Privacy Policy

This privacy policy is subject to ongoing review and change.

Last updated: June 2018 

If you have any questions about this privacy notice, including if you wish to exercise any of your rights, please contact us at Or write to: Marketing Team, CENSIS. 3rd floor, The Inovo Building, 121 George Street, Glasgow G1 1RD

This privacy notice sets out how CENSIS (“we”, “our” and “us”) uses and protects personal information that you give us when you visit or use our websites and other services, including events, that refer or link to this privacy notice. This also applies when we are introduced in a business context and share contact information. This privacy notice may be supplemented by additional privacy statements, terms or notices provided to you.

As a Scottish Innovation Centre, CENSIS is administered and hosted by the University of Glasgow meaning that we are the same legal entity.

CENSIS is committed to preserving your privacy.

How we collect your personal data

General: We may collect your personal data in the following ways:

  • From you directly, when we meet in a business context (face to face, attendance at our events, email, mail or telephone)
  • From data that you provide online via our online forms (such as your name, contact details, e-mail address etc.), online forms on our event sites, online surveys you reply to or requests by email or by website sign up form to subscribe to our newsletter
  • From your interaction with and use of our online services including the CENSIS website, Twitter and LinkedIn feeds

If you contact us, we may keep a record of that correspondence

All delegates at CENSIS events will give their CONSENT to attend.

CENSIS will never use pre-ticked boxes or automatic opt-ins within any event registration tools.

Delegates wishing to attend CENSIS-organised events will request a delegate place in one of the following ways:

  • Eventbrite
    The delegate will submit their information via Eventbrite, an automated tool used by CENSIS for event management.
    Security and Compliance: Information downloaded from Eventbrite will be held in our EVENT files on our password-protected network accessible to CENSIS staff only. Eventbrite Privacy Policy and GDPR statement
  • Email
    Some of our more specialised events ask for interested delegates to email us to request a place.
    Security and Compliance: These emails will be held on our password-protected CRM system accessible to CENSIS staff only, and in our EVENT files on our password-protected network accessible to CENSIS staff only.


What information we collect

General: We may collect the following information:

  • Name and job title
  • Organisation or academic institution you are associated with
  • Contact information such as an email address, postal address or telephone number
  • Demographic information such as address, postcode, preferences and interests
  • Your interaction with us including, but not limited to, frequency and timing of visits to the CENSIS website and your engagement with CENSIS newsletters
  • Financial details if payments are required (e.g., payment for event exhibition stands or tickets)
  • Details of your visits to our website including, but not limited to, traffic data, location data, weblogs and other communication data

Events: If an individual attends or requests to attend an event or training course organised by CENSIS, the following data will be collected:

The delegate’s name, job title, company name, company website, email address and any dietary and physical access requests.

  • Name and job title
  • Organisation or academic institution you are associated with
  • Contact information such as an email address, postal address or telephone number
  • Demographic information such as address, postcode, preferences and interests
  • Financial details if payments are required (e.g., payment for event exhibition stands or tickets)
  • Photographs and video footage of the event which may show attendees


How we use your information

General: We use your information to:

  • Keep internal records
  • Store your information on our CRM database
  • Send you details of news, events or training courses that we feel may be of interest to you
  • Enable us to perform and improve the services you have requested
  • Respond to any queries submitted via the website, email, mail or telephone
  • Ensure that content from the website is presented in the most effective manner for you and for your computer
  • Analyse the information we collect so that we can administer, support, improve and develop the website and our services
  • Satisfy internal record keeping
  • Contact you from time to time for research purposes in relation to our services, projects or work themes. We may contact you by email, phone or mail
  • Provide you with information or services that you request from us or which we feel may interest you, unless you have indicated otherwise
  • Notify you about changes to our service


Events: The data relating to a specific event will be used as follows:

  • The delegate’s name and company will be included on a printed delegate list which will be circulated to all attendees and speakers at the specific event.
  • The delegate’s name and company will be included on a name badge to be worn at the event.
  • The data provided by the individual will be stored by CENSIS in a password-protected network accessible only by CENSIS staff.
  • If CENSIS intends to share this data with a third party, (for example, when holding a joint event with another organisation), this will be clearly stated on the event registration details.
  • Photos and video footage from events attended by individuals may be used in CENSIS publicity eg on the CENSIS website, in CENSIS email marketing and on future printed materials publicising CENSIS.


Who we share your data with

General and Events: We will not share your data with any third parties for the purposes of direct marketing.

In order to carry out our services, CENSIS may share your personal data with one or more of the following data processors who provide elements of services for us.

  • Constant Contact

This is an online software package we use for email marketing.
Constant Contact Privacy Policy Constant Contact statement on GDPR:
Information submitted to Constant Contact is transferred outside the EEA and stored on servers in the USA.  USA is not subject to an adequacy decision by the European Commission.
Constant Contact Safeguard: Constant Contact has self-certified its compliance with the EU-US Privacy Shield

  • Sales Agility CRM

This is the database we use for our Customer Relationship Management
Sales Agility Privacy Policy
Sales Agility Safeguard: All data is stored and hosted in London or Edinburgh.


This online events platform is used to enable delegates to sign up for events.  They are based in the United States of America.
Eventbrite Privacy Policy
Information submitted to Eventbrite is transferred outside the EEA and stored on servers in the USA.  USA is not subject to an adequacy decision by the European Commission.
Eventbrite Safeguard: Eventbrite and EU Data Protection

Survey Monkey

We use online platform Survey Monkey to carry out surveys and share the results of these surveys with our staff and management team.
Survey Monkey Privacy Policy
Information submitted to Survey Monkey may be processed on servers located outside EEA.
Survey Monkey Safeguard:  Survey Monkey has certified its compliance with the EU-US Privacy Shield. 

Note:  EU-US Privacy Shield

The EU-US Privacy Shield is an approved certification mechanism under Article 42 of the General Data Protection Regulation which is permitted under Article 46 (2) (f) of the General Data Protection Regulation.  Refer also to the European Commission decision and the statement by the Data Protection Network.


Legal Grounds for Processing

We will only collect, use and otherwise handle your personal data when we have legal grounds for doing so. The common grounds will be:

Legitimate Interest

We may process your personal information for our legitimate business interests. You have the right to object to this processing.  When we process your personal information for our legitimate interests, we make sure to consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws.  Our legitimate business interests do not automatically override your interests – we will not use your Personal Data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law)

The information we process under legitimate interests are our CRM and Academic Database.

These legitimate interests are (i) Reasonable expectation and (ii) Relevant and appropriate relationship

We have completed Legitimate Interest Assessments for each of the following:

  • CRM

Our Customer Relationship Management System holds details of individuals who have an existing relevant and appropriate relationship with us.    This includes:

  • Existing clients
  • Individuals we are already communicating with about becoming potential clients
  • Individuals who are in our service
  • Stakeholders who have already communicated with us
  • Academic Database

We hold an academic database of the specialisms, areas of expertise, research papers published and contact details of academic professionals in Scottish HEIs who have specific expertise in sensor and imaging systems and the Internet of Things.


  • Email marketing

If you wish to receive our email newsletter, you must either sign up at our website or give permission by email.  This permission will be recorded and stored. By subscribing through the website or requesting our email newsletter by email, you consent to the collection, storage, use and transfer of your data by us in accordance with the terms of this Privacy Policy.

You can withdraw your consent at any point by clicking on the ‘unsubscribe’ link provided in our emails or by contacting us directly.

Visitors to our website

·       Analytics

When you visit we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out such things as the number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.

If we do collect personal data through our website, we’ll be upfront about this. We’ll make it clear when we collect personal information and we’ll explain what we intend to do with it.

  • Cookies
    We use a cookies tool on our website. More information about our Cookie Policy can be found here.

Links to Third Party Websites

As we want your experience of our website and newsletters to be as informative and useful as possible, we provide a number of links to websites operated by third parties.

Please be aware that we do not have any control over third party websites and that such third-party websites may send their own cookies to users, or otherwise collect data or solicit personal information.

We cannot be responsible for the protection and privacy of any information which you provide whilst visiting such third-party websites and so these are not governed by this privacy notice. We encourage you to review each third-party website’s privacy policy/notice before browsing and interacting with the website in question.

Retention of your information

We will retain your personal data for as long as we reasonably require in light of the purpose(s) for which we are holding it and all relevant legal, commercial and operational considerations.

As a Scottish Innovation Centre, we may have to comply with statutory retention periods as required by the Scottish Funding Council.

Personal data is stored on our servers and will remain within the UK/EEA.

Disclosure of your information

We will not share, sell or distribute any of the information you provide to us without your consent, except where disclosure is:

  • Necessary to enforce our rights, including under our website Terms and Conditions of Use. LINK TO WEBSITE ONCE APPROVED.
  • Required or permitted by law (as a Scottish Innovation Centre, we may have statutory reporting duties to the Scottish Funding Council, Scottish Government Scottish Enterprise and/or Highlands and Islands Enterprise).

Your rights under data protection laws

All individuals have a number of rights under data protection laws. However, they do not apply in all circumstances. Rights include:

  • Your right of access: You have the right to ask us for copies of your personal information.
  • Your right of rectification: You have the right to ask us to rectify information you think is inaccurate.
  • Your right to erasure: You have the right to ask us to erase your personal information in certain circumstances.
  • Your right to restriction of processing: You have the right to ask us to restrict the processing of your information in certain circumstances.
  • Your right to object to processing: You have the right to object to processing if we are able to process your information because the process forms part of our public tasks, or is in our legitimate interests.
  • Your right to data portability: This only applies to data you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you.  The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.
  • You can read more about all of these rights here.
  • At all times, you have the right to complain to the Information Commissioner’s Office which enforces data protection laws:

If you wish to exercise any of these, please email us at and we will explain at that time if they are applicable or not. We will inform you in writing following receipt of your written request and if necessary, seek additional information from you about your request, including proof of identity.


Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted online or through the website. Any transmission is at your own risk. Once we have received your information, we use strict procedures and security features to try to prevent unauthorised access.

Changes to our Privacy Notice

We may amend this Privacy Notice from time to time to take account of changes to our processing and regulatory changes. We encourage you to review it from time to time. If we make any substantial changes we will notify you by posting a notice on our website.

Your contact details

Please help us keep our records updated by informing us of any changes to your e-mail address and other contact details.

Queries and concerns

If you have any queries or concerns about our processing of your personal data, please contact us at with the subject line “privacy notice”.