1. INTRODUCTION
This notice (together with our terms of use and any other documents referred to in it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. We may process your personal data in connection with your visit or use of our websites, applications or online tools (each a “CDP Online Offering”) or our business relationship with you. Please read it carefully to understand how we will treat your personal data.
For the purpose of the General Data Protection Regulation (the “GDPR”), , act as data controller/controller and as joint controllers as set out in more detail in clause 9 below. You can find the contact details in Appendix 1.
2. PERSONAL DATA WE MAY COLLECT
We may collect and process the following personal data about you:
- Your name, job title and professional contact details (phone number, email and office address);
- Information that you provide by contacting us or by filling in forms on our sitewww..org ( our “site”);
- This includes information provided at the time of registering to use our site, subscribing to our service, posting material or requesting further services. We may also ask you for information when you report a problem with our site; if you contact us, we may keep a record of that correspondence;
- Information that is automatically sent to us by your web browser or device, such as your IP-address, device type, browser type, referring site, sites accessed during your visit, the date and time of each visitor request;
- Personal data collected from publicly available resources or received from third parties.
3. HOW WE STORE YOUR PERSONAL DATA
We take appropriate measures to ensure that your personal data is kept secure, including preventing it from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal data to those who have a legitimate business need to view it.
Those processing your personal data will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted through any online means.
4. WHERE WE STORE YOUR PERSONAL DATA
We predominantly store personal data in secure laptops based in the UK.
5. MADE OF YOUR PERSONAL DATA
We use information held about you in the following ways:
(a) To ensure that content from our site is presented in the most effective manner for you and for your computer;
(b) To verify your identity (if you registered for a CDP Online Offering) and to answer and fulfil your specific requests;
(c) To ensure compliance with legal obligations (such as record keeping obligations);
(d)To solve disputes, enforce our contractual agreements and to establish, exercise or defend legal claims.
6. LEGAL BASIS FOR DATA PROCESSING
The legal basis for CPD processing data about you is that such processing is necessary for the purposes of:
- Compliance with CDP’s legal obligations (Article 6 (1) (c) GDPR); and/or
- Legitimate interests pursued by CDP (Article 6 (1) (f) GDPR). Generally, our legitimate interests relate to our mission as an international not for profit organisation in focusing investors, companies and cities on taking urgent action to build a truly sustainable economy.
In some cases, we may ask if you consent to the relevant use of your personal data. In such cases, the legal basis for us processing that data about you may (in addition or instead) be that you have consented (Article 6 (1) (a) GDPR).
7. DISCLOSURE OF YOUR PERSONAL DATA
We disclose your data only if the legal conditions are fulfilled, in particular Article 6 GDPR. In accordance with these provisions, a transfer is permissible in particular if
- it is necessary for the performance of a contract with you;
- it is necessary to fulfil a legal obligation;
- processing is necessary for the purposes of our legitimate interests;
- you have given your consent.
Sometimes the recipients to whom we transfer your personal data are located in countries in which applicable laws do not offer the same level of data protection as the laws of your home country. In such cases, we take measures to implement appropriate and suitable safeguards for the protection of your personal data. In particular, we transfer personal data to external recipients in such countries only if the recipient has (i) entered into EU Standard Contractual Clauses with CDP, or (ii) implemented Binding Corporate Rules in its organization.
the legal requirements have been met, we may disclose your personal data to:
(a) our external third-party service providers which process such data only for the purpose of such services; and
(b) if we are under a duty to disclose or share your personal data to comply with any legal obligation, or to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of CDP, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
8. HOW LONG WE KEEP YOUR PERSONAL DATA
We will hold your personal data for as long as necessary to fulfil the purposes we collected it for. To determine the appropriate retention period we consider the amount, the nature and sensitivity of the personal data, the potential risks of harm from unauthorised use or disclosure, the purposes and whether we can achieve those purposes by other means. We will delete your data if they are no longer being needed for the purposes for which they were collected or to comply with our legal obligations such as retention obligations under tax or commercial laws.
9. YOUR RIGHTS
Under the GDPR you have several important rights. In summary, these include rights to:
(a) access your personal data;
(b) require us to correct any mistakes in your information which we hold;
(c) request the erasure of personal data concerning you in certain situations;
(d) request the data to be transferred to a third party in certain situations;
(e) object at any time to processing of personal data concerning you for direct marketing;
(f) object in certain other situations to our continued processing of your personal data;
(g) otherwise restrict our processing of your personal data in certain circumstances; and
(h) claim compensation for damages caused by our breach of any data protection laws.
10. HOW TO COMPLAIN
We hope that we can resolve any query or concern you raise about our use of your personal data.
The GDPR also gives you the right to lodge a complaint with the competent data protection authority. A list and contact details of local data protection authorities is available here:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
e-mail: [email protected]
Website: https://ico.org.uk
11. CHANGES TO OUR PRIVACY NOTICE
Any changes we may make to our privacy notice in the future will be posted on this page and, where appropriate, notified to you by e-mail.
12. CONTACT
Questions and requests regarding this privacy notice should be addressed to: [email protected]
APPENDIX 1
Controllers
CDP Worldwide, 4th floor, 60 Great Tower Street, London EC3R 5AD, UK
CDP Operations Limited, 4th floor, 60 Great Tower Street, London EC3R 5AD, UK;