1. Controllers of Personal Information
Cavell Group BV and Illume Consulting Ltd are controllers of personal information collected in order to provide you information and services from the Cavell Group. This privacy notification explains what we collect, for what purpose, and how to exercise your rights under the EU General Data Protection Regulation (GDPR) and the UK Data Protection Laws.
The Cavell Group is the trading name of Cavell Group BV a Dutch company whose registered address is Amsteldijk Zuid 181, 1188 VN Amstelveen, Netherlands and kvk number is: 32096658. It is also the trading name of Cavell Group BV’s wholly owned subsidiary Illume Consulting Ltd, a UK company, whose registered address is 37 Colchester Road, West Mersea, Colchester, Essex, CO5 8RP, UK and company house number is 05478014.
2. Purpose and scope of processing by Cavell Group
Cavell Group processes data to offer its services, provide you content, gather feedback on our offerings, and inform you about other offerings and related services as they become available.
The main services we offer include:
- Market research and other industry content
- Industry Events and webinars to increase interaction within our industry
- Consulting to improve your overall business, services, organisations or technical planning and architecture
- Engineering services to audit, migrate or improve specific technical instances
- Education services to improve both technical knowledge and business acumen
- Commercial and technical Diligence with parties interested in mergers or acquisitions
These are in general business to business services.
Where appropriate when you (your company) purchase a service, we will sign a specific agreement related to that engagement. Absent such an agreement this privacy notice governs how we treat personal data.
Cavell Group does not sell or transfer control of any information to third parties other than to engage sub-processors necessary to perform our services as detailed below.
Cavell Group may receive personal information from other data controllers in conjunction with performing our services or determining interest in our services. For example, our customers may either recommend or purchase event passes for individuals, or we may occasionally get marketing lists from third parties. In this case the individual will receive notification by email and all the protections of this privacy agreement apply.
Cavell Group processes the following data that may be personal data:
- Email address
- First and Last name
- Contact telephone number
- Record of services purchased (for example event attendance, reports/PDFs downloaded, lab rentals)
- Record of information requests and interactions with our team
- Credit card or bank account information
- IP address information, website navigation history and other information we collect via cookies.
3. Data Retention Policy of Cavell Group
In general, we hold information 2 years after last interaction or until you ask us to delete the data. For certain types of information, needed for invoicing for example, we will hold the information for the legally required time periods.
4. Protection of the data and your rights
Cavell Group uses industry accepted practices to ensure the security of its network and data. It has put in place both technical and organizational controls to prevent and detect breaches of personal data. Cavell Group personnel that process data are bound by confidentiality and professional standard of care agreements.
You may ask us to delete your data at any time, by emailing firstname.lastname@example.org. If you have purchased a service from us, deleting the data is only possible at termination of the service.
You may request that we provide you a copy of any personal data we store at email@example.com.
You may address any complaints related to privacy at firstname.lastname@example.org or you may contact your supervisory authority.
5. Sub-processors of Cavell Group and place of processing
Cavell Group undertakes to inform you when it uses sub processors and to undertake the necessary diligence that the sub-processor is bound to comply to requirements of the GDPR and UK data protection laws.
Our sub processors are bound by Data processing agreements and or our specific written instructions. They either process the data without transfer from UK or Europe or are bound by appropriate methods (standard clauses, adequacy agreement) to treat the data in accordance to GDPR when they transfer it to other countries such as the United States. The majority of our processors operate globally and are US headquartered companies.
- Dropbox and Google for storing documentation such as invoices, itemized lists of data and backups of other system data
- Google for emailing of multiple types of communication
- Amazon Web Services and Google Cloud for database storage and other computer infrastructure
- Citrix ShareFile to securely share documents with you
- Stripe and Paypal for processing payment transactions, and occasionally directly with the relevant bank for payment transactions
- Xero and Kleistien our UK and Dutch accounting systems, if you are a contact for payment and other accounting processes
- Hubspot for Customer Relationship Management, communications and marketing campaigns
- Capsule CRM for storing information related to your purchases, our business interactions and your expressed interest in our Services
- Campaign Monitor for communicating news
- Eventbrite and Hopin for events registration
- SurveyMonkey for research surveys and customer feedback
- A wide range of communication services including Zoom and Microsoft teams for video and voice webinars and conferences, RingCentral and KPN for voice communications and mobile operators for making mobile calls
- com for project management and coordination on projects
- Independent subcontractors that perform services such as consulting, event coordination, teaching – in these cases, the personal data is limited to what is necessary for the specific service and the subcontractor is bound by a data privacy agreement
Cavell Group retains right to change sub processors and will in such cases update this privacy notice.
6. EU General Data Protection Regulation and UK Data Protection Laws - Legal Basis
The EU GDPR and UK data protection laws require a legal basis for our use of personal information. Our basis varies depending on the specific purpose for which we use personal information. We use:
- Performance of a contract when we provide you with products or services, or communicate with you about them. This includes when we use your personal information to take and handle orders, deliver products and services, and process payments.
- Our legitimate business interests and the interests of our customers when we improve Cavell Group services, when we detect and prevent fraud and abuse in order to protect the security of our customers, ourselves, or others, and when we provide you with interest-based marketing information.
- Your consent when we ask for your consent to process your personal information for a specific purpose that we communicate to you. When you consent to our processing your personal information for a specified purpose, you may withdraw your consent at any time and we will stop processing of your data for that purpose.
- Compliance with a legal obligationwhen we use your personal information to comply with laws. For instance, storage of invoice information for accounting purposes.
7. Contacts, Notices & Revisions
If you have any concern about privacy at Cavell Group or want to contact one of our data controllers, please contact us with a thorough description and we will try to resolve the issue for you. You can file a complaint with our principal supervisory authority, the Dutch Data Protection Authority, the Information Commissioner’s Office, or with another local authority.
Our business changes constantly and our Privacy Notice will change also. You should check our website frequently to see recent changes. Unless stated otherwise, our current Privacy Notice applies to all information that we have about you and your account. We stand behind the promises we make, however, and will never materially change our policies and practices to make them less protective of customer information collected in the past without the consent of affected customers.