1. Introduction

We are Cambridge Consultants Ltd (“Company”). Our registered office is Unit 29, Science Park, Milton Road, Cambridge Cambridgeshire CB4 0DW, and our registered company number is 01036298.

We are part of a group of companies which provides consultancy services across the globe. Our other group companies are:
– Cambridge Consultants Inc. of 745 Atlantic Avenue, Boston, MA 02111, USA
– Cambridge Consultants (Singapore) Pte Ltd of 152 Beach Road, Singapore 189721

In the UK we are registered with the Information Commissioner’s Office under registration number Z9851030.

In the US we are registered with the Privacy Shield program. To view the Company’s certification, please visit https://www.privacyshield.gov/

We are a leading, worldwide product development service provider. We specialise in design engineering services, professional technical services and product technical support services (“Services”).

This statement sets out how we will deal with (“Personal Data”) which is defined as meaning any information relating to an identifiable person who can be directly or indirectly identified, in particular by reference to an identifier. This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier, reflecting changes in technology and the way organisations collect information about people.

2. Why we process your personal data

The below paragraphs set out why we process your personal data, as well as the data processing conditions we rely on when processing this data.

In some circumstances we may also need to share your personal data if we are under a duty to disclose or share personal data in order to comply with a legal or contractual obligation.

2.1 To enter into contracts
Where you enter into a contract with us for our Services, we need to process your Personal Data to provide these Services to you. Our use of your Personal Data in this way includes sharing your Personal Data with the third party agents, consultants, suppliers and contractors we need to in order to provide the Services, as well as for the purposes of assessing fraud, credit and/or security risks.

We need to process your Personal Data in this way to enter into and perform the contract for the Services you have asked us to provide. If you do not wish to provide us with your Personal Data in this way, you will be unable to use our Services. In cases of onward transfers of data to third parties acting as an agent on our behalf, we will be liable in those cases where it is proven that we are responsible for the events giving rise to damage.

2.2 To provide customer services
We may also process Personal Data in order to provide various supporting customer services to you (such as where you contact us with a question in connection with our other services which we might be able to provide to you). The data processing condition we rely on when we process your Personal Data in these circumstances is our legitimate interest to provide effective customer support services. If you do not provide us with the Personal Data we request from you for customer services purposes, we may not be able to fully answer your queries.

2.3 To employ services of others
We also process Personal Data where we contract for the provision of third party goods and services as part of the effective delivery of services to our clients and for the management of our facility.

We will also process your Personal Data for the purposes of making our site more secure, and to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.

The data processing condition we use in these circumstances is our legitimate interest to provide you with the best customer experience we can, and to ensure that our site is kept secure.

2.4 To make our website better
We will also process Personal Data in order to provide a more effective user experience (such as by displaying our website in a way which is tailored for your device and browsing habits). This processing means that your experience of our site will be more tailored to you, and that the Services you see on our site may differ from someone accessing the same site with different browsing habits. We also use various cookies to help us improve our site (more details are set out here), and share your Personal Data with third party analytics and search engine providers that assist us in the improvement and optimisation of our site.

2.5 For marketing purposes
We retain Personal Data of those with whom we conduct business and may use that data for providing information regarding our capabilities and the services we may provide to our business associates.

2.6 For employee management and intracompany personnel transfers
The Company also processes Personal Data and Sensitive Personal Data as part of its human resources function for the management of its staff and for the intercompany transfer of employment for personnel in affiliate offices. The Company commits to cooperate with European Union (“EU”) data protection authorities (DPAs) and comply with the advice given by such authorities with regard to human resources data transferred from the EU in the context of the employment relationship.

2.7 In response to requests by public authorities
In addition, we will disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

3. We will collect the following Personal Data:

3.1 Information you give us
This is information about you that you give us by filling in forms on our site, purchasing our Services or by corresponding with us by phone, e-mail or otherwise. It includes information you provide when you register to use our Services, register to subscribe to our newsletter, participate in social media functions on our site, enter a survey, and when you report a problem with our site. The information you give us may include names, addresses, email addresses and phone numbers.

3.2 Information we collect about you
When you visit our site, we will automatically collect the following information:
– technical information, including the Internet protocol (IP) address used to connect your computer to the internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, screen resolution, operating system and platform; and
– information about your visit, including the full Uniform Resource Locators, clickstream to, through and from our site (including date and time), page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs) and methods used to browse away from the page.
We use Google Analytic Advertising and Reporting features to allow us to understand the demographics of our website visitors. You can choose to opt out of these advertising settings. Google provides a tool for this at https://tools.google.com/dlpage/gaoptout/

3.3 Information we receive from other sources
Where you have ordered or contracted with us for any Services, we may also be provided with your Personal Data via organisations we interact with in the relevant sector. We only use this data in order to deliver our Services.

4. How long we retain your personal data

We will retain your data for as long as you are a client of, or supplier to, Cambridge Consultants Ltd, and for ten years thereafter, to ensure that we are able to contact you should we or you have any questions, feedback or issues in connection with any of the Services we or you have received.

The Company uses reasonable precautions to maintain the accuracy and integrity of personal data and to update it as appropriate. The Company has implemented physical and technical safeguards to protect personal data, including, for example, network access controls, passwords and access logging. The Company also protects personal data through the use of firewalls, role-based restrictions and, encryption technology. The Company also employs access restrictions to its physical offices.

5. Your rights to object to us processing your data

You have the right to object to us processing your personal data where we are processing your personal data:

  • based on our legitimate interests to improve our site, provide customer services, or on the sale of our business (as set out above). If you ask us to stop processing your personal data for these reasons, we will stop processing your personal data unless we can demonstrate compelling grounds as to why the processing should continue in accordance with data protection laws; and
  • for direct marking purposes. If you ask us to stop processing your personal data on this basis, we will stop.

6. Your other rights under data protection laws

6.1 Right of access
You have the right to receive confirmation as to whether your Personal Data is being processed by us, as well as various other information relating to our use of your Personal Data. You also have the right to a copy of your Personal Data. The easiest way for you to obtain this is to contact us at the email address detailed at the bottom of this privacy policy.

Company may deny access to personal data where the burden or expense of providing access is disproportionate to the risks of the originating data subject’s privacy or where right of persons other than the originating data subject would be violated. The Company commits to resolve complaints about privacy and its collection and/or use of personal data expeditiously. The Company shall respond to all privacy complaints within one month of receipt.

6.2 Right to rectification
You have the right to require us to rectify any inaccurate Personal Data we hold about you. You also have the right to have incomplete Personal Data we hold about you completed, by providing a supplementary statement to us.

6.3 Right to restriction
You have the right to restrict our processing of your Personal Data where:

  • the accuracy of the Personal Data is being contested by you;
  • the processing by us of your Personal Data is unlawful, but you do not want the relevant Personal Data erased;
  • we no longer need to process your Personal Data for the agreed purposes, but you want to preserve your Personal Data for the establishment, exercise or defence of legal claims; or
  • we are processing your Personal Data on the basis of our legitimate interest to improve our site, provide customer services, or on the sale of our business (as set out above) and you:
    • object to our processing as set out above; and
    • want processing of the relevant Personal Data to be restricted until it can be determined whether our legitimate interest overrides your legitimate interest.

Where any exercise by you of your right to restriction determines that our processing of particular Personal Data is to be restricted, we will then only process the relevant Personal Data in accordance with your consent and, in addition, for storage purposes and for the purpose of legal claims.

6.4 Right to data portability
You have the right to receive your Personal Data in a structured, standard machine readable format and the right to transmit such Personal Data to another controller.

6.5 Right to erasure
You have the right to require we erase your Personal Data which we are processing where one of the following grounds applies:

  • the processing is no longer necessary in relation to the purposes for which your Personal Data were collected or otherwise processed;
  • our processing of your Personal Data is based on your consent, you have subsequently withdrawn your consent and there is no other legal ground we can use to process your Personal Data;
  • you object to the processing in as set out in this policy and we have no overriding legitimate interest for our processing;
  • the Personal Data have been unlawfully processed; and
  • the erasure is required for compliance with a law to which we are subject.

6.6 Your rights if complaints remain unresolved
You have the right to lodge a complaint with the Information Commissioner’s Office, the supervisory authority for data protection issues in England and Wales.

In compliance with the Privacy Shield Principles, the Company commits to resolve complaints about our collection or use of your personal data. EU individuals with enquiries or complaints regarding this policy should contact the Company at data.controller@cambridgeconsultants.com. Company has further committed to refer unresolved privacy complaints to either the Information Commissioner in the UK or, to an independent dispute resolution mechanism operated by the American Arbitration Association, International Centre for Dispute Resolution (ICDR®/AAA) based in the United States. More information about ICDR®/AAA® and its dispute resolution process may be accessed at http://go.adr.org/privacyshield.html. If you do not receive timely acknowledgment of your complaint from the Company or if the Company has not addressed your complaint to your satisfaction, please visit further visit the ICDR®/AAA®’s website which can be located at https://www.icdr.org/, or contact its representative Jason Cabrera by phone at +1.212.484.3207 or by email at CabreraJ@adr.org for more information or to file a complaint. The services of ICDR®/AAA® are provided at no cost to you. Finally, as a last resort and in limited situations, EU originating data subjects may seek redress from the Privacy Shield Panel, a binding arbitration mechanism. In addition, any investigation into Company’s use of personal data is subject to the investigatory and enforcement powers of the Federal Trade Commission and any other U.S. authorized statutory body.

7. Contact and changes

The Company has designated its internal Business Office/Legal Department to oversee compliance with applicable privacy laws. The Company will maintain, monitor, test, and upgrade information security policies, practices, and systems to assist in protecting the personal data that it collects. Company personnel will receive training, as applicable, to effectively implement this Policy. The Company will renew its privacy certifications annually. Prior to the re-certification, the Company will conduct an in-house verification to ensure that its attestations and assertions with regard to its treatment of personal data are accurate and that the Company has appropriately implemented these practices.

Questions, comments, requests about this privacy policy or exercising your rights to access or objection should be addressed to data.controller@cambridgeconsultants.com

This privacy policy was last updated on 9th October 2019.