1.1 About Cenex
1.1.1 This privacy notice is for The Centre of Excellence for Low Carbon & Fuel Cell Technologies (Cenex, referred to as “we”, “us” or “our” in this Policy).
1.1.2 The data controller, Cenex, is a UK private company limited by guarantee (number 05371158), based at Holywell Building, Holywell Park, Ashby Road, Loughborough, Leicestershire, England, LE11 3UZ.
1.1.3 We can be contacted at firstname.lastname@example.org or by enquiring through our website.
1.2 About this privacy notice
1.2.1 Cenex is committed to treating your private information with respect, and operating legally and compliantly wherever we work.
1.2.2 As a non-profit, independent consultancy based in the UK, we apply the Data Protection Act 2018 (DPA 2018), known as the General Data Protection Regulations (GDPR) to all information we process, regardless of origin.
1.2.3 In-line with these regulations, we want to let you know:
220.127.116.11 What information we may collect about you
18.104.22.168 What we use your personal information for
22.214.171.124 How we store your personal information
126.96.36.199 Who (if anyone) we pass your information on to and for what purpose
188.8.131.52 How you can raise any concerns about the accuracy, processing or use of your personal information
1.2.4 This privacy notice was drafted with brevity and clarity in mind. Due to our diverse portfolio of consultancy work, it cannot provide exhaustive detail of all aspects of Cenex’s collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the addresses above.
1.3 Contact details
1.3.2 Data Protection Officer, Cenex, email@example.com
1.3.3. It is very important that the information we hold about you is accurate and up-to-date. Please let us know if at any time your personal information changes.
2.0 Information collection and storage
2.1.1 This section lays out when information is collected, why it is collected, where it is stored and how it is protected, along with relevant notes or other important statements.
2.2 Visitors to our websites
2.2.1 When – When someone visits www.cenex.co.uk, we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns.
2.2.2 Why – We process this data to analyse your use of our website and other online services, to administer and protect our business, to deliver relevant website content to you, and to understand the effectiveness of our content.
2.2.3 Where – This information is stored on the Google Analytics servers in the US and may be downloaded onto our staff’s devices as part of their work.
2.2.5 Note – We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. This information is processed in such a way that does not identify anyone.
2.3.1 When – When someone signs-up to our e-newsletter, we use a third-party service, MailChimp, to handle your contact information and preferences. MailChimp also gathers statistics around email-opening and clicks by using industry-standard technologies.
2.3.2 Why – We do this to keep in touch with you and so that we can monitor and improve our e-newsletter.
2.3.3 Where – The information is stored on MailChimp’s servers in the USA and may be downloaded onto our staff’s devices as part of their work.
2.3.5 Note – When someone enters an email address to subscribe (whether directly on our website or through our web forms), we will send a confirmation to verify their identity before accepting a subscription. All emails contain an explanation of why the recipient is on the list as well as a simple option to unsubscribe at the bottom the message. Recipients may also unsubscribe by emailing firstname.lastname@example.org or visiting http://eepurl.com/duieZP and checking/unchecking the relevant boxes to adjust your marketing preferences.
2.4 General web forms
2.4.1 When – When someone submits a form on our website, it collects and handles the information before it is emailed across to a general Cenex email address.
2.4.2 Why – We do this to handle your enquiry.
2.4.4 How – The WordPress servers are encrypted and access is via a strong password through a password-protected device for Cenex staff members and our marketing contractors.
2.4.5 Note – If we do want to collect personally identifiable information through our web forms, we will be up-front about this. We will always make it clear when we collect personal information and will explain what we intend to do with it – this will be in a statement above the ‘submit’ button on all forms.
2.5 Social media
2.5.1 When – When someone engages with us on social media or other messaging platforms, we use HootSuite and our Social Media platforms to engage with you directly or through broadcast means. The platforms gather statistics around engagement and clicks by using industry-standard technologies.
2.5.2 Why – We do this to keep the general public aware of important, interesting and helpful news from Cenex.
2.5.3 Where – The information is stored on HootSuite’s servers in Canada and the US, LinkedIn’s servers in the US, Twitter’s servers in the US or Ireland and may be downloaded onto our staff’s devices as part of their work.
2.5.4 How – All these systems’ servers are encrypted and access is via a strong password through a password-protected device for a limited set of Cenex staff members and marketing contractors. Read the Privacy Policies for the platforms here: Twitter; LinkedIn; Hootsuite.
2.5.5 Note – If you send us a private or direct message via social media, the message will be stored by the Social Media platform on their standard terms. It will not be shared with any other organisations.
2.5.6 Note – Cenex is not responsible for any other information collected on you by Social Media companies.
2.6.1 When – when someone emails us, we use a third-party service, Office 365 by Microsoft, to handle and respond to your enquiry or contact.
2.6.2 Why – We do this to deal with your email and ensure we serve you in accordance with our mission statement.
2.6.3 Where – This information is stored on the Microsoft servers in European Union and may be downloaded onto our staff’s devices as part of their work.
2.6.5 Note – Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with our office policy. Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law.
3.0 Information processing
3.1.1This section lays out the basis for processing your information, what information is processed, who processes it and how long it is held for.
3.2 Answering enquiries
3.2.1 Basis – Cenex has a legitimate interest to process personal data received from individuals to enable us to respond to your enquiry. Submitting an enquiry in whatever form means you are happy for us to use your personal information as described in this policy.
3.2.2 What – Some or all of the following information may be collected: full name, email address, postal address, phone number and the nature of your enquiry, which may include any personal information you choose to share with us.
3.2.3 Who – Cenex operations or marketing staff will receive the initial enquiry and may pass some or all of the information described above to relevant staff members in order for us to respond effectively.
3.2.4 How long – Information from enquiries is held for up to 1 year in case you submit further enquiries in that time.
3.5 Electronic Marketing
3.5.2 What – Some or all of the following information may be collected: full name, email address, job title, company name, topics of interest and industry-standard email performance data.
3.5.3 Who – Cenex administrative, marketing and operations staff may use and process some or all of the information described above in order to market Cenex’s activities, events and news to you.
3.5.4 Note – Information will be held until the contact unsubscribes. The marketing contact lists will be scrubbed every six months to remove information about contacts which is over a year old.
3.5.5 Note – Cenex’s marketing activities comply with the Privacy and Electronic Communications Regulations.
4.0 Your rights and notes
4.1 As a data subject, you may:
184.108.40.206 Access and obtain a copy of your data on request
220.127.116.11 Require Cenex to change incorrect or incomplete data
18.104.22.168 Require Cenex to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing (unless retention is required for legal reasons)
22.214.171.124 Object to the processing of your data where Cenex is relying on its legitimate interests as the legal ground for processing; and/or object to the processing of your data for historical/scientific research and statistical purposes, so long as you can demonstrate this relates to your particular situation and the processing is not being carried out for reasons of public interest.
4.2 Complaints or queries
4.2.1 Cenex strives to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
4.2.2 Please send any complaints to the details below.
4.2.3 You also have the right to lodge a complaint with the data protection supervisory authority, The UK Information Commissioner’s Office (ICO) who can be contacted at https://ico.org.uk/concerns/handling
4.3 Access to personal information
4.3.1 Cenex tries to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’ under the GDPR. If we do hold information about you, within 30 days we will:
126.96.36.199 Give you a description of it
188.8.131.52 Tell you why we are holding it
184.108.40.206 Tell you who it could be disclosed to
220.127.116.11 Let you have a copy of the information in an intelligible form.
4.3.2 To make a request to Cenex for any personal information we may hold, you need to put the request in writing addressing it to our DPO, including your full name, postal address, daytime telephone number, whether you seek general information or specific information and proof of your identity.
4.3.3 Having proved your identity, with your permission, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone. Where this is not possible, we will make available all applicable personal data in a format that is reasonable and manageable
4.3.4 If we do hold information about you, you can ask us to correct any mistakes by, once again, contacting our DPO.
4.4 Disclosure of personal information
4.4.1 We do not and will never disclose personal data without prior consent, except where required by law.
4.5 Data retention
4.5.1 We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. This is laid out in detail in Section 4.
4.5.2 When deciding what the correct time is to keep the data for we look at its amount, nature and sensitivity, potential risk of harm from unauthorised use or disclosure, the processing purposes, if these can be achieved by other means and legal requirements.
4.5.3 For tax purposes the law requires us to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they stop being customers.
4.6 International Transfers
4.6.1 We are subject to the provisions of the GDPR that protect your personal data. Where we transfer your data to third parties outside of the EEA, we will ensure that certain safeguards are in place to ensure a similar degree of security for your personal data such as:
4.6.2 Transferring your personal data to countries that the European Commission have approved as providing an adequate level of protection for personal data by;
4.6.3 Using US-based providers that are part of EU-US Privacy Shield or have equivalent safeguards in place; or using certain service providers who are established outside of the EEA with specific contracts, codes of conduct or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe.
4.6.4 If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
4.7 Links to other websites
4.7.1 This privacy notice does not cover the links within our websites linking to other websites, plug-ins or applications.
4.7.2 Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements.
4.7.3 We encourage you to read the privacy statements on the other websites you visit.
4.8 Changes to this privacy notice
4.8.1 We review our privacy notice at least once per year. This privacy notice was last updated on 21st November 2022.
4.9 How to contact us
4.9.2 DPO, Cenex, Holywell Building, Holywell Park, Loughborough, Leicestershire, England, LE11 3UZ