We have implemented appropriate technology and policies to safeguard it from unauthorised access and improper use.

This website’s Privacy Policy (“Policy”) explains how and for what purposes we use the information collected about you through the CCTA’s website. Please read this Policy carefully.

We may update this Policy from time to time to take account of changing requirements, and we request that you refer back to this Policy frequently to review any revision.

CCTA is the data controller under the UK General Data Protection Regulation (‘UK GDPR’) and specific UK legislation incorporating the requirements of UK GDPR in relation to the processing of your personal data. If you have any queries relating to our use of your personal data or any other related data protection questions, please email info@ccta.co.uk.

We collect and maintain information that you voluntarily submit to us during your use of our website or services and will only be used within the CCTA, and by its service providers, for:

• responding to queries
• general administration
• providing requested documents
• appropriate marketing & promotions
• customer services
• notification of events and training.

If you would like to opt out of any of the above data usage options, please contact us.

We use your data in the following ways:

• For billing purposess: Any financial details supplied to us such as bank details and/or credit card details are used solely for the purpose of processing payments
  To provide you with information about a CCTA service you have registered for
  To provide you with other information about other CCTA items such as meetings, conferences, information sources, seminars, offers, products or services which we believe could be of interest to you or your organisation
• To invite you to participate in surveys and seek your views in relation to CCTA’s products and services
• To invite individuals to be speakers at our eventsTo invite you to participate in other meetings or events held by us or by third parties
• To deal with consumer complaints
• We may contact you by email, telephone, mobile and post. You may opt-out from CCTA marketing communications at any time by contacting us or by clicking on an ‘Unsubscribe’ link at the bottom of our marketing emails.

Other than as set out above, we will not disclose any of your personal information without your permission unless we are required by law to do so (for example, if required to do so by a court order or for the prevention of fraud or other crime).

We will only keep your information for as long as we are either required to by law or as is relevant for the purposes for which it was collected. We maintain a data retention policy to meet our UK GDPR obligations in this respect. In general we retain any personal information collected for the duration of your relationship with the CCTA and for a period of six years thereafter.

CCTA retains personal data in the UK. However if personal data were to be transferred to countries outside the European Economic Area (EEA), for example, we will take steps to ensure that your privacy rights continue to be protected.

We operate under the UK General Data Protection Regulation (‘UK GDPR’). which has been incorporated into the UK Data Protection Act 2018.

The DPA and UK GDPR apply to ‘personal data’ we process and the data protection principles set out the main responsibilities we are responsible for.

We must ensure that personal data shall be:

• processed lawfully, fairly and in a transparent manner
• collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
  adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
• accurate and where necessary kept up to date
• kept for no longer than is necessary for the purposes for which the
  personal data are processed
• processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical and organisational measures.We ensure lawful processing of personal data by obtaining consent; or where there is a contractual obligation to do so in providing appropriate products and services or admitting you to CCTA membership; or where processing the data is necessary for the purposes of our legitimate interests in providing appropriate products and services.

To meet our data protection obligations, we have established comprehensive and proportionate governance measures.

CCTA processes any personal data provided in the context of your professional relationship with us. As an individual, under UK GDPR you have the following specific rights in respect of the personal data we process:

• The right to be informed about how we use personal data. This Privacy Policy explains who we are; the purposes for which we process personal data and our legitimate interests in so doing; the categories of data we process; third party disclosures; and details of any transfers of personal data outside the UK.
• The right of access to the personal data we hold. In most cases this will be free of charge and must be provided within one month of receipt. To obtain a copy of the personal information we hold on you, please write to us.
• The right to rectification where data are inaccurate or incomplete. In such cases we shall make any amendments or additions within one month of your request.
• The right to erasure of personal data, but only in very specific circumstances, typically where the personal data are no longer necessary in relation to the purpose for which it was originally collected or processed; or, in certain cases where we have relied on consent to process the data, when that consent is withdrawn and there is no other legitimate reason for continuing to process that data; or when the individual objects to the processing and there is no overriding legitimate interest for continuing the processing.
• The right to restrict processing, for example while we are reviewing the accuracy or completeness of data, or deciding on whether any request for erasure is valid. In such cases we shall continue to store the data, but not further process it until such time as we have resolved the issue.
• The right to data portability which, subject to a number of qualifying conditions, allows individuals to obtain and reuse their personal data for their own purposes across different services.
• The right to object in cases where processing is based on legitimate interests, where our requirement to process the data is overridden by the rights of the individual concerned; or for the purposes of direct marketing (including profiling); or for processing for purposes of scientific / historical research and statistics, unless this is for necessary for the performance of a public interest task.

We operate under the UK General Data Protection Regulation (‘UK GDPR’). which has been incorporated into the UK Data Protection Act 2018.

The DPA and UK GDPR apply to ‘personal data’ we process and the data protection principles set out the main responsibilities we are responsible for.

We must ensure that personal data shall be:

• processed lawfully, fairly and in a transparent manner
• collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
  adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
• accurate and where necessary kept up to date
• kept for no longer than is necessary for the purposes for which the
  personal data are processed
• processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical and organisational measures.We ensure lawful processing of personal data by obtaining consent; or where there is a contractual obligation to do so in providing appropriate products and services or admitting you to CCTA membership; or where processing the data is necessary for the purposes of our legitimate interests in providing appropriate products and services.

To meet our data protection obligations, we have established comprehensive and proportionate governance measures.

CCTA processes any personal data provided in the context of your professional relationship with us. As an individual, under UK GDPR you have the following specific rights in respect of the personal data we process:

• The right to be informed about how we use personal data. This Privacy Policy explains who we are; the purposes for which we process personal data and our legitimate interests in so doing; the categories of data we process; third party disclosures; and details of any transfers of personal data outside the UK.
• The right of access to the personal data we hold. In most cases this will be free of charge and must be provided within one month of receipt. To obtain a copy of the personal information we hold on you, please write to us.
• The right to rectification where data are inaccurate or incomplete. In such cases we shall make any amendments or additions within one month of your request.
• The right to erasure of personal data, but only in very specific circumstances, typically where the personal data are no longer necessary in relation to the purpose for which it was originally collected or processed; or, in certain cases where we have relied on consent to process the data, when that consent is withdrawn and there is no other legitimate reason for continuing to process that data; or when the individual objects to the processing and there is no overriding legitimate interest for continuing the processing.
• The right to restrict processing, for example while we are reviewing the accuracy or completeness of data, or deciding on whether any request for erasure is valid. In such cases we shall continue to store the data, but not further process it until such time as we have resolved the issue.
• The right to data portability which, subject to a number of qualifying conditions, allows individuals to obtain and reuse their personal data for their own purposes across different services.
• The right to object in cases where processing is based on legitimate interests, where our requirement to process the data is overridden by the rights of the individual concerned; or for the purposes of direct marketing (including profiling); or for processing for purposes of scientific / historical research and statistics, unless this is for necessary for the performance of a public interest task.Rights in relation to automated decision making and profiling.
  Please contact us for more information about the UK GDPR and your rights under data protection law or if you have a complaint about data protection at CCTA.

Alternatively contact our supervisory authority for data protection compliance (www.ico.org.uk):

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

By submitting data to us and using the website, you agree to our use of your data and of anyone you represent in the manner set out in this Privacy Policy (as amended from time to time, as described above) and you are responsible for ensuring that you have authority to do this on behalf of anyone about whom you submit data to us.

We aim to keep our information about you as accurate as possible. If you would like to review or change the details that we hold about you, please contact us.

When you visit the Site, we may store some information (commonly known as a “cookie”) on your computer. A cookie is a small text file that’s stored on your computer, tablet or phone when you visit a website.

Some cookies are deleted when you close down your browser. These are known as session cookies. Others remain on your device until they expire, or you delete them from your cache. These are known as persistent cookies and enable us to remember things about you, as a returning visitor.

In line with data protection regulation, users are given the opportunity to set their computer cookie instructions.

To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org. Alternatively, you can search the internet for independent information on cookies.

We use cookies to help us to:

• provide the products and services that you request
• give you a better, more relevant online experience
• track website performance

Cookies do not contain any personal details about a visitor or their location, they simply identify the computer being used.

More information about how we use cookies is available here.

We are not responsible for the privacy policies and practices of other sites, even if you access them using links from this Site. We strongly recommend that you check the policy of each site you visit, and contact its owner or operator if you have any concerns or questions.

We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioural metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, we use this information for site optimization, fraud/security purposes, and advertising. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement.

Last updated 12 June 2025