Last amended: 07 September 2023

Effective date: 07 September 2023



This Privacy Notice describes personal data processing activities by the Rippleffect Group, namely Fat Media Limited t/a Reading Room and RONIN International Limited, including its international subsidiaries (RONIN Research GmbH, RONIN Research Inc., and RONIN Research (Hong Kong) Limited) (“Rippleffect”, “we”, “our”, “us”).

Note: this Privacy Notice does apply to how we engage with our clients for business-to-business communications, marketing and other standard dealings. However, this Privacy Notice does not apply to the processing of personal data in market research or UX surveys carried out by us or on our behalf of, or on behalf of our clients. Please refer to our separate market research privacy notices for this purpose.

We take your privacy very seriously. We have published this Privacy Notice to inform you of the principles governing our use of your personal data, the types of personal data we may obtain and process, and how we use, share and protect your personal data, including your rights in relation to your personal data. We also provide contact details for any further information. Please read through this Privacy Notice carefully.

This Privacy Notice contains information on:

  • The personal data we collect about you;
  • How and with whom we might share your personal data;
  • Your rights in relation to personal data that relates to you.

For your convenience, this Privacy Notice may include links to resources that may aid you in understanding how this Privacy Notice applies to you. This Privacy Notice does not extend to external resources, and we have only included these links for information and reference purposes. If you go to these 3rd-party sites, you will become subject to their privacy policies as advertised to you when you access each site.

Where this Privacy Notice is provided in a language other than English and arising a conflict between the English version and other versions, the English version prevails.

We may make updates to this Privacy notice from time to time, without prior notice to you. Where the changes are significant, we will endeavour to notify you in writing of these changes. We encourage you to review this Privacy Notice at regular intervals.


Rippleffect Group Limited is a private limited company incorporated and registered in England and Wales with company number 08869791 and whose registered office is at 47-51 Great Suffolk Street, SE1 0BS London, United Kingdom.

Rippleffect includes the following companies:

  • RONIN International Limited, and its international subsidiaries, RONIN Research Inc., RONIN Research GmbH, and RONIN Research (Hong Kong) Limited.

RONIN International provides market research data collection services to the world’s largest market research agencies, delivering fieldwork services for both quantitative and qualitative market research. We offer end-to-end fieldwork services from set up and scripting through to data delivery and top line reporting, covering all the major European, American, Asian, and other global markets, on a recurring and ad hoc basis. RONIN is registered with the ICO (ZA219373).

  • Fat Media Limited t/a Reading Room is a full-service digital consultancy providing services including the design, development, and maintenance of websites; UX, UI and segmentation research; content and imagery; hosting, support, monitoring and maintenance of websites; and digital communications planning from offices in London, Bristol, and Lancaster. Fat Media registered with the ICO (Z9516303).

To find out more about RONIN International, Fat Media and Reading Room, please visit their websites available at the following links:



Personal information (or “personal data”) is any information from which an individual can be directly or indirectly identified. Personal data that has been stripped of all identifying particulars is called “anonymised data” and outside of the scope of data protection law.


There are “special categories” of personal data which require a higher level of protection because it is of a more sensitive nature. The special categories of personal information comprise information about an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation and genetic and biometric data (if used for ID purposes). In addition, special requirements apply to personal information on criminal convictions and offences.

The types of personal data we may process about you depend on your relationship with us and how you interact with us, and our services. They include, without limitation:

  • Your full name;
  • Your postal address;

  • Your e-mail address;

  • Your telephone number(s), which could include mobile and business phones;

  • Information about how you use or interact with our website(s), including, without limitation, your IP address, browser type, OS, referring website addresses; and information about actions you take or content or components you engage with;

  • Images and/or voice captured through audio or video recordings;

  • Information relating to you as our business contact, including but not limited to your company name, job title, the division or department to which you belong and other information relating to you as a business professional;

  • Information relating to the company you work for or represent;

We will not ask you to provide, and do not intend to collect, special category personal data about you, and ask you to refrain from sharing such information about you, unless we have specifically requested you to do so, for example if we need to make reasonable adjustments for you if you will attend an event we host, subject to a separate notice.


We may collect this information from a variety of sources, such as:

  • Information you provide, such as:
    • Information collected through or in connection with our websites, including, without limitation,,, and;

    • Information provided during or in connection with business meetings;

    • Information provided during or in connection with events, tradeshows, meetings and/or conferences that we—and specifically our employees, representatives, workers and/or agents (together “associates”)—sponsored, hosted or attended, either virtually or in person;

    • Information provided in telephone calls, e-mail messages, and/or other forms of communication that you may have used to contact us.

  • Information that we collect from third parties, such as:

    • Information about you, including, without limitation, your personal information and business contact details, from third parties including, without limitation, social media networks, event organisers or sponsors, and referrals from business contacts;

  • Information that we collect through automated means:

    • Cookies are small pieces of information which we use to support users when they perform actions on our website, to analyse traffic on our website(s), and to track how you engage with content and components on our website(s). These includes session cookies, which expire when you close the browser you used to visit our website(s), and persistent cookies that will remain on your device for longer. Some cookies are necessary for our website(s) to operate as intended, but other cookies are optional, and you will be given an option whether or not to consent to our use of cookies before these are placed on your device. Please note that where you haven’t given your consent to cookies, cookies are disabled, or you have deleted cookies from your browser or device, your experience of our website(s) may be limited or be unable to deliver all functionalities.

    • Some cookies are placed by us, these are also known as ‘first-party’ cookies, whereas other cookies are placed on our behalf by third parties, these are known as ‘third-party’ cookies. Third-party cookies are placed (and process your personal data) only on our instructions. To review a list of cookies used on our website(s), please visit our Cookie statements:

    • We also maintain logs of information relating to usage on our website(s). This may include automatic gathering of information about you, including, without limitation, your IP address, the type of browser you are using to visit our website(s), your internet service provider, which pages you visit upon leaving our website(s), your OS, and date and time stamps.


We process your personal data and business contact details for several purposes.

These include, without limitation:

  • To communicate with you about our products and services, company updates, events, newsletters and thought leadership content, including where we give you the ability down access and download specific documentation on our website(s);

  • To maintain a directory of actual and/or potential clients and suppliers, and keep this directory up-to-date by adding or amending it from time to time;

  • To respond to requests for information, quotations or tender; and to conduct our business with you, including, without limitation, when we enter into contracts for services, complete transactions with you, and work with you on projects, for example when you notify us about defects or log support tickets with us;

  • To deliver content to you through third-parties, such as LinkedIn and other platforms, via their targeting and audience matching tools;

  • To comply with any reasonably instructions we receive from you and/or to fulfil specific purposes for which we have asked for and you have given your consent;

  • To protect and secure our website(s) and our business;

  • To manage, evaluate, and respond to data subject requests, including, without limitation, requests to be opted out or unsubscribed from our communications;

  • To conduct market research with you, to evaluate and improve our services, by contacting you to complete client satisfaction surveys via telephone or e-mail, and by giving you the opportunity and asking you to share feedback on our website(s) and services, including potential future products and services;

  • To contact you in relation to, and assess your interest in, potential career opportunities with us; if you apply for a position with us, note that your personal data will be processed in accordance with our separate Applicant Privacy Notice;

  • In specific circumstances, we may also process your personal information to establish, exercise or defend a legal claim, protect our rights, or respond to an order from applicable courts or government agencies, as applicable.


We may share your personal data and business contact details as follows:

  • With other companies within the Rippleffect Group, including directors, employees, consultants, advisers, and agents of these companies, only in accordance with this Privacy Notice, or as communicated to you at the point that your personal data was collected, or as subsequently consented by you. Our organisation is international in scope, which means that we may transfer your personal information with Rippleffect Group entities to countries where we have offices or where we conduct business, as noted earlier in this Privacy Notice, including outside of the United Kingdom and European Economic Union.

  • With third-parties and service providers we have engaged to perform services on our behalf, or that have been engaged by our service providers to perform services on our behalf. These third parties only process your personal data on our behalf or as otherwise necessary to perform the services for which we engaged them. These may include, without limitation, (a) business software, such as our CRM, project management software, financial software, e-mail marketing software, market research and UX research software; (b) social media, professional networking, and marketing automation platforms; (c) third-party cookie providers, as described elsewhere in this Privacy Notice; and (d) back-up services, both physical and in the cloud.

  • Where, in specific circumstances, we are legally required to do so (pursuant to applicable laws, regulations, or in relation to a specific legal or court process); if we believe it is necessary to protect our business from harm or financial loss, or in connection with actual or suspected fraud or illegal activity, and the investigation thereof; or if we determine it is reasonably necessary, lawful and appropriate to disclose your information for purposes of national security, law enforcement, or similar circumstances of public importance.

  • In the event that we sell or transfer parts of or all of our business or assets, we may also share your personal information as part of that process. In such circumstances, we will use reasonable efforts to direct the recipient organisation to only use personal information you have provided to us, as described elsewhere in this Privacy Notice or as otherwise applicable, in a manner consistent with this Privacy Notice. Once such a transfer or sale has occurred, you may contact the recipient organisation with any inquiries relating to your personal information and their use thereof.

Where your personal information is shared with entities located outside of the United Kingdom, the European Economic Union, or other countries that offer an adequate level of data protection as determined by the European Commission or by the UK’s Information Commissioner’s Office, as applicable to you, we enter into appropriate safeguards with the receiving entities prior to any transfer, including, without limitation, European Commission-approved Standard Contractual Clauses (SCCs), the UK’s Information Commissioner’s Office International Data Transfer Agreement (IDTA) or their International Data Transfer Addendum to the SCC, and/or alternative mechanisms approved under data protection laws, such as, for example, making sure that recipient entities in the USA are self-certified to the EU-U.S. Data Privacy Framework (DPF).

1.5.1           OUR LEGAL BASES

Depending on why we are processing your personal information as outlined in this Privacy Notice, we will rely on one of the following legal bases:

  • You have given your informed consent to the processing for a specific purpose; where we are relying on your informed consent to process your personal data, you can withdraw your consent at any time;

  • We need to process your personal data to perform our obligations under a contract to which you are a party, or to act on a pre-contractual request, such as when putting a quotation together or responding to a request for tender;

  • To comply with a legal or statutory obligation;

  • When the processing is necessary for the purposes of our legitimate interests, or those of a third party, and such legitimate are compatible with and not overridden by your rights and freedoms as determined in a legitimate interests assessment.


  • We are an ISO 27001-certified and Cyber Essentials Plus-accredited organisation, and we deploy a range of appropriate technical and organisation controls, including automated and physical controls, to protect the information we are responsible for, including, without limitation, personal data we have received or collected, confidential information we hold in the performance of our services, and personal data and/or confidential information we process on behalf of third parties, including, without limitation, our clients, as defined in contracts in place between us and such third parties.

  • Our technical controls are based on (a) the nature, scope, context, and purposes of our processing of your personal data and (b) our ongoing assessment of key criteria, including prevalent and evolving information security risks to your personal data, including their likelihood and severity, industry best practice, the legal and regulatory privacy landscape, , insurance requirements, and requirements of our clients. We regularly review and monitor our practices and systems against relevant risk assessments and the criteria previously listed.


Your personal information is only retained for as long as necessary for us to fulfil the purpose for which it was originally collected, as set out in this Privacy Notice, in other privacy information notices shared with you at the time what we collected personal data from you, in accordance with applicable data protection law and to comply with our legal, regulatory, or contractual obligations.


As a data subject, you have certain rights in relation to your personal data.

  • You can ask to access a copy of your personal data on request (“right of access”);

  • You can request that we update or rectify incorrect or incomplete data that we hold about you (“right to rectification”);

  • You can request that we delete or stop processing personal data we hold about you, for example, if the purpose for which we were processing it has lapsed, or if you object to our legitimate interests in processing it (“right to erasure” and “right to restrict processing”);

  • You have a “right to data portability”;

  • Where we are relying on our legitimate interests for the processing, you can object to our processing of your personal data (“right to object”).

Please note that some of these rights are subject to exceptions or may only be available to you in the context of specific processing activities and their corresponding legal basis. Where this is the case, we will write to you and explain our reasons why.

You can also opt-out from receiving certain communications from us, such as marketing communications, by clicking on the unsubscribe link at the bottom of any e-mail we send you or sent on our behalf by third parties or by contacting us as outlined in the ‘Getting in touch’ section of this Privacy Notice. Please note that, if you opt-out from receiving certain communications, we may still be in touch in the performance of services to achieve our contractual obligations to you.


If you want to exercise any of these rights, you can contact us using the contact details provided under ‘Getting in touch’. We will endeavour to act on your requests no later than 30 days after receipt. If we require more time, we will let you know within this timeframe. We may need to get in touch first to ask for additional information confirming your identity, so that we do not act on malicious or fraudulent requests.

This information will only be stored to verify that your request is genuine after which it will be destroyed; it will not be used for any other purpose. If your request is likely to affect other individuals, we may take additional verification steps, but this will be communicated to you in writing.  If we cannot deliver on your request at all, we will be in touch in writing to explain why. If the request is deemed unreasonable or excessive, we may request you to pay a small fee before we send you a copy of your data – this will be kept to a reasonable amount.

1.8.2           GETTING IN TOUCH

We have appointed a Data Protection Officer who is the point of contact for any questions you may have in relation to this Privacy Notice, your personal data and how we use it. The DPO also acts as the point of contact for any organisation or regulatory body that would have questions about your data and how we use it. If you have any questions, including about this Privacy Notice, please e-mail or reach out by postal mail to:

FAO: Data Protection Officer
Rippleffect Group
Harling House, 4th floor
47-51 Great Suffolk Street
SE1 0BS, London, UK

We will always endeavour to address any complaints or disputes that individuals have about their personal data or privacy, but if you have reason to believe we have not treated you fairly and our response to you have not been satisfactory, you can choose to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s Data Protection Authority and supervisory authority in the UK, by telephone on 0303 123 1113 or on


Our website(s) may include links to other websites for your information. We are not responsible for these websites, and they operate independently from us. When visiting these other websites, we recommend you review their privacy notices to understand how they will process your personal information and how to exercise your rights.


Back to top