wales under company number 8698690 and have our registered office at One Knightsbridge Green, London, SW1X 7QA.

Our subsidiary company Trilateral Research Limited is an Irish limited liability company registered in Ireland under company number 616396, with registered offices in FDW House, Blackthorn Business park, Coes Road, Dundalk, Co. Louth, A91 RW26.

This Privacy Notice applies to both our UK and Irish entities as the data controllers of your personal data. If you have any queries in relation to this or any other Trilateral Research privacy notices, please refer to the contact us section at the end of this notice.

3.   How we collect your personal data

We collect personal data both directly and indirectly from individuals.

We obtain personal data directly from individuals in a variety of ways, including, but not limited to, when:

  • Subscribing to our newsletter/s
  • Registering to attend meetings and events we host and during your attendance at such events
  • Visiting our offices
  • Establishing a business relationship
  • Performing professional services pursuant to a contract
  • Participating in a form or survey for the purpose of a proposal and/ or tender writing that we perform either independently or in collaboration with you


We obtain personal data indirectly about individuals from a variety of sources, including:

  • Our business partners
  • Our research partners
  • Our clients
  • Public and open data sources, such as public registers (e.g., Companies House), news articles and internet searches
  • Social and professional networking sites (e.g., LinkedIn)

4.  The lawful bases for processing your personal data

We process personal data on the following bases:

  • Consent – When you consent to the processing of your personal data for example, when you sign up to receiving our newsletter
  • Contract – When processing is necessary for the performance of a contract with you or, to take steps at your request prior to entering into a contract;
  • Legal obligation – When necessary to meet any legal obligation requiring us to do so;
  • Legitimate interest – When it is necessary for us to achieve the following legitimate interests, including:
    • Enhancing our research and consulting service delivery for clients; and
    • Undertaking direct marketing and providing insights and speciality knowledge we believe is welcomed by our clients, research partners, subscribers and individuals who have interacted with us.

5.   What we do with your personal data

We process your personal data for purposes including:

  • Providing Trilateral Research’s services and collaborating across projects.
  • Promoting our professional services, including research, consulting and product development, to existing clients and, with their prior consent, to prospective clients
  • Administering and facilitating attendance at events and webinars
  • Administering, maintaining and ensuring the security of our information systems, applications and websites
  • Processing online requests or queries, including responding to communications from individuals, or requests for proposals and quotations
  • Complying with legal and regulatory obligations

6.   How we secure your personal data when we process it

We implement and enforce technical and organisational security policies and procedures to protect personal data (including sensitive personal data) from loss, misuse, alteration or destruction. Individuals with access to personal data are required to maintain the confidentiality of such information. We install and regularly update all security and anti-virus software on our systems.

7.   Do we share personal data with third parties?

We occasionally share personal data with trusted third parties to help us deliver efficient and quality services. When we do so and where required, we ensure that recipients are contractually bound to safeguard the data we entrust to them before we actually share the data. We engage with the following categories of recipients:

  • Third party suppliers who provide us with software and IT services
  • Financial accounting services
  • Our professional advisers, including lawyers, auditors and insurers
  • Payment service providers
  • Marketing service providers
  • Law enforcement or other government and regulatory agencies (e.g., HMRC) or to other third parties as required by, and in accordance with applicable law or regulation
  • The European Commission when we are required by them to do so in relation to our work with them on EC funded FP7 and H2020 projects
  • Third parties that assist Trilateral Research in carrying out its functions.

It is our policy to only use third-party processors that are bound to maintain appropriate levels of data protection, security and confidentiality, and that comply with any applicable legal requirements for transferring personal data outside the UK and/or EEA/EU.

8.   Do we transfer your personal data outside the European Economic Area?

It is our preference to process personal data within the UK and EEA whenever possible. However, in some cases, third country transfers outside the UK and EEA may occur. In such a case, where a country does not have an adequacy decision, Trilateral Research generally applies appropriate safeguards through the implementation of  Standard Contractual Clauses (SCCs). We may engage with service providers in the US to manage the payment of salaries, bookkeeping and for accounting purposes. When transferring data to the US, we rely on the EU-US Data Privacy Framework.

9.    Do we use cookies?

Our websites use cookies. To learn more, please refer to our cookie policy.

10.   Your data protection rights 

Data protection legislation gives you certain rights over your personal data, rights are not absolute and whether you can exercise them will depend upon why we are processing your personal data. These rights are outlined below:

  • Right to withdraw consent. If you have previously given your consent, you can withdraw it at any time. This will not affect the lawfulness of any processing carried out before you withdraw your consent.
  • Right of access. You can ask us to verify whether we are processing personal data about you, and if so, to have access to a copy of such data.
  • Right to rectification. You can ask us to correct our records if you believe they contain incorrect or incomplete information about you. Please note that you are responsible for providing correct, accurate, complete and up-to-date information with regard to your job application. Please keep us updated about any changes regarding your personal data during your relationship with us. In certain circumstances Trilateral can refuse a request for rectification.
  • Right to erasure. You can ask us to erase your personal data after you withdraw your consent to processing or when we no longer need it for the purpose it was originally collected. The right to erasure is not an absolute right and only applies in certain circumstances.
  • Right to restriction of processing. You can ask us to temporarily restrict our processing of your personal data in certain cases.
  • Right to data portability. In some circumstances, you can ask us to transmit your personal data (in a structured, commonly used, and machine-readable format) directly to another company. The right only applies to information you have provided to us, and under specific lawful bases.
  • Right to object. You can object to our processing of your personal data justified by our or a third party’s legitimate interests, on grounds relating to your particular situation. This right is not absolute and we may keep processing your data if we can prove compelling legitimate grounds for doing so.
  • Right not to be subject to a decision based solely on automated processing. Where we use automated decision making, we will only do so in compliance with the law and we will ensure there is an opportunity for you to seek human intervention.

If you wish to exercise your rights, please refer to the contact us section at the end of this document.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information, or to exercise any of your other rights. This helps us to ensure that personal data is not disclosed to any person who has no right to receive it. No fee is required to make an initial request unless your request is clearly unfounded or excessive.

If you are not satisfied with the way that we have handled your request or if you wish to make a complaint about how we have processed your personal data, you can  contact the UK Information Commissioner’s Office and Irish Data Protection Commission regarding any concerns you may.

Information Commissioner’s Office


Wycliffe House

Water Lane




Tel: 0303 123 1113

Data Protection Commission


21 Fitzwilliam Square South

Dublin 2

D02 RD28


Tel: +353 57 868 4800


11.  How long do we retain personal data?

We retain personal data for the period deemed necessary to provide our services and carryout our business functions, to stay in contact with you, meet our contractual obligations, and to comply with applicable laws, regulations and professional obligations that we are subject to. Following the expiry of the retention period, and unless further legitimate grounds for retention arise, we will dispose of personal data in a secure manner.

Typical examples of different time frames include but are not limited to those relating to our obligation to retain data concerning European Union research projects (H2020, Action Grants, FP7, etc.) for up to 10 years after the end of the project (unless further retention is requested by auditors).

Where the records and documentation containing personal data have been collected within the delivery of an EC project, the Commission/Agency will process it in compliance with Regulation (EU) 2018/1725 and archive it for at least 5 years after the balance is paid unless there are ongoing procedures such as audits, investigations or litigations, in which case the evidence must be kept until these end, even if this is longer than five years.

12.   Do we link to other websites?

Our websites may contain links to other sites, including sites maintained by Trilateral Research that are not governed by this Privacy Notice. Please review the destination websites’ privacy notices before submitting personal data on those sites. Whilst we try to link only to sites that share our high standards and respect for privacy, we are not responsible for the content, security, or privacy practices employed by other sites.

13.   Do we change this Privacy Notice?

We keep our Privacy Notices under regular review. This Privacy Notice was last updated in January, 2024. For any updates, please return to the Privacy Notice.

14.   Contact us

Should you have any queries or concerns regarding your personal data, or wish to exercise any of your rights, then please contact our Data Protection Team:



Telephone: + 44 (0) 207 052 8285 

Post: Trilateral Research, 1 Knightsbridge Green, London SW1X 7QA 


Telephone:  +353 (0)51 833 958

Post: Trilateral Research IE, 2nd Floor Marine Point, Belview Port, Waterford, X91 W0XW

We will respond to your queries within 30 days from when we receive them subject to receipt of any requested confirmation of your identity.