Privacy Policy and Data Protection
Thank you for your interest in Cademi! We are committed to protecting and respecting your privacy when you use our website at www.cademi.io and our Services.
In principle, we will only use your personal data in accordance with applicable data protection laws, in particular the UK`s Data Protection Act (“DPA”) and the General Data Protection Regulation (“GDPR”) and of course only as described in this privacy policy.
What is Personal Data?
Personal data is any information relating to personal or material circumstances that relates to an identified or identifiable individual. This includes, for example, your name, date of birth, e-mail address, postal address, or telephone number as well as online identifiers such as your IP address. In contrast, information of a general nature that cannot be used to determine your identity is not personal data. This includes, for example, the number of users of a website.
Responsible for data processing
Responsible for data processing is:
Cademi Ltd
1st Floor Phoenix House,
Leeds, LS1 5QX, UK
Phone: 0330 111 6616
E-Mail: info@cademi.io
Facebook, LinkedIn
General Information on Data Processing
a) The legal bases of processing
All personal data that we obtain from you via the website will be processed for the purposes described in more detail below. This is done within the framework of the DPA and the GDPR or with your consent. In particular, we process personal data only when processing is permitted and if:
- you have given your consent,
- the data is necessary for the fulfilment of a contract / pre-contractual measures,
- the data is necessary for the fulfilment of a legal obligation or
- the data is necessary to protect the legitimate interests of our company, provided that your interests are not overridden.
b) Your data subject rights
The following rights are available to you as a data subject:
- the right to information,
- the right to rectification,
- the right to erasure,
- the right to restriction of data processing,
- the right to data portability,
- the right to object to data processing,
- the right to revoke any consent you have given, and
- the right to lodge a complaint with the competent supervisory authority.
Please contact us at any time with questions and suggestions regarding data protection and/or to enforce your rights, using info@cademi.io.
c) Exercising your rights
If you wish to access your personal data or exercise any of the rights listed above, you should apply in writing, providing evidence of your identity. Any communication from us in relation to your rights as detailed above will be provided free of charge. However, in case of requests that are manifestly unfounded or excessive, in particular because of their repetitive character, we may charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested; or refuse to act on the request.
d) Updating your information
If you believe that the information, we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please contact us using info@cademi.io.
e) The competent supervisory authority
The Information Commissioner`s Office (ICO) is the relevant authority in the UK. The ICO is located at Wycliffe House, Water Ln, Wilmslow SK9 5AF, UK (www.ico.org.uk). If you believe that the processing of your personal data is not lawful, you can lodge a complaint with a data protection supervisory authority. We would, however, appreciate the chance to deal with your concerns before you approach any Supervisory Authority.
f) International data transfer
In the course of our business and website operations, we process data. This also includes disclosure by transmission to third parties and, where applicable, to so-called third countries outside the UK and the EEA. Where we transfer data outside the UK or the EEA, we make sure to use the necessary and appropriate safeguards to ensure that the security of your personal data is maintained and guaranteed. In particular those include standard contractual clauses, binding corporate rules and data processing agreements. If you have any questions relating to our third-party providers, please refer to their relevant Privacy Policies or contact us for further details using info@cademi.io.
g) Storage and retention of your data
We process and store your personal data only for the period of time required to achieve the respective processing purpose or for as long as a legal retention period (in particular commercial and tax law) exists. Once the purpose has been achieved or the retention period has expired, the corresponding data is routinely deleted.
h) Security
We have implemented technical and administrative security measures to protect your personal data against loss, destruction, manipulation, and unauthorised access. All our employees and service providers working for us are bound by the applicable data protection laws.
Whenever we collect and process personal data, it is encrypted before it is transmitted. This means that your data cannot be misused by third parties. Our security measures are subject to a continuous improvement process and our privacy policy is constantly being revised.
Nonetheless, databases or data sets that include personal data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose personal data may have been compromised, and the notice will be accompanied by a description of action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after the breach was discovered.
Processing of Automatically Collected Data
a) Collection of access data and log files
We collect data on every access to our website. The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.
Log file information is stored for security reasons (e.g., for the clarification of abuse or fraud) for a maximum of 7 days and then deleted. Data whose further storage is necessary for evidentiary purposes is exempt from deletion until the respective incident is finally clarified. The legal basis for the data processing is our legitimate interest in providing an appealing website.
b) Use of cookies
We use so-called cookies on our web site. Cookies are small text files that are stored on your respective device (PC, smartphone, tablet, etc.) and saved by your browser. For further information please refer to our Cookie Policy. The legal basis for the use of cookies is your consent as well as our legitimate interest.
c) Google Tag Manager
We use Google Tag Manager, a web analytics service provided by Google, Inc. This service allows website tags to be managed via an interface. The Google Tag Manager only implements tags. No cookies are set, and no Personal information is collected. The Google Tag Manager triggers other tags that may collect data. The Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, it remains in place for all tracking tags, insofar as these are implemented with the Google Tag Manager. More information on the Google Tag Manager can be found at the following link: http://www.google.com/tagmanager/use-policy.html. The legal basis for the data processing is our legitimate interest.
d) Google Fonts
We use Google Fonts on our website to display external fonts. This is a service provided by Google Inc. To enable the display of certain fonts on our website, a connection to the Google server in the USA is established when our website is accessed. The connection to Google established when you call up our website enables Google to determine which website sent your request and to which IP address the display of the font is to be transmitted. The legal basis for the data processing is our legitimate interest.
e) reCAPTCHA
We also use Google`s reCAPTCHA from Google Inc of 1600 Amphitheatre Parkway Mountain View, CA 94043, US to check whether data input is made by a human being or by an automated program. For this purpose, reCAPTCHA analyses the behaviour of the website visitor on the basis of various characteristics. This analysis begins automatically as soon as the website visitor enters the website. The legal basis for the data processing is our legitimate interest in operating a secure and spam free website.
f) YouTube Videos
We have integrated components from YouTube. The integration requires that YouTube can perceive your IP address. The IP address is required in order to send the video content to your browser. If you click on a video on our website, your browser will be prompted by the component to download a corresponding representation of the component. In this way, YouTube knows which specific sub-pages you have visited. The legal basis for the data processing is our legitimate interest and your consent.
g) Content Management System (CMS)
We use the Content Management System (CMS) of WordPress a service provided by Automattic Inc, to publish and maintain the created and edited Content and texts on our website. This means that all content and texts submitted to us by users for publication is transferred to WordPress. In addition to texts, this also includes, for example your data in our forms. The legal basis for this processing is our legitimate interest.
h) Hosting
To provide our website, we use the services of Fastly Inc, who process the below-mentioned data and all data to be processed in connection with the operation of our website on our behalf. The legal basis for the data processing is our legitimate interest in providing our website.
Data processing when you submit it to us
When you contact us through our website or use our services, some data is collected and processed by us or on our behalf by our selected third-party providers.
a) Contacting us
If you contact us, we process the following data from you for the purpose of processing and handling your request: first name, last name, e-mail address, and, if applicable, other information if you have provided it, and your message. The legal basis for the data processing is our obligation to fulfil the contract and/or to fulfil our pre-contractual obligations and/or our overriding legitimate interest in processing your request.
For the Chat, we use Drift Chat provided by Drift.com, Inc. We have no influence on the processing of data by Drift and no possibility to influence it. The legal basis of the data processing is our obligation to fulfil the contract and/or to fulfil our pre-contractual obligations and/or our legitimate interest in processing your enquiry.
b) Booking a Demo
For booking a Booking a Demo in an easy and convenient way, we use Calendly. Your data from the form will be transferred to our appointment account at Calendly after you press the “Book appointment” button. You will then receive a confirmation email with a link to the event. Your data will be kept at Calendly until the purpose for storing the data no longer applies (appointment made) or you request us to delete it. Calendly undertakes not to pass on your data to third parties. The legal basis is your consent as well as our legitimate interest.
c) Data management and customer support
For optimal customer support, we use first name, last name, e-mail address, and the data related to your contract with us. Your data may be stored on our website and or our customer relationship management system ("CRM system"). This data processing is based on our legitimate interest in providing our customer service.
d) Contract processing
We process your company details, first name, last name, e-mail address, and the data related to your contract with us data to handle the contractual relationship between you and us. The legal basis for the data processing is the fulfilment of our contractual obligations and, in individual cases, the fulfilment of our legal obligations.
e) When using our services and licensing Cademi
We process the data of our clients and registered users, in order to be able to provide our contractual services as well as to ensure the security of our services and to be able to develop it further. The required information is identified as such in the context of the order, purchase order or comparable
contract conclusion and includes the information required for the provision of services and billing as well as contact information.
Unless otherwise specified the purposes of processing are contractual performance and service, contact requests and communication, office and organisational procedures, administration, and response to requests. The legal basis for the data processing is the fulfilment of our contractual obligations and, in individual cases, the fulfilment of our legal obligations as well as your Consent.
We store the information you provide for the period of processing and handling the licensed services. Afterwards, your data will be deleted. Data that we are required to store due to legal, statutory, or contractual retention obligations will be blocked instead of being deleted to prevent it being used for other purposes. The processing of the data serves the fulfilment of the contract with you. Please note when using our services and are licensing Cademi, you become the data controller and we become the data processor in accordance with Art. 29 of the GDPR, for further information please contact us.
f) Careers and Applications
If you apply for a role or job, we process the information we receive from you as part of the application process, e.g., through your letter of application, CV, references, correspondence, telephone, or verbal details. In addition to your contact details, information about your education, qualifications, work experience and skills is particularly relevant to us.
Your data will initially be processed solely for the purpose of carrying out the application process. If your application is successful, it will become part of your personnel file and will be used to carry out and terminate your employment and will be deleted in accordance with the rules applicable to personnel files. If we are unable to offer you employment, we will continue to process your data for up to six months after sending the rejection in order to defend ourselves against any legal claims, in particular alleged discrimination in the application process.
The legal basis for processing data during the application process is the initiation of a contract and, if you have given your consent, for example by sending us information that is not necessary for the application process, it is consent. The legal basis for data processing after a rejection is our legitimate interest.
Transfer of personal data
We will not disclose or otherwise distribute your personal data to third parties unless this:
- is necessary for the performance of our services,
- you have consented to the disclosure,
- or the disclosure of data is permitted by relevant legal provisions.
However, we are entitled to outsource the processing of your personal data in whole or in part to external service providers acting as processors within the framework of the DPA and GDPR. External service providers support us, for example, in the technical operation and support of the website, data management, the provision and performance of services, marketing, as well as the implementation and fulfilment of reporting obligations.
The service providers commissioned by us however will process your data exclusively in accordance with our instructions and we remain in accordance with the DPA and GDPR responsible for the protection of your data. Doing so we always make sure that service providers commissioned by us are carefully selected, follow strict contractual regulations, technical and organisational measures, and additional controls by us.
We may also disclose Personal Data to third parties if we are legally obliged to do so e.g., by court order or if this is necessary to support criminal or legal investigations or other legal investigations or proceedings at home or abroad or to fulfil our legitimate interests.
Miscellaneous
a) Automated decision-making
Automated decision-making including profiling pursuant to Art. 22 (1) and (4) GDPR does not take place on the part of Cademi.
b) Links to other providers
Our website also contains – clearly recognisable – links to the websites of other companies. Insofar as there are links to websites of other providers, we have no influence on their contents. Therefore, no guarantee or liability can be assumed for these contents. The respective provider or operator of the pages is always responsible for the content of these pages.
The linked pages were checked for possible legal violations and recognisable infringements at the time of linking. Illegal contents were not recognisable at the time of linking. However, permanent monitoring of the content of the linked pages is not reasonable without concrete indications of a legal violation. Such links will be removed immediately if infringements of the law become known.
c) Personal information and children
Most of the services available on this website are aimed at people aged 18 and over. We will not knowingly collect, use or disclose personal information from minors under the age of 18 without first obtaining consent from a legal guardian through direct offline contact. The parent or guardian will be provided with (i) information about the specific type of personal information being collected from the minor, (ii) the purpose for which it will be used, and (iii) the opportunity to object to any further collection, use or storage of such information. We comply with youth protection laws.
d) Online presences in social media
We maintain online presences within social networks and platforms (LinkedIn, and Facebook) in order to be able to communicate with the customers, interested parties and users active there and to inform them about our services there. When calling up the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply. Unless otherwise stated in our privacy policy, we process the data of users if they communicate with us within the social networks and platforms, e.g., write posts on our online presences or send us messages.
e) Am I Obliged to Provide Data?
The processing of your data is necessary for the conclusion or fulfilment of the contract you have entered into with us. If you do not provide us with this data, we will usually have to refuse to conclude the contract or will no longer be able to perform an existing contract and consequently have to terminate it. However, you are not obliged to give your consent to data processing with regard to data that is not relevant for the fulfilment of the contract or that is not required by law.
Closing
Can we make changes to this Privacy Policy?
We reserve the right to update and amend all or parts of this Privacy Policy, at any time, to the fullest extent permitted under applicable law. The version published on the Site is the version actually in force.
As an individual whose personal information is processed as described in this Privacy Policy, you have a number of rights which are summarised above. Please note that exercising these rights is subject to certain requirements and conditions as set forth in applicable law.
Questions, suggestions, or comments
If you have any questions, suggestions, or comments on the subject of data protection, please do not hesitate to contact us.