Data Protection Policy
Child Poverty Action Group. ("CPAG", "we", "our", "us"), and our affiliated companies, are committed to protecting and respecting your privacy. We are a UK based company, with our principal office located in London, and for the purpose of this policy and the General Data Protection Regulation (the "GDPR"), we are the data controller.
1. What types of information does CPAG receive when you visit our website?
CPAG receives Personal Information or General Usage Information from you when you visit our Website. By "Personal Information", we mean information such as your name, e-mail address, telephone number, login information, mailing address, address, job title, and other information that personally identifies you. CPAG only receives Personal Information about you if you choose to provide it to us. CPAG receives Personal Information from you when you:
- Use the client area of the Website limited to registered users with a login ID;
- Register for a CPAG event, such as our client conference;
- Apply for a job via the "Careers" section of the Website; or
- Ask us a question or send feedback using CPAG contact information available on the Website.
We will also receive your Personal Information when our Website directs you to a third party's website to complete one of the above transactions, such as a website that processes your registration and credit card information for a CPAG event.
By "General Usage Information", we mean your browser information, your IP address, device information, operating system, the pages you access on the Website or other information regarding your use of the Website. Personal Information and General Usage Information together will be referred to in this policy as "Information".
2. How do we use the information we collect?
In general, we use your Personal Information to complete the transaction that you have requested from us. For example, we will use your Personal Information to:
- Communicate with you;
- Establish or verify your identity when you use an area of the Website limited to registered users;
- Respond to you about your job application;
- Register you for an event which you have selected;
- Address the question or feedback which you have sent to us; and
By submitting your Personal Information, you hereby and consent and agree for CPAG to use your Personal Information for the purposes set forth above and marketing purposes, such as to tell you about CPAG news, events, products and services that we think may be of interest to you, and to seek feedback from you after you have purchased an CPAG product or service, attended an event, taken a training course, or entered into some other transaction with us. If you do not wish to receive these types of communication from us, you can let us know at any time in one of the ways described under "How can you contact CPAG about your Personal Information" in Section 9 below.
With respect to General Usage Information, CPAG will use this information to monitor, protect, maintain and improve its Website, to measure and understand the effectiveness of the content CPAG serves to you and others.
3. With whom do we share the information we receive about you?
CPAG does not sell your Information to anyone. Nor do we provide this Information to non-CPAG parties to market non-CPAG products to you. CPAG will share your Information with the following categories of recipients:
- CPAG employees, contractors and consultants (including employees, contractors and consultants of CPAG subsidiaries and affiliated companies), in the United Kingdom, the European Economic Area (EEA) and South Africa, who have a need to know your information to provide CPAG services and information to you;
- Trusted non-CPAG parties who assist CPAG with submissions of resumes and CVs through the CPAG Careers section of the Website, this includes companies such as LinkedIn or Indeed;
- Trusted non-CPAG parties who assist CPAG with providing CPAG products, services and information to you, such as Microsoft and SagePay, who help us with CPAG event registration and processing of your payments;
- Trusted non-CPAG parties that provide customer relationship management applications such as Salesforce.com; and
- Trusted non-CPAG parties such as hosting, analytics and search engine providers such as Google Analytics that assist us in the improvement and optimisation of the Website and who may have access to your Information.
Whenever we provide your Information to non-CPAG parties, we enter into agreements with these parties that restrict use of your Information only to the extent necessary for the non-CPAG party to provide services to CPAG.
We will also disclose your Information to third parties in the event that we sell any business or assets, in which case we will disclose your data to the prospective buyer of such business or assets or if we sell all or substantially all of our assets or are acquired by a third party, in which case information held by us about our users will be one of the transferred assets.
4. Where do we store your personal information?
Where the GDPR applies, you should be aware that this Website is hosted, and some CPAG companies and service providers who process your Personal Information are located, in the United Kingdom. As we expand we may store information in other territories in the future. Some of these countries do not always provide the same level of protection for your information. In these circumstances, your Personal Information is transferred within the CPAG group by way of the European Commission's model contracts for the transfer of Personal Information to third countries, pursuant to Decision 2004/915/EC or by way of the European Commission's model contracts for the transfer of Personal Information to third countries, pursuant to Decision 2010/87/EU (together, the "Model Clauses").
5. How does CPAG protect your personal information?
CPAG protects your Personal Information by maintaining up-to-date physical, electronic and procedural safeguards. For example, we use computer safeguards such as firewalls and data encryption. In addition, we only allow employees to access Personal Information only when required to fulfil their job responsibilities.
6. How long do we store your personal data?
We will retain your Personal Information as follows:
- If you contact us via email we will keep your data for three years after such contact; and
- your General Usage Information for three years.
In certain circumstances you have rights in relation to the Personal Information we hold about you. We set out below an outline of those rights and how to exercise those rights. Please note that we will require you to verify your identity before responding to any requests to exercise your rights by providing adequate proof of your identity, such as a passport or driver's license. To exercise any of your rights, please email email@example.com
. Please note that for each of the rights below we may have valid legal reasons to refuse your request, in such instances we will let you know if that is the case.
- Access: You have the right to know whether we process Personal Information about you, and if we do, to access data we hold about you and certain information about how we use it and who we share it with.
- Correction: You have the right to require us to correct any Personal Information held about you that is inaccurate and have incomplete data completed.
- Erasure: You may request that we erase the Personal Information we hold about you in the following circumstances: where you believe it is no longer necessary for us to hold the personal data; where we are processing it on the basis of your consent and you wish to withdraw your consent; where we are processing your data on the basis of our legitimate interest and you object to such processing; where you no longer wish us to use your data to send you marketing or you believe we are unlawfully processing your data. Please provide as much detail as possible on your reasons for the request to assist us in determining whether you have a valid basis for erasure.
- Restriction of Processing to Storage Only: You have a right to require us to stop processing the Personal Information we hold about you other than for storage purposes in the following circumstances: you believe the personal data is not accurate for the period it takes for us to verify whether the data is accurate; where we wish to erase the Personal Information as the processing we are doing is unlawful but you want us to simply restrict the use of that data; where we no longer need the Personal Information for the purposes of the processing but you require us to retain the data for the establishment, exercise or defence of legal claims; and where you have objected to us processing personal data we hold about you on the basis of our legitimate interest and you wish us to stop processing the Personal Information whilst we determine whether there is an overriding interest in us retaining such Personal Information.
- Objection: You have the right to object to our processing of data about you and we will consider your request. Please provide us with detail as to your reasoning so that we can assess whether there is a compelling overriding interest in us continuing to process such data or we need to process it in relation to legal claims.
Withdrawal of Consent
Where you have provided your consent to us processing your Personal Information, you can withdraw your consent at any time by emailing firstname.lastname@example.org
Objection to Marketing
At any time you have the right to object to our processing of data about you in order to send you promotions, special offers and other marketing materials, including where we build profiles for such purposes and we will stop processing the data for that purpose. You can object to processing of your data for marketing purposes at any time by emailing email@example.com
Like many websites, our Website uses "cookies" to collect information about how our Website is used. A cookie is a small data text file which a website stores on your computer's hard drive, if permitted by your web browser. A cookie can later be retrieved to identify you to us. For example, cookies can securely store a user's password, identify which parts of a site have been visited, and keep track of past selections.
- Strictly necessary cookies: These are cookies that are required for the operation of the Website. They include, for example, cookies that enable users to log into secure areas of our Website.
- Analytical/performance cookies: They allow CPAG to recognize and count the number of visitors and to see how visitors move around the Website when they are using it. This helps CPAG to improve the way the Website works, for example, by ensuring that you as a user are finding what they are looking for easily.
- Functionality cookies: These are used to recognise users when users return to the Website. This enables CPAG to personalize our content for you, greet users by name and remember a user’s preferences (for example, a user's choice of language or region).
- Targeting Cookies: These cookies record a user's visit to the Website, the pages a user has visited and the links a user have followed. CPAG will use this information to make the Website more relevant to users. We may also share this information with third parties for this purpose.
Most browsers are initially set up to accept cookies. You can reset your browser to notify you when you have received a cookie, or alternatively, to refuse to accept cookies. However, you may not be able to use certain features on our website if you choose not to accept cookies. You can find more information about cookies and how to manage them at .
We use Google Analytics which is a web analytics tool that helps us understand how users engage with the Website. Like many services, Google Analytics uses first-party cookies to track user interactions as in our case, where they are used to collect information about how users use our site. This information is used to compile reports and to help us improve our Website. The reports disclose website trends without identifying individual visitors. You can opt out of Google Analytics without affecting how you visit our site – for more information on opting out of being tracked by Google Analytics across all websites you use, visit this Google page: .
Some web browsers give the ability to prevent tracking of your online activity by setting a preference in your browser alerting websites you visit that you do not want them to track your online activities. This is referred to as a Do Not Track ("DNT") signal. This is different than blocking or deleting cookies, as browsers with an enabled DNT Signal may still accept cookies.
10. Social media features and widgets
11. How can you contact librios about your personal information?
From time to time you will receive an e-mail or other communication from us regarding CPAG products, services or information which we believe to be of interest to you. If you are not interested in receiving this information, you may follow the instructions in the communication explaining how you may be removed from our distribution list. Alternatively, or if there are no instructions in the communication, you may send an e-mail to firstname.lastname@example.org
requesting removal from our distribution list. We will endeavour to take prompt action to process your request.
You may send all other inquiries regarding your Personal Information, including requests to correct or update your Personal Information, to email@example.com
In the event that you wish to make a complaint about how we process your Personal Information, please contact us in the first instance at firstname.lastname@example.org
and we will endeavour to deal with your request as soon as possible. This is without prejudice to your right to raise a complaint with the data protection supervisory authority in the EU country in which you live or work where you think we have infringed data protection laws.