CPBBee, which is a trading name of Naedu Ltd, (“us”, “we”) takes data protection seriously. We are committed to safeguarding your privacy and all who access our Website or Services.
Our responsibilities – If you are a CPDBee User, Client, Provider or Visitor we act at the Data Controller of your Personal Data. This means we determine how and why your data is processed. We are registered as a Data Controller at the UK Information and Commissioner’s Office under number ZA369694.
Client – a User who makes Enquiry to a Provider through CPDBee and enters into an agreement with a Provider.
Enquiry – the act of making contact with a Provider to learn more about their services and the information contained within the Enquiry.
Personal Data – any information relating to an identified or identifiable natural person.
Processing – any operation or set of operations which is performed on Personal Data or on sets of Personal Data.
Provider – an organisation that delivers professional development services to schools.
Data subject – a natural person whose Personal Data is being Processed.
Child – a natural person under 16 years of age.
User – any person who uses CPDBee’s Website and/or Services
We/us (either capitalized or not) – CPDBee
Data Protection Principles
We promise to follow the following data protection principles:
- Processing is lawful, fair, transparent. Our Processing activities have lawful grounds. We always consider your rights before Processing Personal Data. We will provide you information regarding Processing upon request.
- Processing is limited to the purpose. Our Processing activities fit the purpose for which Personal Data was gathered.
- Processing is done with minimal data. We only gather and Process the minimal amount of Personal Data required for any purpose.
- Processing is limited with a time period. We will not store your personal data for longer than needed.
- We will do our best to ensure the accuracy of data.
- We will do our best to ensure the integrity and confidentiality of data.
Data Subject’s rights
You can exercise your rights by sending us an email at email@example.com
The Data Subject has the following rights:
- Right to information – meaning you have to right to know whether your Personal Data is being processed; what data is gathered, from where it is obtained and why and by whom it is processed.
- Right to access – meaning you have the right to access the data collected from/about you. This includes your right to request and obtain a copy of your Personal Data gathered. We will provide you with the information within one month of your request, unless doing so would adversely affect the rights and freedoms of other (e.g. another person’s confidentiality or intellectual property rights). We’ll tell you if we can’t meet your request for that reason.
- Right to rectification – meaning you have the right to request rectification or erasure of your Personal Data that is inaccurate or incomplete.
- Right to erasure – meaning in certain circumstances you can request for your Personal Data to be erased from our records.
- Right to restrict processing – meaning where certain conditions apply, you have the right to restrict the Processing of your Personal Data.
- Right to object to processing – meaning in certain cases you have the right to object to Processing of your Personal Data, for example in the case of direct marketing.
- Right to object to automated Processing – meaning you have the right to object to automated Processing, including profiling; and not to be subject to a decision based solely on automated Processing. This right you can exercise whenever there is an outcome of the profiling that produces legal effects concerning or significantly affecting you.
- Right to data portability – you have the right to obtain your Personal Data in a machine-readable format or if it is feasible, as a direct transfer from one Processor to another.
- Right to lodge a complaint – in the event that we refuse your request under the Rights of Access, we will provide you with a reason as to why. If you are not satisfied with the way your request has been handled please tell us first, so we have a chance to address your concerns. If we fail in this, you can address any complaint to the UK Information Commissioner’s Office, either by calling their helpline or as directed on their website at www.ico.org.uk..
- Right for the help of supervisory authority – meaning you have the right for the help of a supervisory authority and the right for other legal remedies such as claiming damages.
- Right to withdraw consent – you have the right withdraw any given consent for Processing of your Personal Data. You can opt out of marketing communication we send you at any time by clicking “unsubscribe” in the marketing emails we send you. To opt out of other forms of marketing, please contact us by emailing firstname.lastname@example.org
More information about your rights and how we can respond can you be found here:
Data we gather
- Newsletter sign ups. When you sign up to our newsletter we may collect information such as your name, information about role and school and your email address to keep you updated.
- Provider applications. When you apply to become a Provider listed on CPDBee we may ask you for your contact information, including items such as your name, orgainsation name, email and telephone number. We may collect information about your experiences and qualifications. We may also ask you to supply (with their permission) the contact details of your references.
- Provider references. When you supply a reference for a Provider during the application process we may ask you for your name, your school, your role and some information about your experience of the Provider.
- User Enquiry. When you make an Enquiry to a Provider about their services we may ask you to supply information which will help Providers meet your requirements such your name, your school name, your email address, location and professional development requirements.
- Reviews and Feedback. When you provide us with Feedback about your experience of our Service and your Review of a Provider, we may ask you for information such as your name, role, school and opinions.
- Communications. If you contact us directly we may receive additional information about you such as your name, email address, phone number, the contents of the message and/or attachments you may send us, and any other information you may choose to provide. We may also receive a confirmation when you open an email from us.
The personal information that you are asked to provide is mainly for the purpose of delivering the Service and to enhance your customer experience. The reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide your personal information.
Information automatically collected about you
- Cookies and Other Tracking Technologies. As is true of most websites, we gather certain information automatically and store it in log files. In addition, when you use our Services, we may collect certain information automatically from your device. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, clickstream data, landing page, and referring URL. To collect this information, a cookie may be set on your computer or device when you visit our Services. Cookies contain a small amount of information that allows our web servers to recognize you. We store information that we collect through cookies, log files, and/or clear gifs to record your preferences. We may also automatically collect information about your use of features of our Services, about the functionality of our Services, frequency of visits, and other information related to your interactions with the Services. We may track your use across different websites and services. In some countries, including countries in the European Economic Area (“EEA”), the information referenced above in this paragraph may be considered personal information under applicable data protection laws.
- Usage of our Services. When you use our Services, we may collect information about your engagement with and utilization of our Services, such as processor and memory usage, storage capacity, navigation of our Services, and system-level metrics. We use this data to operate the Services, maintain and improve the performance and utilization of the Services, develop new features, protect the security and safety of our Services and our customers, and provide customer support. We also use this data to develop aggregate analysis and business intelligence that enable us to operate, protect, make informed decisions, and report on the performance of our business.
Information from our partners
We gather information from our trusted partners with confirmation that they have legal grounds to share that information with us. This is either information you have provided them directly with or that they have gathered about you on other legal grounds. See the list of our partners on our Website.
- Sales information. So that we can develop analysis and report on our performance, we may collect information from partner Providers. We may collect data such as your name, role, email address, school, the services you buy from them, their volume and cost and their start and end dates.
- Provider Evaluation Data. So that we can understand and monitor how effective Providers services are we may collect information supplied to them by you about the quality and impact of their services, which may include your name, school, role and opinions
Publicly available information
We might gather information about you that is publicly available.
How we use your Personal Data
We use your Personal Data in order to:
- Provide, operate, and maintain our Services;
- Improve, personalise, and expand our Services;
- Understand and analyse how you use our Services;
- Develop new products, services, features, and functionality;
- Communicate with you, either directly or through one of our partners, including for customer service, to provide you with updates and other information relating to the Service, and for marketing and promotional purposes;
- Process your Enquiries;
- Find and prevent fraud; and
- For compliance purposes, including enforcing our Terms of Service, or other legal rights, or as may be required by applicable laws and regulations or requested by any judicial process or governmental agency.
We use your Personal Data on legitimate grounds and/or with your Consent.
On the grounds of entering into a contract or fulfilling contractual obligations, we Process your Personal Data for the following purposes:
- to identify you;
- to provide you a service or to send/offer you a product;
- to communicate either for sales or invoicing;
- to collect participant evaluation data,
On the grounds of legitimate interest, we Process your Personal Data for the following purposes:
- to send you personalised offers* (from us and/or our carefully selected partners);
- to administer and analyse our client base (purchasing behaviour and history) in order to improve the quality, variety, and availability of products/ services offered/provided;
- to conduct questionnaires concerning client satisfaction;
- to collect Reviews of Providers
As long as you have not informed us otherwise, we consider offering you products/services that are similar or same to your purchasing history/browsing behaviour to be our legitimate interest.
With your consent we Process your Personal Data for the following purposes:
- to send you newsletters and campaign offers (from us and/or our carefully selected partners);
- for other purposes we have asked your consent for
We Process your Personal Data in order to fulfil obligations rising from law and/or use your Personal Data for options provided by law. We reserve the right to anonymise Personal Data gathered and to use any such data. We will use data outside the scope of this Policy only when it is anonymised. We save your billing information and other information gathered about you for as long as needed for accounting purposes or other obligations deriving from law, but not longer than 5 years.
We might process your Personal Data for additional purposes that are not mentioned here, but are compatible with the original purpose for which the data was gathered. To do this, we will ensure that:
- the link between purposes, context and nature of Personal Data is suitable for further Processing;
- the further Processing would not harm your interests and
- there would be appropriate safeguard for Processing.
We will inform you of any further Processing and purposes.
Who else can access your Personal Data
We neither rent of sell your Persona Data in personally identifiable form to anyone. We do not share your Personal Data with strangers. Personal Data about you is in some cases provided to our trusted partners in order to either make providing the service to you possible or to enhance your customer experience. We share your data with:
- Our partner Providers. We work with range of learning Providers listed on our Website and have agreements and procedures in place to ensure your personal data is protected through the service you receive from us. Your personal data will only be shared with learning Providers you have chosen to engage with via our websites. For example, when you make an Enquiry, your details relating to that enquiry will be provided to them so that they may answer your enquiry directly. We also provide anonymised site usage data to providers to enable them to monitor enrolment from users who use our websites.
- Information you make Available. Any information that you voluntarily choose to include in a public area of the Service, such as a public profile page, will be available to any Visitor or User who has access to that content.
- Advertising. We work with third-party advertising partners to show you ads that we think may interest you. These advertising partners may set and access their own cookies, pixel tags, and similar technologies on our Services, and they may otherwise collect or have access to information about you which they may collect over time and across different online services. Some of our advertising partners are members of the Network Advertising Initiative or the Digital Advertising Alliance. To learn more about these programs, or opt-out of personalized ads, visit the Digital Advertising Alliance’s Self-Regulatory program for Online Behavioral Advertising at www.aboutads.info, or the Network Advertising Initiative at www.networkadvertising.org.
- Aggregate Information. Where legally permissible, we may use and share information about users with our partners in aggregated or de-identified form that can’t reasonably be used to identify you.
- Business Transfers. We may choose to buy or sell assets. In these types of transactions, customer information is typically one of the business assets that is transferred. Also, if we (or substantially all of our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, Personal Information would be one of the assets transferred to or acquired by a third party.
- Protection of Company and Others. We reserve the right to access, read, preserve, and disclose any information that we reasonably believe is necessary to comply with law or court order; enforce or apply our conditions of use and other agreements; or protect the rights, property, or safety of Company, our employees, our users, or others. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction.
- With Your Consent. Except as set forth above, you will be notified when your Personal Information may be shared with third parties, and will be able to prevent the sharing of this information.
Supplier Security and Privacy Information
Email, document management, collaboration tools
Microsoft Office 365
Email, document management, collaboration tools
Web hosting service
Web tracking activity
We only work with Processing partners who are able to ensure adequate level of protection to your Personal Data. We disclose your Personal Data to third parties or public officials when we are legally obliged to do so. We might disclose your Personal Data to third parties if you have consented to it or if there are other legal grounds for it.
How we secure your data
We do our best to keep your Personal Data safe. We use safe protocols for communication and transferring data (such as HTTPS). We use anonymising and pseudonymising where suitable. We monitor our systems for possible vulnerabilities and attacks
The personal data you provide is stored in a secure hosting environment based in the UK. We employ a range of technology and procedures to ensure that this data is secure, including encryption, anti-virus and anti-malware software, intrusion detection, company-wide data usage policies, and mandatory security and privacy staff training.
We have physical, electronic, and managerial procedures to safeguard and secure the information we collect.
But please remember:
- You provide personal data at your own risk: unfortunately, no data transmission is guaranteed to be 100% secure
- However, we promise to notify suitable authorities of data breaches. We will also notify you if there is a threat to your rights or interests. We will do everything we reasonably can to prevent security breaches and to assist authorities should any breaches occur.
- If you believe your privacy has been breached, please contact us immediately on email@example.com
The personal data we collect is processed at our offices in London and in any data processing facilities operated by the third parties identified above.
If you have an account with us, note that you have to keep your username and password secret.
We do not intend to collect or knowingly collect information from children. We do not target children with our services.
We do not collect any “sensitive data” about you (like racial or ethnic origin, political opinions, religious/philosophical beliefs, genetic data, biometric data, health data, data about your sexual life or orientation, and offences or alleged offences) except when we have your specific consent, or when we have to to comply with the law.
Cookies and other technologies we use
A cookie is a tiny text file stored on your computer. Cookies store information that is used to help make sites work. Only we can access the cookies created by our website. You can control your cookies at the browser level. Choosing to disable cookies may hinder your use of certain functions.
- Necessary cookies – these cookies are required for you to be able to use some important features on our website, such as logging in. These cookies don’t collect any personal information.
- Functionality cookies – these cookies provide functionality that makes using our service more convenient and makes providing more personalised features possible. For example, they might remember your name and e-mail in comment forms so you don’t have to re-enter this information next time when commenting.
- Analytics cookies – these cookies are used to track the use and performance of our website and services
- Advertising cookies – these cookies are used to deliver advertisements that are relevant to you and to your interests. In addition, they are used to limit the number of times you see an advertisement. They are usually placed to the website by advertising networks with the website operator’s permission. These cookies remember that you have visited a website and this information is shared with other organisations such as advertisers. Often targeting or advertising cookies will be linked to site functionality provided by the other organisation.
You can remove cookies stored in your computer via your browser settings. Alternatively, you can control some 3rd party cookies by using a privacy enhancement platform such as optout.aboutads.info or youronlinechoices.com. For more information about cookies, visit allaboutcookies.org.
If you have any question regarding your personal data, please contact the Privacy Manager at the address below:
40 Davisville Road
If you feel we have been intrusive to your privacy or misused your data you have the right to complain to the ICO https://ico.org.uk/for-the-public/raising-concerns/
Last modification was made 18/05/18