C|T Group
The C|T Group operates globally with offices in London, Sydney, Washington DC, Milan, Canberra, Hobart, Auckland, Dublin, Hong Kong and Mumbai. It consists of around 20 companies incorporated across the world operating under the holding company “C|T Group Holdings Ltd”. C|T Partners Ltd is a UK registered company that is part of this group.
Apart from the UK, based on The Guardian's reports, the group of companies has worked in countries such as Saudi Arabia, Malaysia, Zimbabwe, Sri Lanka and Yemen.
What does C|T Group do?
The C|T Group website lists a range of campaign activities including:
•Campaign strategy
•Campaign messaging
•Counsel and advice for business leaders, party leaders and candidates
•Political engagement
•Direct marketing
•Local events and community engagement
Data collection
The C|T Group Privacy Policy provides information on how C|T Group collects and further processes personal data they control directly, mainly from people using their online services such as their website. It states that information you provide to them may include “current and historical personal data including your name, contact details, title, identification, employment, positions held and enquiry/complaint details and information about the organisation with which you are affiliated.”
The privacy policy further confirms they process data from third parties, including that they may use personal data on behalf of their clients, but no further information on how they use data of individuals for their clients is provided.
It would appear this policy also applies to the affiliate companies, such as CT Partners Limited, although this is not explicitly stated.
Profiling and Targeting
The C|T Group home page states: “We identify and communicate behaviour-changing messages to target audiences.” As part of their campaign expertise, the company promises to "shape and influence behaviour in the desired direction by targeting the motivations of key actors and utilising identified pressure points to achieve the desired outcome."
The privacy policy states that they use personal data to "provide and improve their services", including among others, "for research, planning, service development, security or risk management". The privacy policy states that anyone who submits a data subject access request will receive "[a]ny details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing."