Circular Economy Institute Limited Privacy Policy

About us

The Circular Economy Institute Limited (CEI) is a limited company registered in England and Wales with company number 15232864. The registered office address is Quadra, 500 Pavilion Drive, Northampton Business Park, Northampton, NN4 7YJ.

CEI is the data controller and is regulated as such by the UK Information Commissioner’s Office (ICO).

On 9 January 2024 the assets of the Circular Economy Institute S.L. (incorporated and registered in Spain with company number B42743807 whose registered office is at Calle Málaga 20, Urb Barlovento, Bungalow H7, 03195 Arenales del Sol, Elche , Alicante, Spain) was acquired by the Circular Economy Institute Limited and all data transferred from the Circular Economy Institute S.L. to the Circular Economy Institute Limited.

The Circular Economy Institute Limited is a wholly owned subsidiary of the Chartered Institution of Wastes Management (CIWM). CIWM is a company incorporated by Royal Charter and registered in England (No RC000777); and a charity registered in England and Wales (No 109096) and in Scotland (No SCO37903). The registered office address is CIWM, Quadra, 500 Pavilion Drive, Northampton Business Park, Northampton, NN4 7YJ.

Our commitment

The Circular Economy Institute Limited (CEI) is strongly committed to protecting your privacy and complying with your choices. Both personal and non-personal information collected is protected in accordance with the highest privacy and data protection standards adopted worldwide. We maintain robust and effective data protection protocol which comply with existing law and data protection principles, including those of the General Data Protection Regulations (GDPR).

  • Your information will not be shared, rented, or sold to any third party, unless required by applicable law or to fulfil legitimate service provision, i.e. delivery of Circular Economy Specialist Certification, workshops, and events.
  • We use modern security measures to protect your information from unauthorised users.
  • We limit the data we require from you only to what is necessary for providing our products and services to you and administering your relationship with us.
  • Where we require consent to process your personal data for specific purposes, we enable you to easily withdraw your consent.

Principles of the GDPR

The CEI is committed to processing data in accordance with its responsibilities under the GDPR, Article 5 of which requires personal data to be:

  1. processed lawfully, fairly and in a transparent manner in relation to individuals;
  2. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
  3. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
  4. accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
  5. kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
  6. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organisational measures.

Notice

We will clearly inform you when information that personally identifies you (“personal information”) is requested. We only collect personal data that is necessary for the purposes in which we need to process it. For example, we make it optional for you to provide data for:

  • To help us improve our services that we provide to you;
  • To help us to improve your experience when accessing our website. Some website functionality or services may be unavailable to users who do not provide their data, or who do not consent to the use of cookies and similar technologies on the CEI website.

We collect your information:

Directly from you

  • when you provide it to us directly by completing forms on the CEI’s website, or when corresponding with us by phone, email or otherwise;
  • when you register for a new account to become a CEI student, purchase our products and services or when you opt-in to receive communications from us (you can unsubscribe from CEI communications at any time);
  • when you provide permission to other organisations to share it with us (including social media networks, such as Facebook, LinkedIn or Twitter) or when you use our websites or other applications;

and/or

Indirectly from other sources

  • when you have given it to a third party and given your permission for them to pass your information to us.
  • When you visit our website, through social media etc.

The information we collect and how we use it

We only collect the information that is necessary to carry out our business, provide the service you have requested and keep you informed. The personal information we collect, or you give us, may include and how it is used is outlined below:

CEI students and event attendees

Data capturedname, contact information, including address, email address, location (city and country), employment information (speaker profile information, job title, and LinkedIn profile information), payment information, including debit/credit card details, event attendance information, other information necessary for you to purchase our products and services, or to enter into a contract with us and for us to fulfil that contract, username and password, IP address and information relating to how you interact with our website (host name, domain name, the time and date information is requested, and/or the browser type / version and platform when information is requested).

We may also collect other information about each of your visits to our site and linked third-party websites, including products and services, IP address, referring site, language preference, and information regarding what pages are accessed and when.

Purpose for processing

Lawful Basis

·      Complying with Company and financial Law – e.g. information HMRC

Legal Obligation

·      Providing information to legal authorities to prevent fraud, crime etc

Legal Obligation

·      Manage your website account with us

·      To enable you to interact with the websites and blog sites – e.g. browsing, accessing content, managing data, applications, registration, and payments etc

Legitimate Interest

·      To process your order or request for our products or services (such as Circular Economy Specialist Certification, workshops, webinars, etc.)

·      To administer your Circular Economy Specialist Certification

·      To administer your attendance at workshops and events and ensuring that we have relevant speakers

·      Processing payments, accounting, and administration (including, processing the delivery and payments of any products or services that you choose to purchase from us)

·      To respond to your requests and inquiries

·      Understanding the students, their role, and where to run workshops and events

·      Carry out our obligations arising from any contracts entered by you and us (for example, if you have purchased a product or service from us) or where we are required to do this by law or other regulations

Legitimate interest / contract

·      To notify you of changes to our services and policies

·    To send you information, updates and materials to students that is relevant to the programme

·    Transactional communications – e.g. about your renewal, booking confirmations etc.

Legitimate interest / contract

·      Managing the relationship with speakers and their attendance at workshops

·      Managing and promoting the speaker profile for workshops and events

Legitimate interest

·    To personalise your use of the website

·    To serve relevant advertisements to you when you visit our sites or other third-party sites

·    Collecting statistics about the behavior of visitors to its websites.

·    To seek your views or comments on the services we provide, request your participation in surveys, focus groups, or other initiatives which help us to gather information used to develop and enhance our products and services

Consent

·      Processing details in order to run the company

·      Manage reporting and business planning – we produce internal documents to monitor our own activities

·      To produce Annual Reports

Legitimate Interest

·      Providing details to emergency services in the event of life or death

Vital Interest

·      Accident and Health & Safety records

Legitimate Interest

Our website

We collect a certain amount of data about the people visiting our website. This is used only to make sure that we are providing content that people are using and finding useful. Our webserver and Google Analytics may collect certain information as outlined above. We use this information to produce aggregate visitor statistics in relation to which pages are being accessed. We may also use it to monitor usage patterns on this website in order to improve navigation and design features to help you get information more easily. This information is collated and provided to us as daily log files. These statistics will not include information that can be used to identify any individual.

Visitors can always refuse to supply personally identifying information, with the caveat that it may prevent them from engaging in certain website-related activities.

Lawful Basis for processing personal data

The CEI’s lawful basis for processing your personal data is your consent, soft-opt in under the e-privacy directive, and/or any other applicable legal bases, such as our legitimate interest in engaging in commerce and offering products and services that may be of value to you; where such processing is necessary to perform our contract with you or to take steps before entering into our contract with you; and/or where such processing is necessary to comply with our legal obligations, resolve disputes and enforce our contractual agreements. In the event of an emergency (for example, a medical emergency at an in-person event), CEI’s lawful basis for processing your personal data will be vital interest.

When you provide your personal information, we will process it in line with the appropriate lawful basis. Where consent is required for the processing, we will ensure that it is captured in line with the requirements of the GDPR. If you choose not to register or provide personal information, you can still use our website, but you will not be able to receive additional services or access certain areas that require registration. Where we require your consent for specific communications or for processing your personal data, you will have the opportunity to unsubscribe from further communications in each communication you receive from us, or to withdraw your consent; alternatively, you may contact us to express your choices at  info@ceinstitute.org or compliance@ciwm.co.uk.

You can withdraw your consent at any time by emailing  info@ceinstitute.org or compliance@ciwm.co.uk.

Access To Your Information

You are entitled to review your personal information at any time to ensure its accuracy, relevance, and/or currency. To review or update this information simply email  info@ceinstitute.org or compliance@ciwm.co.uk to request a copy of the information which we hold about you.

Security Of Information

The CEI is committed to protecting your information and ensuring that your choices are honoured. We have taken strong security measures to protect your data from loss, misuse, unauthorized access, disclosure, alteration, or destruction.

Inside the CEI, data is stored behind multiple firewalls on secure servers with restricted user access. We guarantee that all e-commerce transactions follow the latest security measures and use the best available technologies. Secure Sockets Layer (SSL) technology is employed when you place online orders or transmit sensitive information. SSL is one of the safest methods of passing information over the Internet.

Where you have a username or password (or other identification information) which enables you to access certain services or parts of our website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Our website, which has a URL starting https://, is a secure website which is scanned regularly (at least once per calendar quarter) for compliance with the credit card companies’ security requirements. We do not store any financial information, including debit/credit card details, on our website. Where you choose to pay online via debit/credit card to purchase any of our services or products, your payment will be processed and managed through our secure website and links automatically to an independent third-party payment solution provider.

Retention Of Information

We retain information as long as it is necessary to provide the services requested by you and others, subject to any legal obligations to further retain such information. Information associated with you will generally be kept until it is no longer necessary to provide the services or until you ask us to delete it, or your account is deleted, whichever comes first. Additionally, we may retain information from deleted accounts to comply with the law, prevent fraud, resolve disputes, troubleshoot problems, assist with investigations, enforce the Terms of Use, and take other actions permitted by law. The information we retain will be handled in accordance with this Privacy Policy. Finally, your data could also be stored for sales statistical purposes.

Your Rights

If we process your personal data, you have the right to access, rectify, or erase your information, as well as the right to restrict and object to certain processing of your information. While some of these rights apply generally, certain rights apply only in certain limited circumstances:

  • The right to be informed: When collecting personal information, the CEI will provide to the data subject free of charge, a copy of this Privacy Policy.
  • The right of access: The data subject shall have the right to obtain from us confirmation as to whether or not personal data concerning them are being processed, and, where that is the case, access to their personal data and the information detailed in this Privacy Policy.
  • The right to rectification: The data subject shall have the right to require us, as the controller, without undue delay to rectify any inaccurate or incomplete personal data concerning them.
  • The right to erase (the right to be forgotten): Except where the data are held for purposes of legal obligation or public task (see above) the data subject shall have the right to require us, as the controller, without undue delay to erase any personal data concerning them.
  • The right to restrict processing: Where there is a dispute between the data subject and the controller about the accuracy, validity or legality of data held by the CEI the data subject shall have the right to require us, as the controller to cease processing the data for a reasonable period of time to allow the dispute to be resolved.
  • The right to data portability: Where data are held for purposes of consent or contract the data subject shall have the right to require us, as the controller to provide them with a copy in a structured, commonly used and machine-readable format of the data which they have provided to us, as the controller, and have the right to transmit those data to another controller without hindrance.
  • The right to object: The data subject shall have the right to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them which is based on Public Task or Legitimate Interest, including profiling based on those provisions. We shall no longer process the personal data unless, as the controller we demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
  • Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning them for such marketing, which includes profiling to the extent that it is related to such direct marketing.
  • Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
  • Rights in relation to automated decision making and profiling: Except where it is a) based on the data subject’s explicit consent, or b) necessary for entering into, or performance of, a contract between the data subject and a data controller, the data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.

Sharing your personal data

The CEI is committed to only sharing personal data in line with the purposes that it is processed. For example, we will share your data with those who process data for or on our behalf (for example our data processors who provide our systems to process your data provider WordPress, Mailchimp, Microsoft, PayPal, Zoom and our IT support provider, Dragon Information Systems Limited). We will also share your information where we have a legal obligation to do so, or if it is in your vital interest (e.g. in the event of an emergency). We also share information with venue hosts when you attend our in-person events.

We may on occasion require the help of other companies to provide limited services on our behalf, such as packaging, shipping and delivery, customer support and processing event registrations. We will only provide such companies with the information required for them to perform these services; these service providers are bound by strict privacy policies and are prohibited from using your information for any other purpose.

In very rare instances the CEI may disclose your personal information, without notice, if required to do so by law or in the good faith belief that such action is necessary to:

(a) conform to the edicts of the law or comply with legal process served on the CEI;
(b) protect and defend the rights or property of the CEI and its family of websites and properties; and
(c) act in urgent circumstances to protect the personal safety of members, volunteers, or staff of the CEI, its websites, or the public.

We take all reasonable steps to ensure our staff protect your personal data and are aware of their information security obligations. We limit access to your personal data to those who have a genuine business need to access it. We may also share your personal data with trusted third parties including:

  • legal and other professional advisers, consultants, and professional experts;
  • service providers contracted to us in connection with provision of the products and services such as providers of IT services and customer relationship management services; and
  • analytics and search engine providers that assist us in the improvement and optimisation of our website.

We will ensure there is a contract in place with the categories of recipients listed above which include obligations in relation to the confidentiality, security, and lawful processing of any personal data shared with them.

Business Transfers

We will never share or sell your data to third party organisations without your permission, or without an appropriate lawful basis. If CEI, or substantially all of its assets, were acquired, or in the unlikely event that CEI goes out of business or enters bankruptcy, user information would be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquirer of CEI may continue to use your personal information as set forth in this policy.

International transfers

Where a third-party recipient is located outside the European Economic Area, we will ensure that the transfer of personal data will be protected by appropriate safeguards, namely the use of standard data protection clauses adopted or approved by the UK and EU where the data protection authority does not believe that the third country has adequate data protection laws.

We will share personal data with law enforcement or other authorities if required by applicable law.

Use of cookies
Like many other websites, the CEI website uses cookies. Cookies are small pieces of information sent by an organisation to your computer and stored on your hard drive to allow that website to recognise you when you visit. They collect statistical data about your browsing actions and patterns and do not identify you as an individual. For example, we use cookies to store your country preference. This helps us to improve our website and deliver a better, more personalised service. It is possible to switch off cookies by updating your browser preferences. For more information on how to switch off cookies on your computer, visit our full Cookie Policy. Please be aware that turning cookies off may result in a loss of functionality when using our website.

IP addresses

We use IP addresses to analyse trends, administer the website, track users’ movements, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.

Links to other websites
Our website may contain links to websites run by other organisations (e.g. links to PayPal for credit card payments and other service providers, including advertisers). These are provided for your convenience. They do not signify that we endorse the website, and we have no responsibility for the content on the linked site(s). This Privacy Policy applies only to the CEI website, so when you link to other websites you should read their own privacy policies and their terms and conditions.

How to opt-out

We provide users with the opportunity to opt-out from receiving updates on our products and services, newsletters, and other communications from us. You can opt-out by clicking on the link provided in our electronic mailings or by emailing info@ceinstitute.org or compliance@ciwm.co.uk.

Changes to this policy

If we update our Privacy Policy, we will post changes here so that you are always aware of what information we collect, how we use it and under what circumstances, if any, we disclose it. If at any point we decide to use your information in a manner different from that stated at the time it was collected, we will notify you by email.

Enforcement of this policy

If for some reason you believe the CEI has not adhered to these principles, please notify us and we will do our best to promptly make corrections. Alternatively, if you wish to raise a complaint on how we have handled your personal data, you can contact our Data Controller at info@ceinstitute.org or compliance@ciwm.co.uk who will investigate the matter. If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, you can make a formal complaint to the Information Commissioner’s Office at https://ico.org.uk.

Questions or comments

If you have questions or comments about this privacy policy, please email us at at info@ceinstitute.org or compliance@ciwm.co.uk or write us at:

Data Controller
Circular Economy Institute Limited
Quadra
500 Pavilion Drive
Northampton Business Park
Northampton
NN4 7YJ

UPDATED JANUARY 2024