The meaning of Personal Data
“Personal Data” is defined in data protection laws applicable in your country. It includes any information relating to an identified or identifiable natural person. This means any individual who can be identified directly or indirectly by reference to an identifier such as name, identification number, location data, online identifiers (for example, IP addresses – if they can be used to identify you) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Put simply, this includes data which either by itself or with other data held by us or available to us, can be used to identify you.
Important notice about international transfers
Due to the global nature of our business, your Personal Data will be stored and transferred to parties located in other countries, including outside the European Economic Area. These other countries will either have different data protection laws than your country of residence or they will not have data protection laws. They may not be deemed by the European Commission as providing adequate protection for Personal Data.
In particular, we store your Personal Data on servers in the United States of America. The US are not deemed by the European Commission to have adequate protections for Personal Data. Steps will be taken to put in place safeguards (including around security) to protect your Personal Data when it is in these other countries. This may include the use of European Model Clause contracts, where required under applicable law. You can find out what these are online at the following address: http://ec.europa.eu/justice/data-protection/international-transfers/tran.... If you have any questions or wish to be provided with a copy please contact us (details below). Please note commercially sensitive information may be removed/blanked out from copies supplied to you.
The categories of Personal Data we may collect, the purpose and the lawful basis
Personal Data collected from you include the following:
Categories of Personal Data
Application data (e.g. name, CV)
Processing of this personal data is required to enable CCI to administer the recruiting process, including the set-up of an electronic job applicant HR file, managing your application, organizing interviews.
Processing is necessary for us to entering into a contract with you.
Contact information (e.g. full name, postal address, e-mail address, employer/business and professional information, job titles, telephone and fax numbers)
Managing and responding to your queries.
Performance of contract and legitimate interests - it’s important that we can respond to your enquiries.
Browsing information (IP address, browser information)
Monitoring and producing statistical information regarding the use of our platforms, and analysing and improving their functionality.
Legitimate interests - we need to perform this limited routine monitoring to make sure our website work properly, to diagnose any problems with our server and administer our Site
Establishing and enforcing our legal rights and obligations and monitoring to identify and record fraudulent activity
Complying with instructions from law enforcement agencies, any court or otherwise as required by law
For our general record-keeping and customer relationship management
Managing the proposed sale, restructuring or merging of any or all part(s) of our business, including to respond to queries from the prospective buyer or merging organisation
Resolving any complaints from or disputes with you
Legitimate interes (see column on left)
In summary, we need certain categories of Personal Data because that is necessary in order to administer any contract with you (where relevant). Certain other Personal Data is processed for our legitimate interests in cases where this does not result in prejudice to you.
Data anonymisation and use of aggregated information
We may convert your Personal Data into statistical or aggregated data in such a way as to ensure that you are not identified or identifiable from that data. We may use this aggregated data to conduct market research and analysis, including to produce statistical research and reports. For example, we may produce reports on which of our product offerings attract the fewest or the highest number of enquiries from brokers and intermediaries and other persons visiting our Site.
In particular, we may use technology to collect anonymous information about the use of this Site. For example:
we use technology to track which pages of our Site visitors view. We also use technology to determine which web browsers our visitors use. This technology does not identify you personally, it simply enables us to compile statistics about our visitors and their use of our Site.
certain pages of this Site may contain hyperlinks to other pages of it. We may use technology to track how often these links are used and which pages on our Site our visitors choose to view. Again this technology does not identify you personally — it simply enables us to compile statistics about the use of these hyperlinks.
We use this anonymous data to improve the content and functionality of this Site and consider areas and subjects which are attracting interest so that we can focus our e-mail updates (for those that wish to receive such communications). This allows us to better understand our Site visitors’ interest areas generally and therefore to improve our Site and products and services we offer.
You can disable cookies using your Internet browser settings. Please consult your browser's help function for information on how to disable cookies. Note that if you disable cookies, certain features of our Site may not function properly.
Disclosure of your Personal Data to third parties
We may disclose your Personal Data to third parties, including but not limited to as follows:
to third parties who supply services to us and who help us and our group of companies to operate our business. For example, sometimes a third party may have access to your Personal Data in order to support our information technology or to handle mailings on our behalf. The same applies to our recuiting platform iCims;
to our legal and other professional advisers;
as necessary in order to comply with a legal requirement (including, where appropriate, any imposed on our group companies in the United States), for the administration of justice, to protect vital interests, to protect the security or integrity of our databases or this Site, to take precautions against legal liability;
to regulatory authorities, courts and governmental agencies to comply with legal orders, legal or regulatory requirements and government requests; and
Security of Personal Data
We endeavour to use appropriate technical and physical security measures to protect Personal Data which is transmitted, stored or otherwise processed by us, from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access, in connection with our Site. These measures include computer safeguards and secured files and facilities. Our service providers are also selected carefully and required to use appropriate protective measures. In certain areas, CCI uses industry-standard SSL-encryption to protect data transmissions. Most current browsers support the level of security needed to use these areas.
In particular, we endeavour to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including as appropriate: (a) pseudonymisation (such as where data is separated from direct identifiers so that linkage to an identity is not possible without additional information that is held separately) and encryption, (b) ensuring the ongoing confidentiality, integrity, availability and resilience of systems and services used to process your Personal Data, (c) ensuring the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; and (d) ensuring a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational security measures.
Retention period or criteria used to determine the retention period
We keep your Personal Data for as long as it is necessary to do so to fulfil the purposes for which it was collected as described above.
The criteria we use to determine data retention periods for Personal Data includes the following: (i) Retention in case of queries. We will retain it for a reasonable period after the relationship between us has ceased (up to 6 months) in case of queries from you; (ii) Retention in case of claims. We will retain it for the period in which you might legally bring claims against us (in Germany this means we will retain it for 10 years) if and to the extent we have entered into any contract with you; (iii) Retention in accordance with legal and regulatory requirements. We will consider whether we need to retain it after the period described in (ii) because of a legal or regulatory requirement.
If your application for employment is successful and you commence employment with CCI, your Personal Data will be transferred to your personnel file and will be processed for employment purposes. If your application for employment is not successful, we will keep your Personal Data for a period of 6 months upon notification that your application was not successful.
If you would like further information about our data retention practices please contact us (see “Contact Us” below).
Your rights under data privacy laws
You have various rights under data privacy laws in your country. These may include (as relevant): the right to request access to the Personal Data we hold about you; the right to rectification including to require us to correct inaccurate Personal Data; the right to request restriction of processing concerning you or to object to processing of your Personal Data, the right to request the erasure of your Personal Data where it is no longer necessary for us to retain it; the right to data portability including to obtain Personal Data in a commonly used machine readable format in certain circumstances such as where our processing of it is based on a consent; the right object to automated decision making including profiling (if any) that has a legal or significant effect on you as an individual; and the right to withdraw your consent to any processing for which you have previously given that consent. Please be aware that some of these rights will only become relevant when changes to data privacy laws come into force in May 2018. You can also lodge a complaint with a supervisory authority.
Please see “Contact Us” if you wish to exercise any of these rights (as relevant).
Links to Other Websites
If you wish to exercise your data protection rights against us please e-mail firstname.lastname@example.org.
Be sure to include your email address and telephone number with your correspondence.
Alternatively, write to
2200 Atlantic Street, Suite # 800
Stamford, CT 06902-6834
Our legal representative in the EU is Castleton Commodities UK Limited, 20 Fenchurch Street, 34th floor, London EC3M 3BY, +44 (0)20 3321 1300
Last updated: May 2018