Our Data Protection Officer is Nick Hodges (firstname.lastname@example.org).
Cauldron hosts Research Platforms to enable account holders (such as scientists) to create, design, conduct and analyse psychology research experiments ('Experiments') by providing tools to host and conduct tasks in a self-service capacity (collectively, the 'Services') on a Research Platform.
If you want to register an account with us you will need to provide us with some additional personal information so that we can ensure the information provided to you is relevant and to be certain that we are placing any new information you create as a user of the Site and the Research Platform in the appropriate category. If you do choose to create and account or otherwise to provide us with your personal information, we will collect that information for our own use and for the purposes described in this Policy.
What type of personal information does Cauldron collect?
The personal information we collect from you, including where you choose to provide personal details to us, and where we obtain information about you, will include the following data which we require in order to provide our Services and to communicate with you:
- your full name;
- your e-mail address and any password;
- your address and contact details;
- your credit or debit card details if you decide to purchase the Services;
Where you fail to provide this data, or other data requested that we need to collect by law, or under the terms of another contract we have with you, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our Services). In this case, we may have to cancel a service you have with us, but we will notify you if this is the case at the time. The other personal information we may collect from or about you, includes:
- Your university and department;
- information you voluntarily submit to us (including through the Site) from time to time as part of user generated content (or through other means);
- Details of visits to our Site (which enable our Site to remember information about you and your preferences) and use of our Site. This may include:
- Usage data, such as the URLs of pages visited and the times and dates of those visits
- Error data, such as the URLs and contextual information for any errors encountered while using the Site
- Referral data, such as the site that referred you to the Site and the site that we referred you to
- Technical data, such as the browser you use to access the Site, the device and operating system that you use, and your time zone
- Any information necessary for legal compliance
The information above will be collected primarily from you as information voluntarily provided by you to us, but we may also collect it where lawful to do so from (and combine it with information from) public sources, your university, employer, third party service providers, individuals who you have indicated have agreed for you to provide their personal information, government, tax or law enforcement agencies and other third parties. We may also collect personal information about you from your use of other Cauldron websites or services.
On what basis can we process your information?
The legal grounds for processing your personal data are as follows:
- It is necessary that we collect your data for the performance of a contract to which you are a party, or to take steps prior to entering into a contract with you, in order for us to provide you with our Services.
- Where you have provided explicit consent to the processing of your personal data for one or more specific purposes, namely:
- to receive electronic marketing by us and/or by third parties,
- to process special category data where relevant.
- You do not need to provide us with marketing consent in order to receive our Services.
- It is necessary for the purposes of our legitimate interests, except where our interests are overridden by the interests, rights or freedoms of affected individuals (such as you). To determine this we shall consider a number of factors, such as what you were told at the time you provided your data, what your expectations are about the processing of the data, the nature of the data, and the impact of the processing on you. Our legitimate interests are to improve and to promote our Services and those of others, to better understand our customers' interests and to administer the Site and the Research Platforms.
- Where processing of special category data is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with GDPR and UK data protection legislation.
- Where we need to comply with a legal obligation; or in rare circumstances:
- Where we need to protect your interests (or someone else's interests); and/or
- Where it is needed in the public interest or for official purposes.
How does Cauldron use information about you?
Cauldron uses information about you for the following purposes:
- In order to provide you with our Services;
- to respond and/or deal with your request or enquiry;
- to administer the Site and the Research Platforms;
- to administer the Services, including support and consultancy services;
- for internal record keeping, including:
- Financial transactions (for tax and accounting purposes)
- Subscription usage (for billing)
- Data ownership (to denote which account holder is the owner of which project)
- Feature usage and server load (to denote which features are popular or need changing, and to ensure adequate server provision)
- to contact you by e-mail or phone for any of the above reasons;
- to provide you with information at your request, or as a result of searches undertaken using the Site;
- where necessary as part of any restructuring of Cauldron or sale of Cauldron's business or assets; and
- for compliance with legal, regulatory and other good governance obligations.
This list is not intended to be exhaustive and may be updated from time to time as business needs and legal requirements dictate.
Cauldron may also convert personal information into anonymous data and use it (normally on an aggregated statistical basis) for research and analysis to monitor and improve Site performance and/or for promotional purposes.
How long we keep your data for
We will keep your details on record for so long as you have a registered account with Cauldron. If you would like to close your registered account, you can do so via the Site or by contacting us. When you close your account:
- Subscription usage and financial records are kept as part of our usage records
- Identifying information about you (name, email address) is deleted from your account, and your account data is pseudonymised to form part of our aggregated statistics
Does Cauldron share personal information with third parties?
Your personal information will only be made available for the purposes mentioned above (or as otherwise notified to you from time to time including in this Policy) to our staff who properly need to know these details for their functions within Cauldron.
Your personal information may also be made available to third parties (within or outside Cauldron) providing us with relevant services on our behalf, such as your university, auditors and compliance managers and IT hosting and IT maintenance providers. These companies will only have access to or use your information where necessary to perform their functions on our behalf. A list of research platforms and organisations is available here.
Will your personal information be transferred abroad?
Whilst we hold your data on secure servers within the European Economic Area ('EEA') certain transfers of personal information to third party recipients take place, as explained above. Please be aware that such recipients of your personal information (as set out in this notice), may not be located within the EEA but instead located in countries which do not have equivalent protection for personal information to that within the EEA. Where we transfer your information outside the EEA we will either undertake an assessment of the level of protection in light of the circumstances surrounding the transfer or:
- Only transfer it to a non-EEA country with privacy laws that give the same protection as the EEA; or
- Ensure we have an agreement in place with the recipient under which they are under a duty to protect your data to the same standards as those in place in the EEA; or
- Transfer it to US organisations that are signed up to the EU-US Privacy Shield scheme; or
- We will make sure that any transfers are not repetitive and only limited to the minimum amount of information possible. In certain circumstances we may need to seek your consent unless there is an overriding legal need to transfer the information; and
- In all cases where your information is transferred outside the EEA, you have a right to contact us for information on the measures we have put in place. Those current measures in place are here
What safeguards are in place to protect your personal information?
While we take efforts to safeguard your personal information which are consistent with relevant laws, the nature of the internet is such that we cannot guarantee absolutely the security of any personal information you disclose online.
How you can access and update your personal information
You can find out if Cauldron hold any personal information by making a 'subject access request', normally free of charge, under data protection legislation. If we do hold information about you, we will let you have a copy of that information unless a legal exception applies, in which case we will inform you of this at the time. You also have the right to request that information we hold about you which may be incorrect, incomplete, or which has been changed since you first told us, is updated or removed. To make a request to exercise either of these rights, please email your request to email@example.com
How you can request erasure of your data
You can ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
How you can withdraw your consent
You have the right at any time to withdraw any consent you have given us to process your personal data. Please note if you withdraw your consent it will not affect the lawfulness of any processing of your personal data we have carried out before you withdrew your consent. Should you wish to do so you can change your consent preferences at any time on your Account page or by contacting firstname.lastname@example.org
How you can restrict or object to us using your data
You can ask us to suspend the way in which we are using your information in certain scenarios, or object to our processing your data where we are relying on a legitimate interest ground (or those of a third party) and you feel it impacts on your fundamental rights and freedoms, or where we are processing your personal data for direct marketing purposes or profiling your data. In some cases where you object, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Please note that if you want us to restrict or stop processing your data this may impact on our ability to provide our Services. Depending on the extent of your request we may be unable to continue providing you with our service.
Any queries or concerns about the way in which your data is being used can be sent to email@example.com
Moving your information to another organisation
In the event that we process your data by automated means where you have either provided us with consent for us to use your information or where we used the information to perform a contract with you, you have the right to request that we send to you or to another organisation, an electronic copy of the personal data we hold about you, for example when you are dealing with a different service provider. If you would like us to move, copy, or transfer your information please let us know by email to firstname.lastname@example.org. We will respond to you within one month after assessing whether or not this is possible, taking into account the technical compatibility with the other organisation in question.
Automated decision making and Profiling
We do not use your information for automated decision making or profiling that has legal or similarly significant effects on you.
Changes to this Policy
We keep this Policy under regular review. We may change this Policy from time to time by updating this page in order to reflect changes in the law and/or our privacy practices. The date at the top of this Policy will be updated accordingly.
We encourage you to check the date of this Policy when you visit the Site for any updates or changes. We will notify you of any modified versions of this Policy that might materially affect the way we use or disclose your personal information.
This Policy only extends to the Site and does not, therefore, extend to your use of, provision of data to and/or collection of data on any website not connected to us to which you may link by using the hypertext links within this website.
If you have any questions about this Policy, please contact us at email@example.com
Complaints about the use of your personal data
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the UK data protection regulator, the Information Commissioner's Office. Further details can be found at www.ico.org.uk or 0303 123 1113.