Carat (referred to as “our”, “us” and “we” in this notice) is part of Dentsu Aegis Network, a global media group. We help our clients to improve how they advertise and market, whether by print, post, email or on websites. We believe that the responsible use of data support business growth and builds strong relationships between brand and consumer. As a business, we are committed to respecting and protecting the privacy of all individuals with whom we interact. We are committed to being transparent in our handling of personal information and processing personal information at all times in accordance with applicable privacy and data protection laws. This Privacy Notice explains how we may collect and use personal information from you when you use our website (www.carat.com).
This privacy notice explains the following:
- What personal information we collect on this website;
- How we use this information;
- How we store your personal information;
- How we secure your personal information;
- Whether we disclose or share your personal information;
- Your choice regarding the personal information you provide to us;
- Our responsibility for website links;
- How to contact us.
In the supplementary information section of this Privacy Notice, we explain what is meant by “personal information” and other terms used in this notice.
What personal information we collect on this website
We also collect information about you if you make use of any of the interactive features within our website that rely on a personalised response, or where you ask us to respond to a query you have, or add your details to one of our alert or subscription services. The information we collect is limited to the details we need to provide the specific service you have asked for. We do not collect sensitive information, such as your political or religious beliefs, ethnic background, sexual preference, health or any other sensitive information.
We do not actively seek to collect information about children aged 16 or under. If you have any concerns about your child’s privacy in relation to our services, or if you believe that your child may have entered personal data onto our Website, please contact us at email@example.com. We will delete such information from our records with a reasonable time.
How we use this information
Except where required by law, we only use the personal information you provide for the following purposes:
- to deliver the specific information or services you have requested. For example, if you have requested further information on our services or content, or wish to subscribe to our alert service, or submit an enquiry through this site. We will only use the email address you provide to us to respond to that request. Without your express consent, we will not use your contact details for any other purpose.
We ensure that we always have an appropriate legal basis for processing your personal information. For the most part, the processing of your personal information is based either on a) our legitimate interests related to us providing you services you have requested or otherwise your customer relationship with us, or b) your consent, where requested.
How we store your personal information
We are committed to ensuring your personal information is kept secure and confidential and not kept for longer than is necessary for the purpose they were processed. When your personal information is no longer necessary, it will be deleted.
From time to time we may ask other members of our group, or third party service providers, to help us manage our information technology systems. Some of these systems may be located in countries overseas, including countries located outside the European Economic Area (EEA).
We will only transfer your information to a third party service provider or overseas, where we are satisfied that adequate levels of protection are in place to protect the integrity and security of any information being processed and compliance with applicable privacy and data protection laws. These measures may include the use of Standard Contractual Clauses, the EU-US Privacy Shield, Swiss-US Privacy Shield or your consent. You may request further information on the legal security measures used for such transfers via the contact details given in this Privacy Notice.
How we secure your personal information
We have implemented appropriate technical and organisational security measures in place to prevent unlawful or unauthorised use, access or accidental loss of personal information. We also seek to ensure our service providers do the same.
Information sharing and disclosure
We do not sell or rent any personal information about you to any third party.
We may disclose personal information in response to legal process, for example in response to a court order or a subpoena, or in response to a law enforcement agency’s request, or where we believe it is necessary to investigate, prevent or take action regarding illegal activities, and as otherwise required by law. Our agents and contractors may have access to personal information to help carry out the services they are performing for us.
As stated above in this Privacy Notice, Carat is part of Dentsu Aegis Network, a globally operating media group consisting of multiple companies. Therefore, we may also from time to time disclose your personal information within our group of companies. Some of our group companies are located outside the EEA, but we always ensure the security of such disclosures and transfers in accordance with the applicable privacy and data protection laws.
Your choice regarding the personal information you provide to us
- If you wish to stop receiving marketing communications from us then please click on the "unsubscribe" link at the bottom of the relevant mailing. If you wish to opt-out completely then please contact us at using the details provided below.
- If you would like us to delete your information from our records, please contact us using the contact details below and we will respond within a reasonable time. Please note that we may be required to retain certain information by law and/or for our own legitimate business purpose.
Users from the European Economic Area
If you are from the European Economic Area, you have rights (with some exceptions and restrictions) to:
- object to our processing of your personal data, including profiling. You can object at any time and we shall stop processing the information you have objected to, unless we can show compelling legitimate grounds to continue that processing;
- access your personal data. If you make this kind of request and we hold personal data about you, we are required to provide you with information on it, including a description and copy of the personal data and why we are processing it;
- request erasure of your personal data;
- request correction or updating of the personal data that we hold about you and that is inaccurate;
- request the restriction of our processing of your personal data in some situations. If you request this, we can continue to store your personal data but are restricted from processing it while the restriction is in place;
- withdraw your consent to our use of your personal data. When you use our website you may have been asked to consent to the dropping of a cookie. You may withdraw your consent to our processing of your personal data that has been derived from cookies. If you do withdraw consent, that will not affect the lawfulness of what we have done with your personal data before you withdrew consent;
- complain to your local data protection authority about our collection or use of your personal data. For example, in the UK, the local data protection authority is the UK Information Commissioner's Office.
If you exercise the rights above and there is any question about who you are, we may require you to provide information from which we can satisfy ourselves as to your identity.
If you are from the European Economic Area and would like to exercise any of these rights in relation to any information we hold about you via this website please contact us using the contact details provided below. We will consider and respond to your request in accordance with the relevant law.
Our responsibility for website links
This Privacy Notice is limited to the personal information which we collect and use via this website. We do provide links within this site to other websites, including social media sites such as Facebook, Twitter and LinkedIn and sites operated by other brands within the Dentsu Aegis Network Group. If you follow these links, you should use these sites in conjunction with their applicable user and privacy notices as their data practices fall outside the scope of this Privacy Notice. Further, we can have no responsibility for or control over the information collected by any third party website and we cannot be responsible for the protection and privacy of any information which you may provide on such websites.
This Privacy Notice may be updated from time to time to reflect changes in law, best practice or a change in our practices regarding the treatment of personal information. If you do not agree to the changes, please do not continue to use our website. You should check this notice frequently for updates. This notice was last updated 09/05/2018
If you have any questions about our approach to privacy or you would like to exercise any of the rights mentioned in this Privacy Notice you can contact our Data Protection Officer in any of the following ways:
Address: Data Protection Officer, Dentsu Aegis Network, Regent’s Place, 10 Triton Street, London, NW1 3BF
Telephone: (+44) (0) 207 070 7700
In this Supplementary Information section, we explain some of terminology used in this Privacy Notice.
"personal information" – any information that relates to you (or from which you can be identified).
"profiling" - automatically using personal data to work out certain things about people, like analysing or predicting their performance at work, reliability, economic situation, personal preferences, interests, behaviour, location or movements.