Privacy Policy

About Us

Cambridge Design Partnership Ltd and its affiliates (“CDP”) is committed to protecting your privacy. We are providing this privacy notice to tell you about how we collect and process your personal data when you visit our website or engage with us as a client, prospective client, or supplier.

If you are a participant in one of our research studies and want to find out more about how we process your personal data, please visit our User Research Privacy Notice.

CDP is the data controller for the processing that we undertake that is outlined in this privacy notice. As the data controller, we are responsible for deciding how we hold and use the personal information we collect.

If you have any questions about how we process personal data or this privacy notice, would like to exercise your data protection rights, or submit a complaint about how we have handled your personal data, you can contact us using the details outlined in the ‘Contact Us’ section below.

How We Collect Your Personal Data

We may for example collect your information when you:

  • Visit our website;
  • Interact with us at events or on our social media accounts; or
  • Contact us by email, call or post.

We may also receive your information indirectly from third parties including from:

  • Someone else in your organisation;
  • Events organisers where you have given permission to collect and share your personal data; or
  • From another of our clients if you have asked to be referred.

Categories of Data

We only collect personal information that we know we will genuinely use and in accordance with the Data Protection Legislation. The type of personal information that we will collect about you includes:

  • Your name;
  • Telephone number(s);
  • Email address;
  • Your company;
  • Job title;
  • Cookies; and/or
  • IP address.

We may, in further dealings with you, extend this personal information to include your purchases, services used, and subscriptions, records of conversations and agreements and payment transactions.

You are under no statutory or contractual requirement or obligation to provide us with your personal information; however, we require at least the information above in order for us to deal with you as a prospect, client or supplier in an efficient and effective manner.

Purposes of Processing and Legal Basis

We only collect personal information about you where we have a legitimate reason for doing so. For each purpose for processing, in accordance with EU and UK law, we have identified a lawful basis for processing.

The legal basis we mainly rely on for processing personal data is legitimate interests, provided your interests and fundamental rights do not override those interests. The purposes for which we rely on this lawful basis are:

  • To contact you, following your enquiry or to reply to any questions;
  • To send B2B marketing communications to you and create lookalike audiences for advertising campaigns;
  • To deal with any customer service enquiries, reply to any suggestions, issues or complaints you have contacted us about;
  • To deal with your organisation as a prospect, including drawing up a proposal and contract and communicating with you for this purpose;
  • To fulfil the contract we have with your organisation to provide you with the agreed service;
  • To process any payment made by your organisation for the services provided;
  • To request your feedback in order to improve our service;
  • To power our security measures and services so you can safely access our website;
  • To deal with your organisation as our supplier, where applicable.

In a small number of circumstances, we will seek your consent to process your personal data:

  • To use marketing and analytics cookies on our website;
  • To send B2B marketing communications to you, where consent is required.

For more information on the essential and non-essential cookies that we use on the website, please visit our consent management platform by clicking ‘Cookie Settings’ on our cookie banner.

Sharing your information

CDP may transfer your personal data for the respective purposes to the recipients and categories of recipients listed below:

  • Our affiliates – we may share your details with our affiliates where necessary to provide our services to you;
  • Data processors/service providers – Certain third parties may receive your personal data to process such data on behalf of CDP under appropriate instructions as necessary for the respective processing purposes. The data processors will be subject to contractual obligations to implement appropriate technical and organisational security measures to safeguard the personal data, and to process the personal data only as instructed;
  • Governmental authorities, courts, external advisors, and similar third parties that are public bodies as required or permitted by applicable law.

We may share your personal data with third parties located outside of the UK and EU. Where we share your personal data with third parties located in countries that are not covered by an adequacy decision, we rely on standard contractual clauses with the UK Addendum to safeguard the transfer.

Aside from the above, we do not sell, rent or otherwise give your personal information to third parties.

Retaining your information

Your personal information will be retained in accordance with our retention policy which categorises all of the information held by CDP and specifies the appropriate retention period for each category of data. Those periods are based on the purpose for which the information is collected and used, taking into account legal and regulatory requirements to retain the information for a minimum period, limitation periods for taking legal action, good practice and CDP’s business purposes.

For information related to you and your organisation’s contract with us as a client or supplier, we generally keep information for 7 years from the end of our relationship with you. If there is a dispute or a legal action, we may need to keep this personal information longer.

For website cookies, you can find the various retention periods applicable by clicking on ‘Cookie Settings’ in our consent management platform.

Protecting your information

Data security is of great importance to CDP and to protect your data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure your collected data.

We take security measures to protect your information including:

  • Limiting access to our buildings to those that we believe are entitled to be there by use of passes and monitoring our offices with CCTV;
  • Implementing access controls to our information technology. Any access to your personal data at CDP is restricted to those individuals that have a need to know in order to fulfil their job responsibilities;
  • Utilising technical measures such as firewalls, anti-virus software, and encryption to safeguard the data we hold; and
  • Implementing organisational measures such as regular training and awareness exercises, internal information security policies, and data handling procedures to ensure our employee owners are aware of how to process personal data securely and responsibly.

Depending upon where you are located, you may have some or all of the following rights in relation to your personal information:

  • ask for access to your personal information via a ‘subject access request’;
  • ask for personal information we hold about you to be corrected;
  • ask for your personal information to be deleted. This enables you to ask us to delete or remove your personal information where there is no good reason for us continuing to process it;
  • object to the processing of your personal information where we are relying on a legitimate interest, and there is something about your particular situation which makes you want to object to processing it;
  • ask for the processing of your personal information to be restricted. This enables you to ask us to suspend the processing of personal information about you; and
  • ask for your personal information to be transferred to another company.

You can exercise any of the following rights by contacting us using the contact information outlined below.

Where we rely on consent to process your personal data, you have the right to withdraw your consent at any time. You can do this by clicking the unsubscribe button at the bottom of our marketing emails or contacting us directly.

Any requests received by CDP will be considered under applicable data protection legislation.

Contact Us

CDP values your comments and opinions. If you have any questions or concerns about this privacy notice or about how we process your personal data, or you would like to exercise your rights, you can contact us using the details below:

UK:

Cambridge Design Partnership
Bourn Quarter, Wellington Way
Caldecote, Cambridge
CB23 7FW

Email: dpoffice@cambridge-design.com

Phone: +44 (0)1223 264428 (UK)

US:

Cambridge Design Partnership
801 West Morgan Street, Suite 120
Raleigh, NC 27603

Email: dpoffice@cambridge-design.com

Phone: +1 (919) 901 0909

To help facilitate the exercising of data protection rights by data subjects located in the EU, we have appointed The DPO Centre (Europe) Ltd to act as our EU Representative. They can be contacted using the following details:

The DPO Centre (Europe) Ltd
Friedrichstrabe 88, Excellent Business Centre
Berlin 10117
Germany

Email: DPO.EURep@cambridge-design.com

Phone: +49 304 0817 3000

Where you are located in either the UK or the EU, you also have the right to complain to your local data protection authority if you are unhappy with how we have processed your personal information. For example, in the UK this is the Information Commissioner’s Office who can be contacted via this link.

Changes to this privacy notice

We keep this policy under regular review. We may change this privacy notice from time to time by updating this page in order to reflect changes in the law and/or our privacy practices.

Last updated May 2024.