Privacy policy
1. Introduction
We are Cambridge Consultants Limited (“Company”) and are the controllers of your personal data. Our registered office is Unit 29, Science Park, Milton Road, Cambridge Cambridgeshire CB4 0DW, and our registered company number is 1036298.
We are part of a group of companies which provides consultancy services across the globe. Our other group companies are:
- Cambridge Consultants Inc. of 2 Drydock Avenue, Suite 1210, Boston, MA 02210, USA
- Cambridge Consultants (Singapore) Pte Ltd of 300 Beach Road, Singapore 199555
- Cambridge Consultants Japan Inc, of 3-1-3 Minamiaoyama, Minato-ku, Tokyo, 107-0062
In the UK we are registered with the Information Commissioner’s Office under registration number Z9851030.
In the US we are registered with the Data Privacy Framework Program (DPF). To view the Company’s certification, please visit https://www.dataprivacyframework.gov/list.
We are a leading, worldwide product development service provider. We specialise in design engineering services, professional technical services and product technical support services (“Services”).
This statement sets out how we will deal with (“Personal Data”) which is defined as any information about an individual from which that person can be identified. This definition provides for a wide range of personal identifiers to constitute Personal Data, including name, identification number, location data or online identifier, reflecting changes in technology and the way organisations collect information about people.
2. Why we process your personal data
The below paragraphs set out why we process your Personal Data, as well as the data processing conditions we rely on when processing this data.
In some circumstances we may also need to share your Personal Data if we are under a duty to disclose or share Personal Data in order to comply with a legal or contractual obligation.
2.1 To enter into contracts
Where you enter into a contract with us for our Services, we need to process your Personal Data to provide these Services to you. Our use of your Personal Data in this way includes sharing your Personal Data with the third party agents, consultants, suppliers and contractors we need to in order to provide the Services, as well as for the purposes of assessing fraud, credit and/or security risks.
We need to process your Personal Data in this way to enter into and perform the contract for the Services you have asked us to provide. If you do not wish to provide us with your Personal Data in this way, you will be unable to use our Services.
2.2 To provide customer services
We may also process Personal Data in order to provide various supporting customer services to you (such as where you contact us with a question in connection with our other services which we might be able to provide to you). The data processing condition we rely on when we process your Personal Data in these circumstances is our legitimate interest to provide effective customer support services. If you do not provide us with the Personal Data we request from you for customer services purposes, we may not be able to fully answer your queries.
2.3 To employ services of others
We also process Personal Data where we contract for the provision of third party goods and services as part of the effective delivery of services to our clients and for the management of our facility.
We will also process your Personal Data for the purposes of making our site more secure, and to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
The data processing condition we use in these circumstances is our legitimate interest to provide you with the best customer experience we can, and to ensure that our site is kept secure.
2.4 To make our website better
We will also process Personal Data in order to provide a more effective user experience (such as by displaying our website in a way which is tailored for your device and browsing habits). This processing means that your experience of our site will be more tailored to you, and that the Services you see on our site may differ from someone accessing the same site with different browsing habits. We also use various cookies to help us improve our site (more details are set out here), and share your Personal Data with third party analytics and search engine providers that assist us in the improvement and optimisation of our site.
2.5 For marketing purposes
We retain Personal Data of those with whom we conduct business and may use that data for providing information regarding our capabilities and the services we may provide to our business associates.
2.6 In response to requests by public authorities
In addition, we will disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
3. We will collect the following Personal Data:
3.1 Information you give us
This is information about you that you give us by filling in forms on our site, purchasing our Services or by corresponding with us by phone, e-mail or otherwise. It includes information you provide when you register to use our Services, register to subscribe to our newsletter, participate in social media functions on our site, enter a survey, and when you report a problem with our site. The information you give us may include names, addresses, email addresses and phone numbers.
3.2 Information we collect about you
When you visit our site, we will automatically collect the following information:
- technical information, including the Internet protocol (IP) address used to connect your computer to the internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, screen resolution, operating system and platform; and
- information about your visit, including the full Uniform Resource Locators, clickstream to, through and from our site (including date and time), page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs) and methods used to browse away from the page.
- We use Google Analytic Advertising and Reporting features to allow us to understand the demographics of our website visitors. You can choose to opt out of these advertising settings. Google provides a tool for this at https://tools.google.com/dlpage/gaoptout/
3.3 Information we receive from other sources
We may receive personal data about you from third parties such as aggregators suggesting potential clients or suppliers to Cambridge Consultants and research bodies providing candidates for human factor studies.
4. Transfers
4.1 Intercompany
We share your personal data within the Cambridge Consultants group of companies. This may involve transferring your data outside the UK to our overseas offices in the US and Asia.
Whenever we transfer your personal data out of the UK to countries which have laws that do not provide the same level of data protection as the UK law, we always ensure that a similar degree of protection is afforded to it by ensuring that the following safeguards are implemented:
- We use specific standard contractual terms approved for use in the UK which give the transferred personal data the same protection as it has in the UK, namely the International Data Transfer Addendum to the European Commission’s standard contractual clauses for international data transfers.
4.2 Suppliers
We may transfer your personal data to service providers that carry out certain functions on our behalf. This may involve transferring personal data outside the UK to countries which have laws that do not provide the same level of data protection as the UK law.
Whenever we transfer your personal data out of the UK to service providers, we ensure a similar degree of protection is afforded to it by ensuring that the following safeguards are in place:
- We will only transfer your personal data to countries that have been deemed by the UK to provide an adequate level of protection for personal data; or
- We may use specific standard contractual terms approved for use in the UK which give the transferred personal data the same protection as it has in the UK, namely the International Data Transfer Addendum to the European Commission’s standard contractual clauses for international data transfers.
4.3 Data Privacy Framework
We comply with the EU-U.S. Data Privacy Framework program (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce. We have certified to the U.S. Department of Commerce that Cambridge Consultants adheres to the EU-U.S. Data Privacy Framework program Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
Additionally, in compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, we commit to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF to ICDR-AAA IRM Service, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://go.adr.org/dpf_irm.html for more information or to file a complaint.
The services of ICDR-AAA IRM Services are provided at no cost to you. If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms.
Participation in the EU-U.S. DPF is subject to investigation and enforcement by the Federal Trade Commission.
5. How long we retain your personal data
We will retain your data for as long as you are a client of, or supplier to, Cambridge Consultants Limited, and for twelve years thereafter, to ensure that we are able to contact you should we or you have any questions, feedback or issues in connection with any of the Services we or you have received.
We retain employee Personal Data for the duration of employment and for six years thereafter in line with statutory requirements and best practice. Candidate data is retained for a period of one year in accordance with best practice.
The Company uses reasonable precautions to maintain the accuracy and integrity of Personal Data and to update it as appropriate. The Company has implemented physical and technical safeguards to protect Personal Data, including, for example, network access controls, passwords and access logging. The Company also protects Personal Data through the use of firewalls, role-based restrictions and, encryption technology. The Company also employs access restrictions to its physical offices.
6. Your rights to object to us processing your data
You have the right to object to us processing your Personal Data where we are processing your Personal Data:
- based on our legitimate interests to improve our site, provide customer services, or on the sale of our business (as set out above). If you ask us to stop processing your Personal Data for these reasons, we will stop processing your Personal Data unless we can demonstrate compelling grounds as to why the processing should continue in accordance with data protection laws; and
- for direct marking purposes. If you ask us to stop processing your Personal Data on this basis, we will stop
7. Your other rights under data protection laws
7.1 Right of access
You have the right to receive confirmation as to whether your Personal Data is being processed by us, as well as various other information relating to our use of your Personal Data. You also have the right to a copy of your Personal Data. The easiest way for you to obtain this is to contact us at the email address detailed at the bottom of this Privacy Policy.
Company may deny access to Personal Data where the burden or expense of providing access is disproportionate to the risks of the originating data subject’s privacy or where right of persons other than the originating data subject would be violated. The Company commits to resolve complaints about privacy and its collection and/or use of Personal Data expeditiously. The Company shall respond to all privacy complaints within one month of receipt.
7.2 Right to rectification
You have the right to require us to rectify any inaccurate Personal Data we hold about you. You also have the right to have incomplete Personal Data we hold about you completed by providing a supplementary statement to us.
7.3 Right to request restriction
You have the right to restrict our processing of your Personal Data where:
- the accuracy of the Personal Data is being contested by you;
- the processing by us of your Personal Data is unlawful, but you do not want the relevant Personal Data erased;
- we no longer need to process your Personal Data for the agreed purposes, but you want to preserve your Personal Data for the establishment, exercise or defence of legal claims; or
- you have objected to our use of your Personal Data but we need to determined whether we have overriding grounds to use it.
7.4 Right to data portability
You have the right to receive your Personal Data in a structured, standard machine readable format and the right to transmit such Personal Data to a third party.
7.5 Right to erasure
You have the right to require we erase your Personal Data which we are processing where one of the following grounds applies:
- the processing is no longer necessary in relation to the purposes for which your Personal Data were collected or otherwise processed;
- our processing of your Personal Data is based on your consent, you have subsequently withdrawn your consent and there is no other legal ground we can use to process your Personal Data;
- you object to the processing in as set out in this Privacy Policy and we have no overriding legitimate interest for our processing;
- the Personal Data have been unlawfully processed; and
- the erasure is required for compliance with a law to which we are subject.
7.6 Your rights if complaints remain unresolved
You have the right to lodge a complaint with the Information Commissioner’s Office (‘IOC’) which is the supervisory authority for data protection issues in England and Wales. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
The Company commits to resolve complaints about our collection or use of your Personal Data. Individuals with enquiries or complaints regarding this policy should contact the Company at data.controller@cambridgeconsultants.com.
8. Contact and changes
The Company has designated its internal Business Office/Legal Department to oversee compliance with applicable privacy laws. The Company will maintain, monitor, test, and upgrade information security policies, practices, and systems to assist in protecting the Personal Data that it collects. Company personnel will receive training, as applicable, to effectively implement this Privacy Policy. The Company will renew its privacy certifications annually. Prior to the re-certification, the Company will conduct an in-house verification to ensure that its attestations and assertions with regard to its treatment of Personal Data are accurate and that the Company has appropriately implemented these practices.
Questions, comments, requests about this privacy policy or exercising your rights to access or objection should be addressed to data.controller@cambridgeconsultants.com.
This privacy policy was last updated on 22th October 2024.