Personal Data Collected
We collect and process personal information from you if you (or an organisation for whom you work) request information, sign up to a newsletter, or correspond with us. The personal data we may collect includes without limitation:
- Name, company name, addresses, email addresses, and telephone numbers.
If applicable, technical information, such as IP addresses, browser type and version, location, operating system and platform and device and cookie IDs on the devices you use to access our website (circularorganics.com) along with usage information. This includes information about how you use our websites and is automatically collected to help us administer and improve our services, analyse usage, and improve user experience.
- Marketing and communications information, such as your preferences in receiving marketing from us.
- Other information relating to you which you may provide to us, for example in the correspondence that you send to us.
How Personal Data is Collected
We use different methods to collect personal information from and about you as follow:
- Direct contact with you through regular business interaction. You may give us your contact details, at events or by corresponding with us by post, phone, email or in other ways (all of which are provided by you on voluntary basis). This includes personal information you provide when you:
- subscribe to newsletters through our website forms;
- request information;
- provide us with your contact details for us to answer or assist you;
- interact with us at events and meetings.
- Automated interactions with our website where we may automatically collect technical data about your equipment, and usage patterns. We collect this personal information by using cookies, server logs, and other similar technologies.
A cookie is a small file of letters and numbers which distinguish each user of our website. The cookies used are ?analytical? cookies which enable the recognition of visitors to our site and so allow analysis of the numbers of visitors and their pattern of use. The values obtained allow the website to be improved.
Most browsers allow cookie settings to be changed. These settings will typically be found in the ?options? or ?preferences? menu of a browser. The links below may be useful. Alternatively, visitors to our website may find the ?Help? option in their browser useful.
If cookies are blocked, certain functionalities on our website may be altered.
Use of Personal Data
- Marketing and events: We use your personal information to deliver marketing and event communications to you across various platforms, such as email, telephone, and online. If we send you a marketing email, it will include instructions on how to opt out of receiving these emails in the future. We also maintain email preference for our services for you to manage your information and marketing preferences.
- Security and Data Risk Management Activities ? we have a suite of security measures to protect our staff and our business information. Personal data may be processed during our security monitoring activities for example when automated scans are employed to detect scam emails.
- General administration: We use your personal information for the following legal and administrative purposes:to administer our websites and for internal operations, including troubleshooting, testing and statistical reporting purposes;
- for the prevention of fraud and other criminal activities;
- to meet our internal and external audit requirements;
- for network and information security purposes in order for us to take steps to protect your information against loss or damage, theft or unauthorised access;
- to comply with a request from you in connection with the exercise of your rights (for example where you have asked us not to contact you for marketing purposes, we will keep a record of this on our suppression lists to be able to comply with your request);
- for efficiency, accuracy or other improvements of our databases and systems e.g. by combining systems or consolidating records we hold about you;
to enforce or protect our privacy, safety, property or contractual and other legal rights or to bring or defend legal proceedings;
- to respond to non-mandatory requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include such authorities outside your country of residence; and
- for general administration including managing your queries, complaints, or claims, to send service messages and to provide you with important information about our business.
- We process your personal information to comply with our legal obligations including:
- to verify the accuracy of information we hold about you;
to keep a record relating to the rights you exercise in connection with our processing of your personal information;
- to respond to mandatory requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include such authorities outside your country of residence; and
- to respond to and resolve your complaints relating to the services we provide.
- to verify the accuracy of information we hold about you;
As described above, we process your personal information for direct marketing purposes on the basis that it is necessary for us to pursue our legitimate interests as a business (see above in this section for further details). From time to time we may tailor and personalise marketing communications that we send to you, for example, by notifying you of products, services, offers or promotions that apply to your interests, location, industry sector, employer or job role. If you do not wish to receive marketing communications from us, you can opt-out at any time by using the unsubscribe link inside the email (to unsubscribe from marketing emails), or by sending an email to email@example.com.
When and How Personal Data is Shared
We may disclose your personal information to:
- parties to whom you authorise us to disclose your personal information;
third parties which provide services to us (for example our business outsourcing providers who assist us in providing our services to you and providing finance, IT services, or marketing services);
- our partners, affiliates, contractors and consultants, assisting us in the provision of services to you;
- government and regulatory authorities, as required or authorised by law (including to comply with any obligation we (or our service providers) may have to give notice of any eligible data breaches; or
- other third parties as permitted by law.
The Lawful Basis for Processing Personal Data
Where the GDPR applies we rely on the following lawful reasons to collect and use your personal data and on occasion more than one lawful reason (basis) set out below may apply to the processing:
- our legitimate interests in marketing and providing our goods and services globally for both our benefit and that of our customers and contacts interested in what we provide;
- to comply with our legal obligations;
- where you consent to the processing where we ask you to (e.g. for certain sorts of marketing or other processing where the law either requires this or where it is our policy from time to time to seek consent for such processing).
Where Personal Data is Processed
When we transfer personal information from the European Economic Area to other countries in which applicable laws do not offer the same level of data privacy protection as in your home country, we take measures to provide an appropriate level of data privacy protection. In other words, your rights and protections remain with your data. For example, we use approved contractual clauses, multiparty data transfer agreements, and other measures designed to ensure that the recipients of your personal information protect it.
We collaborate with third parties such as cloud hosting services, located around the world to serve the needs of our business, workforce, and customers. We take appropriate steps to ensure that personal information is processed, secured, and transferred according to applicable law.
Security and the Protection of Personal Data
We use appropriate technologies, policies, processes and procedures to protect personal information. Our information security policies and procedures are closely aligned with widely accepted international standards and are reviewed and updated regularly to reflect changes in legislation and in business needs.
Examples of the technologies, policies, processes and procedures we maintain are:
- we have measures in place to protect against accidental loss and unauthorised access, use, destruction, or disclosure of data;
- we have implemented measures that are designed to safeguard the continuity of our service to our clients and to protect our people and assets;
we place appropriate restrictions on access to personal information;
- we implement appropriate measures and controls to store and transfer data securely;
- we conduct security awareness training for employees;
- we take steps to ensure that our employees and contractors operate in accordance with our information security policies and procedures and any applicable contractual conditions;
- we require, through the use of contracts and security reviews, our third-party vendors, service providers and their sub-contractors to protect any personal information with which they are entrusted in accordance with our security policies and procedures.
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
The length of time we retain your personal information is determined by several factors including the purpose for which we use that information and our obligations under other laws. We determine the period of retention of your personal information based on the following criteria:
- Retention in case of queries. We will retain your personal information in case of queries from you, including on behalf of an organisation for whom you work.
- Retention in case of claims. We will retain certain of your personal information for the period in which you or a third party might bring claims against us.
- Retention in accordance with legal and regulatory requirements. We will carefully consider whether we need to retain your personal information after the period described above in case of a legal or regulatory requirement.
The exceptions to the above are where:
- you exercise your right to require us to retain your personal information for a period longer than our stated retention period (see further Restriction of processing below);
- you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law (see further Request for deletion below);
- we bring or defend a legal claim or other proceedings during the period we retain your personal information, in which case we will retain your personal information until those proceedings have concluded and no further appeals are possible; or
- in limited cases, existing or future law or a court or regulator requires us to keep your personal information for a longer or shorter period.
When we no longer need your personal information, we securely delete or destroy it.
Data Controller and Data Protection Officer
The Data Controller is:
Circular Organics N.V., 1 Farnham Road, Guildford, Surrey, GU2 4RG, United Kingdom
If you have any queries or comments about this privacy notice or how and why personal data are processed, please contact us at:
Data Protection Officer (DPO)
1 Farnham Road,
Telephone: +44 (0)1483 549 000
Individual Rights and How to Exercise Them
Individuals have specific rights over their personal data gathered and processed by Circular Organics as described below:
Right of Access ? Individuals have a right to access to their personal data held by Circular Organics N.V. as a data controller ? (Subject Access Request). Please write to the Data Protection Officer at the above address to make such a request. Individuals may be asked to provide for documentation to verify identity and may be charged in accordance with the law governing data protection. Circular Organics N.V. will respond to Subject Access Requests within one calendar month.
Right to request that your personal information is amended ? to update your personal information, please write to the Data Protection Officer at the above address. Personal details will be updated as soon as practicable possible following receipt of a request
Right to be ?forgotten? or to request erasure ? an individual may ask that their personal data are removed or deleted if there is not a compelling reason for Circular Organics N.V. to retain it. Please contact the Data Protection Officer at the above address if you wish to request that your data are removed
Right to withdraw consent ? Where personal data are processed under the lawful basis of consent, an individual has the right to withdraw consent to that processing at any time. To withdraw consent, please email us at dataprotection@insectTG.com or, if you wish to withdraw consent to marketing emails, please click on the unsubscribe link in the relevant email.
Right to data portability ? an individual may request a copy of their personal information in a format that would allow it to be transferred to another company in a safe and secure way. For further information, please contact the Data Protection officer at the above address.
Right to restrict data processing ? an individual may request that the processing of their personal information is restricted. Circular Organics N.V. may retain the personal information in such circumstances but will ensure it is not used for the purposes that have been restricted.
Right to object ? an individual may object to the processing of their personal information for direct marketing (including profiling) and where it is being processed for our legitimate interests. For more information, please contact the Data Protection Officer at the above address.
Changing Privacy Laws
Circular Organics N.V. recognises that the transparency of data processing is extremely important. This privacy statement will be kept under regular review to ensure it complies with current data protection laws.
This Privacy Statement was last updated on 23rd April 2019.
We take great care to comply with the laws governing the protection of personal data. If, however, you do want to complain about our use of personal data, please send an email with the details of your complaint to the Data Protection Officer at dataprotection@insectTG.com and we will investigate your concerns.
You have the right to bring your concerns to the attention of the Information Commissioner?s Office. For more information about how to complain to the ICO, please refer to the ICO website: https://ico.org.uk/concerns/