Privacy Notice

Issued with effect from 16th October 2018

PLEASE READ THIS PRIVACY NOTICE CAREFULLY. IF YOU DO NOT AGREE TO THIS PRIVACY NOTICE, YOU SHOULD NOT ACCESS OUR WEBSITE OR SUBMIT ANY PERSONAL DATA TO CDT BY ANY OTHER MEANS.

Introduction

We at CDT are responsible for the security, integrity and confidentiality of all Personal Data that we process and have an obligation under Data Protection Laws to keep that Personal Data safe and secure and to respond promptly and appropriately to any actual or suspected breach of the Data Protection Laws. We are committed to protecting the privacy and security needs of all visitors to our website, our valued business and collaboration partners and our employees.

This Privacy Notice (together with CDT’s Website Terms of Use, Cookies Policy and any other documents referred to in them) set out the basis on which we use any Personal Data that we collect about you or that you or others provide to us.

This Privacy Notice applies to Personal Data which we collect when you use our website (www.cdtltd.co.uk) or otherwise interact with us via any other media such as written or email communications.

For information regarding the basis on which we use any Personal Data that we collect about job applicants or that you or others provide to us in respect of a job application, please refer to CDT’s Privacy Notice for Applicants. If you are applying for a job at CDT, in the event of any ambiguity or conflict between this Privacy Notice and CDT’s Privacy Notice for Applicants, CDT’s Privacy Notice for Applicants shall take precedence.

This Privacy Notice may be updated from time to time. The most recent version is available on CDT’s website. The date on which the current version was published is included at the top of the document. Please check on a regular basis whether a new version has been published as any changes will apply to your Personal Data with effect from the date of publication.

If you have any queries or need further information in respect of this Privacy Notice or any data protection matters, please email CDT Legal at dataprotection@cdtltd.co.uk.

Throughout this Privacy Notice you will see a number of terms or phrases used which have their own specific meaning. A list of these is set out below. Please familiarise yourself with these before reading through the rest of this Privacy Notice.

Useful definitions

The definitions of the key terms used in relation to data protection are as follows:

  • A “Data Controller” is an individual or organisation who decides how and why Personal Data is processed.
  • A “Data Processor” is an individual or organisation who processes Personal Data on behalf of a Data Controller.
  • Data Protection Laws” means any applicable laws and regulations from time to time relating to privacy or the use, or processing, of Personal Data including, but not limited to, the Data Protection Act 2018, the GDPR and any legislation transposing the provisions of the GDPR or broadly similar provisions into English law.
  • GDPR” means Regulation EU 2016/679 (known as “the General Data Protection Regulation”) which came into force on 25 May 2018.
  • Personal Data” is any information relating to a living, identifiable individual (a “Data Subject”) held on equipment that automatically processes it or held on a structured manual filing system including, for example, name, address, personal and/or business email address, date of birth etc.
  • Processing” has a broad definition including generating, collecting, holding, changing, managing, disclosing, transmitting or destroying.
  • Special Category Personal Data” is Personal Data that contains or reveals racial or ethnic origin, political opinions, religious and philosophical beliefs, trade union membership, genetic data, biometric data, health matters and sex life or sexual orientation.

Any reference in this Privacy Notice to a statute, statutory provision or statutory instrument is a reference to such statute, statutory provision or statutory instrument as from time to time amended, extended, re-enacted or replaced and also includes any subordinate legislation made under that statute, statutory provision or statutory instrument as amended, extended, re-enacted or replaced.

  1. About us
    1. Cambridge Display Technology Limited is a company registered in England and Wales with company number 02672530 and having its registered office at Unit 12 Cardinal Park, Cardinal Way, Godmanchester, Cambridgeshire PE29 2XG, UK. CDT is a Sumitomo Chemical Group Company. CDT is the Data Controller in respect of your Personal Data. This means that we are responsible for deciding how we hold and use Personal Data about you.
  2. What personal data we collect and how we will use it
    1. We collect Personal Data so that we can operate effectively and provide you with the best possible service. The Personal Data that we collect depends on the context of your interactions with us and with our website. It also depends on the choices that you make, for example the website functions that you use and your privacy settings. You may choose not to provide certain Personal Data but, if you do, and that Personal Data is necessary to provide a particular feature or service, you may not be able to use that feature.
    2. Regardless of how you choose to interact with us, we will only use your Personal Data where we have a valid lawful basis to do so.
    3. Please note that any unsolicited Personal Data which you disclose to CDT by way of either email or other form of electronic document will be automatically stored on CDT’s IT system and will form part of CDT’s automated archives. It is your responsibility to ensure that you only share with us those items of Personal Data which you intend to share with us.
    4. The table below summarises the Personal Data that we collect about you, explains how we intend to use it and sets out our legal basis for such use.

  3. Personal Data collected Source of Personal Data Reason for processing Lawful basis for processing
    Name, contact details, job title, areas of interest and expertise and other biographic details Collected from you through our website or through face to face contact (e.g. at conferences) or correspondence with CDT personnel. To offer or provide products and/or services to you and/or your business; or to receive products and/or services from you and/or your business; and/or to discuss future collaboration or other opportunities with CDT. To pursue our legitimate business interests and, subject to any necessary consent, to market our products and services to you.
    Name, contact details, job title, areas of interest and expertise and other biographic details including details of patents and other items of intellectual property and your contribution to our work or the work of others in relevant fields Collected from you, identified from public registers or elsewhere in the public domain, or documented in internal or collaboration work. To undertake our own R&D activities, to maintain awareness of the activities of others in the fields in which we operate and/or to discuss future collaboration or other opportunities with CDT, and/or to retain evidential records of previous interactions with you. To pursue our legitimate business interests, in particular our R&D and innovation activities, and in connection with actual or potential future legal claims.
    Device and usage data including IP addresses and device identifiers. Device event information including crash logs, hardware settings, browser type and browser language Automatically collected and stored in our server logs when you interact with our website. To improve the user experience of our website, including to offer you tailored content, to protect the security of our website. To pursue our legitimate interests, in particular to understand how our website is used, to improve the user experience of our website, and to maintain the security of our website.
    Cookies and similar technologies For further information on our use of cookies see CDT’s Cookies Policy To analyse the traffic to our website To pursue our legitimate business interests and/or, as applicable and subject to any necessary consent, to market our products and services to you.
    Name, contact details, vehicle registration details, entry and exit times, CCTV images, special needs/requests data Collected from you when visiting our premises and/or from our own systems and processes. To assist us with keeping our site secure and complying with our health and safety obligations and to assist with any accommodations or requests made of us To pursue our legitimate interests in relation to site security, to comply with legal obligations and to prevent crime
    Name, contact details, job title, areas of expertise, products and services offered, payment information, credit/other references, correspondence and associated records. Collected from you or received from relevant third parties. In order for us to enter into contracts for you or us to supply goods and/or services and/or as part of any due diligence exercise carried out by or on behalf of a potential purchaser of CDT and/or its business and/or assets. To pursue our legitimate business interests and (as applicable) to comply with our legal obligations and/or to perform our contractual obligations and/or to take steps in advance of entry into a contract.
    Personal Data associated with contracts Present on the contract documents themselves and/or associated documents (including related emails). Any purpose necessary in connection with performance of the contract and, as necessary, holding the contract and associated documents in archive. As applicable: in relation to our performance of our contractual obligations and securing the benefit(s) of any contracts to which we are party; the establishment, exercise and defence of legal claims; and in connection with our legitimate business activities.
    Special Category Personal Data including health and medical information Collected or received from you or from a relevant third party In order for us to make accommodations necessary to allow you to attend our site and/or work safely Your consent and/or to comply with our legal obligations
    Any unsolicited Personal Data disclosed to CDT by way of email or other form of electronic document Unsolicited information submitted in electronic format. Necessary as part of CDT’s automated back up process To pursue our legitimate business interests and (as applicable) to comply with our legal obligations.

    Some of the reasons for processing set out in the table above will overlap and there may be more than one legal basis for our use of your Personal Data.

  4. Change of purpose
    1. We will only use your Personal Data for the purposes for which we collected it or for another reason which is compatible with the original purpose. Please note that we may process your Personal Data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law including, pursuant to a search warrant, subpoena, or court order.
  5. Sharing your information
    1. We may share your Personal Data with selected third party service providers and other companies within our group that support us in the performance of the activities set out in the table above. This sharing of Personal Data will be with your consent where indicated. Alternatively, we may share your Personal Data with third parties where required by law or where it is necessary in order to provide you with services or where we have another legitimate interest in doing so that is not overridden by your interests and fundamental rights; for example, to protect our customers or to operate and to maintain the security or our computer systems.
    2. We may transfer your Personal Data outside the European Economic Area (EEA) including to our group companies in Japan, the USA and other jurisdictions in connection with our operations and/or as necessary for the performance of any contract that we may have with you. CDT employees may also access Personal Data from outside the EEA using our IT systems. If we do so, we will take all steps reasonably necessary to ensure that your Personal Data receives an adequate level of protection and is treated in a way that is consistent with EU and UK laws on data protection.
    3. We may also share your Personal Data with other third parties, for example with service providers (such as payment services providers, credit reference agencies, IT solution providers and any of our suppliers and sub-contractors who process data on our behalf in order to assist us with our business activities) or in the context of the possible sale or restructuring of the business. We may also need to share your Personal Data with a regulator or otherwise to comply with the law.
    4. We require all our third party service providers and all other companies within our group to take appropriate and stringent security measures to protect your Personal Data in line with our policies. We do not allow our third party service providers to use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes in accordance with our instructions.
  6. Storing your personal data
    1. CDT routinely processes and stores the Personal Data that it holds within the United Kingdom.
    2. Some of our third party service providers may host or otherwise process Personal Data on CDT’s behalf either inside or outside the EEA. In addition to the controls in relation to sharing your Personal Data (please see above), we will ensure that any such Personal Data sharing is either: (i) to a country for which the European Commission has issued an adequacy decision confirming that the country offers an appropriate level of Personal Data protection; or (ii) is otherwise subject to appropriate controls such as a Model Clauses Agreement.
    3. We will only retain your Personal Data for as long as is necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting or reporting obligations. For example, we may, for legal reasons, need to retain some of your Personal Data for 6 years after the end of our contractual relationship with you.
  7. Chilren’s information
    1. We do not knowingly collect information from children under the age of 16. If you become aware that your child or any child under your care has provided us with information without your consent please contact us at dataprotection@cdtltd.co.uk.
  8. Keeping your information secure
    1. All Personal Data that you provide to us is stored on secure servers.
    2. The transmission of Personal Data via the internet is not completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of the Personal Data transmitted to our site and you acknowledge that any transmission is at your own risk. Once we have received your Personal Data, we will use appropriate procedures and security features to try to prevent unauthorised access or inadvertent disclosure.
  9. Your rights
    1. As a Data Subject, you have the legal right to:
      1. Request access to your Personal Data (commonly known as a ‘Data Subject access request’). This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it. We will need to verify your identity before we release any Personal Data to you.
      2. Request correction or erasure of your Personal Data (unless we have the legal right to retain it). This right also applied where you have exercised your right to object to processing (see below). Please keep us advised of any changes to your Personal Data by emailing dataprotection@cdtltd.co.uk so that we can ensure that our records are up to date.
      3. Object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which entitles you to object to processing on this ground. You also have the right to object where we are processing your Personal Data for direct marketing purposes.
      4. Request the restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of Personal Data about you, for example if you want us to establish its accuracy or the reason for processing it.
      5. Request the transfer of your Personal Data to another party.
      6. Change your data processing consents and preferences at any time.
    2. You should be aware that if you ask us to stop processing your Personal Data in a certain way or to erase your Personal Data, and processing that Personal Data is necessary in order for us to provide services to you, we may be unable to continue to provide those services. Similarly, your preferences and choices in relation to our website may mean that some or all of the website functionality becomes unavailable to you. This does not affect your right to object to direct marketing, which can be exercised at any time without restriction.
    3. If you want to review, verify, correct or request erasure of your Personal Data, object to the processing of your Personal Data or request that we transfer a copy of your Personal Data to another party, please contact us at dataprotection@cdtltd.co.uk.
    4. You will not normally have to pay a fee to access your Personal Data (or to exercise any of your other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
    5. We may need to request specific information from you to help us confirm your identity and ensure your right to access the Personal Data (or to exercise any of your other rights). This is another appropriate security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it.
    6. In the limited circumstances where our collection, processing and transfer of your Personal Data is based upon consent, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us at dataprotection@cdtltd.co.uk. Once we have received notification that you have withdrawn your consent, we will no longer process your Personal Data collected on that basis, unless we have another legitimate basis for doing so in law.
  10. Your responsibilities
    1. You remain responsible for the Personal Data that you make available to us and for the consequences of the same. You must not provide Personal Data to CDT in breach of any obligations to any third party relating to privacy, confidentiality, intellectual property or trade secrets unless you have obtained the explicit written consent of that third party to share that Personal Data with CDT for the purposes described in this Privacy Notice.
  11. Other websites
    1. Our website may contain links to other websites. We are not responsible for the content, accuracy, privacy practices and performance of any such websites.
    2. This Privacy Notice only applies to this website. When you link to other websites, you should read their own privacy policies.
  12. How to contact us and complaints
    1. If for any reason you are not happy with the way that we have handled your Personal Data, please contact us at dataprotection@cdtltd.co.uk detailing your concerns, any actions you wish us take and allowing us a reasonable period in which to investigate and to respond to you. If you are still unhappy with our response, you have the right to make a make a complaint to the Information Commissioner’s Office see: https://ico.org.uk/global/contact-us/.

Privacy Notice for Applicants

THIS PRIVACY NOTICE APPLIES TO ALL INDIVIDUALS WHO SUPPLY THEIR PERSONAL DATA TO CDT IN SUPPORT OF AN APPLICATION FOR ANY TEMPORARY OR PERMANENT POST OF ANY TYPE AT CDT (WHETHER PAID OR UNPAID). PLEASE READ THIS PRIVACY NOTICE CAREFULLY. BY SUBMITTING YOUR APPLICATION, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY NOTICE. IF YOU DO NOT WISH YOUR PERSONAL DATA TO BE USED AS SET OUT IN THIS PRIVACY NOTICE, PLEASE DO NOT SUBMIT YOUR APPLICATION OR YOUR CV.

Introduction

CDT is responsible for the security, integrity and confidentiality of all Personal Data that it processes and has an obligation under Data Protection Laws to keep that Personal Data safe and secure and to respond promptly and appropriately to any actual or suspected breach of Data Protection Laws. This includes protecting the privacy and security needs of all applicants for posts at CDT. This Privacy Notice for Applicants applies to Personal Data which we collect about applicants, or that you or others provide to us in respect of an application for a post at CDT.

The purpose of this Privacy Notice for Applicants is to set out:

  • Who processes Personal Data as part of the application and recruitment process
  • What Personal Data we process in the course of that process
  • How we collect that Personal Data
  • Why we collect that Personal Data
  • How we may share that Personal Data
  • Where we may hold that Personal Data
  • How long we may keep that Personal Data
  • How you can correct and access that Personal Data
  • How we secure that Personal Data
  • Your responsibilities regarding that Personal Data
  • Changes to this Privacy Notice for Applicants
  • How you can obtain further information on this Privacy Notice for Applicants.

For information regarding the basis on which we use any Personal Data that we collect about you when you use our website (www.cdtltd.co.uk) or otherwise interact with us via any other media such as written or email communications, please refer to CDT’s Privacy Notice, a copy of which may be viewed on CDT’s website or requested from CDT’s Legal Department (dataprotection@cdtltd.co.uk), Legal Department, CDT Ltd, Unit 12 Cardinal Park, Cardinal Way, Godmanchester, Cambridgeshire, PE29 2XG, U.K.

This Privacy Notice for Applicants may be updated from time to time. The most recent version is available on CDT’s website. The date on which the current version was published is included at the top of the document. Please check on a regular basis whether a new version has been published as any changes will apply to your Personal Data with effect from the date of publication.

With respect to applicants, in the event of any ambiguity or conflict between this Privacy Notice for Applicants and CDT’s Privacy Notice, CDT’s Privacy Notice for Applicants shall take precedence.

If you have any queries or need any further information respect of this Privacy Notice or any data protection matters, please email CDT Legal at dataprotection@cdtltd.co.uk.

Throughout this Privacy Notice for Applicants you will see a number of terms or phrases used which have their own specific meaning. A list of these is set out below. Please familiarise yourself with these before reading through the rest of this Privacy Notice for Applicants.

Useful definitions

The definitions of the key terms used in relation to data protection are as follows:

  • A “Data Controller” is an individual or organisation who decides how and why Personal Data is processed.
  • A “Data Processor” is an individual or organisation who processes Personal Data on behalf of a Data Controller.
  • Data Protection Laws” means any applicable laws and regulations from time to time relating to privacy or the use, or processing, of Personal Data including, but not limited to, the Data Protection Act 2018, the GDPR and any legislation transposing the provisions of the GDPR or broadly similar provisions into English law.
  • GDPR” means Regulation EU 2016/679 (known as “the General Data Protection Regulation”) which came into force on 25 May 2018.
  • Personal Data” is any information relating to a living, identifiable individual (a “Data Subject”) held on equipment that automatically processes it or held on a structured manual filing system including, for example, name, address, personal and/or business email address, date of birth etc.
  • Processing” has a broad definition including generating, collecting, holding, changing, managing, disclosing, transmitting or destroying.
  • Special Category Personal Data” is Personal Data that contains or reveals racial or ethnic origin, political opinions, religious and philosophical beliefs, trade union membership, genetic data, biometric data, health matters and sex life or sexual orientation.

Any reference in this Privacy Notice to a statute, statutory provision or statutory instrument is a reference to such statute, statutory provision or statutory instrument as from time to time amended, extended, re-enacted or replaced and also includes any subordinate legislation made under that statute, statutory provision or statutory instrument as amended, extended, re-enacted or replaced.

  1. Who collects Personal Data?
    CDT is a Data Controller and processes certain Personal Data about you.
  2. Data Protection Laws
    CDT will comply with the Data Protection Laws when processing Personal Data.
  3. About the personal data we process
    1. What personal data is covered by this Privacy Notice?
      1. We may collect the following Personal Data up to and including the shortlisting stage of the recruitment process:
        1. your name and contact details (for example, your address, home and mobile phone numbers and email address);
        2. details of your qualifications, experience, employment history (including job titles, salary and working hours) and interests;
        3. information regarding your criminal record;
        4. details of your referees; and/or
        5. any other Personal Data that you may choose to disclose to us.
        Please note that any unsolicited Personal Data which you disclose to CDT by way of either email or other form of electronic document will be automatically stored on CDT’s IT system and will form part of CDT’s automated archives. It is your responsibility to ensure that you only share with us those items of Personal Data which you intend to share with us.
      2. We may collect the following Personal Data after the shortlisting stage, and before making a final decision to recruit:
        1. Personal Data about your previous academic and/or employment history including details of any conduct, grievance or performance issues, appraisals, time and attendance and from references obtained about you from previous employers and/or education providers;
        2. Personal Data regarding your academic and professional qualifications;
        3. Personal Data regarding your criminal record;
        4. your nationality and immigration status and Personal Data from related documents, such as your passport or other identification and immigration information; and/or
        5. a copy of your driving licence.
    2. How we collect the Personal Data
      We may collect this Personal Data from you, your referees (details of whom you will have provided) your education provider and/or from public websites.
    3. Why we collect the Personal Data and how we use it
      1. We will typically process this Personal Data for the following purposes:
        1. to take steps to enter into a contract;
        2. for compliance with a legal obligation (for example, our obligation to check that you are eligible to work in the United Kingdom); and/or
        3. for the purposes of our legitimate interests, but only if these are not overridden by your interests, rights or freedoms.
      2. We seek to ensure that our processing of Personal Data is always proportionate. We will notify you of any changes to the purposes for which we process your Personal Data.
    4. How we may share the Personal Data
      We may also need to share some of the above categories of Personal Data with other parties including relevant employees of CDT and/or its group companies, external service providers or other third parties (including professional advisers) if and to the extent required to carry out any of the purposes described above. The recipient of any such Personal Data will be bound by confidentiality obligations. We may also be required to share some Personal Data as required by law.
      We may transfer your Personal Data outside the European Economic Area (EEA) including to our group companies in Japan, the USA and other jurisdictions in connection with our operations and/or as necessary for the performance of any contract that we may have with you. CDT employees may also access Personal Data from outside the EEA using our IT systems. If we do so, we will take all steps reasonably necessary to ensure that your Personal Data receives an adequate level of protection and is treated in a way that is consistent with EU and UK laws on data protection.
    5. Special Category Personal Data and Criminal Records Information
      Special Category Personal Data includes Personal Data that reveals a Data Subject’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health and medical records, and sex life and sexual orientation. Data Protection Laws set out additional standards for processing Special Category Personal Data. We may process Special Category Personal Data (i) where we have a lawful basis for processing and (ii) where one of the special conditions for processing Special Category Personal data set out below applies:
      1. you have given your explicit consent for the processing for one or more specific purposes;
      2. processing is necessary for the purposes of exercising our employment law rights or obligations of you or CDT;
      3. processing is necessary to protect the vital interests of the Data Subject or another natural person and the Data Subject is incapable of giving consent;
      4. processing relates to Personal Data which is manifestly made public by the Data Subject;
      5. processing is necessary for the establishment, exercise or defence of legal claims;
      6. processing is necessary for the purpose of preventative or occupational health and carried out under the responsibility and obligation of professional secrecy (for example, a Data Subject’s medical records are reviewed by a registered health professional in order to assess the Data Subject’s fitness for work);
      7. processing is necessary for reasons of substantial public interest;
      8. processing is necessary to carry out our legal obligations or exercise rights in relation to your potential employment with us. We have in place an appropriate policy document and safeguards which we are required by law to maintain when processing such Personal Data; or,
      9. processing is needed in the public interest, such as for equal opportunities monitoring. We have in place policies and safeguards which we are required by law to maintain when processing such Personal Data.
    6. Where Personal Data may be Held
      Personal Data may be held at our offices and/or those of our group companies and/or third party agencies, service providers, representatives and/or agents as described above.
    7. How Long we Keep your Personal Data
      1. We will keep the Personal Data that we obtain about you during the recruitment process for no longer than is necessary for the purposes for which it is processed. How long we keep your Personal Data will depend on whether or not you are shortlisted and, if you are, whether your application is successful and you become employed by us, the nature of the Personal Data concerned, and the purposes for which it is processed.
        Our current document retention periods in respect of Personal Data collected in respect of applicants are as follows:
        Document Retention Period Reason for Retention
        Personal Data provided and or otherwise obtained including in applications forms and interview notes (for unsuccessful candidates) Up to 1 year Equality Act 2010, Limitation Act 1980, The Information Commissioner: Employment Practices Code Part 1 Recruitment and Selection
        Personal Data provided or otherwise obtained in respect of unsuccessful applicants for posts in CDT who were shortlisted (including in application forms and interview notes) where the successful applicant is a Tier 2 visa-holder. 1 year from the earlier of (i) the date of termination of employment of the successful Tier 2 visa-holding job candidate, and (ii) the date of termination/expiry of CDT’s sponsorship of the successful visa-holding job candidate. Appendix D of the UKVI / Home Office Sponsor guidance
        Right to work checks 2 years from the date on which employment ceased Immigration and Nationality Act 2006 and prevention of illegal working guidance
        Immigration records for sponsored migrants employed by CDT 1 year from the earlier of (i) the date of termination of CDT’s employment of the successful permit-holding sponsored migrant, and (ii) the date of termination/expiry of CDT’s sponsorship of the successful visa-holding sponsored migrant Appendix D of the UKVI Sponsor guidance
        Consents for processing any Personal Data For as long as the personal Data is being processed and up to 6 years afterwards Data Protection Act 2018, GDPR and Limitation Act 1980
        Other Personal Data stored on CDT’s IT systems, including any unsolicited Personal Data disclosed to CDT by way of e mail or other form of electronic document Backups are retained for 7 years and e-mails are held on Outlook for 2 years then Mimecast for 20 years before being destroyed. Limitation Act 1980, contractual commitment, CDT’s legitimate business interests
      2. If your application is successful, we will keep only those parts of that Personal Data that are necessary in relation to your employment.
    8. Your rights to correct and access Personal Data and/or to ask for it to be erased
      1. If you would like to correct, or request access to, any of the Personal Data that we hold relating to you, please contact CDT’s HR department.
      2. You have the right, in certain circumstances, to ask CDT for some, but not all, of the Personal Data that we hold and process to be erased. Please contact CDT’s HR department if you would like to submit any such request.
    9. Keeping your Personal Data secure
      1. We have put appropriate security measures in place to prevent Personal Data from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your Personal Data to those who have a genuine business need to know it. Those processing your Personal Data will do so only in an authorised manner and are subject to a duty of confidentiality.
      2. We also have procedures in place to deal with any actual or suspected personal data breach. We will notify you and any applicable regulator of an actual or suspected personal data breach where we are legally required to do so.
  4. Your Responsibilities Regarding Personal Data
    You remain responsible for the Personal Data that you make available to us and for the consequences of the same. You must not provide Personal Data to CDT in breach of any obligations to any third party relating to privacy, confidentiality, intellectual property or trade secrets unless you have obtained the explicit written consent of that third party to share that Personal Data with CDT for the purposes described in this Privacy Notice for Applicants. By including references, you confirm that you have informed the parties involved about the processing of their Personal Data in accordance with this Privacy Notice for Applicants.