This document refers to personal data, which is defined as information concerning any living person (a natural person who hereafter will be called the Data Subject) that is not already in the public domain.
The General Data Protection Regulation (GDPR) seeks to protect and enhance the rights of data subjects. These rights cover the safeguarding of personal data, protection against the unlawful processing of personal data and the unrestricted movement of personal data within the EU. It should be noted that GDPR does not apply to information already in the public domain.
We are pleased to provide the following Privacy Notice:
What personal data we may collect
We may collect the following information from you:
- Name and job title
- Contact information including email address
- Demographic information such as postcode, preferences and interests
- Other information relevant to customer surveys and/or offers
How do we collect personal data
Personal data could be collected through:
- Information that you provide by filling in forms on our site. This includes information provided at the time of registering to use our site, subscribing to our service, posting material or requesting further services.
- If you contact us, we may keep a record of that correspondence.
- We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
- Details of your visits to our site including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access.
Should you wish to contact us, you can do so in several ways;
- Sending an email to: CI@cobaltinstitute.org
- Phone us at: + 44 1483 578877
- Write to us at: 18 Jeffries Passage, Guildford, GU1 4AP, UK
We may need to confirm your identify in which case we will ask you for two of the following forms of identity:
- Driving license
- Birth certificate
- Utility bill not older than three months.
A minimum of one piece of photographic ID listed above and a supporting document is required.
Should any subject access requests submitted be manifestly unfounded or excessive, then we may (in line with GDPR) either; charge a reasonable fee (taking into account the administrative costs of providing the information) or refuse to respond. Where a decision is taken to refuse to respond to a request, the data subject will be provided with an explanation for the decision along with details of their rights to complain to the supervisory authority and to a judicial remedy. This will be provided without undue delay and at latest within one month from receipt of the request.
How we use the data we collect
We use the information gathered about you in a variety of ways:
- To keep our internal record keeping up to date
- To improve our products and services
- To periodically send you promotional emails about new products, special offers or other information which we think you may find interesting, where you have consented to be contacted for such purposes.
- From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone, fax or mail. We may use the information to customise the website according to your interests.
- To carry out obligations arising from any contracts entered into between you and us
- To notify you about changes to our service.
How we protect the data we collect
We are committed to keeping your information secure. We take reasonable steps to protect data from unauthorised access or disclosure by implementing suitable physical, electronic and business procedures.
Through agreeing to this privacy notice you are providing your consent to allow the processing of your personal data for the purposes outlined. You can withdraw consent at any time by contacting us via the methods provided in this privacy notice.
Your rights as a data subject
We are committed that the processing and storage of any personal data and/or sensitive personal data provided by you or about you, is at all times handled in accordance with the Data Protection Act 1998 (DPA) and the General Data Protection Regulation (GDPR).
Under the DPA you have the right to request that we do not use your personal data for marketing purposes. You can do this in one of two ways:
- Whenever you are asked to fill in a form on the website, you can click the box to indicate that you do not want the information to be used by anybody for direct marketing purposes.
- If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to or emailing us at CI@cobaltinstitute.org
Further to this, the GDPR provide the following rights to the data subject to who the personal and/or sensitive personal data relates:
- Right of access – you have the right to request a copy of the information that we hold about you.
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
- Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
- Right to restriction of processing – where certain conditions apply you have a right to restrict the processing.
- Right of portability – you have the right to have the data we hold about you transferred to another organisation.
- Right to object – you have the right to object to certain types of processing such as direct marketing.
- Right to object to automated processing, including profiling – you also have the right not to be subject to the legal effects of automated processing or profiling.
Sharing your personal data with third parties
We will not sell, distribute or lease your personal information to third parties unless we have your prior consent or are required by law to do so.
We may on occasions pass your personal data to third parties exclusively to process work on our behalf. We require these parties to agree to process this information based on our instructions and requirements consistent with this Privacy Notice and GDPR.
Our retention policy
We will process personal data during the duration of any contract and will continue to store only the personal data needed for five years after the contract has expired to meet any legal obligations. After five years any personal data not needed will be deleted.
Automated decision making
We don't make any decision based solely on automated means, but if we did you would have the right for a human to review that decision.
In the event that you wish to make a compliant about how your personal data is being processed by us or our partners, you can do so by contacting the Information Commissioners Office whose contact details can be found on their website https://ico.org.uk