Browse Catapults
Transport System Catapult - Logo Home

Privacy Policy

Connected Places Catapult is the trading name of Connected Places Catapult Limited. We focus on growing businesses with innovations in mobility services and the built environment that enables new levels of physical, digital, and social connectedness. Our company registration number is 11837978 and our registered office is 170 Midsummer Boulevard, Milton Keynes, United Kingdom, MK9 1BP.  Connected Places Catapult is registered with the Information Commissioner Office, registration number ZA773397.

This privacy policy applies to anyone who asks about, buys, or uses our services in any way (for example by email, through the website, or by telephone). We take privacy seriously and we want you as our service user, to understand the information we collect about you, how we process and protect the personal information which we collect about you, from you and from third parties, so that you can be confident that the information is being used safely and in ways that are reasonable expected, and what rights you have in respect of your personal information.

When we refer to ‘we’, ‘us’ and ‘our’, means Connected Places Catapult.

What information do we collect and use?

We may collect any of the following information, depending on how you interact with us as a service user:

  • Your name and contact details (inc. job title, address, telephone and mobile number, email address).
  • Company details (inc. name, address, registration number, VAT registration number, insurance, category (type) of company).
  • Any company links on social media (inc. Twitter, LinkedIn, Instagram, Facebook).
  • Any parent company details (inc. company name, address, telephone number, email address, contact name).
  • Collaboration details of any companies involved within your project (inc. company name, address, telephone number, email address, contact name).
  • Authority details who are involved within the project (organisation name, telephone number, email address, contact name).
  • Finance details (inc. contact details, bank account details, VAT number).
  • Due diligence information (inc. accounts, policy and process documents, investigation/convictions/notice details, enforcement/remedial orders).
  • Details of any conflicts of interests.
  • Details of previous project applications.
  • Project details (inc. project name, summary, project plan).
  • Project finances (inc. individuals involved, daily rates, no. days worked, sub-contractor charges, material costs and other expenses).
  • Your IP address (inc. IP tracking within the London office building).
  • Cookie preferences.
  • Images (inc. footfall sensors within the London office building).
  • Voice/video recorded or written feedback (inc. survey, product and webinar reviews, interviews).
  • CCTV.

Your personal information collected will be used to allow us to support innovative projects, create new commercial opportunities and improve productivity, socio-economic and environmental benefits for places.

Your IP address will be used to allow Connected Places Catapult to set appropriate access permissions on its website.

Our IP and footfall sensors will track movement within Connected Places Catapult London office as part of a ‘testbed’ project currently being run for SME’s to deploy their technology as a showcase and experimental environment. The data from this project will be used for analytical purposes only.

CCTV recording is un use at all Connected Places Catapult locations, this is used to ensure the security of property and premises and for the preventing and investigating crime purposes only. Area monitored by CCTV are sign-posted. Where necessary or required, this information is shared with you, police forces, security organisations and persons making an enquiry.

In many cases we pseudonymise or anonymise your information before we share it with others, or where we no longer require the information in identifiable form.

Anonymisation is the process of turning data into a form which does not identify individuals and where identification is not likely to take place.

Pseudonymisation is the process of information in such a way that it can no longer be attributed to you without the use of additional information and where that additional information is kept separately. This allows for a much wider use of the information for statistical or other purposes.

Who do we collect information from?

Directly from you, this information can be collected when:

  • You use our website and platforms.
  • When you complete a grant application forms.
  • Participating in interviews.
  • Attending workshops.
  • Attending commercial events.
  • Visiting a Connected Places Catapult office.
  • You correspond with us by letter, email, telephone, or social media, including where you reference Connected Places Catapult in a public social media post.

When participating in projects, we may collect information about you from other providers.

What is your information used for?

We use your information for a number of purposes. Whenever we use your information, we must have a legal justification under data protection law for its use. The legal justification will depend on the purpose for which we intend using your information.

Our legal justification for processing your personal information generally falls into the categories below:

  • Necessary to fulfil our contract with third parties
  • Necessary to comply with the law – this applies where we have a legal or regulatory obligation to use your personal information
  • Necessary for our Legitimate Interests – this means where our business interests justify us using your information and that business need does not impact unjustly on your rights as an individual
  • Necessary to establish, exercise or defend legal claims
  • You have provided your consent to our use of your personal information

Who Do We Share Your Information With?

It is important that you understand that we may share your information with others. We may share your personal information within our group of companies and with third parties.

Sharing within the Connected Places Catapult Group

We may share your personal information within the Connected Places Catapult group of companies.

Sharing with third parties

We may share your personal information with the third parties listed below for the purposes identified within this privacy notice:

  • SMEs
  • Innovate UK
  • National and other professional research / audit programmes
  • Government bodies and local authorities
  • Our regulators
  • The police and other third parties where reasonably necessary for the prevention or detection of crime
  • Debt collection agencies
  • Third parties to the extent required by law, regulation or court orders and statutory requests for information
  • Service providers we use to support our business. These processors are trusted partners that work with us and are authorised to use your personal information only as necessary to provide these services to us. We required these third parties to comply strictly with our instructions and data protection law and we ensure appropriate controls are in place. We enter into written contacts with all our processors
  • Our third-party service providers such as auditors and lawyers
  • Selected third parties in connection with any sale, transfer, or disposal of our business. We may communicate with these third parties in a variety of ways including, but not limited to, email, post, fax, and telephone.

How long do we keep your personal information for?

We retain information in accordance with our legal obligations and national best practice. We ensure compliance through regular auditing and ensure information is securely disposed of when it has reached the end of its retention period. We implement data retention periods for different categories of personal data and/or different processing purposes, including where appropriate, archiving periods. We will only keep your personal information for as long as reasonably necessary to support our legitimate business interests and to comply with our legal and regulatory requirements.

A copy of Connected Places Catapult Records Management Policy can be provided upon request.

Internal transfers of your personal information

Connected Places Catapult supports innovative projects globally. We (or third parties acting on our behalf) may store or process information that we collect about you in countries outside the UK. Information may be transferred, processed and stored outside the country where your information is collected, including countries where the level of data protection may net be deemed adequate by local legal or regulatory authority in the country of origin of the data. Where we make a transfer of your personal information outside of the UK, we will take the required steps to ensure that your personal information is protected.

Generally: e.g. if your permanent address is outside the UK, or the project is outside of the UK, we may send details to individuals specifically to promote your involvement within the project.

The safeguards in place to ensure that the data is securely protected are:

  • The country to which we send the personal information may be approved by the European Commission, or
  • The recipient may have signed a data sharing agreement or contract based on “model contractual clauses” approved by the European Commission, obliging them to protect your personal information.

In other circumstances, the law may permit us to otherwise transfer your personal information outside the EEA. In all cases, however, any transfer of your personal information will be compliant with applicable data protection law.

If you would like further information regarding the steps, we take to safeguard your personal information when making international transfers, please contact the Data Protection Manager using the details on the foot of this Privacy Notice.

Your rights and your personal information

Under data protection law you have a number of specific rights in relation to the personal information that we hold about you. These include rights to know what information we hold about you and how it is used.  You may also exercise these rights at any time by contacting us using the details set out at the top of this privacy notice and without adversely affecting your service.

We will not usually charge for handling a request to exercise your rights. If we cannot comply with your request to exercise your rights, we will usually tell you why.

If you make a large number of requests or it is clear that it is not reasonable for us to comply with a request, then we do not have to respond. Alternatively, we can charge for responding.

Under data protection legislation you have the right to:

  • be informed
  • access your personal information
  • rectification
  • erasure
  • restriction of processing
  • data portability
  • object
  • not be subjected to automated decisions
  • withdraw consent

You also have the right to complain to the Information Commissioners Office (ICO) if you are unhappy with the way that we have dealt with a request from you to exercise any of these rights, or if you think we have note complied with our legal obligations. Whilst you are not obliged to do so, we would appreciate you making us aware of any issue prior to notifying the ICO and giving us the opportunity to respond. You can contact either the Risk and Compliance Manager or Data Protection Manager using the postal address at the top of the privacy notice.  More information can be obtained either on the ICO website (https://ico.org.uk/) or by calling 0303 123 1113.

Making a complaint will not affect any other legal rights or remedies that you have.

Securing your data

We have implemented appropriate technical and organisational security to protect your personal information, this includes:

  • Ensuring our staff complete regular training
  • Ensuring personal information is only accessible and shared with individuals that have a need to access it
  • Implementing physical access controls within our offices and technical controls such as encryption
  • Using information about you that does not uniquely identify you, where appropriate
  • Where personal information is transferred outside of the UK, we will ensure there are appropriate security measures in place to protect the data in accordance with UK data protection laws.

Please contact us if you require further information about how we secure your data.

Queries

If you have any queries or would like to exercise your rights or to establish whether any rights apply to you, please speak to the Risk & Compliance Manager (dataprotection@cp.catapult.org.uk).

You can also contact our Data Protection Manager:

Email: DPM@cp.catapult.org.uk

or by writing to the address at the top of this privacy notice, marking your communication “Private and Confidential – FAO Connected Places Catapult Data Protection Manager”

Telephone: +44 (0)1908 359 999

Updates to this Privacy Notice

We may update this Privacy Notice from time to time to ensure that it remains accurate. In the event that these changes result in any material difference to the manner in which we process your personal data then we will provide you with an updated copy of the Policy and signpost you to specific changes.