Malliavin preloader logo

Use of this website, and all services, as a client, affiliate or survey respondent, are subject to these terms and conditions which reflect and are subject to the Data Protection Act 2018 ("DPA") and the General Data Protection Regulation 2018 (GDPR).

Privacy Policy.

Updated on Friday 5th January 2024.

This privacy policy applies between you, the User of this Website, and Malliavin Ltd of 20-22 Wenlock Road, London, N1 7GU, England (hereinafter "Malliavin", "we", "us" or "our"), the owner and provider of this Website, and any other website or digital property owned and provided by Malliavin Ltd. Malliavin takes the privacy of your information very seriously. This policy covers use of this website and privacy issues pertaining to undertaking of surveys conducted by Malliavin on behalf of clients of Malliavin Ltd. As a result this privacy policy applies to any and all data processed by us or provided by you in relation to your use of this website and business activities, including your taking of surveys, and usage of data tools provided to you by Malliavin during the course of business as a client of Malliavin or a survey respondent. However, this policy does not cover third party contracts between you and third party services providers such as access panels, which may be agreed by the User, and any third party provider.

Definitions and interpretation

For the purposes of this privacy policy, the following definitions are used.

  • Personal information is any information relating to personal or material circumstances that relates to an identified or identifiable individual. This includes, for example, your name, date of birth, e-mail address, postal address or telephone number as well as online identifiers such as your IP address. In contrast, information of a general nature that cannot be used to determine your identity is not Personal information. This includes, for example, the number of users of a website.
  • Data Protection Laws: any applicable law relating to the processing of Personal Information. Personal Information, but including but not limited or the GDPR and DPA.
  • Malliavin is incorporated in English and Wales with registered number 11779552. The registered office is at 20-22 Wenlock Road, London, N1 7GU, England
  • User, you or yours, for the purpose of this policy refers to any third party that accesses the Website and is not either (i) employed by Malliavin and acting in the course of their employment or (ii) engaged as a consultant, or otherwise providing services to Malliavin and accessing the Website in connection with the provision of such services. (iii) a survey respondent, whose details have been supplied to Malliavin by the respondent or another party for legitimate business interests.

Principles of Data Processing

We process users' personal information only in compliance with the DPA and the GDPR. As such User data is only processed if the following legal permissions exist:

  • in order to provide our contractual services and online services
  • processing is required by law
  • with your consent
  • on the basis of our legitimate interests (i.e., interest in the analysis, optimization and economic operation and security of our Platform within the meaning of Art. 6 para. 1 lit. f) GDPR, in particular in measuring reach, creating profiles for advertising and marketing purposes, and collecting access data and using third-party services.

The above legal bases are set out as follows:

  • Consent (Art. 6 para. 1 lit. a. and Art. 7 GDPR)
  • Processing for the fulfilment of our services and implementation of contractual measures (Art. 6 para. 1 lit. b) GDPR
  • Processing for the fulfilment of our legal obligations (Art. 6 para. 1 lit. c) GDPR
  • Processing to protect our legitimate interests (Art. 6 para. 1 lit. f) GDPR

Categories of data subjects and types of data processed

During the course of using our website and services, we process the following types of data from visitors and users:

  • inventory data (e.g., names, addresses),
  • contact data (e.g., e-mail, telephone numbers),
  • content data (e.g., text entries, survey data, testimonials, etc..),
  • usage data (e.g., web pages visited, interest in content, access times), and
  • meta/communication data (e.g., device information, ip addresses).

Purpose of the processing

The Purpose of processing personal information are:

  • provision of the online offer, its functions and contents,
  • responding to contact requests and communicating with users,
  • security measures, and
  • reach measurement/marketing.

Data Collection

We may collect the following Data, given by specifically by you or collected automatically by the Website or by electronic or telephonic contact, which includes personally identifiable Data.

  • full name
  • contact information such as email addresses and phone numbers
  • street and postal addresses
  • IP address (automatically collected);
  • multimedia supplied by you in which you may or may not be personally identifiable.
  • in each case, in accordance with this privacy policy.

This data will be collected when you contact us through the Website or by any other means; and when you make payments to us, through this Website or by any other means, in each case, in accordance with this privacy policy. Data is also collected automatically through the use or this website.

We may collect any Personal Information that you choose to send to us or provide to us, for example, on our "Coffee?"", "Reach out", "Ready", "Let's Go", "Go", "Request a Demo" (or similar) online form or if you register for a Malliavin webinar. If you contact us through the Websites, we will keep a record of the correspondence.

Malliavin may gather various types of information within surveys, including information that identifies or may identify you as an individual ("Personal Information"). We may collect Personal Information when you participate in a market research survey from Malliavin. Such information includes a unique respondent identification number we assign to you and the responses you provide when completing the survey. In this context, you may choose to provide sensitive Personal DInformationata about you, such as Personal Information that discloses or reveals health and medical conditions, sexual orientation or sexual life, political opinions/views, race/ethnic origin, religious and philosophical beliefs, and trade-union membership. Where required by law, we obtain your explicit consent to the processing of your sensitive Personal Data. We may also collect content that you submit, upload, or transmit when using the Service, such as photos and videos. Any data that we collect during Malliavin surveys will be used solely for the research purpose agreed with our clients.

Any Personal Information or Sensitive Personal Data collected during Malliavin surveys will be used solely for the research purpose agreed with our clients, but we will obtain consent before collecting and these questions can be refused. In accordance with Art. 9 GDPR.

Based on the information you may give in our survey, we may carry out automated decision making or profiling about you. In most of cases this will not result in any legally significant decisions being made about you and will be used in a market research context only.

Any data that we collect during Malliavin surveys will be used solely for the research purpose agreed with our clients.

Data supplied to us by our clients or a 3rd party will be used solely for the research purpose agreed with our clients.

Any Personal Information or Sensitive Personal Information collected during Malliavin surveys will be used solely for the research purpose agreed with our clients, but we will obtain consent before collecting and these questions can be refused.

For trend monitoring, marketing and advertising. Monitoring the use of the website by third parties in order to optimise marketing both on the site and other third party marketing platforms.

For purposes made clear to you at the time you submit your information - for example, to fulfil your request for a demo, to provide you with access to one of our webinar's or whitepaper's or to provide you with information you have requested about our Services.

As part of our efforts to keep our Website secure, our use of your Personal Information may be based on our legitimate interest to ensure network and information security, and for our direct marketing purposes, or you consenting to it (e.g. when you request a demo). For our customers, the use of Personal Information will be based on the contract we have in place.

Use of this data

This data helps us to make improvements to the Website, content and navigation and validate behaviour, including but not limited to purchasing behaviour, dates, times and frequency with which you access the Website. This Data is stored alongside purchase behaviour.

We may use your data for the above purposes if we deem it necessary to do so for our legitimate interests. If you are not satisfied with this, you have the right to object in certain circumstances.

We may share your Data with the following groups of people and organisations for the following reasons:

  • our employees, contractors, agents or professional advisers to fulfil orders and undertake regulatory financial and operational audits;
  • third party agents, representatives and suppliers who provide products and services, both digital and tangible, in order to fulfil transactions and make improvements to the Website;
  • third party payment providers who process payments made over the Website - to enable third party payment providers to process payments and refunds;
  • any regulatory authority
  • in each case, in accordance with the privacy policy.

Administration, financial accounting, office organisation, contact management

We process data within the scope of administrative tasks as well as organisation of our business, financial accounting, and compliance with legal obligations, such as archiving.

In doing so, we process the same data that we process in the context of providing our contractual services. The purpose and our interest in the processing lies in the administration, financial accounting, office organisation, archiving of data, i.e., tasks that serve the maintenance of our business activities, performance of our tasks and provision of our services.

The deletion of data with regard to contractual services and contractual communication corresponds to the information mentioned in these processing activities.

In this context, we disclose or transmit data to the tax authorities, consultants such as tax advisors or auditors as well as other fee offices and payment service providers.

Furthermore, we store information on suppliers and other business partners on the basis of our business interests, e.g., for the purpose of contacting them at a later date. This data, most of which is company-related, is stored permanently.

Cooperation with processors and third parties

If, in the course of our processing, we disclose data to other persons and companies, transmit it to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission (e.g. if a transmission of the data to third parties, such as to payment service providers, is necessary for the performance of the contract, you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.). If we commission third parties to process data on the basis of a so-called "order processing agreement", this is done on the basis of Art. 28 GDPR.

Transfers to third countries

If we process data in a third country (i.e. outside the United Kingdom (UK) or the European Economic Area (EEA)) or if this is done in the context of using third-party services or disclosing or transferring data to third parties, this is only done if it is done in order to fulfil our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process or allow the processing of data in a third country if the special requirements of Art. 44 ff. GDPR are met. This means, for example, that the processing is carried out on the basis of special guarantees, such as the officially recognised determination of a level of data protection corresponding to that of the UK or the European Union or compliance with officially recognised special contractual obligations (so-called "standard contractual clauses").

Keeping Data secure

We will use technical and organisation measures to safeguard your Data for example: we store your Data on secure servers.

Technical and organisation measures include measures to deal with any suspected data breach. If you suspect misuse or loss or an authorised access to your Data, it is incumbent on you to let us know immediately by contacting us via phone number or e-mail address:

If you want detailed information from Get Safe Online on how to protect your information and your devices against fraud, identity theft and viruses, please visit Get Safe Online is supported by Her Majesty's Government and leading businesses.

Data Retention

Unless a longer retention period is required or permitted by law, we will only hold your Data on our systems for the time necessary to fulfil the purposes outlined in this privacy policy or until you request the Data be delete

Even if we delete data, it may persist on backup or archival media for legal, tax or regulatory purposes.

Your rights

These rights are standardised in both the DPA and GDPR. This includes:

  • the right to information (Art. 15 GDPR),
  • the right to rectification (Article 16 GDPR),
  • the right to erasure (Article 17 GDPR),
  • the right to restriction of data processing (Article 18 GDPR),
  • the right to data portability (Article 20 GDPR),
  • the right to object to data processing (Article 21 GDPR),
  • the right to revoke any consent you have given (Art. 7 (3) GDPR), and
  • the right to lodge a complaint with the competent supervisory authority (Art. 77 GDPR).

Please contact us at any time with questions and suggestions regarding data protection and to enforce your rights as a data subject.

The Information Commissioner`s Office (ICO) is the relevant data protection supervisory authority in the UK. The ICO is located at Wycliffe House, Water Ln, Wilmslow SK9 5AF, UK ( We would, however, appreciate the chance to deal with your concerns before you approach the ICO.

Should this Website link to other websites, this policy does not extend to such websites.

Malliavin may from time to time, expand or refuse our business and this may involve the sale and/or the transfer of control of all or part of Malliavin. Data provided by Users, will, where it is relevant to any part of our business, be in receipt of the Data. The new owner or new controlling party will be permitted to use the Data for the purposes for this it was originally supplied to us, under the terms of this privacy policy.


We have a commitment to taking reasonable steps to ensure the security of your information. To prevent unauthorized access, maintain data accuracy, and ensure the appropriate use of information, we use appropriate technical, organizational and administrative security measures to protect any information we hold in our records from loss, misuse, and unauthorized access, disclosure, alteration and destruction.

Right to withhold services.

We do not collect or hold any this information on children below the age of 16.

We reserve the right to withhold our services from sectors such as Tobacco and Arms, all services provided on the sole discretion of Malliavin Ltd.

Specific Rights of Californian Residents

If you are a California resident, California Civil Code Section 1798.83 permits you to request information regarding the disclosure of your personal information to third parties for their direct marketing purposes.


Cookies can be used in the administering of surveys.

Web analytics

We utilise Google Analytics, a web analysis service provided by Google, to better understand your use of our Websites and Services. Google Analytics collects information such as how often users visit the Websites, what pages they visit and what other sites they used prior to visiting. Google uses the data collected to track and examine the use of the Websites, to prepare reports on its activities and share them with other Google services. Google may use the data collected on the Websites to contextualize and personalize the ads of its own advertising network. Google's ability to use and share information collected by Google Analytics about your visits to the Websites is restricted by the Google Analytics Terms of Use and the Google Privacy Policy.


Please note that no data transmission over the Internet is 100% secure. As a result, we cannot guarantee the security of the information that you transmit via our online services. Please note that we reserve the right to access and/or disclose the user information discussed herein (including personal information) as required by courts and/or administrative agencies and to the extent required to permit us to investigate suspected fraud, harassment or other violations of law.

Data Breaches/Notification

Databases or data sets that include Personal Information may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose Personal Information may have been compromised, and the notice will be accompanied by a description of action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after which the breach was discovered.

Children's Privacy

Our services are restricted to users who are 18 years of age or older. We do not knowingly collect personal information from anyone under the age of 18. If you suspect that a user is under the age of 18, please contact us.


Because we're always looking for new and innovative ways to improve our website and services, this policy may change over time. We will notify you before any material changes take effect so that you have time to review the changes.

Fusion Freed

The following statement applies if you are using “Fusion Freed” our Software as a Service (SaaS) service. We operate Fusion Freed and the provided dataset analysis software, its underlying machine learning optimisation suite and the auxiliary functions and features accessible to you depending on your selected plan (our “Services”). This statement sits in line with our Privacy Policy, is supplemental and applies to all users of our Services.

When you contract with us

We process various data in the context of permitting you access to our services and for the initiation and execution of the contractual relationship existing between you and us. If you have contracted us to provide our Service, we process your data (if provided: name, contact details (email address and telephone number), address, and all information required in the context of the performance of the Services, exclusively for the purpose of processing and handling the contractual relationship. The legal basis of the data processing is our obligation to fulfil the contract between you and us.

Data management and customer support

For optimal data management and customer support, we store the data related to your contract with us in our proprietary customer relationship management system. This data processing is based on our legitimate interest in providing our customer service.

Administration, financial accounting, office organisation, contact management.

We process data in the context of administrative tasks and the organisation of our business and compliance with legal obligations, such as archiving. In this context, we process the same data that we process in the provision of our contractual services. The processing bases are our legal obligations and our legitimate interest.

Payment Data

If you make a purchase your payment will be processed via our payment service provider. Payment data will solely be processed through our payment service provider (354 Oyster Point Blvd South San Francisco, CA 94080, USA) and we have no access to any Payment Data you may submit. The legal basis for the provision of a payment system is the establishment and implementation of the contract.

Technical support

If you create a support ticket, we will request Personal Data and, where applicable, non-Personal Data in accordance with your request, this may include your name, email address and other order related data you voluntarily provide. The data provided is not shared with third parties and cannot read your data when it is entered. If you submit a support ticket, we process the data for the purpose of processing and handling your ticket.

Our employees will also have access to data that you knowingly share with us for technical support or to import data into our services. We communicate our privacy and security guidelines to our employees and enforce privacy safeguards strictly. The legal basis of the data processing is our obligation to fulfil the contract and/or our legitimate interest in processing your support ticket.

When providing services through Fusion Freed

We recognize that you own your service data. We provide you complete control of your service data by providing you the ability to (i) access your service data, (ii) share your service data through supported third-party integrations, and (iii) request export or deletion of your service data.

We process various service data in the context of the provision of Fusion Freed. In principle, you become the data controller and we become the data processor in accordance with Chapter 3 of the DPA and Chapter 4 of the GDPR. Where we process Personal Data as data processor or in other words on behalf of you, we will process the Personal Data including Special Category Data involved in your use of our services in accordance with your instructions and shall use it only for the purposes agreed between you and us.

We ensure that access by our employees to your data is only available on a need-to-know basis, restricted to specific individuals, and is logged and audited. We communicate our privacy and security guidelines to our employees and enforce privacy and protection safeguards strictly.

Some jurisdictions may require you to disclose your use of our Services as your processor in your privacy policy and/or data processing agreement as applicable. For this purpose all Personal Data processed by us will be processed using the following sub processors. We would like to ask you to review their privacy policies, which contain further information on the processing of Personal Data.

Google Cloud Platform (GCP), Google Cloud Storage (London and Belgium), Google Secrets Managers provided by (1600 Amphitheatre Parkway Mountain View, CA 94043, US, und Google Ireland Limited Gordon House, Barrow Street, Dublin 4, Ireland);

CloudFlare Hosting provided by Cloudflare, Inc (101 Townsend St, San Francisco, United States);

Mailing services by Mailgun (Lindhagensgatan 112, 112 51 Stockholm, Sweden) and Klavio by (125 Summer St Floor 6. Boston, MA 02111, United States and 49 Southwark Bridge Rd London SE1 9HH, UK); and

Analytics by MixPanel (1 Front St Fl 28, San Francisco, California, 94111, United States), Heap (225 Bush St, San Francisco, California, US), and SmartLook (2030/20 Lidicka, Brno 602 00, CZ)

Customer Support Tools by ProProfs (929 Colorado Ave, Santa Monica, California 90401, US.

If we use processors to provide our services, we take appropriate legal precautions and corresponding technical and organisational measures to ensure the protection of personal data in accordance with the DPA and GDPR.

Further and if you are providing us with Personal Data relating to a third party, you agree a) that you have in place all necessary appropriate consents and b) that such third party has read this Privacy Policy. You agree to indemnify us in relation to all and any liabilities, penalties, fines, awards, or costs arising from your non-compliance with these requirements.

Data Security

We undertake to protect your privacy and to treat your personal data confidentiality. In order to prevent manipulation or loss or misuse of your data stored with us, we take extensive technical and organisational security precautions which are regularly reviewed and adapted to technological progress. These include, among other things, the use of recognised encryption procedures (SSL or TLS).


We hold the service data in your account as long as you choose to use our Services. Once you terminate your account, your data will eventually get deleted from the active database during the next clean-up that occurs once in 6 months. The data deleted from the active database will be deleted from backups after 3 months.

Data subject requests

If you believe that we store, use or process your information on behalf of one of our customers, please contact the customer if you would like to access, rectify, erase, restrict or object to processing, or export your personal data. We will extend our support to our customer in responding to your request within a reasonable timeframe.

Validity and questions

This statement was last updated on January, 5th 2024, and is the current and valid version. However, from time to time changes or a revision to this statement may be necessary. If you have any questions about this statement or about our data protection practices in general, you can reach us via email using, or call +44 (0)1892 71 1111.

Malliavin Marketing Sciences

T: +44 (0)1892 71 1111