CEI abides by privacy legislation in the geographies in which we operate.
The Centre for Evidence and Implementation (CEI) respects and protects your privacy. Please review the sections that are relevant to yourself within each part of this this Privacy Notice in which we outline what personal information we collect, why we collect it, how we collect it, where we get it from, what we do with it, our lawful basis for using it, how we store it, who we share it with, how long we keep it, what rights you have, how to complain and how to contact us.
CEI is a global, not-for-profit evidence intermediary dedicated to using the best evidence in practice and policy to improve the lives of children, families, and communities facing adversity. Established in Australia in late 2015, CEI is a multi-disciplinary team across five offices in Singapore, Melbourne, Sydney, London, and Oslo. We work with our clients, including policymakers, governments, practitioners, program providers, organization leaders, philanthropists and funders in three key areas of work:
- Understand the evidence base
- Develop methods and processes to put the evidence into practice
- Trial, test and evaluate policies and programs to drive more effective decisions and deliver better outcomes
CEI operates in the following counties:
- UK: under the company name CEI Global UK Limited, a private limited company registered in England and Wales (Company Number 11471351). Our registered address is Suite 1, 7th Floor, 50 Broadway, London SW1H 0BL.
- ICO Registration: ZB209172
- Australia: under the company name Centre for Evidence and Implementation Ltd ABN 56 625 430 177, a private limited company registered in Australia. Our registered address is 33 Lincoln Square South Carlton, VIC 3053.
- Singapore: under the company name Centre for Evidence and Implementation Singapore Ltd, a private limited company registered in Singapore (Company Number 201934244Z). Our registered address is 55 Duxton Road, Singapore 089519.
CEI is required to comply with the following privacy laws when dealing with your personal information (collectively referred to as ‘Privacy Laws’):
- UK: the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR')
- Australia: the Privacy Act 1988 (Cth) and the Australian Privacy Principle Guidelines (collectively ‘APA)’
- Singapore: the Personal Data Protection Act 2012 (No. 26 of 2012) ('PDPA')
This Privacy Notice is to inform you of how we use your personal data when you interact with us. We have identified the following areas of work where we will process your personal data. To gain further information about how we process your data in the areas of work identified please click the link embedded in the names of the areas of work listed below:
- When you are a participant in a research project or being consulted as a stakeholder for a project (Research Participants)
- When you help us review an industry sector or specific topic as part of a project or help us develop project ideas within a sector or topic and provide information to us based on your knowledge, position and/or expertise (Research Stakeholders)
- When you are part of the Project Team, either alongside or funded by CEI to conduct a project which may or may not be research related. This also includes individuals who assist in the project set up processes where they may not collect, receive or analyse any data within the project itself (Project Team)
- Within our organisational communications and sectoral outreach work (Communications)
- When you are visiting our offices or attending an event run by CEI (Visitors)
- When you apply for a job with us (Recruitment)
- When you use our website (Website)
How we share your information
We may share your personal information with the following third parties or categories of third parties.
- Transcription services
- Mass email services
- Communications providers
- Survey platform services
- Client Relationship Management services
- Website services and platform providers
- IT services organisations
- Business associates and other professional advisers
- Financial organisations
- Current, past or prospective employers
- Educators and examining bodies
- Service providers and subcontractors, including payment processors, cloud service providers, utility and logistic providers
- Public agencies and the emergency services
- Companies that assist in our marketing activities
- Analytics providers to assist in the improvement and optimisation of our services
We will also disclose your personal information to third parties where it is in our legitimate interests to do so to run, grow and develop our business for example, in the event that we undergo re-organisation or are sold to a third-party personal information we hold about you may be transferred to that re-organised entity or third-party.
We may disclose your personal information if required to do so by law or if we believe that such action is necessary to prevent fraud or cyber-crime or to protect the Services or the rights, property or personal safety of any person.
We sometimes need to share the personal information we process with the individual themselves and also with other organisations. In addition to compliance with Privacy Laws, where this is necessary, we are required to comply with all aspects of the Data Protection Act (DPA), Privacy and Communications Regulation (PECR) and the EU General Data Protection Regulation (GDPR) as it applies.
We may also share your personal information with our professional advisers including our lawyers and auditors where it is strictly necessary. It is possible that we may be required to share your data to comply with applicable laws or with valid legal processes, such as in response to a court order.
Any third party with whom we share your personal information with shall be subject to privacy and security obligations consistent with applicable laws.
Security and Transfers
CEI takes all reasonable precautions to safeguard the confidentiality of your personal information, including through the use of appropriate organisational and technical measures.
Where you have been given or chosen a password that enables you to access certain parts of our services, you are responsible for keeping this password confidential. We ask you not to share the password with anyone.
The personal information we collect is generally transferred to and stored on secure third-party servers located in the UK or European Economic Area (EEA), Australia, Singapore or transferred securely and stored in a locked safe or a non-networked computer within the CEI building when analysis is being conducted. Such storage is necessary in order to process the information. Where your data is processed or stored outside of the UK or EEA, Australia or Singapore, we ensure a similar degree of protection is afforded to it by ensuring that at least one of the appropriate safeguards described in the Privacy Laws are in place, such as;
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK (the UK also recognises the European Commission list of adequate countries. For further details, see European Commission: Adequacy of the protection of Personal Data in non-EU countries);
- Where we use certain service providers, we may use specific contracts approved by the UK which give personal data the same protection it has in the UK. For further details, see UK International Data Transfer Agreements. We will also assess in-country standards as part of this process;
- Any transfers made will be in compliance with the Data Protection Legislation.
- We encrypt your data at transmission to and from the App and Dashboard and at rest. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
- We obtain a 'specified certification' under the Asia-Pacific Economic Cooperation Cross-Border Privacy Rules ('APEC CBPR') System, and the Asia Pacific Economic Cooperation Privacy Recognition for Processors ('APEC PRP') System if Singaporean personal information is transferred outside of Singapore.
Where there is a requirement or desire to archive your data for purposes of public interest which may mean the possibility of a secondary use of your personal data we shall inform you of our intention to do so maintaining appropriate safeguards in line with UK GDPR Article 89.1. Supplementary security safeguards may include, but are not limited to:
- Functional Anonymisation
- Data Coarsening
We also use the Supplementary security measures within each research project (always refer to the research project Privacy Notice to confirm how your data will be stored, shared, and kept secure).
Cookies are text files, which identify a user’s computer to our servers. Cookies in themselves do not identify the individual user, just the computer used. You can learn more about cookies by visiting http://www.allaboutcookies.org/.
You can also prevent your data from being used by Google Analytics by using the Google Opt-out Browser Add-on, available at this link.
The Privacy Laws grant/protect your information with rights which are summarised below. In order to assert any of these rights, or to ask any questions, please contact our Data Protection Officer using firstname.lastname@example.org
Right of Confirmation / Right to be Informed
You have a right to obtain confirmation as to whether or not personal data concerning you is being processed.
Right of Access
You have a right of access to any personal information we hold about you. You can ask us for a copy of your personal information, details about how and why it is being used; and details of the safeguards which are in place if we transfer your information outside of the UK.
Right to rectification
You have a right to obtain without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you shall have the right to have any incomplete personal data completed, including by means of providing a supplementary statement.
Right to Erasure
You have the right to erasure of personal data concerning you without undue delay. We will action this right where one of the statutory grounds applies as long as the processing is not necessary.
Right of Restriction of Processing
You have the right to restrict processing where a statutory reason applies.
Right to Data Portability
You have a right to receive the personal data concerning you in a structured, commonly used and machine-readable format.
Right to Object
You have a right to object on grounds relating to your particular situation, at any time, the processing of personal data concerning you,
Automated individual decision making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling.
Right to Withdraw Consent
Where consent forms the basis for processing, you have the right to withdraw consent to processing at any time. You can do this by contacting the data protection officer.
Right to complain to the supervisory authority
You also have a right to make a complaint to the Privacy Commissioner or the Information Commissioner's Office, or the data protection regulator in the country where you usually live or work, or where an alleged infringement of the Privacy Laws / General Data Protection Regulation has taken place. Alternatively, you may seek a remedy through the courts if you believe your rights have been breached.
If you are in the UK and you wish to make a complaint you can do so by contacting:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
Changes to this policy