Last updated August 2022.
The entities in the Circulor group are:
CSCS (Holdings) Ltd (registered in England and Wales, company number 12006152, registered office at The Aircraft Factory 2.2, 100 Cambridge Grove, London, W6 0LE)
Circulor Ltd (registered in England and Wales, company number 11067668, registered office at The Aircraft Factory 2.2, 100 Cambridge Grove, London, W6 0LE)
CSCS (Ireland) Ltd (registered in Ireland, company number 651067, registered office at Unit 3d North Point House, North Point Business Park, New Mallow Road Cork, Co. Cork, Cork, Ireland)
Circulor Inc (a corporation registered in the state of Delaware, file number 4058966, registered address at 1209 Orange Street, City of Wilmington, County of New Castle, Delaware 19801)
Circulor GmbH (registered in Germany, company number HRB 229624 B, registered address at Uhlandstraße 29, Berlin, 10719, Germany),
(together referred to as “Circulor”, “we” or “us”).
Your privacy is important to Circulor. This policy sets out information on the personal data we collect about you, and your rights in respect of this data. This policy applies whether you use our services, whether technical support, consulting services, our core applications (http://prove.circulor.io), mobile application or any other services (the “Services”) or use our website (https://www.circulor.com/) (the “Website”).
Our Website may contain links to third party websites that are not covered by this policy. We therefore ask you to review the privacy statements of other websites and applications to understand their information practices.
If you have any questions or comments on this policy, please email them to firstname.lastname@example.org.
Who We Are
We respect your right to privacy and so will only process personal information about you in accordance with applicable data protection laws. We comply with the retained EU law version of the General Data Protection Regulation (2016/679), the UK Data Protection Act 2018, the Irish Data Protection Act and the California Consumer Privacy Act of 2018 (the “data protection legislation”). If any of these laws are replaced or superseded, we will also comply with that.
We are registered with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (ico.org.uk), and our registration number is ZA748506. If you have any concerns about data protection, we would appreciate it if you contacted us first so we can discuss these with you before you approach the ICO. Please email us at email@example.com.
What we may collect
Personal data which may be collected, used, stored and transferred falls under different categories, as follows:
Identity Data includes first name, maiden name, last name, username or similar identifier.
Contact Data includes billing address, delivery address, email address and telephone numbers.
Financial Data includes bank account and payment card details.
Transaction Data includes details about payments to and from you and other details of products and Services you have purchased.
Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access the Website.
Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback, and survey responses.
Usage Data includes information about how you use the Website, products, and Services.
Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
Aggregated Data such as statistical or demographic data for any purpose, is not considered personal data in law as this data will not directly or indirectly reveal your identity. We may aggregate your Usage Data to calculate the percentage of users accessing a specific Website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this policy.
Personal information does not include date where the data has been removed (anonymous data).
We do not collect personal information about anyone under the age of 16.
We do not collect any other Special Categories of Personal Data, such as your race or ethnicity, health, medical conditions, genetic data, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership or biometric data). We also do not collect any information about criminal convictions and offences.
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
Where we need to perform the contract, we are about to enter into or have entered into with you;
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; or
Where we need to comply with a legal obligation.
We will typically collect your personal data through direct interactions with us. You may give us your Identity and Contact Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
Apply for our products or Services;
Buy our products or Services;
Create an account;
Use our Website;
Attend a Circulor event;
Request marketing to be sent to you;
Give us feedback or contact us.
We may process your data for compliance with a regulatory requirement or legal obligation to which we are subject to. Your data will only be processed if processing the data to comply with such obligation is a reasonable and appropriate way of achieving compliance.
We use the following cookies:
Strictly necessary cookies. These are cookies that are required for the operation of the Website. They include, for example, cookies that enable you to log into secure areas of our Website, use a shopping cart or make use of e-billing services.
Analytical or performance cookies. These allow us to recognise and count the number of visitors and to see how visitors move around the Website when they are using it. This helps us to improve the way the Website works, for example, by ensuring that users are finding what they are looking for easily.
Functionality cookies. These are used to recognise you when you return to the Website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
Targeting cookies. These cookies record your visit to the Website, the pages you have visited and the links you have followed. We will use this information to make the Website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
You can find more information about the individual cookies we use and the purposes for which we use them in the table below:
Google Analytics - this is a web analytics service provided by Google, Inc. The cookies used by Google Analytics help us to analyse how users use the Website and to count the number of people who use it. Google Analytics stores your IP address anonymously. Google does not associate your IP address with any personally identifiable information.
We will always ask for your consent to use non-essential cookies. You are free to withhold consent to this, but it means that we might not be able to provide the full website experience to you, including some elements of video advertising. If at any time you wish to disable our cookies, you can do so through the settings on your browser, or whenever the pop-up appears on the Website (each time you access the Website).
Storing your personal data
We store all of your personal data on our servers within the United Kingdom and/or the European Economic Area.
We may transfer your personal data outside of the European Economic Area (EEA) and the UK where we engage third parties to provide services on our behalf, such as to receive services or deal with payment.
Whenever we transfer your personal data out of the EEA or the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented, such as only transferring your personal data to countries that have been deemed to provide an adequate level of protection for personal data or by utilising Standard Contractual Clauses, or an International Data Transfer Agreement. We will still be responsible for protection of your personal data, even when we have transferred it outside of the EEA or the UK. Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA or the UK.
Data security is of great importance to us, and to protect your data we have put in place suitable physical, electronic, and managerial procedures to safeguard and secure data we collect. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business to know.
Specifically, we use Office 365 cloud storage services and AWS for our platform and database hosting.
If there is an incident where we become aware that there has been a data breach, we will let you know without undue delay. We will then take all necessary steps, including informing the ICO, to limit the extent of the breach and to prevent a further reoccurrence.
Retaining your personal data
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you. The appropriate retention period will vary depending on the type of personal data collected.
We will keep your personal data for a maximum of seven years after our relationship with you ends in order to comply with legal and regulatory requirements.
If you have created an account on our Website, and you do not log in for 18 consecutive months, we will delete your personal data. We will retain records of that deletion for 90 days.
If you subscribe to a newsletter, we will keep your personal data for as long as you are subscribed. If you unsubscribe from a newsletter, we will retain records of that deletion for 30 days.
We regularly review our data retention obligations to ensure that we are not retaining data for longer than we are legally obliged to.
Disclosing your personal data
We may disclose your information in the following cases:
If we want to sell our business, or our company, we can disclose it to the potential buyer;
We can disclose it to other businesses in our group, as defined in the UK Companies Act 2006;
We can disclose it if we have a legal obligation to do so, or in order to protect other people's property, safety, or rights; or
We can exchange information with others to protect against fraud or credit risks.
We may contract with third parties to supply services to you on our behalf. These include:
Credit card processing services
Order fulfilment service providers
Analytics service providers
Event/campaign management service providers
Website management service providers
Information technology and related infrastructure provision
Email delivery services
Our auditors and legal advisors.
These third parties are known as sub-processors. Where we share your personal data with those sub-processors, they will be bound by confidentiality and data protection obligations. We do this to ensure that your personal data is kept safe and secure.
When you provide us with personal data, you have certain legal rights, and these include:
To request access to, deletion or correction of, your personal data held by us at no cost to you
To request that your personal data be transferred to another person (data portability)
To be informed of what data processing is taking place
To restrict processing
To object to processing of your personal data
To complain to a supervisory authority (you can do this in the UK at ico.org.uk.
If you wish to access, rectify, erase or transfer your personal data, please contact our DPO or firstname.lastname@example.org.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights), but we can charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive, or we can refuse to comply in these circumstances.
We may need you to provide evidence of your identity as a security measure and we may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month, but it could take longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Third party links
We might have links on our Website to other websites and our terms and conditions and our policies will not apply to other websites that you get a link from our Website. We have no control over how your data is collected, stored, or used by other websites and we advise you to review those privacy terms and conditions policies before providing your personal data to those websites.
Changes to this policy
We can update this policy from time to time as laws change or as our Services or Website changes. If we make material changes to this policy, and we need your consent to those changes, we will contact you by email to do so.