Privacy and Data Protection Policy
We are committed to protecting your privacy. We comply with all applicable UK and EU data protection laws when controlling and processing your data.
This policy sets out when, how and why we may collect and use your personal information, as well as the type of personal information we may collect from you when you use the www.cambridgetechweek.co.uk website (the “Platform”).
This policy also sets out your rights and our obligations in respect of the controlling and processing of such information by us.
To the extent that we provide personal information to third party processors, those processors are obliged to comply with this policy when processing personal information on our behalf. Any breach of this policy by that third party may result in disciplinary action being taken against them.
1. Who we are
- Cambridge Tech Week (CTW) is a programme, delivered by Cambridge Wireless Ltd (CW) and the Cambridge Tech Week website is operated by CW. CW is a company limited by guarantee (Company Number: 06529916), registered at: Peters Elworthy & Moore (PEM), Salisbury House, Station Road, Cambridge, CB1 2LA.
- CW is the Data Controller and Data Processor of any personal data you supply through the Platform. The personal data you supply upon registration will be used to process your subscription. It will also be used for marketing purposes with your consent.
2. The information we may collect and process about you
- We collect the information submitted when completing (a) registering for an event, (b) paying event fees, or (c) when you interact with our Platform. We may also collect personal information through external databases or when you correspond with us by phone, email, in person, or otherwise. This information may include:
Registration Data. (includes (a) registering for an event)
- Your name, business and personal address, your postcode, email address, telephone number, your password, gender, date of birth, dietary and mobility requirements, your twitter handle, your LinkedIn profile URL. and other contact information;
- The preferences that you have selected about services of interest to you and your preferences of whether we should contact you with newsletters, event invitations and other information and offers that may be of interest to you;
- We may also use Registration Data for the purpose of providing you with information about similar services we provide as we consider ourselves to have a legitimate interest in doing so. You may choose to stop receiving this information at any time through clicking the “unsubscribe” link at the bottom of our marketing emails.
- Information about your use of our services and attendance at events.
Payment Data. (includes (b)paying event fees)
- Details of payments that you make to us. Payment card details and other transaction details are held securely by a third-party payment provider, CW does not have access to card details.
- Information about your billing and payment history.
Direct Interactions Data. Your name, business and personal address, your postcode, email address, telephone number, gender, date of birth, dietary and mobility requirements and other contact information.
Platform Data. (includes (c) your interaction with our Platform).
- Platform Data includes, but is not limited to, your device’s Internet Protocol (IP) address, your login information, web cookies, browser type and version, the pages of our Platform you visit, the amount of time spent on each page of our Platform, time zone settings, the time and date of your visit and the operating system or platform you use, information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our Platform (including date and time), any products you have viewed or searched for, page response times, download errors, length of visits to certain pages within the Platform, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page. Platform Data is collected by us when it is transmitted to us during or after your use of the Platform.
- As you interact with our Platform, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also use analytics services providers such as Google.
External Databases. Your name, position, business address, your postcode, email address, telephone number, gender, and other contact information, including the sector areas your company works in or sells to.
- We do not routinely collect sensitive data. However, on registering for a CW event, you may provide us with mobility or dietary requirements. This information will not be shared publicly.
- You may visit the Platform anonymously. We do use cookies and the use of those cookies is described in detail in the Platform Cookies Policy, which can be found at https://www.cambridgewireless.co.uk/CW-Policies/cookies-policy/.
3 How we collect Personal Information
Personal information may be collected by us actively and passively. The specific types of personal information we may collect from you, and the manner in which such data may be collected, includes:
- Registration Data and Payment Data. Will be collected by us when you complete and submit the registration form through the Platform.
- Direct Interactions Data: You may give us your personal information by corresponding with us by post, phone, email, in person or otherwise.
- Platform Data. This data is passively collected by us in the course of you using and browsing the Platform.
- External Data. From time to time we may source data from reputable external organisations who can provide us with information on potential users who we will have a legitimate interest in contacting.
4. How we use this information
Purpose / Activity | Lawful basis for processing |
Registration Data | |
Creating your personal user account | Performance of a contract with you. |
Granting you accessibility to the Platform | Legitimate interests to raise the profile of our activities. |
Contacting you about events | Legitimate interests to raise the profile of our activities. |
Receive information about you including relating to any specific requirements you may have when attending an event. | Legitimate interest to provide a safe and comfortable event experience. |
Payment Data | |
Sending you billing and payment information and invoices | Performance of a contract with you. |
Direct Interactions Data | |
To manage our relationship with you | Performance of a contract with you. Legitimate interest to keep you informed about the operation of our business. |
Platform Data | |
To understand how you behave in order for us to develop or optimise: how the Platform works for you;the information and services provided to you through our Platform; andthe effectiveness of our online advertising and branding (to the extent that we use such advertising). | Necessary for our legitimate interests to keep our Platform updated and relevant, to develop our business and to inform our marketing strategy |
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law we have to keep basic information about our customers for six years after they cease being customers for tax and other legal purposes. We may retain your contact details for these purposes.
In some circumstances you can ask us to delete your data: see section below for further information.
Special category data
- We may receive special category data such as health information and disability information and we will use this information for the purposes set out above and we’ll ask your explicit consent for that information when you submit it.
5. Storage of Personal Data
- All personal information we collect and process is stored on our secure servers.
- Your personal data may also be temporarily stored on the following external systems used by CTW:
- HubSpot – for customer relationship management and email communications
- Digital Ocean – for website hosting
- Office365 – for email and business operations
- Stripe – for payments through the Platform
- Xero – for accounting
- Campaign Monitor – for the purposes of email communications
- Other external systems that will enable us to communicate with you, or store your information securely.
- The personal information we collect from you may be held on paper or on a computer or other media and is subject to certain legal safeguards specified in the Data Protection Act 2018 (“Act”) and the General Data Protection Regulation (EU) 2016/679 (“Regulation”) (as applicable)
- Your personal data may also be temporarily stored on the following external systems used by CTW:
6. Your Rights and our Obligations
- ConsentIf we require your consent, we will explicitly ask for such consent at the time of collecting your personal data.Where we are processing your personal information on the basis of you having given us your consent to do so, you do have the right to withdraw that consent at any time, but this will not affect the lawfulness of processing prior to the withdrawal of such consent.
- Rectification and Erasure
- You benefit from the right to rectify inaccurate personal information we hold which relates to you (also known as the “right to rectification”). This means that, taking into account the subject of the processing, you shall have the right to have incomplete personal information completed. You can exercise your right to rectification by contacting us via info@CambridgeTechWeek.co.uk
- You also benefit from the right to erasure (also known as the ‘right to be forgotten’). This means that you have the right to request us to erase personal information we hold about you, and that we should erase such data without undue delay, provided that you are able to demonstrate one of the following to us:
- that our processing of the personal information is no longer necessary in relation to the purpose for which it was collected;
- that you withdraw your consent to the processing and there is no other legal ground for us to continue to process the data;
- that you object to the processing under regulation 21 of the Regulation and there are no overriding legitimate grounds for processing;
- that the personal information must be erased in order to comply with a national legal obligation; or
- the personal information in question belongs to a child under the age of 16 and no consent is given or authorised by the holder of parental responsibility over the child.
- Data Portability
- You also have the right to receive the personal information concerning you in a structured, commonly used and machine-readable format. You have the right to transmit such data to other data controllers without hindrance from us where we are processing that data on the basis of having your consent to do so, or where it is necessary for the performance of a contract, and the processing is carried out by automated means.
- Subject Access Requests
- You as a data subject are entitled to make a formal request for information we hold about you. We must provide you with a copy of this information, the reasons it is being processed and whether it will be given to any other organisations or people provided that you make this request in writing.
- You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
- Rectification and Erasure
7. Sharing and Transferring Personal Information
- We use industry standard encryption for transmission of data to our systems. Although we cannot guarantee the absolute safety of transmission of data via the internet, we adhere to the highest standards to give your data the strongest protection possible.
- Where you have chosen a password, which enables you to access certain parts of our Platform, or use our Platform in a particular way, you are responsible for keeping this password confidential. We ask you not to share this password with anyone and to change it if you suspect someone has gained access to it.
- CTW will not sell or pass on your personal information to other companies for the purposes of marketing their products and services to you.
- Sharing of Personal information
We may also disclose personal information we hold to third parties, with your consent, or on the basis of an otherwise lawful reason for doing so under the Act and/or Regulation:
- in order to facilitate, provide and improve the products and services we provide to you through our Platform;
- in order to analyse the manner in which our services are used by services and product users;
- in the event that we sell or buy any business or assets, in which case we may disclose personal information we hold to the prospective seller or buyer of such business or assets;
- if we or substantially all of our assets are acquired by a third party, in which case personal information we hold will be one of the transferred assets; and
- if we are under a duty to disclose or share your personal information in order to comply with any legal obligation, or in order to enforce or apply any contract with the data subject or other agreements; or to protect our rights, property, or safety of our employees, customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
- Transfers outside the EEA
Your information will be transferred and stored outside the European Economic Area (EEA) in the circumstances set out below.
We will also transfer your information outside the EEA or to an international organisation in the unlikely event that we are required to comply with legal obligations to which we are subject (compliance with a court order, for example). Where we are required to do so, we will ensure appropriate safeguards and protections are in place.
Information you submit to us by email is transferred outside the EEA and stored on our third-party email provider’s servers. Our third-party email list provider is Microsoft Outlook. Access the Microsoft privacy policy
Country of storage: United States of America.
Safeguard(s) used: Microsoft has self-certified its compliance with the EU-U.S. Privacy Shield which is available here. The EU-U.S. Privacy Shield is an approved certification mechanism under Article 42 of the General Data Protection Regulation, which is permitted under Article 46(2)(f) of the General Data Protection Regulation. Access the European Commission decision on the adequacy of the EU-U.S. Privacy Shield
- Mailing lists
Information you submit to us when you sign up for our newsletter (your email address) is transferred outside the EEA and stored on our third-party mailing list provider’s servers. Our third-party mailing list provider is Campaign Monitor. Access the Campaign Monitor privacy policy
Country of storage: United States of America.
Safeguard(s) used: Campaign Monitor has self-certified its compliance with the EU-U.S. Privacy Shield. Please see above for details about Privacy Shield.
- Payments
Stripe: When you pay for services on our site we use Stripe as our payment provider, information about your payment and the processing of your payment may be transferred outside the EEA and stored on Stripe’s servers. Access Stripe’s privacy policy
Country of storage: United States of America.
Safeguard(s) used: Stripe has self-certified its compliance with the EU-U.S. Please see above for details about Privacy Shield.
Xero: Xero is our accounts provider, in order to process our accounts information about your membership and the processing of your payments may be transferred outside the European Economic Area and stored on Xero’s servers. Access Xero’s privacy policy
Country of storage: (a) New Zealand; and (b) United States of America.
Safeguard(s) used: The European Commission has decided that New Zealand has an adequate level of protection for personal data to be transferred to. Xero has self-certified its compliance with the EU-U.S. Privacy Shield. Please see above for details about Privacy Shield.
- Customer Database
Information we hold on you is transferred outside the EEA and stored on our third-party Customer Relationship Management provider’s servers. Our third-party CRM provider is HubSpot. Access the HubSpot privacy policy
Country of storage: United States of America.
Safeguard(s) used: HubSpot has self-certified its compliance with the EU-U.S. Privacy Shield. Please see above for details about Privacy Shield.
- Website hosting
Information you submit to us through the Platform is transferred outside the EEA and stored on our third-party website hosting provider’s servers. Our third-party hosting provider is Digital Ocean. Access the Digital Ocean privacy policy
Country of storage: United States of America.
Safeguard(s) used: Highrise has self-certified its compliance with the EU-U.S. Privacy Shield. Please see above for details about Privacy Shield.
- Analytics
Technical information we collect about how you interact with our Platform is transferred outside the EEA and stored on our analytics service provider’s servers. Our analytics service provider is Google. Access the Google Analytics privacy policy
Country of storage: United States of America.
Safeguard(s) used: Google has self-certified its compliance with the EU-U.S. Privacy Shield. Please see above for details about Privacy Shield.
8. Changes to this policy
We reserve the right to change this policy at any time. Where appropriate, we will notify you, as a data subject, of those changes by email or bring the changes to your attention on our Platform
9. Concerns or Complaints
If you have any questions, concerns or complaints relating to this policy, its subject matter, or the manner in which we collect, control and/or process your personal information, please do let us know by sending an email to info@CambridgeTechWeek.co.uk
You also have the right to lodge a complaint with a supervisory authority if you consider that the processing of your personal information has infringed the Regulation. In the UK, the relevant supervisory authority is the Information Commissioner’s Office by calling their helpline: 0303 123 1113 or starting a live chat at https://ico.org.uk/concerns/