Data Protection and Privacy Policy

Last Revised: 24-May-2018

Introduction

Cambridge Nanotherm cares about your privacy. You can rely on us to keep your details confidential and to meet all the obligations under data protection and privacy laws related to the UK and the EU. The use of such information will only be for the purpose for which it was collected.  This Privacy Policy explains how we collect, use, disclose and protect the personal information we obtain.
We will be the “controller” of the personal information which you provide to us or which we collect from you.

What Is Personal information

Personal information is any information about you as an identifiable individual and includes information concerning your name, address, telephone number, date of birth, email address, credit or debit card information and/or other payment information, IP address, other data collected that could directly or indirectly identify you.
Much of what you likely consider personal data is collected directly from you when you:
• create an account or purchase any of our goods and services (ex: billing information, including name, address, credit card number, government identification);
• request assistance from our customer support team (ex: phone number); 
• complete contact forms or request newsletters or other information from us (ex: email); or
• participate in contests and surveys, apply for a job, or otherwise participate in activities we promote that might require information about you.   

How Do We Utilize Information?

We use your personal information as follows:
• to maintain our relationship with you while you are a customer;
• to process orders and provide agreed goods and services to you;
• for invoicing, processing payments, account set up and maintenance;
• to communicate with you, including to respond to information requests /enquiries submitted and/to obtain your feedback on our products and services;
• for record keeping, statistical analysis and internal reporting and research purposes;
• to notify you about changes to our products and services;
• to decide on and notify you about price changes;
• to monitor the quality of our products and services;
• for logistical purposes, including to plan and log delivery routes;
• to investigate any complaint you make;
• to provide evidence in any dispute or anticipated dispute between you and us;
• to customise various aspects of our websites to improve your experience;
• as we may otherwise consider necessary to support the operation of our websites;
• to obtain credit references, credit checks and for debt collection, fraud detection and prevention and risk management purposes;
• to monitor and/or record telephone conversations to or from you in order to offer you additional security, resolve complaints, improve our service standards and for staff training purposes; and
• to evaluate your suitability for positions currently open at the company or any other upcoming vacancies;
• to protect the rights, property, and/or safety of Cambridge Nanotherm, its personnel and others.

Marketing

We may send you direct marketing in relation to our own products and services by phone and post, as long as this is in line with any marketing preferences that you have provided to us.
We will only send you direct marketing in relation to our own products and services by email:
• where you have consented to this; or
• where you have not objected to this, and we are marketing similar products and services to those which were the subject of a previous sale or negotiations of a sale to you.
Your agreement to the use of your personal information for direct marketing purposes is optional, and if you choose not to consent, your visit to and use of our websites will not be affected.
You can choose to opt out of receiving direct marketing information from us at any time, through the ‘Unsubscribe’ link at the bottom of any Cambridge Nanotherm email you receive, or by contacting us.

Sharing With Third Parties

We may share your personal data with affiliated companies within our corporate family as well as trusted third party service providers as necessary for them to perform services on our behalf, such as, but not limited to:
• Payment processing;
• Marketing;
• Market research;
• Warehousing and logistics;
• Email communication;
• Customer relationship management;
• Credit checks and referencing;
• Recruitment;
• Software;
• Manufacturing;
• Accountants, auditors, lawyers or similar advisers;
• Investors and other relevant third parties;
• Any other third parties, if authorised by you to do so.
We only share your personal data as necessary for any third party to provide the services as requested or as needed on our behalf. The performance of services by our third party service provider(s) may be subject to a separate privacy statement provided to you by the relevant third party. You should read any such statement carefully.

Your Rights

If you have submitted your personal data, you have the right to withdraw consent and to erasure. If you want to exercise any of these rights, for example, by requesting a copy of the Data which we hold about you, please contact using details in the Contact Us section.
If you make a request to delete your personal data and that data is necessary for the products or services you have purchased, the request will be honored only to the extent it is no longer necessary for any Services purchased or required for our legitimate business purposes or legal or contractual recordkeeping requirements.
We will grant your request only to the extent that it follows from our assessment of your request that we are allowed and required to do so under data protection laws. Nothing in this Privacy Policy is intended to provide you with rights beyond or in addition to your rights as a data subject under data protection laws.
If you believe that any information we are holding on you is incorrect or incomplete, please email or write to us as soon as possible, at the above address. We will promptly correct any information found to be incorrect.

How We Secure, Store And Retain Your Data

We follow generally accepted standards to store and protect the personal data we collect, both during transmission and once received and stored, including utilisation of encryption where appropriate.
We don’t sell your data to third parties.
We retain personal data only for as long as necessary to provide the Services you have requested and thereafter for a variety of legitimate legal or business purposes. These might include retention periods:
• mandated by law, contract or similar obligations applicable to our business operations;
• for preserving, resolving, defending or enforcing our legal/contractual rights; or
• needed to maintain adequate and accurate business and financial records.
Your data may be stored on a third-party service platform, such as Salesforce. Our website server, and most third-party platforms are based in the US. These are protected by the EU-US Privacy Shield, an agreed legal framework for transatlantic data flow to adhere to the principles of General Data Protection Regulation.
However, please note that while we take appropriate technical and organisational measures to safeguard the personal information that you provide to us, no transmission over the Internet can be guaranteed to be secure. Consequently, please note that we cannot guarantee the security of any personal information that you transfer to us over the Internet.

Updating This Policy

We review our privacy practices from time to time. We ask that you bookmark and periodically review this page for updates to our Privacy Statement. We reserve the right to modify this policy effective seven (7) days after the posting of the revised Privacy Statement.

Contact Us

If you have any questions, concerns or complaints about our Privacy Policy, our practices or our Services, you may contact our Office of the Data Protection by email gdpr@camnano.com.  In the alternative, you may contact us by either of the following means:
By Mail: Office of the Data Protection Officer, Cambridge Nanotherm Limited. Homefield Road. Haverhill. Suffolk. CB9 8QP. The United Kingdom. 
By Phone: Tel: +44 (0)1440 765 520.
We will respond to all requests, inquiries or concerns within thirty (30) days. Please provide as much information as possible to help us identify the information you are requesting, the action you are wanting us to take and why you believe this action should be taken.
Before assessing your request, we may request additional information in order to identify you. If you do not provide the requested information and, as a result, we are not in a position to identify you, we may refuse to action your request.

Data Protection Authority

If you are a resident of the European Economic Area (EEA) and believe we maintain your personal data subject to the General Data Protection Regulation (GDPR), you may direct questions or complaints to our lead supervisory authority, the UK's Information Commissioner’s Office, as noted below:
www.ico.org.uk