Privacy

Privacy

Privacy Policy of Chapter Zero

We care about your privacy and we think it is important that you always know what data we collect about you and what that data is used for.

This Privacy Policy sets out certain information regarding our data processing activities when you either visit our website (available at https://www.chapterzero.org.uk) (the “Website“) or when you are a member and make use of our membership, forum and resource services (the “Services“).

You can also see this Privacy Policy at https://www.chapterzero.org.uk/privacy-policy. Please read this Privacy Policy carefully to understand our practices regarding your personal data and how we will treat it. We may amend this Privacy Policy from time to time, so please ensure to check back regularly.

By visiting our Website or using our Services, you acknowledge the terms of this Privacy Policy and the use and disclosure of your personal data as set out in this policy.

 

Who we are and how to contact us

We are Chapter Zero, a company registered in England and Wales with registered number 12062028 and registered office at 424 Margate Rd, Ramsgate, CT12 6SJ (“Chapter Zero“). We are the provider of the Services and the Website.

If you have any questions about this Privacy Policy or our use of your personal data, if you need to report a problem, or if you would like to exercise one of your rights under this Privacy Policy you can contact us using the following contact details:

Post: Centre for Climate Change Engagement, c/o Hughes Hall, University of Cambridge, Wollaston Rd, Cambridge, CB1 2EW

Email: climate@hughes.cam.ac.uk

 

What data do we collect?

Chapter Zero collects the following Personal Data:

Membership Data: name, email address, mobile number, role title, organisation, sector, how heard about chapter zero, name of person who referred them, events attended, events invited to, social media handles

Website Data: e-mail address (ID), service usage records, improper use records, model name of devices with smart OS installed (tablet PC, smartphone, etc.), OS information, device identifier (UUID), advertising identifier (ADID).

Some of the information described above is collected automatically, using cookies or mobile cookies (pieces of data sent by a website to your computer and stored on its hard drive or a small file placed on your smartphone).

Unless specified otherwise, all Personal Data requested by Chapter Zero is necessary for us to provide the Services or the Website, and failure to provide this Personal Data may prevent you from accessing our Website or using our Services. In cases where Chapter Zero specifically states that certain Personal Data is not necessary, you are free not to communicate this Personal Data without consequences to the availability or the functioning of the Service.  However, if you choose to provide further Personal Data, we will process it in accordance with this Privacy Policy.

 

Cookies

The Website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”).

Google Analytics uses “cookies”, which are text files placed on your computer, to help us analyse how users use the Website. These cookies do not collect any personally identifiable information and are only used for the statistical collection of data such as visits and page hits. Google Analytics’ cookies store IP addresses but we cannot link those addresses to any individual or path through the website. Google uses the cookies to read information and evaluate visitors’ use of the website in the form of statistical reports that we can access.  The information generated by the cookie about your use of the Website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the Website, compiling reports on website activity and providing other services relating to website activity and internet usage.  Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google.

For further information regarding the way in which Google Analytics uses cookies please see “How Google uses data when you use our partners’ sites or apps”, (located at www.google.com/policies/privacy/partners/). You can also stop being tracked by Google Analytics across all websites by going to Google’s site at: http://tools.google.com/dlpage/gaoptout.

 

Third Party Referrals

As part of your membership of Chapter Zero, you may tell us who referred you, or you may refer other potential members to us.  If you share third party personal data with us, it is your responsibility to ensure that you are complying with applicable data protection legislation when you are sharing that personal data.

 

Why we collect and process your Personal Data

We collect and process your personal data for the following purposes:

To provide the Services and the Website:

  • to provide our members with access to our Services
  • to run climate change briefings, round tables, workshops and conferences with our partners
  • to make available briefing materials, toolkits, films, and online courses to enable directors to develop their knowledge
  • to provide a forum where directors can share experience and debate issues
  • to provide you with information that you have requested
  • to enable the Website to function efficiently
  • to analyse use of the Website

To manage our members:

  • to contact our members about their membership and with other relevant updates about Chapter Zero;
  • for member relationship purposes and to deal with any questions, queries or complaints our Members may have
  • for internal membership administration purposes
  • to better understand our members and their needs/requirements

For marketing purposes:

  • to provide our members with relevant marketing materials regarding events that we are hosting
  • to make our members aware of other relevant events they may wish to attend: for example on risk assessment, reporting, scenario planning, opportunity assessment, decision analysis

To comply with our legal obligations.

 

How do we protect your data?

Chapter Zero takes appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorised destruction of your Personal Data.

We are committed to taking all reasonable and appropriate steps to protect the personal data that we hold from misuse, loss, or unauthorised access. We do this by having in place a range of appropriate technical and organisational measures, including encryption measures and disaster recovery plans.  We also ensure that personal data is only shared on a need-to-know basis among our staff.

Unfortunately, the transmission of information via the Internet is not completely secure. Although we will apply our normal procedures and comply with legal requirements to protect your information, we cannot guarantee the security of your information transmitted from you to us.

 

When do we share your data?

In general, your data is processed exclusively by Chapter Zero and we do not pass on any of your Personal Data to third parties unless we need to do so to provide you with the Services or to operate the Website.  However, we may share your personal data with the following categories of recipients:

Partners and Associated Organisations

We may share your personal data with organisations with whom we are partnered, with whom we work to provide specialist support to our members, or with whom we co-host events.  These organisations may process your personal data for their own purposes and we recommend that you review each of their privacy policies to understand how they process your personal data.

Service providers

In order to provide the Services and the Website, we work with service providers (e.g. hosting providers, technical service providers and marketing and communications agencies) who may, in the course of providing their services, receive and process personal data on our instruction and on the basis of a contractual data processing agreement. These service providers are not permitted to use your personal data for their own purposes.

Regulatory bodies

We may disclose your personal data to a regulatory authority, government agency or law enforcement body with jurisdiction over our activities.

Professional advisors and auditors

We may disclose your personal data to professional advisors (such as legal advisors and accountants) or auditors for the purpose of providing professional services to us.

Replacement providers

In the event that we sell or buy any business assets, we may disclose your personal data to a prospective seller or buyer of such business or assets. If Chapter Zero or substantially all of its assets are acquired by a third party, personal data held by us will be one of the transferred assets, in which case we will inform you of this condition.

At your option

In certain circumstances, you may have the option of sharing information with others yourself as part of our community (e.g. if you give out personal data in a publically accessible community forum). You should be aware that personal data that you voluntarily include and transmit online in a publicly accessible blog, chat room, social media platform or otherwise online or that you share in an open forum may be viewed and used by others without any restrictions. We are unable to control such uses of your data and by using such services, you assume the risk that the personal data you provide may be viewed and used by third parties for any number of purposes.

Otherwise, your data will only be passed on in special exceptional cases, where we are obligated or entitled to do so by statute or upon binding order from a public authority.

 

Legal bases for processing your Personal Data

The GDPR requires us to inform you of the different legal bases that we rely on to legitimise our processing of your personal data.  We have described these below.

Where using your data is in our legitimate interests

We are allowed to use your personal data where it is in our interests to do so, and those interests aren’t outweighed by any potential prejudice to you. We believe that our use of your personal data is within a number of our legitimate interests, including but not limited to:

  • To manage our members;
  • To contact our members about relevant updates about Chapter Zero;
  • For business optimisation and service development;
  • To manage our Website;
  • For marketing and promotion purposes;
  • To ensure that our systems run smoothly;
  • To analyse traffic on our Website;
  • To protect against improper use or unauthorised use of our systems, Services and Website.

We don’t think that any of the activities set out in this privacy policy will prejudice you in any way. However, you do have the right to object to us processing your personal data on this basis. We have set out details regarding how you can go about doing this in the section on your rights below.

Where you give us your consent to use your personal data

We are allowed to use your personal data where you have specifically consented. In order for your consent to be valid:

  • It has to be given freely, without us putting you under any type of pressure;
  • You have to know what you are consenting to – so we’ll make sure we give you enough information;
  • You should only be asked to consent to one thing at a time – we therefore avoid “bundling” consents together so that you don’t know exactly what you’re agreeing to; and
  • You need to take positive and affirmative action in giving us your consent – for example, we could provide a tick box for you to check so that this requirement is met in a clear and unambiguous fashion.

We currently seek your consent for marketing and advertisement purposes, and to send you information about Chapter Zero and climate change.

Where processing is necessary for the performance of a contract between us

We may need to process your personal data to perform a contract with you or take steps at your request prior to entering into a contract. For example, if you have requested that we send you certain information, we will need your contact details in order to be able to fulfill such request.

Where processing is necessary for us to carry out our legal obligations

As well as our obligations to you under any contract, we also have other legal obligations that we need to comply with and we are allowed to use your personal data when we need to in order to comply with those other legal obligations.

 

Where is your personal data stored?

Your personal data may be transferred outside of the European Economic Area or EEA (i.e. the Member States of the European Union, together with Norway, Iceland and Liechtenstein) to the types of entities described in the section called ‘When do we share your information?’ above.  In particular, your personal data is likely to be transferred to the United States of America, where some of our and our service provider’s servers are located.

We want to make sure that your personal data is stored and transferred in a way which is secure. We will therefore only transfer data outside of the EEA where it is compliant with data protection legislation and the means of transfer provides adequate safeguards in relation to your data, for example:

  • By way of a data transfer agreement with a third party, incorporating the current standard contractual clauses adopted by the European Commission for the transfer of personal data by controllers in the EEA to controllers and processors in jurisdictions without adequate data protection laws; or
  • By transferring your data to an entity which has signed up to the EU-U.S. Privacy Shield Framework for the transfer of personal data from entities in the EU to entities in the United States of America or any equivalent agreement in respect of other jurisdictions; or
  • By transferring your data to a country where there has been a finding of adequacy by the European Commission in respect of that country’s levels of data protection via its legislation; or
  • Where it is necessary for the conclusion or performance of a contract between ourselves and a third party and the transfer is in your interests for the purposes of that contract (for example, if we need to transfer your data to a benefits provider based outside the EEA); or
  • Where you have consented to the data transfer.

 

For how long do we keep your personal data?

We will only keep your personal data for as long as necessary for the purpose for which we collected it. For example, we will retain your personal data for as long as you are a member of Chapter Zero, or until you unsubscribe from our emails or otherwise inform us that you no longer wish to be a member of Chapter Zero.

We may need to keep your information for longer in certain circumstances. This could be because of the following reasons:

  • to potentially establish, bring or defend legal proceedings or to comply with a legal or regulatory requirement;
  • to be able to deal with external or internal audits.

When it is no longer necessary for us to keep your information, we will delete it from our systems. Afterwards, we only retain aggregated data from which you cannot be identified for analytical purposes.

 

The rights of Users

The GDPR allows to you to exercise certain rights regarding your Personal Data which are being processed by Chapter Zero.

In particular, you have the right to do the following:

  • Withdraw your consent at any time. You have the right to withdraw consent where you have previously given your consent to the processing of your Personal Data.
  • Right to object. This right enables you to object to us processing your personal data where we do so for one of the following reasons: (i) because it is in our legitimate interests to do so; (ii) to enable us to perform a task in the public interest or exercise official authority; (iii) to send you direct marketing materials; or (iv) for scientific, historical, research or statistical purposes..
  • Right to access. You may ask us for a copy of the information we hold about you at any time, and request us to modify, update or delete such information. If we provide you with access to the information we hold about you, we will not charge you for this unless permitted by law. If you request further copies of this information from us, we may charge you a reasonable administrative cost. Where we are legally permitted to do so, we may refuse your request. If we refuse your request we will always tell you the reasons for doing so.
  • Right to rectification. You have the right to request that we rectify any inaccurate or incomplete personal data that we hold about you. If we have shared this personal data with third parties, we will notify them about the rectification unless this is impossible or involves disproportionate effort. You may also request details of the third parties that we have disclosed the inaccurate or incomplete personal data to. Where we think that it is reasonable for us not to comply with your request, we will explain our reasons for this decision.
  • Right to restrict processing. You have the right to request that we restrict our processing of your personal data in certain circumstances, for example if you dispute the accuracy of the personal data that we hold about you or you object to our processing of your personal data for our legitimate interests. If we have shared your personal data with third parties, we will notify them about the restricted processing unless this is impossible or involves disproportionate effort. We will, of course, notify you before lifting any restriction on processing your personal data.
  • Right to erasure. You have the right to request that we “erase” your personal data in certain circumstances. Normally, this right exists where:
    • The data are no longer necessary;
    • You have withdrawn your consent to us using your data, and there is no other valid reason for us to continue;
    • The data has been processed unlawfully;
    • It is necessary for the data to be erased in order for us to comply with our obligations under law; or
    • You object to the processing and we are unable to demonstrate overriding legitimate grounds for our continued processing.

We would only be entitled to refuse to comply with your request for erasure in limited circumstances and we will always tell you our reason for doing so. When complying with a valid request for the erasure of data we will take all reasonably practicable steps to delete the relevant data.

  • Right of data portability. If you wish, you have the right to transfer your personal data between service providers. In effect, this means that you are able to transfer the details we hold on you to another third party. To allow you to do so, we will provide you with your data in a commonly used machine-readable format so that you can transfer the data. Alternatively, we may directly transfer the data for you.
  • Right to complain. You have the right to lodge a complaint with your local data protection supervisory authority, which is the Information Commissioner’s Office in the UK. Contact details for the Information Commissioner’s Office are available on the website here: https://ico.org.uk/.

Any requests to exercise these rights can be directed to Chapter Zero via the following email address: climate@hughes.cam.ac.uk

 

How “Do Not Track” requests are handled

We do not respond to “Do Not Track” settings at this time, whether that signal is received on a computer or on a mobile device.

 

Changes to this privacy policy

We will review this Privacy Policy periodically and reserve the right to make changes to this Privacy Policy at any time.  You acknowledge that we may make changes to this Privacy Policy and that it is your responsibility to check this webpage from time to time to review the Privacy Policy.  Changes to this Privacy Policy will come into effect immediately upon such changes being notified to you or uploaded to our Website.


Latest update: 6 September 2019