1.1. Who are we?
The Crisis Prevention Institute, Inc. (CPI), is committed to compliance in respect of personal data, and the protection of the “rights and freedoms” of individuals whose information CPI collects and processes in accordance with the General Data Protection Regulation (GDPR) and any other applicable data privacy or security law or regulation (collectively referred to as “GDPR”). Compliance with the GDPR is described by this policy and other relevant company policies, along with connected processes and procedures. Partners and any third parties working with or for CPI, and who have or may have access to personal data, will be expected to have read, understood and to comply with this policy. All staff in managerial or supervisory roles throughout CPI are responsible for developing and encouraging good information handling practices within CPI.
If you have any questions about this notice or how we collect and use personal information about you please email firstname.lastname@example.org
1.2. Contracting and Correspondence
a) When you enter into a contract with us (or someone does so on your behalf) there will be personal information about you relating to that contract such as your name, contact details, contract details, delivery details, and correspondence with us about the contract.
b) We need certain information to carry out our contract with you and you must provide this in order to enter into a contract with us (or as required under that contract). This information generally includes:
- Your name.
- Your email.
- Your phone.
- Your address
- Your company information including your manager details.
- Name and contact details of individual consumers of our products or services covered by the contract.
- Other correspondence or interaction (for example by email, telephone, post, SMS or via our website) between you and us, will include personal information (such as names and contact details) in that correspondence. This may include enquiries, reviews, follow-up comments or complaints lodged by or against you and disputes with you or your organisation.
- We may also collect details of phone numbers used to call our organisation and the date, time and duration of any calls. Please note that we may record your calls to or from us for quality and training purposes.
c) We will keep and use that information to carry out our contract with you (if applicable), to comply with any legal requirements for us to maintain certain records or carry out certain verifications, and/or for our legitimate interests in dealing with a complaint or enquiry and administering your (or your organisation’s) account or order and any services we offer, as well as to review and improve our offerings, including troubleshooting, data analysis, research, statistical and survey purposes.
d) Where your information relates to a contract, it is kept for a period of up to 7 years after your account is closed to enable us to deal with any after sales enquiries or claims and as required for tax purposes. Any other information is kept for 7 years.
a) We may collect your name and contact details (such as your email address, phone number or address) in order to send you information about our products and services which you might be interested in. We may collect this directly from you, or through a third party. If a third party collected your name and contact details, they will only pass those details to us for marketing purposes if you have consented to them doing so.
b) You always have the right to “opt out” of receiving our marketing. If we send you any marketing emails, we will always provide an unsubscribe option to allow you to opt out of any further marketing emails. If you “opt-out” of our marketing materials you will be removed from our marketing list. Where you unsubscribe from any postal marketing, you may initially still receive some content which has already been printed or sent, but we will remove you from any future campaigns. We may still need to contact you for administrative or operational purposes.
To opt out of valuable CPI Marketing emails, please click here.
c) If you are an existing customer or are acting in your professional capacity we use your contact details as necessary for our legitimate interests in marketing to you and maintaining a list of potential customers.
1.4. Website Information
a) We may collect information about you and your use of our website via technical means such as cookies, webpage counters and other analytics tools. We use this as necessary for our legitimate interests in administering our website and to ensure it operates effectively and securely.
c) We use Google AdWords remarketing to advertise online. We place cookies on browsers, and third parties such as Google read these cookies and show ads on third-party sites. You may opt out of ad serving by visiting the Google Advertising Privacy FAQ page or the Network Advertising Initiative opt-out page.
d) We keep this website information about you from when it is collected until the relevant cookie expires or you disable it.
e) Our website may, from time to time, contain links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
1.5. User Generated Content
a) We may collect information about you which you provide when you post content on our website. This may include reviews, photographs, videos and other content which you post on our website.
b) We may display and publish this information on our platforms as part of our contract with you or as necessary for our legitimate interests in providing content to our users.
c) This information is kept for as long as you have an account with us and may be retained and displayed indefinitely after you close your account. You are able to remove or delete any content which you post at any time while your account is active.
1.6. Business Information
a) If you work for one of our customers, the information we collect about you may include your contact information, details of your employment and our relationship with you. This information may be collected directly from you, or provided by your organisation. Your organisation should have informed you that your information would be provided to us, and directed you to this policy. We use this information to fulfil our contract with your organisation or as necessary for our legitimate interests in managing our relationship with your organisation.
b) We keep this information for up to 7 years after the end of our relationship with your organisation.
1.7. Legal Claims
a) Where we consider there to be a risk that we may need to respond to a legal claim, we may retain your personal information as necessary for our legitimate interests in ensuring that we can properly respond to such legal claims. We may also need to share this information with our insurers or legal advisers. How long we keep this information will depend on the nature of the claim and how long we consider there to be a risk that we will need to respond to a claim.
1.8. Information from Third-Parties
a) We may also receive information about you from the following sources:
- Businesses we have bought. If we have acquired another business, or substantially all of its assets, which originally held your information, we will hold and use the information you provided to them, or which they otherwise held about you, in accordance with this privacy notice.
- Publicly available sources. We obtain information from the following publicly available sources: your organisation’s website, your regulatory body, Companies House or LinkedIn.
- Credit information. We may also collect credit information on you from third party reference agencies.
- List Providers. We may obtain information from list providers. Links to some of the provider’s privacy policies are listed below:
1.9. Special Categories of Data
a) We only collect “special categories” of more sensitive personal information about you (this includes details about your race or ethnicity) when requested by you in order to secure specific accreditations through third-parties. We only use this information for the purpose requested and we will request your specific consent before collecting this information. We do not use this information for any other purpose.
1.10. Sharing your information
a) As well as any sharing listed above, we may also share your information with third parties, including third-party service providers and other entities in our group. Third parties are required to respect the security of your personal information and to treat it in accordance with the law. We never sell your data to third parties.
b) We may share your personal information with third parties if we are under a duty to disclose or share your personal information in order to comply with any legal obligation, or in order to enforce or apply our agreements with you and the organization you work for, or to protect the rights, property, or safety of us, or our customers.
c) We also may need to share your personal information with third-party service providers (including contractors and designated agents) so that they can carry out their services. The following activities are carried out by third-party service providers, including but not limited to: affiliates; CRM system provider, developers and implementers; data analysis; email marketing system; event venues; IT services; legal advice; learning management systems; printers and mailing houses; payment processing systems; trainers and speakers at events; training partners; webinar platforms and website developers.
d) We may share your personal information with other entities in our group as part of our regular reporting activities on company performance, in the context of a business reorganisation or group restructuring exercise, and for system maintenance support and hosting of data.
e) All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information. Where third parties process your personal information on our behalf as “data processors” they must do so only on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
f) We may share your personal information with other third parties, for example in the context of the possible sale or restructuring of the business where necessary in connection with the purposes for which your information was collected. We may also need to share your personal information with a regulator or to otherwise comply with the law.
1.11. Data Storage
a) Our international office headquarters are based in the UK. However, where required to perform our contract with you or for our wider business purposes, the information that we hold about you may be transferred to, and stored in the United State. Typically, your data will be processed by staff operating within the UK and EU.
b) If we transfer data to countries or organisations outside of the UK and the EU which the EU does not consider to have an adequate data protection regime in place, we will ensure that appropriate safeguards are put in place where required. To obtain more details of these safeguards, please contact us.
1.12. Data Security
a) As well as the measures set out above in relation to sharing of your information, we have put in place appropriate internal security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
b) We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where necessary.
1.13. Your Rights
a) Data protection law gives you a number of rights when it comes to personal information we hold about you. The key rights are set out below. More information about your rights can be obtained from the Information Commissioner’s Office (ICO). Under certain circumstances, by law you have the right to:
- Be informed in a clear, transparent and easily understandable way about how we use your personal information and about your rights. This is why we are providing you with the information in this notice. If you require any further information about how we use your personal information, please let us know.
- Request access to your personal information (commonly known as a “data subject access request”).
- Request correction of the personal information that we hold about you.
- Request erasure of your personal information in circumstances where there is no good reason for us continuing to process it.
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and you are refuting the existence of a valid legitimate interest.
- Request the transfer of your personal information to another party where you provided it to us and we are using it based on your consent, or to carry out a contract with you, and we process it using automated means.
- Withdraw your consent. In the limited circumstances where we are relying on your consent (as opposed to the other bases set out above) to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate interest in doing so.
- Lodge a complaint. If you think that we are using your information in a way which breaches data protection law, you have the right to lodge a complaint with your national data protection supervisory authority (if you are in the UK, this will be the ICO).
b) To exercise your rights as defined under GDPR and highlighted in this section, please contact us at email@example.com.
1.14. Changes to this Privacy Notice
a) Any changes we make to our privacy notice in the future will be posted on this page and, where appropriate, notified to you by e-mail or otherwise. Please check back frequently to see any updates or changes to our privacy notice.
Updated March 2023