The term “aggregated data” refers to general information regarding visitors and users of the site that relates to use of the site, e.g., traffic patterns, number of visits to certain pages, visits from other web sites or to third-party web sites linked to the site, use of particular services and interest in services, information or features of the site or other parties made available through or found at the site.
The legal bases on which we rely are:
Consent—Gaining consent is part of our client and applicant contact process. Whenever we create a new contact in our client database, we ask for and then record consent and the date. We also record each time somebody signs up for our newsletters via our website and remind customers of their right to withdraw consent at any time.
Contract—Processing is necessary for us to administer the pre-contract and contractual relationship between ourselves and our suppliers/clients/potential employees in connection with the performance of a contract.
Legitimate interests—When we contact business people in relation to our services, they will operate within the markets we service and we will contact them via corporate email addresses. This will be with the interest of discussing work opportunities in an effort to help improve their processes or services and make their businesses more successful. Every email we send has a message regarding opt out/unsubscribe options. We also have a legitimate interest in processing personal data during a recruitment process and for keeping records of the process. Processing data from job applicants allows us to manage the recruitment process, assess and confirm a candidate’s suitability for employment and decide whom to offer a job. We may also need to process data from job applicants to respond to and defend against legal claims.
What information we collect and how we use it
We take the utmost care to ensure that the personal information we obtain from you is not used in a way that you may be unaware of or not agreeable to. We collect information when you register on our site, place an order, subscribe to a newsletter or email list, respond to a survey, register for a sweepstakes or fill out a form on our site. In response, we may ask for information such as your name, email, mailing address, phone number, credit card information or other details to help you with your experience. We collect this data based on you providing your explicit consent. In the event you opt to provide us with this information, we will only use it for the purpose specified by you at the bottom of the information gathering form.
Information collected on the site may be used to:
- Register you as a job applicant
- Process your transactions
- Send marketing communications or surveys to you
- Respond to your questions or suggestions
- Improve the quality of your visit to the site
We do not sell, rent or share any of your personal information with any other party including any third-party joint promoters, nor use it for unapproved commercial purposes. You may request to be removed from our lists at any time. All emails distributed to our lists will contain easy, online access to unsubscribe.
Marketing and job applicants
We will never pass your personal data on to any third parties for marketing purposes, unless you instruct us to do so.
We occasionally clarify existing contact details either via telephone or company websites, but we always provide the opportunity to opt out at any time. We also do not pass on information to third parties.
We would like to use your personal data to send you details of products or services that we offer that we have identified as likely to be of interest to you. We will only send you information in line with the preferences you indicated when you provided your personal data. We may use email, phone and/or social media to send this information.
If at any point you would like to opt-out of receiving communications from us, or would like to change the channels (such as email or post) that we use to contact you, please contact us at [email protected].
If you decide to submit an application or register at the site, you will be linked to a registration interface and our resumé software. This site has measures in place to protect the loss, misuse and alteration of the information under our control.
Protecting your information
CCM would like site visitors to feel confident about using the site to search for positions, comment on stories, post to the forum, craft original blogs and register/submit resumés, so CCM is committed to protecting the information we collect. CCM has implemented a security program to keep information that is stored in our systems protected from unauthorized access.
We use regular Malware Scanning.
Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.
We implement a variety of security measures when a user places an order enters, submits, or accesses their information to maintain the safety of your personal information.
All transactions are processed through a gateway provider and are not stored or processed on our servers.
Use of aggregated data
CCM is interested in improving the site and may develop and offer new features and services. We monitor aggregated data regarding use of the site for marketing purposes and to study, improve and promote use of the site. In connection with such purposes, we may share aggregated data with third parties collectively and in an anonymous way. Disclosure of aggregated data does not reveal personal information about individual site users in any way that identifies who they are or how to contact them.
To enable features at the site, CCM may assign one or more “cookies” to your browser. Cookies, among other things, speed navigation through our site, keep track of information so that you do not have to re-enter it each time you visit our site, and may provide you with customized content. A cookie is an internet mechanism composed of a small text file containing a unique identification number that permits a web server to send small pieces of information or text by means of your browser and place them on your computer’s hard drive for storage. This text lets the web server know if you have previously visited the web page. Cookies by themselves cannot be used to find out the identity of any user.
- Help remember and process the items in the shopping cart.
- Understand and save user’s preferences for future visits.
- Keep track of advertisements.
- Compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools in the future. We may also use trusted third-party services that track this information on our behalf.
You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser (like Internet Explorer) settings. Each browser is a little different, so look at your browser’s Help menu to learn the correct way to modify your cookies.
Google’s advertising requirements can be summed up by Google’s Advertising Principles. They are put in place to provide a positive experience for users. https://support.google.com/adwordspolicy/answer/1316548?hl=en
We, along with third-party vendors such as Google, use first-party cookies (such as the Google Analytics cookies) and third-party cookies (such as the DoubleClick cookie) or other third-party identifiers together to compile data regarding user interactions with ad impressions and other ad service functions as they relate to our website.
California Consumer Privacy Act (CCPA)
CCM does not track its customers over time and across third party websites to provide targeted advertising and therefore does not respond to Do Not Track (DNT) signals. However, some third party sites do keep track of your browsing activities when they serve you content, which enables them to tailor what they present to you. To set the DNT signal on your browser so that third parties (particularly advertisers) know you do not want to be tracked. If you would like to learn how to enable DNT on your desktop, laptop or mobile device, please visit https://allaboutdnt.com/https://allaboutdnt.com/.
Third parties that have content embedded on CCM’s websites such as a social feature may set cookies on a user’s browser and/or obtain information about the fact that a web browser visited a specific CCM website from a certain IP address. Third parties cannot collect any other personally identifiable information from CCM’s websites unless you provide it to them directly.
California Online Privacy Protection Act
Children Online Privacy Protection Act (COPPA)
When it comes to the collection of personal information from children under 13, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, the nation’s consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online.
We do not specifically market to children under 13.
Fair information practices
The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.
In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:
We will notify the users via email
- Within 7 business days
We also agree to the Individual Redress Principle, which requires that individuals have a right to pursue legally enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.
CAN SPAM Act
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
We collect your email address in order to:
- Send information, respond to inquiries, and/or other requests or questions.
- Process orders and to send information and updates pertaining to orders.
- We may also send you additional information related to your product and/or service.
- Market to our mailing list or continue to send emails to our clients after the original transaction has occurred.
To be in accordance with CAN-SPAM we agree to the following:
- NOT use false or misleading subjects or email addresses.
- Identify the message as an advertisement in some reasonable way.
- Include the physical address of our business or site headquarters.
- Monitor third-party email marketing services for compliance, if one is used.
- Honor opt-out/unsubscribe requests quickly.
- Allow users to unsubscribe by using the link at the bottom of each email.
If at any time you would like to unsubscribe from receiving future emails, you can email us at: [email protected].
- Follow the instructions at the bottom of each email and we will promptly remove you from ALL correspondence.
Recipients/categories of recipients
In carrying out our business, including our obligations to you, we may use sub-contractors. These will be partner marketing providers, email broadcasters e.g. Campaign Monitor/database providers e.g. Salesforce. We will ensure that they respect your privacy and abide by all data protection laws.
Transfers to third countries
Your data may be transferred outside the European Economic Area (EEA), as our operations are based in the USA. In these circumstances, your personal information will only be transferred on one of the following bases:
- the country that we send the data is approved by the European Commission as providing an adequate level of protection for personal information; or
- the recipient has agreed with us standard contractual clauses approved by the European Commission, obliging the recipient to safeguard the personal; or
- there exists another situation where the transfer is permitted under applicable data protection legislation (for example, where a third-party recipient of personal data in the United States has registered for the EU-US Privacy Shield).
We will keep your personal data in connection with the services/products we have provided for a maximum of seven years after initial receipt of your data. We need to retain this data for our own accounting purposes and for legal and tax purposes.
In terms of personal data we use for marketing and job opportunities, we will keep this data for as long as you give us your consent. If you withdraw your consent or opt-out of communications, we will archive your contact details only to ensure that we do not contact you again.
Data subject’s rights
You have rights in respect of your personal data. We will need to confirm your identity before we can consider your request so, if you wish to exercise any of these rights, we will need to see proof of identity to ensure you are the data subject. These can be in the form of a passport, driver’s license or utility bill.
Specifics rights for all residents of the EU as detailed under GDPR are as follows:
Right of access—you have the right to know whether we are processing your personal data, and to a copy of that data. We would need as much information as possible to enable us to locate your data. We will respond to your request within 28 days of receipt of your request. If you want to exercise this right, please contact us at [email protected]. If you want to know more about this right, the ICO has more guidance on their website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-of-access/
Right to rectification—you have the right to have any incorrect personal data corrected or completed if it is incomplete. You can make this request verbally or in writing. We will need as much information as possible to enable us to locate your data. We will look at any request and inform you of our decision within 28 days of receiving the request. If you want to exercise this right, please contact us at [email protected]. If you want to know more about this right, the ICO has more guidance on their website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-rectification/
Right to erasure—this right, often referred to as ‘the right to be forgotten’ allows you to ask us to erase personal data where there is no valid reason for us to keep it. We will look at any request and inform you of our decision within 28 days of receiving the request. If you want to exercise this right, please contact us at [email protected]. If you want to know more about this right, the ICO has more guidance on their website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-erasure/
Right to restrict processing—you have the right to ask us to restrict processing of your data. We will look at any request and inform you of our decision within 28 days of receiving the request. If you want to exercise this right, please contact us at [email protected]. If you want to know more about this right, the ICO has more guidance on their website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-restrict-processing/
Right to data portability—you have the right to move, copy or transfer your personal data from one IT environment to another. This right applies to data that you have provided to us and that we are processing on the legal basis of consent or in the performance of a contract and that processing is by automated means. We will respond to your request within 28 days of receipt of your request. If you want to exercise this right, please contact us at [email protected]. If you want to know more about this right, the ICO has more guidance on their website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-data-portability/
Right to object—you have the right to object to our processing of your personal data based on (i) legitimate interests, or for the performance of a task in the public interests/exercise of official authority (including profiling); (ii) direct marketing (including profiling); and (iii) for purposes of scientific/historical research and statistics.
- Legitimate interests/legal task – your objection should be based on your particular situation. We can continue to process the data if we can demonstrate compelling legitimate grounds which override your interests.
- Direct marketing – you have an absolute right to ask us to stop processing for the purposes of direct marketing. We will action your request as soon as possible.
- Scientific/historical research and statistics – your objection should be based on your particular situation. If we are conducting research where the processing is necessary for the performance of a public task, we can refuse to comply with your objection.
If you want to exercise this right, please contact us at [email protected]. If you want to know more about this right, the ICO has more guidance on their website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-object/
Rights relating to automated decision making including profiling—you have the right in respect of automated decision making, including profiling. Where we carry out solely automated decision making, including profiling, which has legal or similarly significant effects on you, we can only do this if it is in connection with a contract with you, we have a right under law or if you have provided your explicit consent. We will tell you if this happens and tell you how you can request human intervention or challenge the decision. If you want to exercise this right, please contact us at [email protected]. If you want to know more about this right, the ICO has more guidance on their website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/rights-related-to-automated-decision-making-including-profiling/
Processing based on consent
Where we process your personal data based on your consent you have the right to withdraw that consent at any time without reason. You can opt-out by using the unsubscribe/opt-out in any marketing we send you.
EU residents only—The right to lodge a complaint to the supervisory authority
If you are unhappy with any aspect of our handling of your data you can make a complaint to the ICO – https://ico.org.uk/concerns/
Contractual requirement to provide personal data
The personal data that you provide to us is necessary for us to carry out the contract you have entered into with us to fulfil our contractual obligations. The personal information we receive when we send out a contract includes names, email addresses and company billing details. Without this information, we cannot engage in a contract.
Policy modifications & contacting us