- the personal information we collect about you, as a website user, a customer contact, a prospective customer, supplier, other business contact, or job applicant;
- what we do with your information; and
- with whom your information may be shared.
What personal information we may collect
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). Information you may give us, or we may collect from you, may include the following:
- identity data including first name, last name, address, the name of the company you work for, job title;
- contact information including email address, telephone number;
- technical information, including your Internet Protocol (IP) address, your login data, browser type and version;
- marketing and communications data, including your preferences in receiving marketing and your communication preferences;
- questions, queries or feedback you leave if you contact us;
- answers to questions including feedback on our products and services and ways for us to improve;
- your current and former employment information;
- information about your use of our products and services; and business information, including information provided in the course of the contractual or customer relationship between you or your organisation and REG, or otherwise voluntarily provided by you or your organisation.
How we collect personal information
We may collect and process your personal information in the following circumstances:
- when you visit the website;
- when you register with us to attend events or webinars hosted by us;
- when you contact us through the website, by telephone, email or through any other means;
- when you complete one of our voluntary surveys that we use for research and service improvement purposes;
- when you apply directly to us for employment;
- when you disclose your information to us, or we collect your information from you, in any other way, through this website or otherwise.
- If you provide us with personal information on behalf of someone else you confirm that the other person has appointed you to act on his or her behalf and agreed that you can. In addition, where you give us personal information belonging to someone else you must ensure that you have the necessary grounds, consents or authorisations to provide it to us.
Purposes for which we will use your personal information
In accordance with data protection legislation, we will only process your personal data where we have a lawful basis for doing so.
These bases are:
(i) where it is necessary for the performance of a contract we have with you or your organisation, or pre-contract activities made at your request;
(ii) where you have provided your consent;
(iii) where it is necessary for us to comply with a legal obligation that we are subject to; or
(iv) where it is in our (or a third parties) legitimate interests and such interests are not overridden by your interests or fundamental rights and freedoms. Note that we may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data.
The purposes for which we may process your personal data and the lawful basis on which we carry out such processing may include the following:
(i) where it is necessary for the performance of a contract;
(ii) for administration of contract negotiations;
(iii) for management of the contract and our products and services;
(iv) for administration of your registration and attendance at one of our events (including webinars);
(v) to manage our relationship with you including asking you to leave a review or take a survey;
(vi) to communicate with you including responding to your enquiries;
(vii) where you have provided your consent;
(viii) for sending you any third party direct marketing communications;
(ix) where it is necessary for us to comply with a legal obligation;
(x) to meet legal, regulatory and compliance requirements, including responding to requests from regulators, and financial reporting;
(xi) where it is in our (or a third parties) legitimate interests and such interests are not overridden by your interests or fundamental rights and freedoms;
(xii) to understand your needs, answer your questions and get back in touch with you to respond, where appropriate;
(xiii) to carry out surveys from time to time to assess areas for us to improve upon as a business;
(xiv) for customer administration e.g. for invoicing and maintaining internal records;
(xv) for administration and protection of our business operations and websites;
(xvi) for monitoring, reviewing and performing analysis of your use of our products and services in order to develop and improve our products and services;
(xvii) for administration of our hosted events (including webinars);
(xviii) informing you about our products, services and events that may be of interest to you, or that are similar or relate to products and services you have purchased from us;
(xix) to carry out recruitment and administer work placement activities; and
(xx) to perform lead scoring for marketing purposes, which use automated profiling to analyse your potential interest in our products, services, or events, based on your use of our website and related queries made of us.
Disclosures of your personal information
We may share your personal information with the following parties for the purposes we set out above:
(i) Third party service providers acting as processors based in the United Kingdom and the EEA who process personal information on our behalf, based on our instructions and any other appropriate confidentiality and security measures. Such businesses will be required to act in accordance with the instructions we give them and to meet the requirements of the Data Protection Act 2018 as well as the General Data Protection Regulation (“GDPR”), or other local legislation as applicable to that entity or the personal information. Such entities may include service providers whom we instruct to assist with the management of our products and services, providers of certain business support tasks and providers of business development and marketing support services.
(ii) Professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers based in the United Kingdom and the EEA who provide consultancy, banking, legal, insurance and accounting services.
(iii) External hosting providers: the REG website is hosted by an external website hosting provider. As a result, this provider and any resellers who provide user support to REG will have access to your information (including your email and other data). This external hosting provider may also be able to view statistics regarding your use of the website as well as any personal information you send to us.
(iv) HM Revenue & Customs, regulators and other authorities acting as processors or joint controllers based in the United Kingdom and the EEA, who require reporting of processing activities in certain circumstances.
(v) Companies, organisations or individuals outside of the Group for legal reasons if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:
- meet any applicable law, regulation, legal process or enforceable governmental request;
- enforce applicable Terms of Service, including investigation of potential violations;
- detect, prevent, or otherwise address fraud, security or technical issues; and
- protect against harm to the rights, property or safety of REG, our users or the public as required or permitted by law.
All third parties must adhere to the law and protect the security of your personal data, as required by us. We only permit our third-party service providers to handle your personal data for purposes in accordance with our instructions. We do not permit them to use your personal data for their own purposes.
We may share non-personally identifiable information publicly and with our partners. For example, we may share information publicly to show trends about the general use of our services.
If you wish to know more about the parties with whom we share personal information, please contact us at email@example.com.
We may transfer your personal information to a third party in countries within or outside the European Economic Area (EEA) as applicable, for further processing in accordance with the purposes for which your personal information was originally collected or for purposes to which you have consented or that are otherwise permitted by applicable law.
If we transfer your personal information to a country outside of the EEA, as applicable we will ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
(i) we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the Information Commissioner’s Office, or European Commission, or other data protection regulator as applicable to that personal data;
(ii) where we use certain service providers, we may use specific contracts approved by the Information Commissioner’s Office, or European Commission, or the relevant data protection regulator, as applicable, which gives personal data the same protection it has in the jurisdiction;
(iii) where we use providers based in the US, we may transfer data to them provided an international data transfer mechanism approved by the European Commission has been utilised which requires them to provide similar protection to personal data shared between UK, Europe and the US.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
Your information’s security is something we take very seriously. We have put in place organisational and technical safeguards to protect your personal data from unauthorised access, use, alteration, or disclosure as well as accidental loss. We insist that any third parties who are provided personal information from us make sure that it is secured using organisational and technical safeguards.
Information relating to the cookies used on our website.
Links to other websites
Links to other websites may be found on our website. We are no longer liable for the security or privacy of any information you provide to such websites after you leave our site. Before providing any personal information to any third-party website, you should use caution and review their privacy policies.
Controlling your personal information
You may choose to restrict the collection or use of your personal information in the following ways:
(i) when completing the ‘Get in Touch’ form on the website, tick the box to indicate that you would like to receive marketing communications relating to the services offered us;
(ii) If you do not wish to receive marketing emails, postal marketing, or other forms of direct marketing from us, please contact us at firstname.lastname@example.org with ‘Marketing Unsubscribe’ in the subject heading and provide the details of your request. You may also unsubscribe from marketing emails from us by using the Unsubscribe link at the bottom of our marketing emails. We acknowledge that our use of your personal information for these purposes is at your option and we will not refuse you access to any product or service merely because you have instructed us to stop using your personal information for these purposes;
(iii) when responding to a customer survey or event invitation, click to indicate you do not want us to follow up with you on any of your feedback;
(iv) you can also object to the processing of your personal information by us at any time and ask us to restrict or stop such processing by notifying us directly at email@example.com;
(v) We will not sell, distribute or lease your personal information to third parties unless you have consented for us to do so or are required to do so by law.
Your legal rights
If our legal basis for processing your personal information is based upon your consent, you have the right to withdraw consent at any time.
You may object to our processing of your personal information where we do so based upon our legitimate interests. Where required under applicable law, we will stop any such processing and notify you if that changes.
If we made a decision about you that was based solely upon the automated processing of your personal information, including profiling, and our decision produces a legal effect for you or similarly significantly affects you, you may have the right to contest that decision and ask for human review on our part.
You may request that we disclose to you certain details regarding our processing of your personal information, or that we correct, amend, delete, or restrict the processing of, or provide to you, the personal information we hold about you. Where required under applicable law, we will notify any third party recipients of this, where possible. Please note, however, that requests are subject to any applicable legal and ethical reporting or data retention obligations imposed on us.
You may exercise these or any other rights available to you under applicable law by emailing us at firstname.lastname@example.org with your specific request.
Upon receipt of your written request and enough information to permit us to identify your personal information, we will try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
If we are unable to take action on your request, we will, as required by applicable law, annotate the personal information under our control with a note that action was requested but not made. In this event, we will notify you without undue delay of the reasons for not taking action.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee, where allowed by applicable law, based on our administrative costs in complying with your requests; for instance, where you request further copies of the information we hold about you, or where requests are unfounded or excessive.
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period where required by applicable law or where we have a legitimate and lawful purpose to do so for example, to provide you with an answer to a question you have asked or to comply with applicable legal requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
You have the right to make a complaint at any time to the relevant supervisory authority, depending on your jurisdiction, for data protection issues. The UK supervisory authority for data protection issues is the Information Commissioner’s Office (ICO) (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.