Privacy Policy

Effective: 25th May 2018 – Cedar Consulting Ltd Privacy Policy

1. Document control

1.2 Document classification

2. Policy overview

2.1 Description

3. Personal data

3.1 Categories of personal data we collect

3.2 Purposes for processing your personal data

3.3 Your personal data and third parties

3.4 Data security measures

3.5 Personal data transfers

3.6 How long will your personal data be retained by us?

3.7 Your rights with respect to the processing of your personal data

4. Personal data when you visit Cedar’s website

4.1 Links to websites and programs of third parties

4.2 How do we use personal data that we collect from our websites?

5. Personal data for marketing purposes

5.1 Sources of our marketing data

5.2 Marketing e-mails

5.3 Customer Relationship Management (CRM) databases

5.4 Combining and analysing data

5.5 Your rights regarding marketing communications

5.6 Marketing e-mails and segmentation

6. Compliance

7. Changes to this policy

8. Contact us

 

1. Document control

Document Title: Privacy Policy

Procedure Owner: Simon Boscoe/ Graham Varley

1.1 Version control

Version Control is managed & tracked within the Cedar process & policy library.

1.2 Document classification

The information is of a public nature and not confidential

2. Policy overview

2.1 Description

This Privacy Policy reflects how Cedar Consulting Ltd (“Cedar”;”we”;“our”) protect the personal data we process and control in relation to you and the rights that you have in the regards to the processing of your personal data.

This policy describes our practices in connection with information that we collect through activities that link to this Privacy Policy through the services that we may offer, that we control, as well as through messages that we send to you (including the Social Media Pages, Content Management Systems and Websites etc). By providing Personal Information to us, you agree to the terms and conditions of this Privacy Policy.

3. Personal data

Cedar attaches great importance to your right to privacy and the protection of your personal data. We want you to feel secure that when you deal with Cedar, your personal data is in good hands.

Cedar protects your personal data in accordance with applicable laws and our data privacy policies. In addition, Cedar maintains the appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing and/or against accidental loss, alteration, disclosure or access, or accidental or unlawful destruction of or damage.

3.1 Categories of personal data we collect

We collect personal data of our clients, prospective clients and limited cookie website data. If the data we collect are not listed in this privacy statement, we will give individuals (when required by law) appropriate notice of which other data will be collected and how they will be used.

Except for certain information that is required by law, or as part of the services we provide, your decision to provide any personal data to us is voluntary. You will therefore not be subject to adverse consequences if you do not wish to provide us with your personal data. However, please note that if you do not provide certain information, we may not be able to accomplish some or all of the purposes outlined in this privacy statement, and for example you may not be informed of product events and product/services information which require the use of such personal data.

If you provide us with personal data of another person (for instance, a potential event attendee), you are responsible for ensuring that such person is made aware of the information contained in this privacy statement and that the person has given you his/her consent for sharing the information with Cedar.

The above-mentioned categories of personal data have been obtained either directly from you (for example, when you provide information to sign up for a newsletter or attended a Cedar event/conference) or indirectly from certain third partiesSuch third parties include our affiliates, public websites, corporate website, social media, suppliers, agencies and vendors.

3.2 Purposes for processing your personal data

Cedar uses your personal data only where required for specific purposes. The below lists the purposes for which Cedar uses your personal data and an overview of the legal basis for each such purpose.

Personal data processing type    Legal basis of each purpose

Recruitment enquires    Necessary for our legitimate interests for ensuring that we recruit the appropriate employees.

Facilitating communication with you    Necessary for our legitimate interests for ensuring proper communication and emergency handling within the organisation.

Improving the security and functioning of our website, networks and information

    Necessary for our legitimate interests for ensuring that you receive an excellent user experience and our networks and information are secure.

Marketing and selling our products and services to you    Necessary for our legitimate interests for ensuring that we can conduct and increase our business.

Cedar will process your personal data for the purposes mentioned above based on your prior consent, to the extent such consent is mandatory under applicable laws. We will not use your personal data for purposes that are incompatible with the purposes of which you have been informed, unless it is required or authorised by law.

3.3 Your personal data and third parties

We aim to transfer personal data to a minimum. But sometimes we need to transfer limited data to 3rd party applications or agencies, such as our marketing automation software (presently ZIFTSolutions.com). Such third parties may be located in other countries. Before we do so, we shall take the necessary steps to ensure that your personal data will be given adequate protection as required by relevant data privacy laws and Cedar’s internal policies.

Unless you are otherwise notified, any transfers of your personal data from within the European Economic Area (EEA) to third parties outside the EEA will be based on an adequacy decision or are governed by the standard contractual clauses. Any other non-EEA related transfers of your personal data, will take place in accordance with the appropriate international data transfer mechanisms and standards.

3.4 Data security measures

Cedar maintain organisational, physical and technical security arrangements for all the personal data we hold. We have protocols, controls and relevant policies, procedures and guidance to maintain these arrangements taking into account the risks associated with the categories of personal data and the processing we undertake.

3.5 Personal data transfers

Personal data we collect may be transferred or be accessible internationally throughout Cedar business and between its entities and affiliates. Any such transfers that take place will be done in accordance with the applicable data privacy laws.

Cedar is committed to adequately protecting your information regardless of where the data resides and to providing appropriate protection for your information where such data is transferred outside of the EEA or other countries deemed adequate by the EU.

Where we authorise the processing or transfer of your personal information outside of the approved countries, we require your personal information to be protected and include the following data protection transfer mechanisms:

•    Adherence to the EU/US Privacy Shield:

You can find more information on the EU/US Privacy Shield at www.privacyshield.gov including a list of all organisations that have signed up to the EU/US Privacy Shield framework.

However, it is worth noting that our corporate website is presently hosted in South Africa, however our Cedar website does not process any personal data. Please refer to our cookie policy

3.6 How long will your personal data be retained by us?

Cedar will retain your personal data only for as long as is necessary. We maintain specific records management and retention policies and procedures, so that personal data are deleted after a reasonable time or requested by the individual. We will retain your Personal Information for the period necessary to fulfil the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law.

3.7 Your rights with respect to the processing of your personal data

You are entitled (in the circumstances and under the conditions, and subject to the exceptions, set out in applicable law) to:

• Request access to the personal data we process about you: this right entitles you to know whether we hold personal data about you and, if we do, to obtain information on and a copy of that personal data.

• Request a rectification of your personal data: this right entitles you to have your personal data be corrected if it is inaccurate or incomplete.

• Object to the processing of your personal data: this right entitles you to request that Cedar no longer processes your personal data.

• Request the erasure of your personal data: this right entitles you to request the erasure of your personal data, including where such personal data would no longer be necessary to achieve the purposes.

• Request the restriction of the processing of your personal data: this right entitles you to request that Cedar only processes your personal data in limited circumstances, including with your consent.

• Request portability of your personal data: this right entitles you to receive a copy (in a structured, commonly used and machine-readable format) of personal data that you have provided to Cedar, or request Cedar to transmit such personal data to another data controller.

To the extent that the processing of your personal data is based on your consent, you have the right to withdraw such consent at any time by submitting a formal request to Cedar. Please note that this will not affect Cedar’s right to process personal data obtained prior to the withdrawal of your consent, or its right to continue parts of the processing based on other legal bases than your consent. You can do this through privacy@cedarconsulting.co.uk

4. Personal data when you visit Cedar’s website

We may collect and process the following personal data:

• Personal data that you provide by filling in forms on our website or applications. This includes registering to use the website, subscribing to services, newsletters and alerts, registering for a conference or requesting a white paper or further information. Pages that collect this type of personal data may provide further information as to why your personal data are needed and how it will be used. It is completely up to you whether you want to provide it.

• If you contact us, we may keep a record of that correspondence.

• We may ask you to complete surveys that we use for research purposes, although you do not have to respond to them.

• Any postings, comments or other content that you upload or post to a Cedar’s site (such as Facebook, Twitter, LinkedIn etc).

• Our website does not collect any personal data that can be tracked back to your person. However, it does collect limited data through its cookies in relation to (where available) your IP address, operating system and browser type, for system administration, to filter traffic, to look up user domains and to report on statistics. For more information on this please visit our cookies policy page

• Through the IP address we can see the pages you view and resources you access or download, including but not limited to, traffic data, location data, weblogs and other communication data. Details of your visits to our website are tracked only by your IP address, which is not tracked back to your person and thus will remain anonymous.  

4.1 Links to websites and programs of third parties

Our websites may include:

• Links to and from the sites of our partner networks, advertisers and affiliates.

• Certain programs (widgets and apps) of third parties. Where this is the case, note that such third parties may process your personal data collected through such programs for their own purposes.

We do not accept any responsibility or liability for such third parties’ sites or programs. Please check such third parties’ terms of use and privacy statements before using and providing any information to such third parties’ sites and programs.

4.2 How do we use personal data that we collect from our websites?

We use personal data for the purposes described in the section “3.2 Purposes for processing your personal data” above, as well as to provide you with information you request, and for other purposes which we would describe to you at the point where it is collected. For example:

• To fulfil your requests for white papers, articles, newsletters or other content.

• For surveys or research questionnaires.

• To personalise your experience at our website.

• To contact you for marketing purposes where you have specifically or implicitly (e.g. historically have not opted out of marketing communications) agreed to this.

• When contacting Cedar about job roles

5. Personal data for marketing purposes

5.1 Sources of our marketing data

The bulk of the personal data we collect and use for marketing purposes relates to individual employees of our clients and other companies with which we have an existing business relationship or interest in. We may also obtain contact information from public sources, including content made public at social media websites, to make an initial contact with a relevant individual at a client or other company.

5.2 Marketing e-mails

We send commercial e-mail to individuals at our client or other companies with whom we want to develop or maintain a business relationship in accordance with applicable marketing laws. Our targeted e-mail messages typically include web beacons, cookies, and similar technologies that allow us to know whether you open, read, or delete the message, and links you may click. When you click a link in a marketing e-mail you receive from Cedar, we will also use a cookie to log what pages you view and what content you download from our websites, even if you are not registered at or signed into our site.

Targeted e-mails from Cedar may include additional data privacy information, as required by applicable laws.

Additional details regarding our cookie policy can be found on our cookies policy page

5.3 Customer Relationship Management (CRM) databases

Our CRM databases include personal data belonging to individuals at our client and other companies with whom we already have a business relationship or want to develop one. The personal data used for these purposes includes relevant business information, such as: contact data, publicly available information (e.g. board membership, published articles, press releases, your public posts on social media sites if relevant for business purpose), your responses to targeted e-mail (including web activity following links from our e-mails), website activity of registered users of our website, and other business information included by Cedar professionals based on their personal interactions with you.

5.4 Combining and analysing data

We may combine data from publicly available sources, and from our different e-mail, website, and personal interactions with you. This includes information collected from our websites and information collected when you sign-up or log on to our sites or connect to our sites using your social media credentials (such as LinkedIn and Facebook). We combine this data to better assess your experience with Cedar and to perform the other activities described throughout our privacy policy.

5.5 Your rights regarding marketing communications

You can exercise your right to prevent marketing communications to you by checking certain boxes on the forms we use to collect your personal data, or by utilising opt-out mechanisms in e-mails we send to you. You can also exercise the right to discontinue marketing communications to you, or to have your personal data removed from our marketing databases at any time by contacting privacy@cedarconsulting.co.uk. In such cases, we will retain minimum personal data to note that you opted out in order to avoid contacting you again.

5.6 Marketing e-mails and segmentation

We do our best to segment our data so that marketing e-mails reach only those we think are or could be interested in a particular service or product. The individual has the right at any point to opt out of certain types of marketing messaging or opt out of all marketing messaging. For example, some contacts will be only interested in Oracle PeopleSoft events whilst others only interest in Oracle Cloud events.  

6. Compliance

We regularly review our compliance with our Privacy Policy. When we receive formal written complaints, we will contact the person who made the complaint to follow up. We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of personal data that we cannot resolve with our users directly.

7. Changes to this policy

We may change this Privacy Policy. Any changes to this Privacy Policy will become effective when the Privacy Policy is published.

8. Contact us

Please contact us:

• If you have a general question about how Cedar protects your personal data.

• If you wish to exercise your rights in relation to your personal data rights

• If you wish to make a complaint about Cedar use of your data.

If you have any questions about this Privacy Policy, please contact us as follows:

Phone Number: +44 (0)845 094 1175

You can also contact us through privacy@cedarconsulting.co.uk

Additional contact details can be found on our website www.cedarconsulting.co.uk/contactus

You have the right to complain to the Data Protection Commission or another supervisory authority. You can contact the Office of the Data Protection Commissioner at: https://www.dataprotection.ie/docs/Contact-us/b/11.html

Cedar Consulting addresses:

Cedar Consulting UK

6 Brownlow Mews

London

WC1N 2LD

United Kingdom

T: +44 (0)845 094 1175

F: +44 (0)845 094 1165