Who we are
CMG is a “data controller” which means we are responsible for deciding how we hold and use personal information about you.
This Privacy Notice applies to all business customers (“you” or “your”) or services that link to it (collectively, our “Services”). Occasionally, a Service will link to a different Privacy Statement that will outline the particular privacy practices of that Service (e.g. website and cookies).
Please read this Privacy Notice carefully and contact our Data Protection Officer if you have any questions about our privacy practices or your personal information choices.
Attn: Data Protection Officer
Confetti Media Group
6-10 Convent Street
Nottingham, NG1 3LL
Email: [email protected]
We may need to update this Privacy Notice from time to time. If changes made to this Privacy Notice are considered to be material, we will notify you of the changes.
CMG is committed to the responsible handling and protection of personal information. Personal Data, or personal information, means any information about an individual from which that person (a “Data Subject”) can be identified. It does not include data where the identity has been removed (anonymous data). The information will be Personal Data if a person can be identified either directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person. For example personal data may include names, addresses, email addresses and telephone numbers; it may also include images in photographs or films and recorded telephone conversations.
Why we process your data
We collect, use, disclose, transfer, and store personal information to provide Services to you and for our operational and business purposes as described in this Privacy Notice. We want to be clear about our privacy practices so that you are fully informed and can make choices about the use of your information, and we encourage you to contact us at any time with questions or concerns.
The types of personal information we collect
We collect personal information from you, for example, if you register for an event, request information, or use any of our Services. The categories of personal information that we may collect, store and use about you include (but are not limited to)
- Name, address, telephone number, email;
- Your country of birth, nationality;
- Date of birth and gender;
- Communications relating to decision we make;
- Bank details and/or payment card details;
- Visual images / photographs (including CCTV);
- Computing and email information including login details, network access and library usage.
In some circumstances, we may also collect, store and use the following the “special categories” of more sensitive personal information which may include (but are not limited to) racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual orientation, biometric or genetic data, and Personal Data relating to criminal offences and convictions we have asked you to declare.
We may process special category personal information in the following circumstances:
- In limited circumstances, with your explicit written consent;
- Where we need to carry out our legal obligations or comply with relevant legislation;
- Where it is needed in the public interest, such as for equal opportunities monitoring and reporting or to carry out Criminal Record background checks.
How we collect your data
Not all the personal information CMG holds about you will always come directly from you. Apart from the data that you provide to us, we may also process data about you from a range of sources, which include (but are not limited to):
- Data that we and our staff generate about you, such as notes of business interactions, emails sent;
- Through interactions you have with individual Services at CMG;
- Through third parties;
- Through our Digital Services: which are the website and any other CMG authorised internet services, websites, products, social media, mobile phone apps and/or software applications that enable you to use, access, view, listen to and/or download CMG content or to interact with us online (or through any other digital means) on any device. We collect information that you provide to us by filling out forms on the website or by corresponding with us through the Digital Services. It includes information that you provide when you participate in discussion boards or other social media functions within the Digital Services, enter a competition, promotion or survey, and when you report a problem with the Digital Services;
- Email or telephone correspondence you have with CMG or instant messaging.
If you pay or contribute to Services from CMG, we will collect payment information, such as financial or bank card information, and other information necessary for us to process the transaction.
Our servers, logs, and other technologies automatically collect certain information to help us administer, protect, and improve our Services; analyse usage; and improve users’ experience.
CMG uses CCTV around its site, and will collect and store information. For full details of our CCTV use, please refer to our CCTV Policy.
How we use data about you
We use your personal information for the following purposes:
- For the administration of our business relationship with you
- To provide you with information on products or services that you may request from us, or which we feel may be of interest to you;
- To enable all financial transactions to and from us;
- The administration of any membership cards;
- To collect payment for Services, and for the collection of debt;
- To carry out our contractual obligations with you which will include the operation and delivery of any Services you have requested, deal with requests and enquiries;
- Where it is necessary to comply with a legal obligation;
- To provide management statistics to enhance the customer experience;
- For security and safety purposes (e.g. through the use of CCTV);
- To ensure that content from our website or Services is presented in the most effective manner for you and for your computer or device by gathering aggregate information about our users, using it to analyse the effectiveness and efficiency of communications;
- Where you have agreed for the purpose of consulting, informing and gauging your opinion about our products and Services, for example, surveys;
- To ensure we meet our statutory obligations, including those related to diversity and equal opportunity;
- Photographs of our facilities, or general activity in common areas of CMG as part of general marketing materials, for example in our reports or brochures. Personal data alongside photographs will only be used with explicit consent;
- To ensure compliance with the Prevent Duty under the Counter Terrorism & Security Act 2015;
- To notify you about changes to our Services.
- Progressive profiling – we may use your personal information to better personalise communications to you;
- Analysing web behaviour – we may use your personal information to recognise web visitors on and off our Digital Services to improve experiences, analyse marketing activities, understand audiences, and personalise content for our Digital Services, applications and advertising;
- Targeting advertising – using data collected automatically on and off our Digital Services to target and tailor advertising and analyse marketing activities (e.g. retargeting users from our website, or using anonymous data segments created by trusted partners who may collect your data);
- Internal data matching – to enable us to merge certain types of data collected by CMG to identify known and unknown users and map interactions with CMG’s Digital Services to CRM (Customer Relationship Management) platforms and applications, for purposes of personalising content, understanding audiences, analysing marketing performance and targeting advertising; and
- External data matching – to match customer lists with online platforms (e.g. through applications such as Facebook Custom Audiences and Google Customer Match) to target and tailor advertising, understand audiences and analyse marketing activities.
Who we share your data with
CMG shares or discloses personal information when necessary to provide Services or conduct our business operations. When we share personal information, we do so in accordance with data privacy and security requirements. We may occasionally share non-personal, anonymised or pseudonymised, and statistical data with third parties.
We may share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legal requirement or legitimate interest in doing so. Third parties will only process your personal data on our instructions and where they have agreed to treat that information confidentially and to keep it secure.
Below are the parties with whom we may share personal information and why;
- Within CMG: Associated entities or services are provided data by a variety of teams and functions, and personal information will be made available to them if necessary for the provision of Services, account administration, marketing, and technical support, for instance.
- Our business partners or suppliers: We occasionally partner with other organisations to deliver co-branded content or events (e.g. conferences and seminars). As part of these arrangements, you may be a customer of both CMG and our partners, and we and our partners may collect and share information about you. CMG will handle personal information in accordance with this Privacy Notice, and we encourage you to review the privacy statements of our partners to learn more about how they collect, use, and share personal information.
- Our third-party service providers: We partner with and are supported by service providers both in the UK around the world. Personal information will be made available to these parties only when necessary to fulfil the services they provide to us, such as direct marketing services; advertising; data analytics. Our third-party service providers are not permitted to share or use personal information we make available to them for any other purpose than to provide services to us.
- Debt collection agencies and payment service providers.
- We may be required to use and retain personal information for legal and compliance reasons, such as the prevention, detection, or investigation of a crime; loss prevention; fraud or safeguarding.
- We may also use personal information to meet our internal and external audit or governmental requirements, information security purposes, and as we otherwise believe to be necessary or appropriate.
(a) Under applicable law, which may include laws outside your country of residence;
(b) To respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include such authorities outside your country of residence;
(c) To enforce our terms and conditions; and
(d) To protect our rights, privacy, safety, or property, or those of other persons.
How long we keep your data for
We will not store your personal information for longer than is necessary. CMG will ensure that our trusted partners and selected third parties with whom we share your personal information in accordance with this Privacy Notice will delete your personal information when they no longer require it.
In determining data retention periods, CMG takes into consideration local laws, contractual obligations, and the expectations and requirements of our data subjects. When we no longer need personal information, we securely delete or destroy it.
How we secure your data
We have in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business requirement to know.
CMG takes data security seriously, and we use appropriate technologies and procedures to protect personal information. For example:
- Policies and procedures – measures are in place to protect against accidental loss and unauthorised access, use, destruction, or disclosure of data.
- Business Continuity and Disaster Recovery strategies that are designed to safeguard the continuity of our service to our clients and to protect our people and assets.
- Appropriate restrictions on access to personal information.
- Monitoring and physical measures, to store and transfer data securely.
- Data Privacy Impact Assessments (DPIA) in accordance with legal requirements and our business policies.
- Periodic training on privacy, information security, and other related subjects for employees and contractors.
- Vendor risk management.
- Contracts and security reviews on third-party vendors and providers of services.
How we keep your data secure in other countries
Your personal information may be transferred by us or our trusted partners outside of the European Economic Area (the “EEA”). The trusted partners that may do this are organisations who process data for business purposes, marketing or analysis. CMG collaborates with third parties such as cloud hosting services, suppliers, and technology support located around the world to serve the needs of the business.
CMG takes appropriate steps to ensure that personal information is processed, secured, and transferred according to applicable law, and shall ensure that your personal information transferred to countries outside of the EEA is adequately protection by transferring the personal information on terms of the standard data protection clauses adopted by the European Commission.
This means your rights and protection remain with your data, i.e.: CMG ensures that the recipients of your personal information protect it.
We respect your right to access and control your information, and we will respond to requests for information and, where applicable, will correct, amend, or delete your personal information.
Under certain circumstances, by law you have the right to:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of personal information that we hold about you. This enables you to ask us to correct any incomplete or inaccurate information we hold about you.
- Request erasure of your personal information in limited circumstances. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are processing your personal information on the basis of our legitimate interest (or that of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction or suspension of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Object to any direct marketing (for example, email marketing or phone calls) by us, and to require us to stop such marketing.
- Object to any automated decision-making about you which produces legal effects or otherwise significantly affects you.
- Request the transfer of your personal information to another party.
How to contact us
If you are concerned about an aspect of your relationship with CMG, you can bring your concerns to the attention of relevant staff, to enable investigation of the concerns with the aim of satisfactory resolution.
Please contact us with any requests related to your personal information, or with any questions or queries you may have about this statement. Our DPO contact is: [email protected].
If you are not satisfied with how Confetti manages your personal data, you have the right to make a complaint to a data protection regulator. The ICO contact details are: https://ico.org.uk/global/contact-us/