Our Data Protection Officer is Nick Hodges (firstname.lastname@example.org).
Cauldron provides users with access to use Gorilla to help account holders (such as scientists) create, design, conduct and analyse psychology research experiments (‘Experiments’) by providing tools to host and conduct tasks in a self-service capacity (collectively, the 'Services') directly and through the Site.
If you want to register an account with us you will need to provide us with some additional personal information so that we can ensure the information provided to you is relevant and to be certain that we are placing any new information you create as a user of the Site in the appropriate category. If you do choose to create and account or otherwise to provide us with your personal information, we will collect that information for our own use and for the purposes described in this Policy.
The personal information we collect from you, including where you choose to provide personal details to us, and where we obtain information about you, will include the following data which we require in order to provide our Services and to communicate with you:
Where you fail to provide this data, or other data requested that we need to collect by law, or under the terms of another contract we have with you, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our Services). In this case, we may have to cancel a service you have with us but we will notify you if this is the case at the time. The other personal information we may collect from or about you, includes:
The information above will be collected primarily from you as information voluntarily provided by you to us, but we may also collect it where lawful to do so from (and combine it with information from) public sources, your university, employer, third party service providers, individuals who you have indicated have agreed for you to provide their personal information, government, tax or law enforcement agencies and other third parties. We may also collect personal information about you from your use of other Cauldron websites or services.
The legal grounds for processing your personal data are as follows:
Cauldron uses information about you for the following purposes:
This list is not intended to be exhaustive and may be updated from time to time as business needs and legal requirements dictate.
Cauldron may also convert personal information into anonymous data and use it (normally on an aggregated statistical basis) for research and analysis to monitor and improve Site performance and/or for promotional purposes.
We will keep your details on record for so long as you have a registered account with Cauldron. If you would like to close your registered account, you can do so via the Site. When you close your account:
Your personal information will only be made available for the purposes mentioned above (or as otherwise notified to you from time to time including in this Policy) to our staff who properly need to know these details for their functions within Cauldron.
Your personal information may also be made available to third parties (within or outside of Cauldron) providing us with relevant services on our behalf, such as your university, auditors and compliance managers and IT hosting and IT maintenance providers. These companies will only have access to or use your information where necessary to perform their functions on our behalf. A list of these organisations is available here
Whilst we hold your data on secure servers within the European Economic Area ('EEA') certain transfers of personal information to third party recipients take place, as explained above. Please be aware that such recipients of your personal information (as set out in this notice), may not be located within the EEA but instead located in countries which do not have equivalent protection for personal information to that within the EEA. Where we transfer your information outside the EEA we will either undertake an assessment of the level of protection in light of the circumstances surrounding the transfer or:
While we take efforts to safeguard your personal information which are consistent with relevant laws, the nature of the internet is such that we cannot guarantee absolutely the security of any personal information you disclose online.
You can find out if Cauldron hold any personal information by making a ‘subject access request’, normally free of charge, under data protection legislation. If we do hold information about you we will let you have a copy of that information unless a legal exception applies, in which case we will inform you of this at the time. You also have the right to request that information we hold about you which may be incorrect, incomplete, or which has been changed since you first told us, is updated or removed. To make a request to exercise either of these rights, please email your request to email@example.com
You can ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
You have the right at any time to withdraw any consent you have given us to process your personal data. Please note if you withdraw your consent it will not affect the lawfulness of any processing of your personal data we have carried out before you withdrew your consent. Should you wish to do so you can change your consent preferences at any time on your Account page or by contacting firstname.lastname@example.org
You can ask us to suspend the way in which we are using your information in certain scenarios, or object to our processing your data where we are relying on a legitimate interest ground (or those of a third party) and you feel it impacts on your fundamental rights and freedoms, or where we are processing your personal data for direct marketing purposes or profiling your data. In some cases where you object, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Please note that if you want us to restrict or stop processing your data this may impact on our ability to provide our Services. Depending on the extent of your request we may be unable to continue providing you with our service.
Any queries or concerns about the way in which your data is being used can be sent to email@example.com
In the event that we process your data by automated means where you have either provided us with consent for us to use your information or where we used the information to perform a contract with you, you have the right to request that we send to you or to another organisation, an electronic copy of the personal data we hold about you, for example when you are dealing with a different service provider. If you would like us to move, copy, or transfer your information please let us know by email to firstname.lastname@example.org. We will respond to you within one month after assessing whether or not this is possible, taking into account the technical compatibility with the other organisation in question.
We do not use your information for automated decision making or profiling that has legal or similarly significant effects on you.
We keep this Policy under regular review. We may change this Policy from time to time by updating this page in order to reflect changes in the law and/or our privacy practices. The date at the top of this Policy will be updated accordingly.
We encourage you to check the date of this Policy when you visit the Site for any updates or changes. We will notify you of any modified versions of this Policy that might materially affect the way we use or disclose your personal information.
This Policy only extends to the Site and does not, therefore, extend to your use of, provision of data to and/or collection of data on any website not connected to us to which you may link by using the hypertext links within this website.
If you have any questions about this Policy, please contact us at email@example.com
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the UK data protection regulator, the Information Commissioner’s Office. Further details can be found at www.ico.org.uk or 0303 123 1113.