CMetrics Privacy Policy
Last Updated: 15 November 2024
Important Information and Who We Are
Welcome to CMetrics’s privacy policy. We respect your privacy and are committed to protecting your personal data. This privacy policy will inform you how we collect, use, share, and protect your personal data when you interact with us, including through our website www.c-metrics.com (the “Website”), and tell you about your privacy rights and how the law protects you.
Controller and Data Protection Officer
CMetrics Ltd (Company Number: XXXXXXX) is the controller and responsible for your personal data (collectively referred to as “CMetrics,” “we,” “us,” or “our” in this privacy policy).
We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this privacy policy and data protection matters. Our DPO can be contacted at:
- Email: dpo@c-metrics.com
- Post: Data Protection Officer, CMetrics Ltd, XXX London, Post Code, United Kingdom
Your Rights and Complaints
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). However, we appreciate the opportunity to address your concerns before you approach the ICO, so please contact us first.
Changes to the Privacy Policy
We keep our privacy policy under regular review. Historic versions can be obtained by contacting us. Material changes will be notified to you via email where possible, or through a prominent notice on our Website.
Third-party Links
Our Website includes links to third-party websites, plug-ins, and applications. Clicking on those links or enabling connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy practices.
Children’s Data
Our Website and services are not intended for children (under 16 years old), and we do not knowingly collect data relating to children. If you become aware that a child has provided us with personal data, please contact us.
1. Categories of Personal Data We Process
We collect and process the following categories of personal data:
A. Information You Provide to Us
| Category | Examples | Legal Basis for Processing |
| Identity Data | Name, title, job title, company name | Contract performance, Legitimate interests |
| Contact Data | Email address, telephone numbers, postal address | Contract performance, Legitimate interests |
| Financial Data | Bank account details, payment card information | Contract performance |
| Account Data | Username, password, account preferences | Contract performance |
| Marketing Data | Marketing preferences, survey responses | Consent, Legitimate interests |
B. Information We Collect Automatically
| Category | Examples | Legal Basis for Processing |
| Technical Data | IP address, browser type, device information | Legitimate interests |
| Usage Data | Website navigation, features used, time spent | Legitimate interests |
| Cookie Data | See our Cookie Policy for details | Consent, Legitimate interests |
C. Information We Receive from Third Parties
| Category | Examples | Legal Basis for Processing |
| Professional Data | Professional certifications, industry affiliations | Legitimate interests |
| Public Data | Information from public registers, LinkedIn profiles | Legitimate interests |
We do not collect any Special Categories of Personal Data about you (this includes details about your race, ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, health data, and biometric data).
2. How We Collect Your Personal Data
We use different methods to collect personal data, including:
A. Direct Interactions
- Account registration
- Service subscriptions
- Marketing opt-ins
- Customer support communications
- Survey responses
B. Automated Technologies
- Cookies and similar technologies
- Server logs
- Analytics tools
C. Third Parties
- Identity verification services
- Credit reference agencies
- Public databases
- Business partners
3. How We Use Your Personal Data
| Purpose | Data Categories | Legal Basis | Retention Period |
| Account Creation | Identity, Contact | Contract Performance | Duration of account + 6 years |
| Service Provision | Identity, Contact, Financial | Contract Performance | Duration of service + 6 years |
| Payment Processing | Financial, Transaction | Contract Performance | 7 years (tax requirements) |
| Marketing Communications | Identity, Contact, Marketing | Consent or Legitimate Interests | Until consent withdrawal or objection |
| Website Improvement | Technical, Usage | Legitimate Interests | 26 months |
| Security | Technical, Usage | Legal Obligation | 12 months |
| Legal Compliance | All relevant categories | Legal Obligation | As required by law |
4. International Transfers
We transfer your personal data outside the UK and European Economic Area (EEA) only when necessary and with appropriate safeguards:
Safeguards Include:
- UK International Data Transfer Agreement (IDTA)
- UK Addendum to EU Standard Contractual Clauses
- Additional technical and organizational measures
Transfer Locations and Mechanisms:
| Recipient Location | Transfer Mechanism | Additional Safeguards |
| United States | UK IDTA | Encryption, access controls |
| European Union | UK Addendum to EU SCCs | Data minimization |
| Other Countries | Case-by-case assessment | Risk assessments |
5. Data Security
We implement appropriate technical and organizational measures to protect your personal data:
Technical Measures:
- End-to-end encryption
- Multi-factor authentication
- Regular security testing
- Automated threat detection
- Regular backups
Organizational Measures:
- Staff training
- Access controls
- Security policies
- Incident response plans
- Regular audits
6. Data Retention
We retain personal data according to the following schedule:
| Data Category | Retention Period | Justification |
| Account Data | Account duration + 6 years | Legal obligations, potential claims |
| Financial Records | 7 years | Tax requirements |
| Marketing Data | Until consent withdrawal | Legitimate interests |
| Technical Data | 26 months | Analytics purposes |
| Usage Data | 12 months | Service improvement |
7. Your Legal Rights
Under data protection law, you have the following rights:
| Right | Description | How to Exercise |
| Access | Receive copy of your data | Email dpo@c-metrics.com |
| Rectification | Correct inaccurate data | Account settings or email us |
| Erasure | Delete your data | Email dpo@c-metrics.com |
| Restriction | Limit processing | Email dpo@c-metrics.com |
| Portability | Receive/transfer data | Email dpo@c-metrics.com |
| Objection | Stop processing | Email dpo@c-metrics.com |
Response Timeline:
- We respond to all requests within one calendar month
- Complex requests may take up to three months
- No fee for standard requests
- Administrative fee may apply for excessive requests
8. Marketing and Communications
Marketing Communications:
- Sent only with consent or legitimate interests
- Opt-out available in every communication
- Preference centre available in account settings
Third-party Marketing:
- Explicit consent required
- Separate opt-in for each third party
- List of third parties available on request
9. Cookie Policy
We use cookies and similar technologies to improve your experience. See our detailed Cookie Policy at www.c-metrics.com/cookie-policy for:
- Types of cookies used
- Purposes of each cookie
- Duration of storage
- How to manage preferences
10. Contact Details
For any privacy-related queries:
- DPO: dpo@c-metrics.com
- Phone: +44 (0)20 7123 4567
- Post: CMetrics Ltd, London, United Kingdom
For urgent matters:
- Emergency contact: privacy-urgent@c-metrics.com
- Response time: Within 24 hours
11. Updates to This Policy
| Version | Date | Key Changes |
| 1.0 | 15 Nov 2024 | Current version |
CMetrics Ltd is registered in England and Wales (Company Number: xxxx) Registered Office: London, Post Code, United Kingdom