Last updated 29 November 2022

Learn how Cecil treats personal data in line with the GDPR when we provide our products and services to you.

For our standard privacy policy, please click here.

1. Overview
Welcome to Cecil! We value the trust you place in us when providing us with your Personal Data, and we aim to protect your data to the highest of standards as we provide our products and services to you. This Privacy Policy was last updated on 29 November 2022.

2. Scope of this policy
This Privacy Policy describes how we process the Personal Data of our customers and end-users (“you” or “your”) when you use our Services or engage with us in any way. It also describes your data protection rights, including your right to object to some of the processing activities which we carry out.

This policy applies to all Personal Data that we collect, use, or disclose when providing our websites, platforms, apps, products, and services owned or operated by us, including in relation to the following:
- our websites: cecil.earth; app.cecil.earth (”Cecil Platform”), and any other Cecil websites on which this Privacy Policy appears ("Sites");
- offline communications such as phone calls or site visits (“Offline Communications”); and
- our social media, online products, tools, and services, (together, the “Services”)

This Privacy Policy applies when you, as our corporate customer or prospective corporate customer, or as a user of our Services, are located in the European Economic Area (“EEA”) or the United Kingdom (UK).

We take the protection of your privacy very seriously. We therefore treat your Personal Data in confidence and with the utmost care, and in compliance with the applicable EU and UK data protection laws.

We may also provide you with additional information when we collect Personal Data where we feel it would be helpful to provide relevant and timely information.

This Privacy Policy describes our independent privacy and data processing practices as a data controller.

3. Who are we?
In this policy, “Cecil”, “we”, “us” or “our” means Cecil Earth Pty Ltd and its affiliates.

4. What is personal data
The EU and UK data protection laws define Personal Data as any information relating to an identified or identifiable natural person, i.e. one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (“Personal Data”).

Special Categories of Personal Data include data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, or data concerning a natural person’s sex life or sexual orientation (“Special Categories of Personal Data”).

5. What information do we collect?
The Personal Data we collect, and process will vary depending on your dealings with us and the Services we provide to you.

We may also collect, and process Special Categories of Personal Data with your explicit consent when providing our Services to you, which includes Special Categories of Personal Data submitted by you, or on your behalf, through our platforms and apps.

a) Information we collect when you use our Services
We collect the information you provide to us when you do things such as sign up for, and use our Services, or update your user profile, which may include:
- individual or business account information including name, date of birth and age, details regarding gender, profile photo, organisation details including company or business name, and other related information regarding your business and/or employees that can be used to identify an individual;
- contact information including residential and/or postal address, email address, telephone number, and social media handles; and
- billing information including payment details such as banking, or debit/credit card details

b) Information we collect from your other interactions with us
We collect information when you interact with us, such as when you use our websites, communicate with us via email, telephone, social media or chatbots, make enquiries regarding demos, or when we collect feedback from you on the Services we provide. The information we may collect in these circumstances include individual or business name, address, email, phone number, company/employer, job function, team size, the date, time, and reason for contacting us, survey and research responses, social media information, and call recordings.

c) Information that we automatically collect from you
We automatically collect usage information when you browse our websites or use our Services to improve our Services and enhance your user experience. This information includes digital interactions data, i.e., how you use our digital properties (including our websites, third-party websites, social media sites, apps and electronic communications), metadata (collected on an anonymous basis), consumer analytic data (collected on an anonymous basis but which can be attributed to you based on other information we have about you), log file information, information about the type of device and operating system used by you, location information, computer IP addresses, and marketing and cookie preferences, including any consent you have given us.

6. How and why do we use this information?
We must have a legal basis to process your Personal Data and we explain these legal bases below. We also explain the purposes for which we process your Personal Data, the processing operations that we carry out, and the categories of data that we use for each purpose.

Legal Basis
a) Contractual performance – we have obligations under our contract with you. To fulfil those obligations, we will have to use your data.

b) Consent – in certain cases, we ask for your consent to use your data. Whenever we ask for your consent, we will explain the situations where we use your data, and the purposes for which the data will be used.

c) Legitimate interest – we can process your data when this is necessary for us to achieve a business purpose, or where this is necessary for someone else to achieve their purpose. We explain below what interests we, or others, are trying to achieve when we process your data. Where we process Personal Data on the basis of a legitimate interest, then – as required by data protection law – we have carried out a balancing test to document our interests, to consider what the impact of the processing will be on individuals, and to determine whether individuals’ interests outweigh our interests in the processing activity taking place.

d) Legal obligation – as an organisation, we are obliged to comply with the legal, regulatory, and other requirements under EU, EU Member State or UK laws. In certain cases, we will have to use your data to meet these obligations.

Purposes
We may process your data for different purposes. We may also provide you with notices that further specify the purposes for some of the processing described below, and on the rare occasions when we need to ask for your consent, we will only do so at the time we collect your Personal Data.

a) Provision of Services and administration of our contract with you (Contractual Performance or Consent)
We use your Personal Data to administer aspects of our relationship with you so we can fulfil the obligations we have in the contract between you and us or based on your explicit consent. We process your information:
- to fulfil a contract, or take steps linked to contractual obligations;
- to provide our Services, including ancillary Services such as customer support;
- to take payment for Services (where applicable); or
- to send you service, technical and other administrative emails, messages, and other types of communications relating to our Services.

To do this, we use your information related to our contract, such as your individual or business account information, billing information such as bank details, and information about your use of our Services.

To the extent we process Special Categories of Personal Data as a part of our Services, we will rely on your explicit consent where required by law.

b) Our business purposes (Legitimate Interests)
We have an interest in maintaining, developing, and protecting our business interests and legal rights. We process your information:
- to ensure our Services are working as intended, such as tracking outages or troubleshooting issues that you report to us, to make improvements to our Services, and to help us develop new products and services;
- to ensure your experience with our Services is personalised and customised, and to tailor our communications and marketing to you;
- we use data for analytics and measurement to understand how our Services are used. For example, we analyse data about your use of our Services to do things like optimise product design;
- to conduct surveys and other market research to ensure our Services are relevant to your needs;
- to investigate any complaints by or about you;
- to investigate any suspected breach of any of our terms and conditions or unlawful activity engaged in by you;
- to investigate, raise or defend ourselves from legal claims;
- to comply with our compliance, regulatory, auditing, investigative and disciplinary obligations (including disclosure of such information in connection with legal process or litigation) and other ethics and compliance reporting requirements;
- to protect the security of our premises, assets, systems, and intellectual property, and to enforce company policies, including monitoring communications as permitted by law, to verify your identity and enable us to monitor suspicious or fraudulent activity; or
- where our business interests involve undertaking mergers, acquisitions, reorganisations, or disposals, as permitted/required in accordance with applicable law.

To do this, we use your information related to our contract, such as your individual or business account information, billing information such as bank details, and information about your use of our Services.

c) Marketing communication and preferences (Consent)
We send you marketing communications via email or SMS when you provide us with consent by using your contact details and information provided through your use of the Services.

d) Compliance with law (Legal Obligation)
We analyse and sometimes transmit your data where necessary to comply with a legal obligation.
Those legal obligations, and the processing operations they require us to undertake, are:
- Tax laws and similar obligations (these include tax laws and obligations that apply to us in each of the jurisdictions in which we operate). These require us to undertake tax and national insurance reporting, filing and withholding; and
- Anti-money laundering laws and similar obligations (these include anti-money laundering laws and obligations that apply to us in each of the jurisdictions in which we operate). These require us to undertake specific action to prevent money laundering as part of or in relation to the use of our Services.

Sometimes it is also necessary for us to comply with requirements to respond to court orders, subpoenas, or other legal processes.

In these circumstances we use your personal identification information, contractual relationship information and, in some circumstances, information about your use of the Services.

7. How we share your Personal Data?
a) Sharing of information when providing our Services
We may share your Personal Data with our affiliates and with other third parties from time to time for the purposes and means described in this Privacy Policy. In delivering our Services, we may disclose your information to:
- members and personnel of the Cecil group – we may share your information between our departments or business functions, including with our employees, affiliates, and contractors for the purposes of the delivery and operation of our Services, and fulfilling requests by you, and we may share your information with our affiliates for the purposes of the delivery of their services to you where you have subscribed to their services, or where they integrate with us to provide our Services;
- legal and regulatory authorities – we may share your information with government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if required for the legal protection of our legitimate interests in compliance with applicable laws;
- parties involved in a business sale – in the event that we undergo any reorganisation, restructuring, merger, sale, or other transfer of assets your information will be disclosed to our advisers and any prospective purchaser’s adviser and will be passed to any new owners of the business;
- business partners – we may share your data with our existing or potential agents, business partners or joint venture entities or partners to enable us to perform our business activities in relation to your services; and
- your organisation – we may share your information with your employer and other personnel (where it is necessary and reasonable) in your organisation, if you use our Services in connection with your employment and your employer has established an account on your behalf.

b) Sharing your information with third parties
We may disclose your Personal Data to specific third-party service providers who facilitate the delivery of our Services and operation of our business activities. We disclose your Personal Data to such third parties as doing so may be necessary to adequately provide our Services to you, or to assist us in analysing how our Services are used and ensure they are provided to you at the highest quality. These third parties are given access to your Personal Data only to perform these tasks on our behalf or for our benefit and are required not to disclose or use it for any other purpose.Such third parties include providers of hosting services and technical infrastructure (e.g., Amazon Web Services), maintenance services, CRM services, customer support services, and marketing services.

c) Sharing your information with overseas recipients
In connection with the purposes identified in this Privacy Policy, and the Services described, your Personal Data may be transferred outside the EEA or the UK, including to Cecil team members and affiliates based in Australia and the US, and to third-party service providers located globally, where it is deemed reasonably necessary for us to make such transfer.

If your Personal Data is transferred outside the EEA or the UK, we ensure that such transfer is compliant with the relevant requirements.

8. What rights do you have?
You have the right to ask us for a copy of your Personal Data to correct, delete or restrict processing of your Personal Data, and to obtain the Personal Data you provide to us on a contractual basis or with your consent, in a structured, machine-readable format.

You can also correct and delete some Personal Data through your account provided by our Services. Where your Personal Data has been added to your account by your employer, you can ask your employer to correct or delete your Personal Data on your behalf. Your employer will then request us to correct or delete the Personal Data from our systems.

In addition, you can object to the processing of your Personal Data in some circumstances, i.e., when we process your Personal Data based on our legitimate interests or where we are using the data for direct marketing.

These rights may be limited, for example, if fulfilling your request would reveal Personal Data about another person, or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping. We will inform you of relevant exemptions we rely upon when responding to any request you make.

To exercise any of these rights, including obtaining a copy of your legitimate interest balancing test, you can get in touch with us using the details set out below. If you have unresolved concerns, you have the right to complain to a data protection authority where you live, work or where you believe a breach may have occurred.

For the provision of information marked as mandatory when you register to use our Service, if such information is not provided, then you will not be able to use our Services. All other provision of your information is optional. If you do not provide such information, our provision of certain Services to you may be detracted from.

Where we rely on your consent, you will always be able to withdraw that consent at any time.If you ask to withdraw your consent to our processing your data, this will not affect any processing which has already taken place.

Direct marketing communications
In some cases, we may send you direct marketing based on our legitimate interests or where you have provided us with explicit consent.

You have an absolute right to opt out of direct marketing at any time. You can do this by following the instructions in the communication within the electronic message we send to you, or by contacting us via email at hello@cecil.earth.

We may still send you important notices relating to your account, operational activities, and technical updates, even after you have opted out of receiving marketing communications.

9. How long will you retain my data?
We store data for as long as necessary to provide our Services. This is a case-by-case determination that depends on things such as the nature of the data, why it is collected and processed, and relevant legal or operational retention needs. You can delete some Personal Data whenever you like, some data is deleted automatically, and some data we retain for longer periods of time. For example:
- We keep account information for as long as your subscription or agreement continues or for as long as it is necessary to deliver our Services.
- We will keep a record of the fact that you have asked us not to send you direct marketing, so that we can respect your request in future. If you unsubscribe from receiving direct marketing, then we will remove your details from our direct marketing mailing list.
- We will keep the usage information and analytics data relating to your use of the Services to understand how people use our Services. We will do this through the use of cookies and tracking technologies to provide us with user analytics data to improve our Services and enhance your user experience.

Sometimes business and legal requirements oblige us to retain certain information, for specific purposes, and for an extended period of time. Reasons we might retain some data for longer periods of time include security, fraud prevention, financial record-keeping, complying with legal or regulatory requirements, ensuring the continuity of our Services, and when you have had direct communications with us.

10. How do I get in touch with you?
If you have any questions or concerns about how we process your data, please contact us via email at hello@cecil.earth.

11. Changes to our Privacy Policy
We reserve the right to change this Privacy Policy from time to time to reflect changes in the laws or regulations, our information practices, our Services, or our operational requirements. We encourage you to periodically review this page to see any changes we have made. In the event that we make any significant changes in terms of data processing operations or any other change that may be relevant to you or may impact you, we will additionally notify you via email or notifications on our Services.