Welcome to Cecil. We value the trust you place in us when providing us with your Personal Data, and we aim to protect your data to the highest of standards as we provide our products and services to you.
2. Scope of this policy
Cecil processes your Personal Data in accordance with the applicable UK and EU data protection laws, such as the General Data Protection Regulation of the United Kingdom (“UK GDPR”) and the General Data Protection Regulation (EU 2016/679) (“EU GDPR”).
This policy applies to all Personal Data that we collect, use, or disclose when providing our websites, platforms, apps, products, and services owned or operated by us, including in relation to the following:
offline communications such as phone calls or site visits (“Offline Communications”); and
our social media, online products, tools, and services,
(together, the “Services”).
We may also provide you with additional information when we collect Personal Data where we feel it would be helpful to provide relevant and timely information.
3. Who are we?
In this policy, “Cecil”, “we”, “us” or “our” means Cecil Earth Pty Ltd ACN 647 150 972 and its affiliates.
4. What is Personal Data?
The EU GDPR and UK GDPR defines Personal Data as any information relating to an identified or identifiable natural person, i.e. one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (“Personal Data”).
Special Categories of Personal Data include data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, or data concerning a natural person’s sex life or sexual orientation (“Special Categories of Personal Data”).
5. What information do we collect?
The Personal Data we collect, and process will vary depending on your dealings with us and the Services we provide to you.
We may also collect, and process Special Categories of Personal Data with your explicit consent when providing our Services to you, which includes Special Categories of Personal Data submitted by you, or on your behalf, through our platforms and apps.
(a) Information we collect when you use our Services
We collect the information you provide to us when you do things such as sign up for, and use our Services, or update your user profile, which may include:
individual or business account information including name, date of birth and age, details regarding gender, profile photo, organisation details including company or business name, and other related information regarding your business and/or employees that can be used to identify an individual;
site tools such as cookies;
any information that you upload to the Sites and/or input into your account; and
any other information you may provide to us voluntarily through your use of our Sites; and
contact information including residential and/or postal address, email address, telephone number, and social media handles.
(b) Information we collect from your other interactions with us
We collect information when you interact with us, such as when you use our websites, communicate with us via email, telephone, social media or chatbots, make enquiries regarding demos, or when we collect feedback from you on the Services we provide. The information we may collect in these circumstances include individual or business name, address, email, phone number, company/employer, job function, team size, the date, time, and reason for contacting us, survey and research responses, social media information, and call recordings.
(c) Information that we automatically collect from you
We automatically collect usage information when you browse our websites or use our Services to improve our Services and enhance your user experience. This information includes:
user names, member names, email addresses and other contact details;
your actions on our Sites (including any selections or inputs into items);
digital interactions data, i.e., how you use our digital properties (including our websites);
support queries and forum comments (if applicable);
social media sites;
apps and electronic communications;
metadata (collected on an anonymous basis);
consumer analytic data (collected on an anonymous basis but which can be attributed to you based on other information we have about you);
log file information;
information about the type of device and operating system used by you;
computer IP addresses; and
marketing and cookie preferences, including any consent you have given us.
6. How and why do we use this information?
Where the EEA GDPR or the UK GDPR applies, we must have a legal basis to collect, use and disclose your Personal Data and we explain these legal bases below. We also explain the purposes for which we process your Personal Data, the processing operations that we carry out, and the categories of data that we use for each purpose.
(a) Legal Basis
Contractual performance – we have obligations to perform and fulfil under our contract with you. To fulfil those obligations, we will have to use, process and store your data. For example, this includes creating and maintaining your account, resolving issues you may experience with the Services.
Consent – in certain cases, you consent to us or have reasonable expectations of us using your Personal Data in a certain way. Whenever we ask for your consent, we will explain the situations where we use your data, and the purposes for which the data will be used.
Legitimate interest – we can process your data when this is necessary for us to achieve a business purpose, or where this is necessary for someone else to achieve their purpose. This includes obtaining payment for our Services, sending users relevant marketing communications, using Personal Data to make more informed predictions, decisions and offers for our users, enhancing our Service via research and development, data labelling, machine learning and predictive analytics.
We explain below what interests we, or others, are trying to achieve when we process your data. Where we process Personal Data on the basis of a legitimate interest, then – as required by data protection law – we have carried out a balancing test to document our interests, to consider what the impact of the processing will be on individuals, and to determine whether individuals’ interests outweigh our interests in the processing activity taking place.
Legal obligations – it is necessary to comply with the relevant legal, regulatory, and other requirements under EU, EU Member State or UK laws. In certain cases, we will have to use your data to meet these obligations, for example, to disclose your information in response to a request made by a law enforcement authority.
We may process your data for different purposes. We may also provide you with notices that further specify the purposes for some of the processing described below, and on the rare occasions when we need to ask for your consent, we will only do so at the time we collect your Personal Data.
(c) Provision of Services and administration of our contract with you (Contractual Performance or Consent)
We use your Personal Data to administer aspects of our relationship with you so we can fulfil the obligations we have in the contract between you and us or based on your explicit consent. We process your information:
to fulfil a contract, or take steps linked to contractual obligations;
to provide our Services, including ancillary Services such as customer support;
to take payment for Services (where applicable); or
to send you service, technical and other administrative emails, messages, and other types of communications relating to our Services, among other things.
To do this, we use your information related to our contract, such as your individual or business account information, billing information such as bank details, and information about your use of our Services.
To the extent we process Special Categories of Personal Data as a part of our Services, we will rely on your explicit consent where required by law.
(d) Marketing communication and preferences (Consent)
We send you marketing communications via email or SMS when you provide us with consent by using your contact details and information provided through your use of the Services.
You can opt out of receiving direct marketing communications from us at any time by following the unsubscribe instructions included in the relevant marketing communication, or by emailing us at email@example.com.
7. How we share your Personal Data
(a) Sharing of information when providing our Services
members and personnel of the Cecil group – we may share your information between our departments or business functions, including with our employees, affiliates, and contractors for the purposes of the delivery and operation of our Services, and fulfilling requests by you, and we may share your information with our affiliates for the purposes of the delivery of their services to you where you have subscribed to their services, or where they integrate with us to provide our Services;
legal and regulatory authorities – we may share your information with government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if required for the legal protection of our legitimate interests in compliance with applicable laws;
parties involved in a business sale – in the event that we undergo any reorganisation, restructuring, merger, sale, or other transfer of assets your information will be disclosed to our advisers and any prospective purchaser’s adviser and will be passed to any new owners of the business;
business partners – we may share your data with our existing or potential agents, business partners or joint venture entities or partners to enable us to perform our business activities in relation to your services; and
your organisation – we may share your information with your employer and other personnel (where it is necessary and reasonable) in your organisation, if you use our Services in connection with your employment and your employer has established an account on your behalf.
(b) Sharing your information with third parties
We may disclose your Personal Data to specific third-party service providers who facilitate the delivery of our Services and operation of our business activities. We disclose your Personal Data to such third parties as doing so may be necessary to adequately provide our Services to you, or to assist us in analysing how our Services are used and ensure they are provided to you at the highest quality. These third parties are given access to your Personal Data only to perform these tasks on our behalf or for our benefit and are required not to disclose or use it for any other purpose.
Such third parties include providers of hosting services and technical infrastructure (e.g., Amazon Web Services), maintenance services, CRM services, customer support services, and marketing services.
(c) Sharing your information with overseas recipients
By signing up, you acknowledge and agree that Cecil (an entity in Australia) may transfer your Personal Data to other countries where our affiliates and service providers are located. Please note that some of these countries may have data protection laws that are different from your country (and, in some cases, may not be as protective).
If your Personal Data is transferred to a third-party provider that is not located in the EEA or the UK, we ensure that such transfer is compliant with the relevant requirements and are subject to appropriate safeguards.
8. What rights do you have?
(a) Privacy rights
The UK GDPR and EU GDPR grant enhanced privacy rights to individuals residing in the UK or EEA including to:
request us for a copy of your Personal Data to correct, delete or restrict processing of your Personal Data, and to obtain the Personal Data you provide to us on a contractual basis or with your consent, in a structured, machine-readable format; correct and delete some Personal Data through your account provided by our Services.
where your Personal Data has been added to your account by your employer, you can ask your employer to correct or delete your Personal Data on your behalf. Your employer will then request us to correct or delete the Personal Data from our systems.
object to our use of your Personal Data or information in some circumstances, i.e., when we process your Personal Data based on our legitimate interests or where we are using the data for marketing purposes.
In some circumstances Cecil will not be able to comply with your request regarding your Personal Data. If we are unable to remove any of your information, we will inform you of our reasons. For example, if fulfilling your request would reveal Personal Data about another person, or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping.
To exercise any of these rights, including obtaining a copy of your legitimate interest balancing test, you can get in touch with us at firstname.lastname@example.org. If you have unresolved concerns, you have the right to make a complaint to a data protection authority in your jurisdiction or where you believe a breach may have occurred.
For the provision of information marked as mandatory when you register to use our Service, if such information is not provided, then you will not be able to use our Services. All other provision of your information is optional. If you do not provide such information, our provision of certain Services to you may be detracted from.
Where we rely on your consent, you will always be able to withdraw that consent at any time. If you ask to withdraw your consent to our processing your data, this will not affect any processing which has already taken place.
(b) Direct marketing communications
In some cases, we may send you direct marketing based on our legitimate interests or where you have provided us with explicit consent.
You have an absolute right to opt out of direct marketing at any time. You can do this by following the instructions in the communication within the electronic message we send to you, or by contacting us via email at email@example.com.
We may still send you important notices relating to your account, operational activities, and technical updates, even after you have opted out of receiving marketing communications.
Cookies also convey information to us about how you use our Services. When you use our Services, certain information may be recorded for statistical purposes. The information that may be recorded includes information regarding your:
IP address or server address;
date and time of visit;
length of your session;
the pages which you have accessed;
the number of times you access our Sites within a period of time;
the file URL you look at and information relating to it;
the website which referred you to our Sites;
the operating system which your computer uses;
previous websites visited; and
You can opt out of cookies collection, delete and refuse to accept cookies at any time by changing your privacy settings provided in your Internet browser. However, certain features of the Sites or Cecil Platform may not work if you delete or disable cookies. Some of our service providers may use their own cookies and web beacons in connection with the services they perform on our behalf.
9. Storage & Security
At Cecil, we’re serious about information security, and maintain administrative, physical and technical safeguards for protection of the security, confidentiality and integrity of your data. Our managed services within our AWS infrastructure supports encrypted and automated back up of data stored in our cloud platform. We also conduct an annual Well Architected Review with an accredited AWS partner to ensure compliance with best practices of the Well Architected Framework. Further details on our third-party storage provider’s location and security can be found here. We also contractually require that our Service Providers protect such information from accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access.
You should be aware that no data transmission over the Internet or other network can be guaranteed to be 100% secure. As a result, while we strive to protect information transmitted on or through the Sites, we cannot and do not guarantee the security of any information you transmit on or through the Sites. Accordingly, you disclose Personal Data to us at your own risk, and to the extent possible, we will not be liable for any unauthorised access, modification or disclosure, or misuse of your Personal Data.
You can also play an important role in keeping your Personal Data secure, by maintaining the confidentiality of any password and accounts used on the Services. Please notify us immediately if there is any unauthorised use of your account by any other Internet user, or any other breach of security relating to your account via email at firstname.lastname@example.org.
10. How long will you retain my data?
We will store your Personal Data for a commercially reasonable time, and for as long as we have a lawful basis to do so. This is a case-by-case determination that depends on things such as the nature of the data, why it is collected and processed, and relevant legal or operational retention needs. You can delete some Personal Data at any time, some data is deleted automatically, and some data we retain for longer periods of time. For example, we will retain:
account information for as long as your subscription or agreement continues or for as long as it is necessary to deliver our Services;
a record of the fact that you have asked us not to send you direct marketing, so that we can respect your request in future. If you unsubscribe from receiving direct marketing, then we will remove your details from our direct marketing mailing list; and
We will also retain your information for the purposes of complying with legal and audit obligations such as security, fraud prevention, financial record-keeping, troubleshooting, fee collection, ensuring the continuity of our Services, and when you have had direct communications with us.
11. How do I get in touch with you?
If you have any questions or concerns about how we process your data, please contact us via email at email@example.com.