Privacy Notice and Cookies
This privacy notice (“Privacy Notice”), and any documents referred to within it, sets out the basis on which any personal information we collect from you, or that you provide to us, will be processed by us (i.e. used, disclosed, retained and protected). Please read the following carefully to understand our views and practices regarding your personal information and how we will treat it.
By using our “Site” (by visiting www.celcat.com or by accessing CELCAT’s Timetabler Connect cloud environment), you are accepting and consenting to the practices described in this Privacy Notice.
Who we are
Corbett Engineering Limited (CELCAT) is a company incorporated in England and Wales with company registration number 01448722. We are defined as a data controller under the Data Protection Act 2018. We are registered with the Information Commissioners Office (ICO) under Z1697406.
For the purposes of “Data Protection Law” (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, (“GDPR”), the Data Protection Act 2018, and any applicable national implementing laws, regulations and secondary legislation relating to the processing of personal data), we are the data controller. We are registered with the Information Commissioners Office (ICO) in the UK under Z1697406.
Legal basis for processing
We collect and use the personal data described below in order to provide you with access to our Site and Services in a reliable and secure manner. We also collect and use personal data:
- in order to perform our contractual obligations to you
- based on our legitimate business needs
- to comply with our legal obligations
- based on your consent, which you may withdraw at any time as described below
How we collect information
We collect information about you that you give to us when you:
- place an order for applications or services (“Services”). This may include your name, institution name, address, email address and telephone number. We may also ask you to provide additional information about your institution and preferences
- complete online forms, post on our customer forums, enter any competitions, download information, or participate in any interactive areas that appear both on our Site or within the Services
- interact with us using social media
- contact us by telephone, email, or in a face-to-face meeting
This includes, but is not limited to:
- name, address and contact details
- correspondence with you, such as any information that you have provided
- information regarding living individuals (e.g. customers / suppliers, staff)
- data provided to populate timetables and electronic registers
- lifestyle and social circumstances
- employment and education details
- financial details
Our Site and Services may contain technology that enables us to automatically collect information from devices you use to access the Site or Services to:
- check specific information from your device or systems directly relevant to your use of the Site and Services against our records to make sure they are being used in accordance with our end-user license agreements
- collect information about how you use the functions of our Site and Services
- obtain information relating to any technical errors, or other issues, with our Site or Services
We may collect the following information from your devices:
- technical information: such as your IP address used to connect your device to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform
- information about your visit: including the full Uniform Resource Locators (URL) clickstream to, through and from our Site (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, any phone number used to call our customer service number, statistics on your page views, and traffic to and from the Site
What are cookies?
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the Site. Cookies can be “persistent” or “session” cookies.
We use persistent cookies and session cookies.
A persistent cookie is stored on a user’s device in between browser sessions which allows the preferences or actions of a user across the Site (or in some cases across different websites) to be remembered. We use persistent cookies to save your login information for future logins to the Site.
A session cookie allows the Site to link your actions during a browser session. We use session cookies to enable certain features of the Site, to better understand how you interact with the Site, and to monitor aggregate usage by users and web traffic routing on the Site. Unlike persistent cookies, session cookies are deleted from your computer when you log off from the Site and then close your browser.
Which cookies we use and why
The table below explains the cookies we use and why we use each of them.
|CELCAT Customer Experience Improvement Programme (CEIP)||Analytics||We collect basic anonymous data on how your institution uses our applications. No personal data is collected. Institutions can withdraw from the programme at any time by following the instructions in this link.|
|Sugar Market||Analytics cookies||This cookie is necessary for the website to function and cannot be switched off in our systems. It isThey are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in, or filling in forms. It sStores a 'Session ID' which is used to deliver the web pages to visitors.|
|Vimeo cookies||player||We embed videos from our official CELCAT Vimeo channel. When you press play, Vimeo will drop third party cookies to enable the the video to play and to collect analytics data, such as how long a viewer has watched the video. These cookies do not track individuals.|
You can set up your browser options to stop your computer accepting cookies, or to prompt you before accepting a cookie from the websites you visit. If you do not accept cookies, you may not be able to use the whole of the Site or all the functionality the Services provide.
To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or, to opt out of being tracked by Google Analytics across all websites, visit http://tools.google.com/dlpage/gaoptout.
Information we receive from other sources
We may receive information about you if you use any of the other websites we operate, or the other services we provide. In this case, we will inform you when we collect that data that it may be shared internally and combined with data collected on this Site.
Information we collect from other sources
We also collect information about you from publicly available sources. We may combine this information with personal data provided by you. This helps us update, expand and analyse our records, identify new customers, and create more tailored advertising to provide services that may be of interest to you. We also use this for the purposes of targeted advertising, delivering relevant email content, event promotion and profiling, determining eligibility, and verifying contact information.
The personal information we collect includes:
- publicly available information about you, such as information published about you, (for example, by Companies House), including postal address, job title, email address, phone number, professional or employment-related information, education information, and commercial information.
- internet activities: internet data (or user behavioural data), IP addresses, internet activity information, and inferences about your preferences and behaviour.
- Social media profiles: information published about you on social media profiles such as LinkedIn, Facebook, Twitter etc.
Information collected by third parties
We work closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers and credit reference agencies) and may receive information about you from them:
- Google for website analytics
- SugarCRM for website analytics
- GoToWebinar for analytics
How we use information
We use your information to:
- provide any Services that you have ordered
- carry out our obligations arising from any contracts entered into between you and us
- provide any information about our Services that you have requested
- maintain, protect and improve the Site and Services
- notify you about changes to our Site and Services
- allow you to participate in interactive features of our Services when you choose to do so
- manage our relationship with you
- monitor, measure and improve our Services and Site content
- measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you
- provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about, unless you have opted not to receive such information
- permit selected third parties to contact you by electronic means; only if you have consented to this by ticking the relevant consent box situated on the form on which we collected your data
- meet our legal obligations
Regarding information we receive from other sources, we may combine this information with information you give to us and information we collect about you. We may use this information, and the combined information, for the purposes set out above (depending on the types of information we receive).
We will not sell or rent your personal data to anyone.
How we share your personal information
We may share your information with:
- our partners and agents, to enable them to provide our Services to you, particularly if they are located geographically closer to you than our UK office
- third parties used to facilitate payment transactions, such as payment processing providers or financial institutions
- our service providers (such as internet service and platform providers) and organisations we engage to help us send communications to you to provide information you have requested, or which we believe is of interest to you
- credit reference and fraud prevention agencies
- analytics and search engine providers that assist us in the improvement and optimisation of our Site and Services
- law enforcement agencies, so that they may detect or prevent crime
- our own professional advisors and auditors
- another organisation, if we buy or sell any of our business or assets
We may share anonymous and aggregated usage data and reports in the normal course of operating our business; for example, we may share information with other Site or Service users, our customers, or publicly, to show trends or benchmark the general use of our Site and Services.
We will send you marketing emails if you “opt in” to receive marketing emails when registering on our Site for our Services, or if you have enquired about, or purchased any, of our goods or services.
We may contact you for this purpose by telephone, email or post.
You have the right, at any time, to stop us from contacting you for marketing purposes. You can do this by:
- selecting your contact preferences at the point where you provide us with your information on our Site or within the Services
- sending an email request to firstname.lastname@example.org
- clicking the unsubscribe link on emails we may send from time to time
We will continue to communicate with you regarding your service billing and support via email.
Storage of your information
We store personal information both electronically and in paper form. We implement security policies, organisational measures, and technical security solutions to protect the personal information we hold from:
- unauthorised access
- improper use or disclosure
- unauthorised modification
- unlawful destruction or accidental loss
All of our employees, contractors, partners and third parties that we engage to process data on our, or your, behalf are obliged to treat the data confidentially. We hold and process personal data inside and outside the EEA and, in doing so, we will ensure proper safeguards are in place, (for example, where the European Commission has determined that a country provides an adequate level of protection) or where the recipient is bound by standard contractual clauses according to conditions provided by the European Commission (“Standard Contractual Clauses”).
Transfers outside of the European Economic Area
Personal information in the European Union (EU) is protected by Data Protection Law, but other countries do not necessarily protect your personal information in the same way. Data Protection Law applies to all countries within the European Economic Area (EEA) and the UK, which means all the countries that are part of the EU plus Norway, Iceland, Liechtenstein and the UK.
We may transfer your information to service providers outside of the EEA and the UK for the purpose of providing certain services to you:
- Our payment processing provider is Stripe. If you make payments to us by credit card, Stripe may transfer your information outside of the EEA and the UK in order to provide the payment processing service. They will only transfer your information in accordance with EU data protection laws (see section 7 of the Stripe Privacy Notice https://www.https://stripe.com/gb/privacypaypal.com/en/webapps/mpp/ua/privacy-full)
- We may use other service or platform providers based outside of the EEA or the UK. This means we may transfer your information outside of the EEA or the UK for the purpose of providing our Services and advertising to you.
- Our partners may be based in Australia, South Africa or otherwise outside of the EEA or the UK. If our partner is geographically closer to you than our UK office, we may transfer your information to them in order for them to provide Services to you on our behalf.
Protection of your information
We take steps to ensure that appropriate measures and controls are in place to protect that information in accordance with applicable data protection laws.
All information you provide to us is stored on our secure servers. Any credit card information or payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of the Site or Services, you are responsible for keeping this password confidential. We ask you not to share any password with anyone.
Unfortunately, the transmission of information via the Internet is not completely secure. Although we will endeavour to protect your personal data, we cannot guarantee the security of your data transmitted to our Site or the Services. Any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Links to other sites
If you follow a link from our Site or Services to another site or service, this Privacy Notice will no longer apply. We are not responsible for the information handling practices of third-party sites or services and we encourage you to read the privacy notices appearing on those sites or services.
Our Site or Services may enable you to share information with social media sites. Those social media sites may automatically provide us with access to certain personal information retained by them about you (for example any content you have viewed). You should manage your privacy settings from within your own social media account to control what information you enable us to access from that account.
If you are based within the EEA or the UK, in certain circumstances, you have the following rights as regards the personal information we process about you under Data Protection Law:
- the right to be told how we use your information
- the right to have your information rectified or erased, or to restrict how we process your information
- the right to object to the processing of your information
- the right to have access to your information
- the right to have any information you provided to us returned to you in a structured, commonly used and machine-readable format
- the right to withdraw your consent if we are processing your information based on your consent
- the right to complain to the data protection supervisory authority if you are unhappy with the way we process your information
You can make a request in relation to any of the above rights by emailing us at: email@example.com. We will respond to such queries within 30 days and deal with requests we receive from you, in accordance with the provisions of Data Protection Law.
If any of your information is incorrect or out of date, please let us know so that we can update our records.
We retain personal data for as long as necessary for the relevant activity for which it was provided or collected. This will be for as long as we provide access to the Site or Services to you, your account with us remains open, or any period set out in any relevant contract you have with us. However, we may keep some data after your account is closed, or you cease using the Site or Services, for the purposes set out below.
After you have closed your account, we usually delete personal data within 60 days; however we may retain personal data where reasonably necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, maintain security, prevent fraud and abuse, resolve disputes, enforce our legal agreements, or fulfil your request to “unsubscribe” from further messages from us.
We will retain de-personalised information after your account has been closed.
Please note: After you have closed your account, or deleted information from your account, any information you have shared with others will remain visible. We do not control data that other users may have copied from the Site or Services. Your profile may continue to be displayed in the services of others (e.g. search engine results) until they refresh their cache.
If you have any complaints about our use of your personal data, please contact us as set out at the end of this Privacy Notice or contact your local data protection supervisory authority:
For individuals located in the UK: The Information Commissioner’s Office at:
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England.
For individuals located in the EU: your data protection supervisory authority in the country in which you are located.
We have appointed IT Governance Europe Limited to act as our EU Representative. If you wish to exercise your rights under the EU General Data Protection Regulation (GDPR), or have any queries in relation to your rights or privacy matters generally, please email our Representative at firstname.lastname@example.org or post your request or query to:
EU Representative, IT Governance Europe, Third Floor, The Boyne Tower, Bull Ring, Lagavooren, Drogheda, Co. Louth, A92 F682, Ireland
When contacting our Representative, please ensure you include our company name in any correspondence.
Age of Users
This Site and the Services are not intended for, and shall not be used by, anyone under the age of 18.
Changes to the privacy notice
Any changes we may make to our Privacy Notice in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our Privacy Notice.
You can see the date we last updated the Privacy Notice at the end of this Privacy Notice.
If you have any questions about how we process your information, this Privacy Notice, how to update your records, or how to request a copy of your information, please contact us:
Post: Data Protection Team, CELCAT, 21-23 Mercia Business Village, Torwood Close, Westwood Business Park, Coventry, CV4 8HX