CPL One takes your privacy very seriously. We review our approach to data protection and privacy on an ongoing basis to ensure that the rights of individuals are respected and protected to the best of our ability at all times. This privacy policy explains how we use any personal information that we collect about you.
Last updated: June 2023
Contents
- Definitions
- Our data protection and privacy governance
- What information do we collect about you?
- How does CPL One use your personal information?
- Sharing information
- Data retention policy
- How we protect your personal data
- Transfers of data outside the UK
- Access to your personal information and how to remove or correct it
- Lawful bases for processing individual, sole trader, limited partnership or general partnership data
- Links to other websites
- If you have a complaint
- Changes to our privacy notice
- How to contact us
1. Definitions
Data means information stored electronically or in certain paper-based filing systems.
Personal data is any information relating to a person (a ‘data subject’) who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
Data controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. CPL One (‘we’) is the data controller of all personal data used by our business for our own commercial purposes.
Processing means any operation or set of operations which is performed on personal data or on sets of personal data (whether or not by automated means, such as collection, recording, organisation, structuring, storage, alteration, retrieval, consultation, use, disclosure, dissemination, restriction, erasure or destruction).
Data processor means a person, public authority, agency or other body which processes personal data on behalf of the controller. CPL One is also a data processor of personal data used in our business for our own commercial purposes.
2. Our data protection and privacy governance
CPL One ensures that all staff receive regular training in the concepts and requirements of data protection law. Our staff are expected to embrace the ethos of data protection and privacy laws and to adopt practices in the workplace that reflect the company’s commitment to ensuring that the rights of individuals are respected and protected at all times.
CPL One’s internal policy for data protection requires any products, services or systems adopted by the company (relating in any way to the processing of personal data) to undergo an assessment to establish that they do not contravene the company’s policies and to maintain compliance with the data protection laws.
3. What information do we collect about you?
We will collect and store information about you when you enquire about our services, interact with us as part of a contract (directly or on behalf of your employer): via our website; by telephone; when you email us; write to us or when you meet with us.
This information may include all or any of the following:
Our CRM system is configured to provide for the recording of the following personal information:
- Full name – first name, last name
- Name prefix
- Nickname (AKA)
- Title
- Type of role
- Any preference which you have expressed relating to the receipt of marketing communications from us, for example, by email, direct mail, phone
- Phone number(s)
- Email address(es)
- first name
- last name
- Postal address (usually a business address, unless you work from home)
- Zoom, Teams, Google Meet address(es)
In addition, we may have attached to your record in our CRM system:
- Documents that you have sent us
- Emails that you may have sent to us or we have sent to you
- Notes that we have made as outcomes from interactions with you (telephone conversations and meetings)
- Details of any future planned activities that we have with you
Your data is likely to be recorded in our Customer Relationship Management (CRM) database system. There may also be emails that you have sent to us (and that we have sent to you) recorded in our CRM system and within our email server database. Some data may also be stored securely in paper form.
Records held within our accounting system will include a history of transactions (including sales orders, invoices and financial status information that relates specifically to your trading history with us). These may be regarded as ‘personal data’ if you are a sole trader or part of a general or limited partnership. See lawful bases table in section 8.
Supplementary information about you
We may supplement the information we hold about you as an individual (if you are a sole trader or part of a general or limited partnership) with information from third parties such as CreditSafe, LinkedIn and other publicly available platforms.
Website use data
When you visit our website, we will collect electronic ID data such as your Internet Protocol (IP) address. We do not use your IP address to identify you personally but these logs may contain unique identifiable information left by your computer.
We collect information about your browsing habits on our websites using ‘cookies’.
Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of our website and to compile statistical reports on website activity. This also saves you from re-entering some information when you return to the site.
A cookie consent pop-up appears on our home page when you first visit it. This enables you to select your preferences for the specific cookies that we use.
Please see our cookie policy for the details of the cookies used in our website.
We may also record your email address, name and company name in our mass email broadcasting system (which is a secure cloud-based database). See section 8. for lawful bases.
Personal data obtained indirectly
Where personal data has not been obtained directly from you (e.g. from web searches, a phone call from another contact or an event show guide), we will contact you with a copy of our privacy policy containing full details, including the reasons for processing your data, and giving you the opportunity to object, within one month. If the data is being used to communicate with you, we will do this, at the latest, at the time of the first communication.
Where is your data being held?
The categories of recipients of this data include our CRM system, hosting providers, our financial systems, our email client and our internal file storage system.
4. How does CPL One use your personal information?
We use your information for the following purposes:
- To communicate with you, effectively, in relation to the products and services that you or your organisation has contracted with us to provide.
- To monitor our levels of customer service and manage the way in which we support you (if your organisation is our customer).
- To understand our customers’ needs and requirements for products and services.
- To advise you of other products and services that we offer which we feel may be of benefit to you and/or your organisation. We rely on consent or legitimate interests as the basis for this activity.
- To alert you to events and news that we feel might be relevant and/or useful to you and/or your organisation. We rely on consent of legitimate interests as the basis for this activity.
- We may send marketing emails or make calls to existing customers who have bought a product or service to inform them about similar products and services. In this situation customers are clearly given the opportunity to object or unsubscribe from marketing communications at the time of collection of data and each time an email or phone contact is made.
Most of our marketing communications are broadcast via an email marketing platform. This platform includes an ‘unsubscribe’ link. You may use this link to inform us that you no longer wish to receive email marketing messages from us or you may do this via any one of our contact channels. See section 12.
Communication channels
We may contact you by telephone (via a business phone number where it has been provided, and sometimes via a mobile phone), by post (to your business address or home address – if working from home), by email (via a business email address if you have provided us with one) or by Social Media platform (such as LinkedIn, Facebook or Twitter).
5. Sharing information
We may share your personal information with our commercial partners (for example: email marketing providers, fulfilment houses, market research companies and printers) to fulfil our contract with you or your organisation, to evaluate and improve our products and services and/or for marketing purposes, if you have consented to this.
We will not share your personal details with any other third parties without your permission.
We only transfer data to server locations that are secure and UK GDPR (UK General Data Protection Regulation) compliant. See section 6 for detail on transfers of data outside the UK.
6. Data retention policy
How long do we hold your data for?
We keep your personal data for no longer than is necessary for the purposes for which it is being processed. This is to reduce the risk that it will become inaccurate, out of date or irrelevant.
We ensure that your personal data is securely disposed of when no longer needed or you unsubscribe (in the case of marketing related activities)
Prospective clients
The data will be stored in line with our data retention policy for commercial contacts, which is eight years, unless we contact you to confirm that you are still interested in our services.
7. How we protect your personal data
All our database systems are password-protected and access is only afforded to those with a legitimate reason for so doing.
All users are required to have a domain user name and password to authenticate against the security model for access to our databases. A second layer of security, when available, is always used to check the user’s identity – commonly known as two-factor authentication.
Where corporate systems are available to staff via the internet, all web services are secured via SSL/TLS certificate security certificate and all internet data transactions are encrypted as a consequence.
Remote workers are only able to access data services within our corporate network via secure Virtual Private Network (VPN) from trusted devices, or via password protected cloud storage.
We only process (including storing) your data on server locations that are secure and EU GDPR, UK GDPR (UK General Data Protection Regulation) and Data Protection Act 2018 (amended) compliant.
Our CRM, email and accounting databases are all maintained within Google servers in a secure location in the European Union.
We will not share your personal details with any third parties, other than those detailed in section 3, without your express permission.
8. Transfers of data outside the UK
CPL One relies upon the following: UK GDPR and DPA 2018 (amended) and EU GDPR. We store personal data in the EU. The EC has deemed the UK adequate for data transferred from the EU to the UK. This ensures that your personal data has the same level of protection that it would have in the UK.
In some circumstances we may need to transfer data outside the EU or to an international organisation. If this is the case, we will ensure that safeguards are in place to ensure that data is transferred securely, and we can provide details of these safeguards if required.
We always have signed contracts in place with any organisations (for example, mailing and fulfilment businesses) that we share your data with to ensure that they will keep your data secure and that they comply with the rules and principles of the UK GDPR (UK General Data Protection Regulation), the EU GDPR and the Data Protection Act 2018 which we also operate within.
9. Access to your personal information and how to remove or correct it
We want to ensure your personal information is current and accurate. Please let us know of any changes you wish to make.
How do I find out what information you hold about me?
You have the right to request a copy of the personal information that we hold about you. If you would like a copy of some or all of your personal information, please call us on 01223 378000, email us at info@cplone.co.uk or write to us at: CPL One, 1 Cambridge Technopark, Newmarket Road, Cambridge CB5 8PB.
Please include your name, phone number and postcode to validate your request. We will provide the information to you within 30 days of receipt.
There is no charge for this service.
How do I correct any details that you hold about me that are incorrect?
We want to make sure that your personal information, which we hold, is accurate and up to date. You may ask us to correct or remove any information you think is inaccurate. Please email us at info@cplone.co.uk and include your name, phone number and postcode to validate your request. We will action the requested correction without delay.
How do I remove my details from your database?
To remove your information from our database, just send an email along with your name, phone number and postcode to info@cplone.co.uk. If we no longer need to hold your personal information for legal, contractual or vital interests’ purposes, we will take action without delay and erase all your information. An email confirmation will be sent to you.
What can I do if I object to your processing my data for marketing purposes?
You have a right to object to us processing your personal data for marketing purposes. You can notify us of this by emailing us at info@cplone.co.uk. We will stop processing your data as soon as we receive your request.
10. Lawful bases for processing individual, sole trader, limited partnership or general partnership data
Individuals
If you are an individual (i.e. not part of a corporate organisation), a sole trader or part of a general or limited partnership we may process your data as follows:
Processing purpose | Legal Basis For Processing |
Enquiries | Contractual necessity |
To fulfil a contract | Contractual necessity |
To provide service related information | Contractual necessity |
To include your personal details in an approved case study or similar | Explicit consent* |
To comply with a legal duty | Legal obligation |
To protect your vital interests | Vital interests |
For our own (or a third party’s) lawful interests, provided your rights did not override these | Legitimate interests |
To communicate CPL One-related marketing and event information | Explicit consent* |
*We would rely on your explicit consent to process your personal data for marketing purposes. This means that we ask you for this before we would use your data to send marketing related communications to you or use your data to include your details in a case study, for example.
Corporate subscribers
If you are a member of a corporate organisation including Limited Liability Partnerships (LLPs) we may process your data as follows:
Processing purpose | Legal Basis For Processing |
Enquiries | Contractual necessity |
To fulfil a contract | Contractual necessity |
To provide service related information | Contractual necessity |
To include your personal details in an approved case study or similar | Legitimate interests |
To comply with a legal duty | Legal obligation |
To protect your vital interests | Vital interests |
For our own (or a third party’s) lawful interests, provided your rights did not override these | Legitimate interests |
To communicate CPL related marketing and event information | Legitimate interests |
Legitimate interests
CPL One is a strategic content marketing agency. We create and deliver content marketing strategies that get results for our clients. To enable us to do this effectively we share relevant articles, commentary on the marketing and business environments, promote relevant CPL One products and services, share events, news and other information already in the public domain.
We consider that this use of corporate individuals’ data is what you would reasonably expect, has minimal privacy impact and is justified from a commercial interests’ perspective.
Recruitment or applicant data
We actively encourage speculative applications from potential candidates for employment at CPL One. This personal data will be stored on our email system and storage drives for the purpose of future recruitment for five years, unless requested otherwise. Where you have volunteered ‘sensitive’ data (for example racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; the processing of genetic data; biometric data for the purpose of uniquely identifying a natural person; data concerning health and/or data concerning a natural person’s sex life or sexual orientation) we will hold this information on file, but it is not required for the purpose of future recruitment.
The processing of your data for a job application will be necessary for the purposes of a legitimate interest (i.e. reviewing your application against a job/vacancy criteria for selection purposes) by us as a potential employer and in order to enter into a contract with you, the data subject, if successful. If you, as an applicant, fail to provide certain information when requested, we may not be able to enter into a contract with you.
The details of unsuccessful candidates in a recruitment process will be held on file for no more than six months, unless we request, and the candidate actively consents, that we may keep these details for future recruitment.
11. Links to other websites
Our website contains links to other websites. This privacy policy only applies to this website so when you link to other websites, you should ensure that you read and agree to their own privacy policies.
12. If you have a complaint
You have a right to lodge a complaint with the Information Commissioner’s Office (ICO) if you are not satisfied with how we are handling any concerns that you have with your data.
If you are based in an EU member state or an EEA country, you have the right to make a complaint at any time to the relevant supervisory authority in the country where you live.
We would, however, appreciate the opportunity to address your concerns before you approach the ICO or any other supervisory authority so please do contact us in the first instance.
13. Changes to our privacy notice
We keep our privacy policy under regular review and any updates will appear on this web page. This privacy policy was last updated in June 2023.
14. How to contact us
Please contact us if you have any questions or concerns about our privacy policy and the information we hold about you:
by email: info@cplone.co.uk, phone 01223 378000 or write to us at:
CPL One, 1 Cambridge Technopark, Newmarket Road, Cambridge CB5 8PB.