WEBSITE PRIVACY NOTICE
Notice regarding the personal data collected from C.E.A. CIRCULAR ECONOMY ALLIANCE LTD’s webpage.
We hereby wish to inform you that C.E.A. CIRCULAR ECONOMY ALLIANCE LTD (hereinafter referred to as “CEA”, “we” or “us”) handles your personal Data in a transparent way and in full respect to your rights and personality and in accordance with Regulation (2016/679 (EU) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the GDPR).
For the purposes of this notice, Personal Data means every information about you that establishes or can establish your identity, for example your name and surname, your telephone number or your city name, or your computer’s IP address.
Furthermore, Processing of Personal Data means any act or series of acts performed on your personal data, including, inter alia, collection, recording, organization, structuring, storage, data search, use, any way of disposal, erasure or destruction.
We reserve the right to change, modify, add, or remove portions of this Privacy Notice. We will post notice of modifications to this Privacy Notice on this page. You must check this page periodically for changes. Changes will become effective immediately but will not apply retroactively. If you do not agree to the modified Privacy Notice you should immediately discontinue your use of the Services.
Sources Of Personal Data
This policy applies to the personal information we collect from or about you using methods described below from the following sources:
- CEA websites, including websites we operate under our own domains/URLs and mini-sites we operate on third-party social networks (“Sites”).
- Email, SMS and other electronic messaging interactions with electronic communications between you and CEA.
- CEA Consumer Engagement Service, Communications with our Consumer Engagement Service.
- Data we create as part of our interactions with you: we may create personal data about you (for example, records of your purchases on our website).
- Data from other sources: Third-party social networks, market research (where feedback is not provided anonymously), third-party data aggregators, advertisers from CEA, public sources and data we receive when we acquire other businesses.
A. THE DATA WE COLLECT AND HOW WE COLLECT IT
Depending on how you interact with CEA (online, offline, by phone, etc.), we collect different types of information from you as described below:
Personal Contact Information
This includes any information you provide to us so that we can contact you, such as name, address, email address, social network details or phone number.
Account Login Information
Any information required to gain access to your specific account profile. Examples include your login ID/email address, screen name, password in the non-recoverable form, and/or security question and answer.
Information from a Computer/Mobile Device
Any information about the computer system or other technological device you use to access any of our websites or apps, such as the IP (Internet Protocol) address used to connect your computer or device to the internet, the operating system type and web browser type and version. If you access our website through a mobile device such as a smartphone, the information collected also includes, where permitted, your phone’s unique device ID, advertising ID, geographic location and other similar mobile device data.
Information regarding the Use of the Website
When you navigate and interact with our websites or newsletters, we use automatic data collection technologies to collect certain information about your actions. This includes, for example, information about which links you click, which pages or content you view and for how long, and other similar information and statistics about your interactions, such as content response times, download errors, and the length of visits to certain pages. This information is collected using automated technologies such as cookies and web beacons, and is also collected using third-party tracking for analytics and advertising purposes. You have the right to object to the use of such technologies.
Market Research and Consumer Feedback
Any information you voluntarily provide to us about your experience using our products and services.
Consumer Generated Content
The content you create and share with us on third-party social networks or by uploading to our website, including using third-party social network apps such as Facebook. Examples include photos, videos, personal stories or other similar media or content. Where permitted, we collect and post-consumer-generated content in connection with a variety of activities, including contests and other promotions, website community features, consumer engagement and third-party social networks.
Third Party Social Network Information
Any information that you publicly share on a third-party social network, or information that is part of your profile on a third-party social network (e.g. Facebook) and that you allow the third-party social network to share with us. Examples include your basic account information (e.g. name, email address, gender, birthday, current city, profile picture, user ID, friends list, etc.) and other additional information or activities that you allow the third-party social network to share. We receive the information about your profile (or a portion of that information) each time you download or interact with a CEA web application on a third-party social network such as Facebook, each time you use a social networking feature built into a CEA website (such as Facebook Connect), or each time you interact with us through a third-party social network. To learn more about how your information is accessed by CEA from a third-party social network, or to opt out of sharing such information through a social network, please visit the relevant third-party social network’s website.
Payment and Financial Information
Any information we need to complete an order or that you use to make a purchase, such as your debit or credit card details (cardholder name, card number, expiry date, etc.) or other available payment methods (if applicable). In all cases, we or our payment processing providers handle payment and financial information in a manner that complies with applicable laws, regulations and security standards such as PCI DSS (Payment Card Industry Data Security Standard).
Calls and Recordings
Calls to Consumer Engagement Services Communications with a Consumer Engagement Service may be recorded or listened to for local operational requirements (e.g. for quality or training purposes) in accordance with applicable laws. Payment card details will not be recorded. Where required by law, you will be informed of this recording at the beginning of your call.
Sensitive Personal Data
We do not seek to collect or otherwise process sensitive personal data in the normal course of business. Where it is necessary to process your sensitive personal data for any reason, we will rely on your prior explicit consent for any voluntary processing (e.g. for marketing purposes). When we process your sensitive personal data for other purposes, we rely on the following legal bases: (i) detection and prevention of crime (including fraud prevention); and (ii) compliance with applicable laws (e.g. to comply with our diversity reporting obligations).
Personal Data of Children
This website is not intended for children and we do not knowingly collect data relating to children. We do not intentionally request or collect personal information from children under the age of 13. If we discover that we have inadvertently collected personal information from a child under 13, we will promptly remove that child’s personal information from our records.
We collect information in the form of log files that record website activity and collect statistics about your browsing habits. These records are automatically generated and help us to troubleshoot, improve performance and ensure the security of our websites.
Web beacons (also known as “web bugs”) are small strings of code that deliver a graphical image on a website or in an email to send data back to us. The information collected via web beacons includes information such as IP address and information about how you respond to an email campaign (e.g. when the email was opened, which links you click in the email, etc.). We will use web beacons on our websites or include them in emails we send you. We use web beacon information for a variety of purposes including, but not limited to, website traffic reporting, visitor counts, advertising, email monitoring and reporting, and personalisation.
B. HOW WE USE YOUR PERSONAL DATA
The following sections describe the different purposes for which we collect and use your personal data and the different types of personal data collected for each purpose. Please note that not all of the uses listed below are relevant to each individual.
What do we use your Personal Data for?
- Customer service;
- Fulfilment of contractual obligations;
- Legal obligations: where we need to use your information to comply with our legal obligations;
- Our legitimate interests: where we use your information to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights;
- Improving and developing new products and services;
- Competitions, marketing and other promotions;
- With your consent (if required): where you have consented to our use of your information;
- Defining types of consumers for new products or services;
- Finding out which of our products and services might interest you and let you know about them;
- Personalisation (offline and online);
- To analyse your preferences and habits;
- To anticipate your needs based on our analysis of your profile;
- To improve and personalise your experience on our websites and apps;
- To ensure that the content of our Website is optimised for you and your computer or device;
- To allow you to participate in interactive features if you so choose. For example, we store your login ID/email address or screen name so that you can quickly log in the next time you visit our website or easily retrieve the items you have previously added to your shopping cart;
- Order processing;
- Legal claims: where your information is necessary for us to defend, prosecute or make a claim against you, us or a third party;
- Other general purposes (e.g. internal or market research, analytics, security). In accordance with applicable laws, we use your personal data for other general business purposes, such as managing your account, conducting internal or market research and measuring the effectiveness of promotional campaigns. We reserve the right, if you have more than one CEA account, to combine these accounts into a single account. We also use your personal data to manage and operate our communications, IT and security systems.
You can ask us or third parties to stop sending you marketing messages at any time by logging into the website and checking or unchecking relevant boxes to adjust your marketing preferences OR by following the opt-out links on any marketing message sent to you OR by contacting us at any time.
Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of product/service experience or other transactions.
C. DATA RETENTION
In some (other) circumstances you can ask us to delete your data: see Your Legal Rights below for further information.
In some circumstances, we will anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
CEA will keep copies of your personal data in a form that can only be identified if:
- We have an ongoing relationship with you (for example, if you have been added to our mailing list and have not unsubscribed).
- In addition, in the event of legal proceedings, we may continue to process your personal data for as long as is necessary for connection with those proceedings.
- During the periods referred to above, we will limit our processing of your personal data to storing or maintaining the security of that data, except to the extent that the data needs to be reviewed in connection with a claim or obligation under applicable law.
- Upon expiry of the periods, we will either (i) permanently delete or destroy the personal data concerned or (ii) anonymise the personal data concerned.
D. WHEN WE MAY DISCLOSE YOUR PERSONAL INFORMATION
We share your personal data with the following types of third-party organizations:
These are external companies that we use to support our business (e.g. order processing, payment processing, fraud detection and identity verification, website operations, market research companies, support services, promotions, website development, data analytics, etc). Service providers and their selected employees may process your personal data on our behalf only for the specific tasks they are required to perform by our instructions and are required to keep your personal data confidential and secure. Where required by law, (although articulated throughout this Policy) you can obtain a list of the providers who process your personal data.
Third Party Providers (where applicable)
Using Personal Information for their own Marketing Purposes except in situations where you have given your consent: We do not sell your personal information to third-party companies for their own marketing purposes.
When and where applicable will use your personal data for legal reasons.
Disclosure, storage and/or transfer of your personal data
We take appropriate measures to keep your personal data confidential and secure. However, please note that these safeguards do not apply to information you provide in public areas, such as third-party social networks.
Persons who can access your personal data
Your personal data will be processed by our authorised employees or agents as necessary, depending on the specific purposes for which your personal data was collected.
We store your personal data in operational environments where appropriate security measures are used to protect against unauthorised access. We follow appropriate standards to protect personal information.
Transfer of your personal data
The storage as well as the processing of your personal data as described above may require that your personal data is ultimately transferred/transferred to and/or stored at a destination outside your country of residence, including in countries that have different data protection standards than those applicable in the EU or EEA. We (i) have standard contractual clauses approved by the European Commission in place to protect your personal data (and you have the right to request a copy of these clauses from us (by contacting us) and/or (ii) we rely on your consent (where permitted by law).
Business Analyses and Market Research
In order to operate our business economically and to be able to recognise market trends and the wishes of contractual partners and users, we analyse the data we have on business transactions, contracts, enquiries, etc. In doing so, we process inventory data, communication data, contract data, payment data, usage data, and metadata based on our legitimate interests, whereby the persons concerned include contractual partners, interested parties, customers, visitors and users of our online offer as well as our trade fairs and events.
We may take into account the profiles of registered users with information, e.g. on the services they have used. The analyses serve us to increase user-friendliness, optimisation of our offers and events and business management. The analyses serve us alone and are not disclosed externally, unless they are anonymous analyses with summarised values.
Insofar as these analyses or profiles are personal, they will be deleted or anonymised upon termination by the user, otherwise after three years from the conclusion of the contract. Otherwise, the overall business analyses and general trend analyses will be prepared anonymously, if possible.
E. THIRD PARTIES
Cooperation with Processors, Jointly Responsible Parties, and Third Parties
If, in the course of our processing, we disclose data to other persons and companies (processors, joint controllers or third parties), transfer it to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission (e.g. if a transfer of the data to third parties, such as payment service providers, is necessary for the performance of the contract), users have consented, a legal obligation provides for this or on the basis of our legitimate interests.
If we disclose or transfer data to other companies or otherwise grant them access, this is done in particular for administrative purposes as a legitimate interest and, in addition, on a basis that complies with the statutory requirements. We use the following third parties for external services:
- www.talentlms.com operated by Talent Epignosis LLC.
- https://mailchimp.com/features/crm/ operated by The Rocket Science Group, Inc.
- https://www.stripe.com operated by John and Patrick Collison.
- https://scorm.com/ operated by Rustici Software LLC and its group companies, within the Learning Technologies Group.
- https://www.accredible.com/ operated by Alan Heppenstall and Danny King
- https://app.sproutsocial.com/login headquartered in Chicago, United States of America.
Integration of services and contents of third parties
We use content or service offers from third-party providers within our online offer in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as “Content”).
This always assumes that the third-party providers of this content are aware of the IP address of the user, as without the IP address they would not be able to send the content to their browser. The IP address is therefore necessary for the display of this content. We endeavour to only use content whose respective providers only use the IP address to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The web beacons can be used to analyse information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system, referring websites, time of the visit and other information about the use of our website, as well as being linked to such information from other sources.
Upon instruction of the CEA, Google uses this information to assess how you use our webpage, as well as to prepare several analyses which may help improve our web page’s user experience. When your IP address is collected through the abovementioned service, no process in combination with other data that Google has in its possession is conducted. You can find more information regarding Google Analytics at the following link: support google.
Please note that you can disable the collection of data related to the way you use this webpage through the Google Analytics service, by following this link, by installing the relevant plug-in to the browser you use: tools.google.
Cookiebot enables our business to collect, manage and document user consent on websites and apps so as to achieve full compliance with global privacy regulations while facilitating high consent rates and building trust with our users and clients (the “Cookie Consent”).
With the help of the above-mentioned Cookie Consent you have the possibility to give or refuse your consent for certain functionalities of our website. The purpose of integrating this Cookie Consent, is to allow the users of our website to decide on the aforementioned matters and, in the course of further use of our website, to offer them the opportunity to change settings they have already made. The settings you have made can also be changed by you afterward.
F. YOUR LEGAL RIGHTS
Under certain circumstances, you have rights under data protection laws in relation to your personal data. If you wish to exercise any of these rights, please contact us.
You are entitled to the following rights:
Right to information
You may request confirmation from us as to whether personal data concerning you is being processed by us.
You have the right to request information about whether personal data concerning you is transferred to a third country or an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.
This right of access may be restricted to the extent that it is likely to render impossible or seriously impair the achievement of the statistical purposes and the restriction is necessary for the fulfillment of the statistical purposes.
You have the right to obtain a copy of the personal data that is the subject of the processing. For any additional copies you request, we may charge a reasonable fee based on administrative costs. If you make the request electronically, the information shall be provided in a commonly used electronic format, unless otherwise specified.
The right to receive a copy may not affect the rights and freedoms of other persons, and the right of access does not exist insofar as the information would disclose information that must be kept secret under a legal provision or by its nature, in particular because of the overriding legitimate interests of a third party.
Right to rectification
You have a right to ask to correct or complete your data at any time.
Right to restriction of processing
You may require us to restrict the processing of your personal data if you contest the accuracy of it, the lawfulness of the processing and/or because it is not necessary for the processing purposes they had been collected for.
Right to erasure
You have the right to request us to erase the personal data that concern you. However, we reserve the right to deny the erasure, if the processing is necessary for compliance with our legal obligations, for reasons of public interest and/or for the exercise of legal claims.
Right to data portability
You have the right to receive the personal information concerning you, in a structured, commonly used and machine-readable format, to transfer it to other organisations/companies or ask us to do so directly to other organisations/companies upon your instruction.
Right to object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) of the GDPR; this also applies to profiling based on these provisions. We will then no longer process the personal data concerning you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If the personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling, insofar as it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
Your right to object may be limited to the extent that it is likely to render impossible or seriously impede the achievement of the statistical purposes and the limitation is necessary for the fulfillment of statistical purposes.
Right to revoke your consent
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
Automated decisions in individual cases including profiling
You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:
(1) is necessary for the conclusion or performance of a contract between you and the controller,
(2) is permitted by legal provisions of the Union or the Member States to which the controller is subject, and these legal provisions contain appropriate measures to protect your rights and freedoms as well as your legitimate interests; or
(3) is made with your express consent.
However, these decisions may not be based on special categories of personal data under Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.
With regard to the cases mentioned in (1) and (3), we take reasonable steps to safeguard the rights and freedoms as well as your legitimate interests, which include at least the right to obtain the intervention of a person on the part of the controller, to express your point of view and to contest the decision.
Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to complain with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR. The supervisory authority to which the complaint has been submitted will inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.
No fee is usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Any subject access request must be made in writing to C.E.A. CIRCULAR ECONOMY ALLIANCE LTD, firstname.lastname@example.org.
G. CHANGES TO THIS POLICY
If we change how we handle your personal information, we will update this Policy. We reserve the right to make changes to our business practices and this Policy at any time. Please check back regularly for updates or changes to our policy. Historic versions can be obtained by contacting us as mentioned below.
If you have any questions or comments about this policy and our privacy practices, or if you would like to make a complaint regarding our compliance with applicable privacy laws, please contact us as mentioned below.
H. How can you file a complaint?
In case you have any complaint and/or dispute in regards to the way we use your personal data, you are invited to notify us accordingly and we will directly undertake to investigate and inform you in regards to your complaint.
In any case, you are entitled to submit a complaint to the Commissioner of Personal Data Protection. You can find information regarding the filing of complaints on the relevant website (https://www.dataprotection.gov.cy).
I. CONTACT US