Centre for Enterprise, Markets and Ethics (“CEME”)
Who we are and how to contact us
How does CEME collect personal information?
What personal data do we collect?
What is the purpose of the CEME’s use of your personal data?
What is CEME’s lawful basis for processing?
Will we collect sensitive or special category data?
Will the personal data be shared with any third parties?
How will CEME review or update this Notice?
The Centre for Enterprise, Markets and Ethics (“CEME”, “we”, “us”, “our”) takes its responsibilities in privacy and the handling of your personal data very seriously. We are committed to protecting the privacy of your personal data. We will respect any personal data you share with us and keep it safe. We aim to be clear when we collect your personal data and not do anything you wouldn’t reasonably expect.
This Notice describes how CEME uses personal data about you. Please read this Notice carefully to understand our practices regarding your personal data and how we will collect, use and store your personal data.
CEME is the data controller of the personal data it collects about you. CEME is a registered charity (registration number 1148345) and a company limited by guarantee (company number 08137333). Our registered office is at 31 Beaumont Street, Oxford OX1 2NP. We can be contacted at this address, on 01865-513453 or office@theceme.org.
The personal data collected will only be processed by personnel employed or contracted by CEME unless otherwise stated in this Notice. We do not use any form of automated decision-making in our processes.
For example, by filling in forms on our website (including signing up to our newsletters), communicating with us by phone, email or letter or filling out a survey.
Your information may be shared with us by third parties including, for example, sub-contractors in technical, payment and delivery services; advertising networks; analytics providers and search information providers. To the extent we have not done so already, we will notify you when we receive information about you from them and tell you how and why we intend to use that information.
Depending on your privacy settings for social media services, we may access information from those accounts or services. We also collect information from the public domain in order to contact Members of Parliament, Bishops and other church leaders, academics and university post holders and other think-tanks involved in public policy – where we do so we will notify you.
When you visit this website, we automatically collect certain technical information, including via cookies and similar technologies. CEME’s website uses “cookies”. A cookie is a text file that is placed on your hard disk by a Web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are used to enhance the experience of using the website and for analytical purposes (for example, proportion of total visits to different sections of the website). Most browsers are set to automatically accept cookies by default, but you can change this setting. For further information please consult your web brower’s help pages.
We may combine your personal information from these different sources for the purposes set out in this Notice.
The personal data which we will collect includes name, address, email, telephone numbers, business occupation and biographical details. We will also collect donation information, information regarding preferences or needs for events (for example, dietary, seminar choice). We may also collect the necessary information to pay fees to individuals for services performed (writing, speaking, research) on our behalf, and any other information which is shared with us as per section 2.
We collect and use your personal data for the following purposes:
The law requires us to rely on one or more lawful bases to process your personal data. The lawful bases that we rely on for processing your personal data are:
We do not generally collect sensitive personal data from you (i.e. revealing your health, ethnicity, race, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, sex life or sexual orientation). Where we do collect such sensitive data from you, we do so lawfull which usually means we will ensure that we obtain your prior explicit consent. You always have the right to withdraw your consent.
We will not share or sell any personal data to any third party to use for their own marketing purposes without your prior consent. We may share data with trusted partners to help us perform statistical analysis, send you email or postal mail, provide customer support, arrange for deliveries or to facilitate events. All such third parties are prohibited from using your personal data except as instructed by CEME and they are required to maintain the confidentiality of your information.
CEME may also disclose your personal data (a) if required to do so by law; (b) to protect and defend the rights or property of CEME; and, (c) act under exigent circumstances to protect the personal safety of users of CEME, or the public.
As part of the registration process for our newsletter, we collect personal data. We use a third party providers, MailChimp, to deliver our e-newsletters. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e-newsletter. For more information, please see the relvant privacy notice for MailChimp.
You can unsubscribe to general mailings at any time of the day or night by clicking the unsubscribe link at the bottom of any of our emails.
Whilst CEME is UK-based, the personal data that we collect may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”) for example where we use suppliers such as website hosts that are based outside the EEA. This may include suppliers who will undertake, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services.
Some countries outside of the EEA have a lower standard of protection for personal information, including lower security requirements and fewer rights for individuals. In these cases, we ensure adequate safeguards have been put in place to protect your personal information, such as European Commission-approved contracts or transferring to suppliers who are subject to the EU-US Privacy Shield framework. We will follow the guidelines issued by the Information Commissioner. If you have any questions about the transfer of your personal information, please contact us using the details above.
This Notice does not cover the websites that our website links to. Those sites are not governed by this Privacy Policy, and if you have questions about how a site uses your information, you’ll need to check that site’s privacy statement.
CEME secures your personal information from unauthorised access, use or disclosure. We secure the personally identifiable information you provide on computer servers in a controlled, secure environment, protected from unauthorised access, use or disclosure.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
We keep personal data for as long as there is a need to keep it in connection with the purposes for which it was collected and in accordance with our internal policies. In general, we will not retain data longer than 5 years from the date of our last contact with you unless the law requires us to keep it for longer. In the event that you ask us to stop sending you marketing communications, we will retain certain details, such as your name, to help us ensure that you are not contacted again.
You have the right to make a complaint at any time to the Information Commissioner’s Office if you are concerned about our use of your personal data – www.ico.org.uk/global/contact-us.
You also have the following privacy rights:
· Right to restrict processing – to require us to stop processing your personal data in a particular way if there is disagreement about its accuracy or legitimate usage.
· Right to erasure – you can request that your personal data is erased from our database in certain circumstances.
· Right of access – you can ask for a copy of the personal data we hold about you.
· Right to rectification – we also want to make sure that your personal data is accurate and up to date. Please let us know if your details change. You may also ask us to correct or remove personal data which is inaccurate.
· Right to object – you can also opt-out of receiving all or some of our marketing communications or request that we stop processing personal data about you for certain purposes (including marketing purposes or where we are processing your personal data on the basis of legitimate interests) at any time by contacting us using the details above.
· Right to data portability – in certain circumstances you have a right to data portability which means we will provide you (or a third party you nominate) with your personal data in a structured, commonly used and machine-readable format.
Please note that you may only use/ benefit from some of these rights in limited circumstances. For more information, we suggest that you consult guidance from the Information Commissioner’s Office (ICO) or please contact us using the details above.
We regularly review and, where necessary, update our privacy information. If there are any significant changes to this Notice we will communicate these to you where we have your contact details and it is reasonable for us to do so.
This Notice was last updated on 20th July 2018.