At Creative EC we take privacy matters very seriously and we’re committed to protecting your personal data by complying with relevant data protection legislation. The purpose of this Privacy Notice is therefore to make it easier for you to understand how we use and protect your personal data. We encourage you to read each section of this Privacy Notice thoroughly.
Personal data is any data that can identify you either on its own or used with other data. Processing personal data involves any activity to do with that data, for example, collection, storage, editing and deletion.
This Privacy Notice will help you understand your privacy rights, how and why we need to process your personal data, and how you can get in touch with us if you need to.
If we make any significant changes impacting your privacy, we’ll make this clear on this website. Please remember to check from time to time.
Who are we?
We are Creative EC Limited, registered in England & Wales, with company number 11236074 and with registered office at 57 Southwark Street, London, England, SE1 1RU.
We have created Waterfall, an innovative solution that empowers water companies and consumers to better understand water usage.
Creative EC Limited is the “controller” of your personal data. This is a legal term – which means we are responsible for your personal data and determining how it is used. In this Privacy Notice, Creative EC Limited is collectively referred to as “Creative EC”, “we”, “us” or “our”.
If you have any questions about this Privacy Notice, please contact us using the details set out below.
- Name of Data Protection Officer: Rachael Haywood
- Email address: email@example.com
- Postal address: The Techno Centre, Coventry University Technology Park, Puma Way, Coventry, CV1 2TT
- Telephone: +44 (0)2076 822 820
This Privacy Notice sets out the basis on which we may use your personal data in connection with and/or for the purposes of our operations, this includes use of our websites www.creative-ec.com, www.waterfallbeyondsmart.com and https://waterfallmdm.com (each a “Website” and together the “Websites”).
This Privacy Notice does not apply to your use of our Waterfall mobile application (the “App”). If you download our App a separate privacy notice will be made available to you.
This Privacy Notice also does not apply to personal data collected in the recruitment process, or to employee personal data, for which separate privacy policies are made available as appropriate.
What type of data do we process?
- Personal data – information that can be used to identify an individual directly on its own or in combination with other information such as a name, business or personal email address or online identifier.
- Anonymised data – information in a form that does not identify individuals. Personal data, once it is anonymised, is no longer personal data.
- Aggregated data – statistical data about several individuals that has been combined to show general trends or values without identifying individuals within the data.
We do not collect any special category data about you. This is personal data revealing racial or ethnic origin, religious or philosophical beliefs, health data, biometric data or other types of sensitive data. Nor do we collect any information about criminal convictions and offences.
How do we collect your personal data?
In most cases, we’ll collect this information directly from you, for example:
- If you fill in a “get in touch” form on any of our Websites
- If you report a problem with one of our Websites
- If you log-in to any of our Websites
- If you contact us by telephone, post, e-mail or any other means, including information we receive when you (as a client or prospective client) contact us to submit a request for proposals or request for information or if we receive information from face-to-face meetings, networking events or exchanged business cards
- If you complete surveys we use for research purposes (although you are not obliged to respond to them)
- If you enter a competition or promotion
- If you otherwise use our services.
We may receive personal information about you from other sources. This is information we receive about you as set out below:
- If you get in touch via the group website (https://www.creative-group.tech) that is operated by our affiliate, Creative Network Consulting Limited
- If we purchase or license your professional details from a third-party provider for direct marketing purposes
- If we receive your name and address from your water company in order to deliver you a Waterfall smart meter device
- If we receive your name and email address from a water company where such water company is your employer and has signed up for our services. This will be the case where we need to send you a password in order to access https://waterfallmdm.com.
Cookies and Google analytics
We use Google Analytics to analyse user activity on some of our Websites in order to improve such Websites. We can use such analysis to gain insights about how to improve the functionality and experience of the website. The information is anonymous; we can’t and won’t contact you unless you specifically enter your contact information into the “get in touch” form on our website. The cookies used to provide this analysis calculate visitor, session and campaign data and also keeps track of site usage for the site’s analytics reports.
If you don’t want to be tracked while using our Websites (or other websites) then Google provide a tool to allow you to opt-out: https://tools.google.com/dlpage/gaoptout.
How do we use your personal data?
We’re required by law to always have a permitted reason or justification (called a “lawful basis”) for processing your personal data.
Depending on the processing activity, we may use one or more of the following lawful bases for processing your data:
- You have consented for us to do so for a specific purpose.
- Where we need to perform a contract we are about to enter or have entered with you.
- It satisfies a legitimate interest (which is not overridden by your data protection interests), such as responding to your query through the “get in touch” form on our Website, ensuring network and information security, protecting our legal rights and interests, research and development and marketing and promotion.
- Where processing is needed to comply with our legal obligations.
How do we keep your personal data safe?
We take suitable technical and organisational methods to prevent the unauthorised or unlawful processing of personal data and the accidental or unlawful loss, alteration or destruction of, or unauthorised, disclosure of or access or damage to, personal data.
Your personal data is held in secure systems with controlled access and subject to cyber security measures. All information you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password that enables you to access certain parts of our sites, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Once we have received your information, we will use strict procedures and security features to try to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator when we are legally required to do so.
How long do we keep your information?
Under the Data Protection Legislation, any personal data must not be kept any longer than it is necessary for the purpose for which the personal data is processed. We will therefore retain your personal data for as long as necessary for the purposes identified in this Privacy Notice. The storage periods are determined on a case-by-case basis that depends on factors like the nature of the personal data, why it is collected and processed, relevant legal or operational needs, and any legal obligations.
Who do we share your data with?
We only share information with third parties if we have a fair and lawful basis to do so. We may share your personal data with the following parties:
- Creative EC’s affiliate – Creative Network Consulting Limited, who will provide network operation centre IT services (in relation to the Websites) as a sub processor on behalf of Creative EC.
- Third party service providers who provide IT maintenance and development services on our behalf.
- Third party service providers who provide marketing services on our behalf.
- Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance , accounting or other similar services.
- If requested, with HM Revenue & Customs, the Department for Work and Pensions, the police and/or other similar agencies. We may also share information where we are required to do so to under a legal obligation such as a court order or under statute.
- Analytics partners providing services such as Google Analytics.
- A third-party buyer or prospective buyer – in cases where we sell or negotiate to sell Creative EC, in which case personal data held by it about its clients will be one of the transferred assets. This would also be the case for any proposed or actual merger, joint venture or other type of acquisition or business combination of all or any portion of Creative EC assets, or transfer of all or a portion of Creative EC’s business to another company.
About your consent
Where we need your consent to process your data, we will clearly ask for it and will tell you why we are processing your data. If you withdraw your consent, we will stop processing your data for the purpose for which you gave consent. This does not mean that we will no longer process your data – we may still process your data if we have another purpose with a different legal basis.
If you would like to withdraw your consent – please email firstname.lastname@example.org.
We may use sub-processors based outside of the UK and European Economic Area (“EEA”) to provide software development or other IT services. We will always ensure adequate protection for the transfer of data to countries outside the EEA and outside the United Kingdom, for example by entering into EU standard contractual clauses and required additional safeguards with the recipient.
You may request more information about the safeguards that we have put in place in respect of transfers of personal data by contacting us at email@example.com.
Your data protection rights
You have certain legal rights in relation to any personal data about you which we hold. These rights are summarised below.
- Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. You can make a data subject access request at any time by contacting us using the contact details set out at page 1 of this Privacy Notice.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
- if you want us to establish the data’s accuracy;
- where our use of the data is unlawful but you do not want us to erase it;
- where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
- you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
How to complain
You have the right to lodge a complaint with the Information Commissioner’s Office regarding our use of your data or regarding our data protection practices.
Please email our Data Protection Officer first at firstname.lastname@example.org so we have a chance to address your concerns.
If we fail to resolve your issue, you can report any complaint to the Information Commissioner’s Office by contacting them at www.ico.org.uk, by writing to them at Wycliffe House Water Lane, Wilmslow, Cheshire, SK9 5AF or by phone on 0303 123 1113.