Privacy Policy

About Us

Cambridge Design Partnership Ltd and its affiliates (“CDP”) is committed to protecting your privacy. We are providing this privacy notice to tell you about how we collect and process your personal data when you visit our website or engage with us as a client, prospective client, or supplier.

If you are a participant in one of our research studies and want to find out more about how we process your personal data, please visit our User Research Privacy Notice.

CDP is the data controller for the processing that we undertake that is outlined in this privacy notice. As the data controller, we are responsible for deciding how we hold and use the personal information we collect.

If you have any questions about how we process personal data or this privacy notice, would like to exercise your data protection rights, or submit a complaint about how we have handled your personal data, you can contact us using the details outlined in the ‘Contact Us’ section below.

How We Collect Your Personal Data

We may for example collect your information when you:

Visit our website;
Interact with us at events or on our social media accounts; or
Contact us by email, call or post.

We may also receive your information indirectly from third parties including from:

Someone else in your organisation;
Events organisers where you have given permission to collect and share your personal data; or
From another of our clients if you have asked to be referred.

Categories of Data

We only collect personal information that we know we will genuinely use and in accordance with the Data Protection Legislation. The type of personal information that we will collect about you includes:

Your name;
Telephone number(s);
Email address;
Your company;
Job title;
Cookies; and/or
IP address.

We may, in further dealings with you, extend this personal information to include your purchases, services used, and subscriptions, records of conversations and agreements and payment transactions.

You are under no statutory or contractual requirement or obligation to provide us with your personal information; however, we require at least the information above in order for us to deal with you as a prospect, client or supplier in an efficient and effective manner.

Purposes of Processing and Legal Basis

We only collect personal information about you where we have a legitimate reason for doing so. For each purpose for processing, in accordance with EU and UK law, we have identified a lawful basis for processing.

The legal basis we mainly rely on for processing personal data is legitimate interests, provided your interests and fundamental rights do not override those interests. The purposes for which we rely on this lawful basis are:

To contact you, following your enquiry or to reply to any questions;
To send B2B marketing communications to you and create lookalike audiences for advertising campaigns;
To deal with any customer service enquiries, reply to any suggestions, issues or complaints you have contacted us about;
To deal with your organisation as a prospect, including drawing up a proposal and contract and communicating with you for this purpose;
To fulfil the contract we have with your organisation to provide you with the agreed service;
To process any payment made by your organisation for the services provided;
To request your feedback in order to improve our service;
To power our security measures and services so you can safely access our website;
To deal with your organisation as our supplier, where applicable.

In a small number of circumstances, we will seek your consent to process your personal data:

To use marketing and analytics cookies on our website;
To send B2B marketing communications to you, where consent is required.

For more information on the essential and non-essential cookies that we use on the website, please visit our consent management platform by clicking ‘Cookie Settings’ on our cookie banner.

Sharing your information

CDP may transfer your personal data for the respective purposes to the recipients and categories of recipients listed below:

Our affiliates – we may share your details with our affiliates where necessary to provide our services to you;
Data processors/service providers – Certain third parties may receive your personal data to process such data on behalf of CDP under appropriate instructions as necessary for the respective processing purposes. The data processors will be subject to contractual obligations to implement appropriate technical and organisational security measures to safeguard the personal data, and to process the personal data only as instructed;
Governmental authorities, courts, external advisors, and similar third parties that are public bodies as required or permitted by applicable law.

We may share your personal data with third parties located outside of the UK and EU. Where we share your personal data with third parties located in countries that are not covered by an adequacy decision, we rely on standard contractual clauses with the UK Addendum to safeguard the transfer.

Aside from the above, we do not sell, rent or otherwise give your personal information to third parties.

Retaining your information

Your personal information will be retained in accordance with our retention policy which categorises all of the information held by CDP and specifies the appropriate retention period for each category of data. Those periods are based on the purpose for which the information is collected and used, taking into account legal and regulatory requirements to retain the information for a minimum period, limitation periods for taking legal action, good practice and CDP’s business purposes.

For information related to you and your organisation’s contract with us as a client or supplier, we generally keep information for 7 years from the end of our relationship with you. If there is a dispute or a legal action, we may need to keep this personal information longer.

For website cookies, you can find the various retention periods applicable by clicking on ‘Cookie Settings’ in our consent management platform.

Protecting your information

Data security is of great importance to CDP and to protect your data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure your collected data.

We take security measures to protect your information including:

Limiting access to our buildings to those that we believe are entitled to be there by use of passes and monitoring our offices with CCTV;
Implementing access controls to our information technology. Any access to your personal data at CDP is restricted to those individuals that have a need to know in order to fulfil their job responsibilities;
Utilising technical measures such as firewalls, anti-virus software, and encryption to safeguard the data we hold; and
Implementing organisational measures such as regular training and awareness exercises, internal information security policies, and data handling procedures to ensure our employee owners are aware of how to process personal data securely and responsibly.

Your rights

Depending upon where you are located, you may have some or all of the following rights in relation to your personal information:

ask for access to your personal information via a ‘subject access request’;
ask for personal information we hold about you to be corrected;
ask for your personal information to be deleted. This enables you to ask us to delete or remove your personal information where there is no good reason for us continuing to process it;
object to the processing of your personal information where we are relying on a legitimate interest, and there is something about your particular situation which makes you want to object to processing it;
ask for the processing of your personal information to be restricted. This enables you to ask us to suspend the processing of personal information about you; and
ask for your personal information to be transferred to another company.

You can exercise any of the following rights by contacting us using the contact information outlined below.

Where we rely on consent to process your personal data, you have the right to withdraw your consent at any time. You can do this by clicking the unsubscribe button at the bottom of our marketing emails or contacting us directly.

Any requests received by CDP will be considered under applicable data protection legislation.

Contact Us

CDP values your comments and opinions. If you have any questions or concerns about this privacy notice or about how we process your personal data, or you would like to exercise your rights, you can contact us using the details below:

UK:

Cambridge Design Partnership
Bourn Quarter, Wellington Way
Caldecote, Cambridge
CB23 7FW

Email: dpoffice@cambridge-design.com

Phone: +44 (0)1223 264428 (UK)

US:

Cambridge Design Partnership
801 West Morgan Street, Suite 120
Raleigh, NC 27603

Email: dpoffice@cambridge-design.com

Phone: +1 (919) 901 0909

To help facilitate the exercising of data protection rights by data subjects located in the EU, we have appointed The DPO Centre (Europe) Ltd to act as our EU Representative. They can be contacted using the following details:

The DPO Centre (Europe) Ltd
Friedrichstrabe 88, Excellent Business Centre
Berlin 10117
Germany

Email: DPO.EURep@cambridge-design.com

Phone: +49 304 0817 3000

Where you are located in either the UK or the EU, you also have the right to complain to your local data protection authority if you are unhappy with how we have processed your personal information. For example, in the UK this is the Information Commissioner’s Office who can be contacted via this link.

Changes to this privacy notice

We keep this policy under regular review. We may change this privacy notice from time to time by updating this page in order to reflect changes in the law and/or our privacy practices.

Last updated May 2024.

Cookie	Duration	Description
__cf_bm	1 hour	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
__hssc	1 hour	HubSpot sets this cookie to keep track of sessions and to determine if HubSpot should increment the session number and timestamps in the __hstc cookie.
__hssrc	session	This cookie is set by Hubspot whenever it changes the session cookie. The __hssrc cookie set to 1 indicates that the user has restarted the browser, and if the cookie does not exist, it is assumed to be a new session.
_GRECAPTCHA	6 months	Google Recaptcha service sets this cookie to identify bots to protect the website against malicious spam attacks.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
rc::a	never	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
rc::b	session	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
rc::c	session	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
rc::f	never	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
wpEmojiSettingsSupports	session	WordPress sets this cookie when a user interacts with emojis on a WordPress site. It helps determine if the user's browser can display emojis properly.

Cookie	Duration	Description
IDE	1 year 24 days	Google DoubleClick IDE cookies store information about how the user uses the website to present them with relevant ads according to the user profile.
li_sugr	3 months	LinkedIn sets this cookie to collect user behaviour data to optimise the website and make advertisements on the website more relevant.
PREF	8 months	PREF cookie is set by Youtube to store user preferences like language, format of search results and other customizations for YouTube Videos embedded in different sites.
test_cookie	15 minutes	doubleclick.net sets this cookie to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
VISITOR_PRIVACY_METADATA	6 months	YouTube sets this cookie to store the user's cookie consent state for the current domain.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
__hstc	6 months	Hubspot set this main cookie for tracking visitors. It contains the domain, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gat_gtag_UA_8253459_1	1 minute	Set by Google to distinguish users.
_gcl_au	3 months	Google Tag Manager sets the cookie to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
_hjSession_*	1 hour	Hotjar sets this cookie to ensure data from subsequent visits to the same site is attributed to the same user ID, which persists in the Hotjar User ID, which is unique to that site.
_hjSessionUser_*	1 year	Hotjar sets this cookie to ensure data from subsequent visits to the same site is attributed to the same user ID, which persists in the Hotjar User ID, which is unique to that site.
_hjTLDTest	session	To determine the most generic cookie path that has to be used instead of the page hostname, Hotjar sets the _hjTLDTest cookie to store different URL substring alternatives until it fails.
_vwo_uuid_v2	1 year	This cookie is set by Visual Website Optimiser and calculates unique traffic on a website.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
hubspotutk	6 months	HubSpot sets this cookie to keep track of the visitors to the website. This cookie is passed to HubSpot on form submission and used when deduplicating contacts.

Cookie	Duration	Description
bcookie	2 years	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
bscookie	2 years	LinkedIn sets this cookie to store performed actions on the website.
lang	session	LinkedIn sets this cookie to remember a user's language setting.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.
yt-player-headers-readable	never	The yt-player-headers-readable cookie is used by YouTube to store user preferences related to video playback and interface, enhancing the user's viewing experience.
yt-remote-cast-available	session	The yt-remote-cast-available cookie is used to store the user's preferences regarding whether casting is available on their YouTube video player.
yt-remote-cast-installed	session	The yt-remote-cast-installed cookie is used to store the user's video player preferences using embedded YouTube video.
yt-remote-fast-check-period	session	The yt-remote-fast-check-period cookie is used by YouTube to store the user's video player preferences for embedded YouTube videos.
yt-remote-session-app	session	The yt-remote-session-app cookie is used by YouTube to store user preferences and information about the interface of the embedded YouTube video player.
yt-remote-session-name	session	The yt-remote-session-name cookie is used by YouTube to store the user's video player preferences using embedded YouTube video.
ytidb::LAST_RESULT_ENTRY_KEY	never	The cookie ytidb::LAST_RESULT_ENTRY_KEY is used by YouTube to store the last search result entry that was clicked by the user. This information is used to improve the user experience by providing more relevant search results in the future.

Cookie	Duration	Description
_cfuvid	session	Description is currently not available.
AnalyticsSyncHistory	1 month	No description
li_gc	2 years	No description