The Association for Renewable Energy and Clean Technology (REA)
The REA takes the privacy of your information and how it is used very seriously, and we will only use your personal information in accordance with applicable data protection laws and this privacy notice. This notice explains what we do with your personal data, why we want to use it, how we protect it, and what rights you have to control our use of it.
This privacy notice applies to personal information that we process through interactions with individuals in the course of running our organisation and delivering our services, such as people working for our members, staff of member organisations, suppliers, website visitors and industry contacts.
Information about us
This privacy notice is for the REA (also referred to as “we”, “us” or “our” in this privacy notice). We collect, use and are responsible for certain personal data about you. When we do so we are regulated under the General Data Protection Regulation (“GDPR”), which applies across the European Union (including the United Kingdom) and we are responsible as “data controller” of that personal information for the purposes of the law.
If you want to contact us about any of the points on this notice, or just generally about how we protect your privacy, please get in touch – our contact details are at the end.
What personal data do we process and for what purpose?
We may collect and process various types of personal data about you including but not limited to: name, address, telephone number, email, gender, address, Internet Protocol address.
We process this personal data for the following purposes:
• Monitoring and improving our website.
• Communicating with interested people regarding events, news and updates.
• Gathering and disseminating information and sharing knowledge relevant to our mission.
• Attracting and managing member organisations.
• Allowing members to access the members only area of the website.
• Organising events.
• Procuring and paying for goods and services.
Whenever personal data is to be processed a data controller must demonstrate one of the 6 lawful bases for processing that are set out in Article 6 of the GDPR. All personal data processed by the REA relies on one or more of the following 4 lawful bases from Article 6:
a. Consent: you have given the REA clear consent for your personal data to be processed for a specific purpose.
b. Contract: the processing is necessary for a contract you have with the REA, or the REA has asked you to take specific steps before entering into a contract
c. Legal obligation: the processing is necessary for the REA to comply with the law (not including contractual obligations)
d. Legitimate interests: the processing is necessary for the REA’s legitimate interests, or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data that overrides those legitimate interests
Keeping your personal data secure
Information is stored by the REA on computers located in the UK. We have security protocols and policies in place to manage and record your data privacy and preferences correctly, and to ensure that your data is stored securely to protect against its loss, misuse and alteration.
The REA takes steps to ensure that any businesses with which we share your data will have security protocols and policies in place to manage and record your data privacy and preferences correctly and that your data will be stored correctly, in accordance with GDPR.
Disclosure of your personal information
We may share your personal information with certain third parties in certain circumstances including but not limited to:
1. Professional advisors such as lawyers, bankers, accountants or auditors in order to provide legal, finance, accounting or auditing services.
2. Organisations maintaining our information technology system and providing information technology services.
3. Authorised financial institutions, such as banks, credit unions and building societies, providing account details as a mechanism for providing payments or receipt of payments.
4. Law enforcement or regulatory authorities (such as tax authorities) if required by applicable law.
5. Meeting/event venues to comply with their health and safety/security/dietary requirements.
Where will my personal data be processed?
As a data controller, the REA will retain all your information inside the European Economic Area (EEA). Where the REA need transfer your data to a third party, we will ensure that the third party processes your data inside the European Economic Area (EEA) or countries that have been deemed to provide an adequate level of protection for personal data by the European Commission or that an adequate transfer safeguard mechanism is in place, such the European Commission: Model contracts for the transfer of personal data to third countries.
How long do we keep your personal data?
We will not retain your personal data for longer than necessary and we will hold it only for the purposes for which it was obtained. The length of time we retain your personal data depends on the purposes for which we use it and/or for as long as is necessary to comply with applicable laws and to establish, exercise or defend our legal rights.
Your personal data rights
The personal data we hold about you is your data, so you have certain rights over the data under the GDPR. This section summarises your rights and how you can exercise them.
You have the right to request a copy of all personal data we hold relating to you. You also have the right to require us to correct any mistakes in the personal data we hold relating to you.
Where we are processing your data based on your consent you can withdraw that consent and we must immediately stop processing your data.
Where we process your data based on a “legitimate interest” you still have the right to object to our processing of that data if you feel it impacts on your fundamental rights and freedoms. From that point, we must stop processing your data until we have determined whether your rights override our interests.
You also have the right to object where we are processing your personal data for direct marketing purposes. The easiest way to do this is to use the unsubscribe links at the bottom of all marketing emails.
In certain situations, you have the right to require us to erase personal data where there is no good reason for us continuing to process it. However, note that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
You have the right to request restriction of processing of your personal data in certain circumstances.
Finally, you have the right to request the transfer of your personal data to you or a third party in a structured, commonly used, machine-readable format in certain circumstances.
For further information on each of these rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.
If you would like to exercise any of these rights, the easiest way is by dropping us an email (see “How to contact us” below).
Automated decision-making using personal data
You have a right to object to any decisions being taken through the processing of your personal data by automated means if they produce legal effects concerning you or similarly significant effects on you. We can confirm that we do not undertake any automated decision-making, or profiling, based on the processing of personal data.
We may also store information about you using cookies, which we can access when you visit our site in future. Cookies are small files, which are sent by us to your computer or other access device, that track, save and store information about your interactions and usage of our website. Overall, cookies help us provide you with a better service by enabling us to monitor which pages you find useful and which you do not.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. Information on deleting or controlling cookies is available at http://www.allaboutcookies.org. Deleting or disabling cookies may prevent you from taking full advantage of our website and services.
Links to other websites
Our website and newsletters may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Changes to this privacy notice
We may update this privacy notice from time to time by publishing the amended version on our website www.r-e-a.net. This privacy notice was last updated on 19 November 2019.
How to contact us
If you have any queries about how we use your personal data, you can write to us at the following address, or contact us by email or telephone as follows:
Tel: +44 (0)20 7925 3581
If you are not satisfied with our response to any complaint, or if you believe our processing of your information does not comply with data protection law, you can make a complaint to the Information Commissioner’s Office (“ICO”) at the following address:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Telephone: 0303 123 1113