Responsibility for personal data
“CEPA” is the trading name of CEPA Holdings Ltd (Registered: England & Wales, 11572350), Cambridge Economic Policy Associates Ltd (Registered: England & Wales, 04077684), CEPA LLP (A Limited Liability Partnership. Registered: England & Wales, OC326074) and Cambridge Economic Policy Associates Pty Ltd (ABN 16 606 266 602).
CEPA is responsible for your personal data and may be referred to as "CEPA", "we" or "our"). For the purposes of data protection law (in particular, the General Data Protection Regulation (GDPR)), your data will be controlled by the CEPA company that is communicating with you and each entity is regarded as an independent data controller of your personal data. CEPA owns and operates the internet domains: www.cepa.co.uk and www.cepa.net.au.
Personal data we collect
We may collect and process the following personal data:
- Identity and contact information, including your name, job title, employer, business address, telephone numbers, email addresses and data concerning your particular interests in our services;
- Educational and professional background supplied in the course of applying to work for or on behalf of CEPA.
- Profile and usage data, including your preferences in receiving optional communication from us and information about how you use our websites(s), including the services you viewed or searched for, page response times, download errors, length of visits and page interaction information (such as scrolling, clicks, and mouse-overs).
- Technical data, including information collected during your visits to our website(s), the Internet Protocol (IP) address, browser type and version, device type, time zone setting, browser plug-in types and versions, operating system and platform.
Information about other people
If you provide information to us about any person other than yourself, you must ensure that they understand how their information will be used, and that they have given their permission for you to disclose it to us and for you to allow us, and our service providers, to use it.
How we collect personal data
The circumstances in which we may collect personal data about you include:
- when you or your organisation offer to provide, or provides, services to us;
- when you correspond with us by phone, email or other electronic means, or in writing by post, or when you provide other information directly to us, including in conversation with our partners, directors, consultants and staff;
- when you or your organisation browse, complete a form or make an enquiry or otherwise interact on our website or other online platforms;
- when you attend our seminars or other events or sign up to receive information from us, including training;
- by us making enquiries, in relation to applications for employment, from your organisation, other organisations with whom you have dealings such as former employers and educational institutions, or from third party sources such as government agencies, information service providers.
How we use personal data
We use your personal data only for the following purposes:
- to provide and administer services, as instructed by you or your organisation and to process applications for employment;
- to communicate with you to keep you up-to-date on the latest developments, announcements, and other information about our services and solutions (including briefings, newsletters and other information), events and initiatives; to send you details of client surveys, marketing campaigns, market analysis, or other promotional activities; and
- to collect information about your preferences to personalise and improve the quality of our communications with you.
Please note that we will only provide you with marketing related information when you have asked us to do so or when we have a previous business relationship with you and provided you do not opt-out of receiving those communications. You have the opportunity to opt-out at any time as explained in the "Right to withdraw consent" section of this Notice.
We will not use your personal data for taking any automated decisions affecting or creating profiles other than as described above.
Disclosure of personal data
We may share your personal data, in the following circumstances:
- with our subsidiary companies and/or affiliates;
- with third parties including certain service providers we have retained in connection with the services we provide, such as lawyers, consultants, advisors, or experts and others for obtaining specialist advice, translators, couriers, or other necessary entities;
- with third parties for the purposes of helping us to help us measure our performance and to improve and promote our services;
- with courts, law enforcement authorities, regulators, government officials or lawyers or other parties where it is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim, or for the purposes of a confidential alternative dispute resolution process;
- with service providers who we engage within or outside of CEPA, domestically or abroad, e.g. data storage services, to process personal data for any of the purposes listed above on our behalf and in accordance with our instructions only;
- if we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets to whom we assign or novate any of our rights and obligations.
Information we transfer
When we transfer your information to other countries, we will use, share and safeguard that information as described in this Notice. To provide services, we may transfer the personal information we collect to countries outside of the EEA which do not provide the same level of data protection as the country in which you reside and are not recognised by the European Commission as providing an adequate level of data protection. We only transfer personal information to these countries when it is necessary for the services we provide you, or it is necessary for the establishment, exercise or defence of legal claims or subject to safeguards that assure the protection of your personal information.
Security of personal data
All CEPA entities ensure a level of data protection at least as protective as that required in the EEA. We have in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way and procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Updating personal data
If any of the personal data that you have provided to us changes, for example if you change your email address, or if you become aware that we have inaccurate personal data about you, please let us know by email to email@example.com or by post.
You have various rights with respect to our use of your personal data:
- Access: You have the right to request a copy of the personal data that we hold about you. There are exceptions to this right, so that access may be denied if, for example, making the information available to you would reveal personal data about another person, or if we are legally prevented from disclosing it.
- Accuracy: We aim to keep your personal data accurate, current, and complete. We encourage you to contact us to let us know if any of your personal data is not accurate or changes.
- Objecting: In certain circumstances, you also have the right to object to processing of your personal data and to ask us to block, erase and restrict your personal data.
- Porting: You have the right to request that some of your personal data is provided to you, or to another data controller, in a commonly used, machine-readable format.
- Erasure: You have the right to ask us to erase your personal data when the personal data is no longer necessary for the purposes for which it was collected, or when, among other things, your personal data have been unlawfully processed.
- If you have provided your consent to the collection, processing and transfer of your personal data, you have the right to fully or partly withdraw your consent. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there is another legal ground for the processing.
To opt-out of receiving our optional communications, please use either the opt-out links on any marketing message sent to you or contact us. Opting out of receiving optional communications will not affect the processing of personal data for the provision of our services.
You may, at any time, exercise any of the above rights, by contacting us. In some cases we may not be able to give you access to personal information we hold regarding you if making such a disclosure would breach our legal obligations to our client or if prevented by any applicable law or regulation.
How long we keep personal data
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements and, where required for CEPA to assert or defend against legal claims.
Cookies help us to improve our site and to deliver a better and more personalised service. Our web sites may use the following types of cookie:
- E-Marketing Cookies: We may send out marketing communications via email. If you click through from one of our emails to our website, we use additional cookies to connect your e-marketing journey with your website journey. This is to help us to provide you with the most relevant content.
Your consent & choices about cookies
Changes to our Privacy Notice
We reserve the right to update and change this Notice from time to time in order to reflect any changes to the way in which we process your personal data or changing legal requirements. Any changes we may make to our Notice in the future will be posted on this page and, if appropriate, notified to you by email.
If you would like to exercise any of your rights or if you have any questions in relation to privacy and personal information, please contact us by email to firstname.lastname@example.org or by post (including proof of your identity, i.e. a copy of your ID card, passport, or other valid identifying document) and we will take reasonable steps to respond as soon as practicable.
Queens House, 55-56 Lincoln's Inn Fields, London WC2A 3LJ, UK
Level 20, Tower 2 Darling Park, 201 Sussex Street, Sydney, NSW 2000, Australia
© 2019 CEPA Ltd. All rights reserved. Site by Sears Davies