This privacy and cookie policy (“policy”) applies to the Circulor group of companies.

The entities in the Circulor group are:

• CSCS (Holdings) Ltd (registered in England and Wales, company number 12006152, registered office at The Aircraft Factory 2.2, 100 Cambridge Grove, London, W6 0LE)

• Circulor Ltd (registered in England and Wales, company number 11067668, registered office at The Aircraft Factory 2.2, 100 Cambridge Grove, London, W6 0LE)

• CSCS (Ireland) Ltd (registered in Ireland, company number 651067, registered office at Unit 3d North Point House, North Point Business Park, New Mallow Road Cork, Co. Cork, Cork, Ireland)

• Circulor Inc (a corporation registered in the state of Delaware, file number 4058966, registered address at 1209 Orange Street, City of Wilmington, County of New Castle, Delaware 19801)

• Circulor GmbH (registered in Germany, company number HRB 229624 B, registered address at Uhlandstraße 29, Berlin, 10719, Germany),

(together referred to as “Circulor”, “we”, “us” or “our”).

Your privacy is important to Circulor. This policy sets out information on the personal data we collect about you, and your rights in respect of this data.

This policy applies whether you use our services, whether technical support, consulting services, our core applications (http://prove.circulor.io), mobile application or any other services (the “Services”) or use our website (https://www.circulor.com/) (the “Website”).

Our Website may contain links to third party websites that are not covered by this policy. We therefore ask you to review the privacy statements of other websites and applications to understand their information practices.

If you have any questions or comments on this policy, please email them to info@circulor.com.

We respect your right to privacy and so will only process personal information about you in accordance with applicable data protection laws. We are the controller responsible for your personal data.

We comply with the retained EU law version of the General Data Protection Regulation (2016/679), the UK Data Protection Act 2018, the Irish Data Protection Act and the California Consumer Privacy Act of 2018 (the “data protection legislation”). If any of these laws are replaced or superseded, we will also comply with that.

We are registered with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (ico.org.uk), and our registration number is ZA748506. If you have any concerns about data protection, we would appreciate it if you contacted us first so we can discuss these with you before you approach the ICO. Please email us at info@circulor.com.

Personal data which may be collected, used, stored and transferred falls under different categories, as follows:

• Identity Data includes first name, maiden name, last name, username or similar identifier.

• Contact Data includes billing address, delivery address, email address and telephone numbers.

• Financial Data includes bank account and payment card details.

• Transaction Data includes details about payments to and from you and other details of products and Services you have purchased.

• Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access the Website.

• Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback, and survey responses.

• Usage Data includes information about how you use the Website, products, and Services.

• Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

• Aggregated Data such as statistical or demographic data for any purpose, is not considered personal data in law as this data will not directly or indirectly reveal your identity. We may aggregate your Usage Data to calculate the percentage of users accessing a specific Website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this policy.

Personal information does not include date where the data has been removed (anonymous data).

We do not collect personal information about anyone under the age of 16.

We do not collect any other Special Categories of Personal Data, such as your race or ethnicity, health, medical conditions, genetic data, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership or biometric data). We also do not collect any information about criminal convictions and offences.

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

• Where we need to perform the contract, we are about to enter into or have entered into with you;

• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; or

• Where we need to comply with a legal obligation.

We will typically collect your personal data through direct interactions with us, or from public sources. You may give us your Identity and Contact Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:

• Apply for our products or Services;

• Buy our products or Services;

• Create an account;

• Use our Website;

• Attend a Circulor event;

• Request marketing to be sent to you;

• Give us feedback or contact us.

We may process your data for compliance with a regulatory requirement or legal obligation to which we are subject to. Your data will only be processed if processing the data to comply with such obligation is a reasonable and appropriate way of achieving compliance.

Purpose/activity

To respond to your enquiry and to enable us to provide you the services the Website provides. Identity Data

Type of data

Contact Data

Identity Data

Lawful basis

You provide this information to us so that we can respond to your enquiry. We may use your name and email address to send you information about your matter or issue raised and we may also provide you with updates on changes to this policy or security information. It is your decision whether you provide your full name. The lawful basis is to perform our contract with you (i.e. to respond to your enquiry), it is necessary for our legitimate interests (i.e. to contact you and to keep you updated on our information practices).

Purpose/activity

To register you as a new customer.

Type of data

Identity Data

Contact Data

Lawful basis

You provide this information to us when you choose to register as a customer. The lawful basis is to perform our contract with you (i.e. to enable you to register as a customer) and it is necessary for our legitimate interests (i.e. to be able to register you as a customer).

Purpose/activity

When you create an account.

Type of data

Contact Data

Identity Data

Lawful basis

You provide this information when you create an account. The lawful basis is to perform our contract with you (i.e. enable you to create an account) and it is necessary for our legitimate interest (i.e. to protect your online account).

Purpose/activity

When you attend a Circulor event.

Type of data

Identity Data

Contact Data

Lawful basis

You provide this information to us when you attend a Circulor event. The lawful basis is to perform a contract with you (i.e. to identify you when you attend the event) and it is necessary for our legitimate interest (i.e. to ensure that only those that have signed up to an event can participate in that event).

Purpose/activity

To process and deliver Services to you, including: (a) Manage payments, fees and charges; and (b) Arrange delivery of the products or Services; (c) Collect and recover money owed to us.

Type of data

Identity Data

Contact Data

Financial Data

Transaction Data

Marketing and Communications Data

Lawful basis

You choose to provide this information to us when you purchase our products or Services. The lawful basis is to perform our contact with you (i.e. to provide you with our products or Services) and it is necessary for our legitimate interests (i.e. to recover debts due to us). If you buy from us and, as a result, we process personal data that you have given us, you are the data controller, and we are the data processor. In such case, we will enter into a data processing agreement with you.

Purpose/activity

To manage our relationship with you which will include: (a) Notifying you about changes to our terms and conditions or this policy; and (b) Asking you to leave a review or take a survey.

Type of data

Identity Data

Contact Data

Profile Data

Marketing and Communications Data

Lawful basis

You choose to provide this information when you become a customer and receive the products or Services. The lawful basis is to perform our contact with you (i.e. to provide you with our products or Services), it is necessary to comply with a legal obligation and it is necessary for our legitimate interests (i.e. to keep our records updated and to study how customers use the Website, and our products or Services).

Purpose/activity

To provide you with our marketing information.

Type of data

Identity Data

Contact Data

Marketing and Communications Data

Lawful basis

You choose to provide this information when you opt-in to receive our marketing information, and we will use your email address to provide this to you about our products and Services. The lawful basis is it is necessary for our legitimate interests (i.e. to provide you with information regarding our products and Services relevant to you). You can opt-out at any time by emailing us at info@circulor.com, or clicking the ‘unsubscribe’ on any email you receive from us.

Purpose/activity

To administer and protect our business and the Website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).

Type of data

Identity Data

Contact Data

Lawful basis

The lawful basis is it is necessary for our legitimate interests (i.e. for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise). It is also necessary to comply with a legal obligation.

Purpose/activity

To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you.

Type of data

Identity Data

Contact Data

Profile Data

Usage Data

Marketing and Communications Data

Technical Data

Lawful basis

The lawful basis is it is necessary for our legitimate interests (i.e. to study how customers use our products or Services, to develop them, to grow our business and to inform our marketing strategy).

Purpose/activity

To use data analytics to improve the Website, products or Services, marketing, customer relationships and experiences.

Type of data

Technical Data

Usage Data

Lawful basis

The lawful basis for collection of this information is that it is necessary for our legitimate interests (i.e. to define types of customers for our products and Services, to keep the Website updated and relevant, to develop our business and to inform our marketing strategy).

Purpose/activity

To make suggestions and recommendations to you about products or Services that may be of interest to you.

Type of data

Identity Data

Contact Data

Technical Data

Usage Data

Profile Data

Marketing and Communications Data

Lawful basis

The lawful basis is it is necessary for our legitimate interests (i.e. to develop our products or Services and grow our business).

We use cookies in accordance with the relevant parts of the Privacy and Electronic Communications (EC Directive) Regulations 2003 and data protection legislation. Cookies are small text files placed on your device when you visit the Website. This means we can remember you next time you visit.

We use cookies to help us tell you apart from other users of our Website. This means we can deliver a more personalised experience for you and learn new ways to improve the Website.

We analyse how you use the Website, and we look at aggregate statistics about your usage, and how others use the Website.

We collect certain information from these cookies, and this includes information about your IP address, your location when you access the Website, the date and time you access the Website, the language you use and the type of browser you use.

We use the following cookies:

​

Strictly necessary cookies. These are cookies that are required for the operation of the Website. They include, for example, cookies that enable you to log into secure areas of our Website, use a shopping cart or make use of e-billing services.

Analytical or performance cookies. These allow us to recognise and count the number of visitors and to see how visitors move around the Website when they are using it. This helps us to improve the way the Website works, for example, by ensuring that users are finding what they are looking for easily.

​

Functionality cookies. These are used to recognise you when you return to the Website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).

​

Targeting cookies. These cookies record your visit to the Website, the pages you have visited and the links you have followed. We will use this information to make the Website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.

​

You can find more information about the individual cookies we use and the purposes for which we use them in the table below:

Please note that third parties may also use cookies, over which we have no control. The data collected through cookies by third parties are regulated and subject to their own individual privacy policies.

These named third parties may include, for example, advertising networks and providers of external services like web traffic analysis services. These third-party cookies are likely to be analytical cookies or performance cookies or targeting cookies:

• Google Analytics - this is a web analytics service provided by Google, Inc. The cookies used by Google Analytics help us to analyse how users use the Website and to count the number of people who use it. Google Analytics stores your IP address anonymously. Google does not associate your IP address with any personally identifiable information.

If you continue using our Website, we will assume you are happy for us to use cookies. We will always ask for your consent to use non-essential cookies. You are free to withhold consent to this, but it means that we might not be able to provide the full website experience to you, including some elements of video advertising.

If at any time you wish to disable our cookies, you can do so through the settings on your browser, or whenever the pop-up appears on the Website (each time you access the Website). There may also be an option on your browser to notify you each time a cookie is offered.

We store all of your personal data on our servers within the United Kingdom and/or the European Economic Area.

​

We may transfer your personal data outside of the European Economic Area (EEA) and the UK where we engage third parties to provide services on our behalf, such as to receive services or deal with payment.

​

Whenever we transfer your personal data out of the EEA or the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented, such as only transferring your personal data to countries that have been deemed to provide an adequate level of protection for personal data or by utilising Standard Contractual Clauses, or an International Data Transfer Agreement. We will still be responsible for protection of your personal data, even when we have transferred it outside of the EEA or the UK. Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA or the UK.

​

Data security is of great importance to us, and to protect your data we have put in place suitable physical, electronic, and managerial procedures to safeguard and secure data we collect. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business to know.

​

Specifically, we use Office 365 cloud storage services and AWS for our platform and database hosting.

​

If there is an incident where we become aware that there has been a data breach, we will let you know without undue delay. We will then take all necessary steps, including informing the ICO, to limit the extent of the breach and to prevent a further reoccurrence.

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you. The appropriate retention period will vary depending on the type of personal data collected.

We will keep your personal data for a maximum of seven years after our relationship with you ends in order to comply with legal and regulatory requirements.

If you have created an account on our Website, and you do not log in for 18 consecutive months, we will delete your personal data. We will retain records of that deletion for 90 days.

If you subscribe to a newsletter, we will keep your personal data for as long as you are subscribed. If you unsubscribe from a newsletter, we will retain records of that deletion for 30 days.

We regularly review our data retention obligations to ensure that we are not retaining data for longer than we are legally obliged to.

We may disclose your information in the following cases:

• If we want to sell, transfer or merge parts of our company or our assets, we can disclose it to the potential buyer;

• We can disclose it to other businesses in our group, as defined in the UK Companies Act 2006;

• We can disclose it if we have a legal obligation to do so, or in order to protect other people's property, safety, or rights;

• We can exchange information with others to protect against fraud or credit risks; or

• With your consent for a specified purpose.

We may contract with third parties to supply services to you on our behalf. These include:

• Payment processing services

• Order fulfilment service providers

• Analytics service providers

• Event/campaign management service providers

• Website management service providers

• Information technology and related infrastructure provision

• Email delivery services

• Our auditors and legal advisors.

These third parties are known as sub-processors. Where we share your personal data with those sub-processors, they will be bound by confidentiality and data protection obligations. We do this to ensure that your personal data is kept safe and secure.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

We take reasonable steps to ensure that any third-party service provider (sub-processors of personal data) we engage adheres to appropriate data protection standards. However, we cannot guarantee the security of your personal data once it has been transferred to these third parties.

By providing your personal data, you acknowledge and accept that we will not be liable for any loss, misuse, or unauthorised access to your information that may occur as a result of such transfers.

We encourage you to review the privacy policies of any third-party service provider (sub-processors of personal data) we engage, as we are not responsible for their practices or policies regarding your personal data.

When you provide us with personal data, you have certain legal rights, and these include:

​

• To request access to, deletion or correction of, your personal data held by us at no cost to you

• To request that your personal data be transferred to another person (data portability)

• To be informed of what data processing is taking place

• To restrict processing

• To object to processing of your personal data

• To complain to a supervisory authority (you can do this in the UK at ico.org.uk.

​

If you wish to access, rectify, erase or transfer your personal data, please contact our DPO or info@circulor.com.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights), but we can charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive, or we can refuse to comply in these circumstances.

We may need you to provide evidence of your identity as a security measure and we may also contact you to ask you for further information in relation to your request to speed up our response.

​

We try to respond to all legitimate requests within one month, but it could take longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

We might have links on our Website to other websites. Our terms and conditions and our policies will not apply to other websites that you get a link from our Website. We have no control over how your data is collected, stored, or used by other websites and we advise you to review those privacy terms and conditions policies before providing your personal data to those websites.

We can update this policy from time to time as laws change or as our Services or Website changes. If we make material changes to this policy, and we need your consent to those changes, we will contact you by email to do so.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us, for example a new address or email address.