We care about your privacy and we think it is important that you always know what data we collect about you and what that data is used for.
Who we are and how to contact us
We are Chapter Zero, a company registered in England and Wales with registered number 12062028 and registered office at 424 Margate Rd, Ramsgate, CT12 6SJ (“Chapter Zero“). We are the provider of the Services and the Website.
Post: Centre for Climate Change Engagement, c/o Hughes Hall, University of Cambridge, Wollaston Rd, Cambridge, CB1 2EW
What data do we collect?
Chapter Zero collects the following Personal Data:
Membership Data: name, email address, mobile number, role title, organisation, sector, how heard about chapter zero, name of person who referred them, events attended, events invited to, social media handles
Website Data: e-mail address (ID), service usage records, improper use records, model name of devices with smart OS installed (tablet PC, smartphone, etc.), OS information, device identifier (UUID), advertising identifier (ADID).
Some of the information described above is collected automatically, using cookies or mobile cookies (pieces of data sent by a website to your computer and stored on its hard drive or a small file placed on your smartphone).
The Website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”).
Google Analytics uses “cookies”, which are text files placed on your computer, to help us analyse how users use the Website. These cookies do not collect any personally identifiable information and are only used for the statistical collection of data such as visits and page hits. Google Analytics’ cookies store IP addresses but we cannot link those addresses to any individual or path through the website. Google uses the cookies to read information and evaluate visitors’ use of the website in the form of statistical reports that we can access. The information generated by the cookie about your use of the Website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the Website, compiling reports on website activity and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google.
Third Party Referrals
As part of your membership of Chapter Zero, you may tell us who referred you, or you may refer other potential members to us. If you share third party personal data with us, it is your responsibility to ensure that you are complying with applicable data protection legislation when you are sharing that personal data.
Why we collect and process your Personal Data
We collect and process your personal data for the following purposes:
To provide the Services and the Website:
- to provide our members with access to our Services
- to run climate change briefings, round tables, workshops and conferences with our partners
- to make available briefing materials, toolkits, films, and online courses to enable directors to develop their knowledge
- to provide a forum where directors can share experience and debate issues
- to provide you with information that you have requested
- to enable the Website to function efficiently
- to analyse use of the Website
To manage our members:
- to contact our members about their membership and with other relevant updates about Chapter Zero;
- for member relationship purposes and to deal with any questions, queries or complaints our Members may have
- for internal membership administration purposes
- to better understand our members and their needs/requirements
For marketing purposes:
- to provide our members with relevant marketing materials regarding events that we are hosting
- to make our members aware of other relevant events they may wish to attend: for example on risk assessment, reporting, scenario planning, opportunity assessment, decision analysis
To comply with our legal obligations.
How do we protect your data?
Chapter Zero takes appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorised destruction of your Personal Data.
We are committed to taking all reasonable and appropriate steps to protect the personal data that we hold from misuse, loss, or unauthorised access. We do this by having in place a range of appropriate technical and organisational measures, including encryption measures and disaster recovery plans. We also ensure that personal data is only shared on a need-to-know basis among our staff.
Unfortunately, the transmission of information via the Internet is not completely secure. Although we will apply our normal procedures and comply with legal requirements to protect your information, we cannot guarantee the security of your information transmitted from you to us.
When do we share your data?
In general, your data is processed exclusively by Chapter Zero and we do not pass on any of your Personal Data to third parties unless we need to do so to provide you with the Services or to operate the Website. However, we may share your personal data with the following categories of recipients:
Partners and Associated Organisations
We may share your personal data with organisations with whom we are partnered, with whom we work to provide specialist support to our members, or with whom we co-host events. These organisations may process your personal data for their own purposes and we recommend that you review each of their privacy policies to understand how they process your personal data.
In order to provide the Services and the Website, we work with service providers (e.g. hosting providers, technical service providers and marketing and communications agencies) who may, in the course of providing their services, receive and process personal data on our instruction and on the basis of a contractual data processing agreement. These service providers are not permitted to use your personal data for their own purposes.
We may disclose your personal data to a regulatory authority, government agency or law enforcement body with jurisdiction over our activities.
Professional advisors and auditors
We may disclose your personal data to professional advisors (such as legal advisors and accountants) or auditors for the purpose of providing professional services to us.
In the event that we sell or buy any business assets, we may disclose your personal data to a prospective seller or buyer of such business or assets. If Chapter Zero or substantially all of its assets are acquired by a third party, personal data held by us will be one of the transferred assets, in which case we will inform you of this condition.
At your option
In certain circumstances, you may have the option of sharing information with others yourself as part of our community (e.g. if you give out personal data in a publically accessible community forum). You should be aware that personal data that you voluntarily include and transmit online in a publicly accessible blog, chat room, social media platform or otherwise online or that you share in an open forum may be viewed and used by others without any restrictions. We are unable to control such uses of your data and by using such services, you assume the risk that the personal data you provide may be viewed and used by third parties for any number of purposes.
Otherwise, your data will only be passed on in special exceptional cases, where we are obligated or entitled to do so by statute or upon binding order from a public authority.
Legal bases for processing your Personal Data
The GDPR requires us to inform you of the different legal bases that we rely on to legitimise our processing of your personal data. We have described these below.
Where using your data is in our legitimate interests
We are allowed to use your personal data where it is in our interests to do so, and those interests aren’t outweighed by any potential prejudice to you. We believe that our use of your personal data is within a number of our legitimate interests, including but not limited to:
- To manage our members;
- To contact our members about relevant updates about Chapter Zero;
- For business optimisation and service development;
- To manage our Website;
- For marketing and promotion purposes;
- To ensure that our systems run smoothly;
- To analyse traffic on our Website;
- To protect against improper use or unauthorised use of our systems, Services and Website.
Where you give us your consent to use your personal data
We are allowed to use your personal data where you have specifically consented. In order for your consent to be valid:
- It has to be given freely, without us putting you under any type of pressure;
- You have to know what you are consenting to – so we’ll make sure we give you enough information;
- You should only be asked to consent to one thing at a time – we therefore avoid “bundling” consents together so that you don’t know exactly what you’re agreeing to; and
- You need to take positive and affirmative action in giving us your consent – for example, we could provide a tick box for you to check so that this requirement is met in a clear and unambiguous fashion.
We currently seek your consent for marketing and advertisement purposes, and to send you information about Chapter Zero and climate change.
Where processing is necessary for the performance of a contract between us
We may need to process your personal data to perform a contract with you or take steps at your request prior to entering into a contract. For example, if you have requested that we send you certain information, we will need your contact details in order to be able to fulfill such request.
Where processing is necessary for us to carry out our legal obligations
As well as our obligations to you under any contract, we also have other legal obligations that we need to comply with and we are allowed to use your personal data when we need to in order to comply with those other legal obligations.
Where is your personal data stored?
Your personal data may be transferred outside of the European Economic Area or EEA (i.e. the Member States of the European Union, together with Norway, Iceland and Liechtenstein) to the types of entities described in the section called ‘When do we share your information?’ above. In particular, your personal data is likely to be transferred to the United States of America, where some of our and our service provider’s servers are located.
We want to make sure that your personal data is stored and transferred in a way which is secure. We will therefore only transfer data outside of the EEA where it is compliant with data protection legislation and the means of transfer provides adequate safeguards in relation to your data, for example:
- By way of a data transfer agreement with a third party, incorporating the current standard contractual clauses adopted by the European Commission for the transfer of personal data by controllers in the EEA to controllers and processors in jurisdictions without adequate data protection laws; or
- By transferring your data to an entity which has signed up to the EU-U.S. Privacy Shield Framework for the transfer of personal data from entities in the EU to entities in the United States of America or any equivalent agreement in respect of other jurisdictions; or
- By transferring your data to a country where there has been a finding of adequacy by the European Commission in respect of that country’s levels of data protection via its legislation; or
- Where it is necessary for the conclusion or performance of a contract between ourselves and a third party and the transfer is in your interests for the purposes of that contract (for example, if we need to transfer your data to a benefits provider based outside the EEA); or
- Where you have consented to the data transfer.
For how long do we keep your personal data?
We will only keep your personal data for as long as necessary for the purpose for which we collected it. For example, we will retain your personal data for as long as you are a member of Chapter Zero, or until you unsubscribe from our emails or otherwise inform us that you no longer wish to be a member of Chapter Zero.
We may need to keep your information for longer in certain circumstances. This could be because of the following reasons:
- to potentially establish, bring or defend legal proceedings or to comply with a legal or regulatory requirement;
- to be able to deal with external or internal audits.
When it is no longer necessary for us to keep your information, we will delete it from our systems. Afterwards, we only retain aggregated data from which you cannot be identified for analytical purposes.
The rights of Users
The GDPR allows to you to exercise certain rights regarding your Personal Data which are being processed by Chapter Zero.
In particular, you have the right to do the following:
- Withdraw your consent at any time. You have the right to withdraw consent where you have previously given your consent to the processing of your Personal Data.
- Right to object. This right enables you to object to us processing your personal data where we do so for one of the following reasons: (i) because it is in our legitimate interests to do so; (ii) to enable us to perform a task in the public interest or exercise official authority; (iii) to send you direct marketing materials; or (iv) for scientific, historical, research or statistical purposes..
- Right to access. You may ask us for a copy of the information we hold about you at any time, and request us to modify, update or delete such information. If we provide you with access to the information we hold about you, we will not charge you for this unless permitted by law. If you request further copies of this information from us, we may charge you a reasonable administrative cost. Where we are legally permitted to do so, we may refuse your request. If we refuse your request we will always tell you the reasons for doing so.
- Right to rectification. You have the right to request that we rectify any inaccurate or incomplete personal data that we hold about you. If we have shared this personal data with third parties, we will notify them about the rectification unless this is impossible or involves disproportionate effort. You may also request details of the third parties that we have disclosed the inaccurate or incomplete personal data to. Where we think that it is reasonable for us not to comply with your request, we will explain our reasons for this decision.
- Right to restrict processing. You have the right to request that we restrict our processing of your personal data in certain circumstances, for example if you dispute the accuracy of the personal data that we hold about you or you object to our processing of your personal data for our legitimate interests. If we have shared your personal data with third parties, we will notify them about the restricted processing unless this is impossible or involves disproportionate effort. We will, of course, notify you before lifting any restriction on processing your personal data.
- Right to erasure. You have the right to request that we “erase” your personal data in certain circumstances. Normally, this right exists where:
- The data are no longer necessary;
- You have withdrawn your consent to us using your data, and there is no other valid reason for us to continue;
- The data has been processed unlawfully;
- It is necessary for the data to be erased in order for us to comply with our obligations under law; or
- You object to the processing and we are unable to demonstrate overriding legitimate grounds for our continued processing.
We would only be entitled to refuse to comply with your request for erasure in limited circumstances and we will always tell you our reason for doing so. When complying with a valid request for the erasure of data we will take all reasonably practicable steps to delete the relevant data.
- Right of data portability. If you wish, you have the right to transfer your personal data between service providers. In effect, this means that you are able to transfer the details we hold on you to another third party. To allow you to do so, we will provide you with your data in a commonly used machine-readable format so that you can transfer the data. Alternatively, we may directly transfer the data for you.
- Right to complain. You have the right to lodge a complaint with your local data protection supervisory authority, which is the Information Commissioner’s Office in the UK. Contact details for the Information Commissioner’s Office are available on the website here: https://ico.org.uk/.
Any requests to exercise these rights can be directed to Chapter Zero via the following email address: firstname.lastname@example.org
How “Do Not Track” requests are handled
We do not respond to “Do Not Track” settings at this time, whether that signal is received on a computer or on a mobile device.
Latest update: 6 September 2019