Ellen MacArthur Foundation ("EMF", "we", "us") is committed to processing personal data in a transparent, fair and lawful manner in compliance with the Data Protection Act 2018, the General Data Protection Regulation (“GDPR”) and the Privacy and Electronic Communications Regulations, and to honouring the rights of data subjects. This policy explains how we process your personal data and your rights in relation to that data. If we make changes to this privacy policy that affect how we handle your data, it will be updated and made available on our website.

This policy was last updated on 10 February 2021.

Our contact details 

Ellen MacArthur Foundation and Ellen MacArthur Foundation Trading Limited
The Sail Loft, 42 Medina Rd, Cowes, Isle of Wight PO31 7BX, United Kingdom
Data Protection Officer: Jo Bootle
+44 (0) 1983 296463

Scope of this policy

This privacy policy applies when:

  • You attend our offices
  • You use our websites or community platform
  • We provide services to you
  • You request information from us or provide information to us
  • You make an application or provide material to us
  • You are employed or otherwise engaged by us to provide services
  • You attend events or webinars or participate in projects hosted by us
  • You are added to our mailing lists
  • You apply to work for us

The information we collect

The type of personal data we typically collect includes your name, contact details such as email address, phone number and address, and your organisation and job title. When you use our websites or other digital platforms, we may collect your IP address, your actions on our website and your marketing preferences (where they have been indicated). We may ask you to provide additional personal data such as your nationality where it is necessary. You may choose to provide additional data to us, such as your professional photograph. We may collect specific information related to an event, such as your dietary requirements, which we will only hold for the purpose of delivering the event.

If you apply to work for us, we may collect data such as your gender, marital status, dependents and next of kin, medical and health information, employment references and work history, visa and right to work information, bank account and tax information, details of criminal convictions, and data used for equal opportunities monitoring such as sexual orientation, religion and ethnic information.

How we obtain your information

We collect your personal data from you directly, and indirectly from your organisation or other organisations we work with. We may also receive information from third parties, such as your former employers, employment agencies, medical and health professionals, regulatory bodies and from publicly available sources.

How we use your information

We use your personal data for different purposes, depending on the reason you have given it to us or we have otherwise collected it.

Our offices 

If you visit our offices, you may be recorded on our CCTV systems and your data may be entered into our databases to make a record of your visit.

Our websites and community platform 

If you use our websites, we may use your data to personalise and improve your experience of our website. Where you submit content to or make an application via our websites, we will use your data to process that content or application.

If you use our websites to apply to participate in Circulytics or the Global Commitment, we will use your data to process your application. If your application is accepted, we will use your data in accordance with the ‘Our network and stakeholders’ section below.

If you apply to join our community platform, we will use your data to process your application and, if you are accepted, to generate your profile. If you choose to make your profile visible to others on the platform, we will use your data to do this. You can choose to hide your profile if you no longer wish this data to be visible.

We use cookies on our websites. Please refer to our cookie policy for more information.

Our network and stakeholders

If you are a member of our network or part of a group of stakeholders we work with, we will use your data to communicate with you about your work with us (including in the application process to join our network) and provide details of EMF’s or other stakeholders’  activities which may be relevant to you, including through email marketing newsletters, where appropriate.


If you provide services to us, we will use your data so we can both fulfil our obligations under the contract between us.

Events and webinars

If you register to attend an event (whether in person or online) we will use your data to provide the event to you and to follow up with you after the event with relevant information.

If you participate in an online event which is held over audio or video conferencing, and you make your name and/or your image available to view, we may use this data to make a recording of the event. We may use that recording for purposes consistent with our charitable objectives, including sharing the recording with other participants in the event and making the recording available to the public via our website and social media channels.

Newsletters (email marketing)

If you sign up to receive EMF's newsletter, we will use your data to send you the newsletter.

If you are part of certain programmes or initiatives, we may use your data to send you tailored newsletters on those programmes or initiatives.

We actively monitor our email subscription lists to ensure they are up to date. We use a third-party service provider to monitor these lists and to send you these emails.

Job applicants

If you apply to work for us, we will use your personal data to assess your suitability for the role you have applied for, to check your right to work, to assess your health and safety needs, to obtain expert medical opinions when making decisions about your fitness for work, to make decisions regarding salary and benefits, in business planning and restructuring exercises, when dealing with any legal claims made against us, and to prevent fraud or corruption.

Our legal bases

Under the GDPR, we are required to have a legal basis to process your personal data. The legal bases we rely on are set out below.

Contractual obligation: where we have a contract with you or your organisation, we use your data to fulfil that contract. For example, we may contact the individual named in the contract to discuss the operation of the contract, or if there are any disputes in relation to it. You may be bound by the contract to provide some personal data to us (such as details of an individual to whom formal notices should be sent) and if you do not provide this data, we may be unable to fulfil the contract.

Legitimate interest: where we have a legitimate interest in processing your data, we will do so provided that it is necessary and your interests do not outweigh the legitimate interest. We rely on this basis when you would reasonably expect for us to use your data in this way. This includes sending you information relevant to projects you are involved in, or sharing your data with third party providers who support our core operations, such as IT service providers or contractors.

Our legitimate interests include furthering our charitable objectives, promoting the idea of a circular economy, and the broader societal benefits that a move towards a circular economy will create. Our legitimate interests also provide benefits to those we interact with, including helping individuals learn about the circular economy, and supporting our stakeholders to implement the principles of a circular economy in their work. When considering applications to work for us, we have a legitimate interest in employing appropriately skilled people.

Consent: you may provide your consent to us processing your data. Where we rely on your consent as a legal basis, you are able to withdraw your consent at any time. You can do this by contacting our Data Protection Officer using the contact details listed above. If you receive any of our email newsletters, you will be able to withdraw your consent by clicking the unsubscribe link at the bottom of the email.

Legal obligation: where we are required to provide data to a third party by law, we will provide that data to that third party.

Special categories of data

We process special categories of data in accordance with GDPR, which imposes stricter rules on what we can do with that data compared with other personal data. Special categories of data include data relating to your health, gender, sexual orientation, race, ethnic origin, religion, trade union membership and criminal convictions. Typically, we only process such data when you apply to work for us. We may be required by law to ask for some of this data, and if you do not provide it to us, we may be unable to process your application. We may ask for your dietary requirements where we are hosting an event at which we may provide food to you. Your dietary requirements may reveal personal data relating to your religion, and may therefore be considered special category data.

How we may share your personal data

We may share your personal data with other members of our charitable group. Our charitable group includes our subsidiaries and any associated companies or charities, including those in the EEA, the United States, China and Brazil. Where necessary, your data will be added to our databases, and may be accessed by our staff worldwide. Where your data is used in other countries, we have taken steps to ensure that the information is appropriately protected. 

We may also share personal data with selected third parties including our partners, agents, service providers and legal and professional advisors where it is necessary to do so as part of our activities. When we share data with third parties, we put contractual arrangements and security mechanisms in place to protect the data and to comply with our data protection, confidentiality and security obligations. We may also share personal data with third parties if we are under a duty to disclose it in order to comply with any law or legal obligation (including to investigate or prevent crime), or to protect our rights, our property or the safety of others. We may also share your information with other third parties where you have consented to us doing so.

How we store your information

Your information is stored securely on EMF’s internal systems and by third-party hosts who implement secure data storage procedures.

We will only hold your information for as long as necessary for the purposes for which it was collected, or if we are required to hold it for operational or legal purposes. We will periodically review the information we hold to determine whether it is still necessary for us to be holding it for those purposes. We may contact you to check whether you still want us to hold your information if we cannot establish whether we have heard from you in 18 months. If we cannot establish whether we have heard from you in three years, we will dispose of your information securely by erasing it from our systems.

The above timeframes do not apply to data collected from you when you apply to work for us. If you are an employee, further details of how employee data is processed and can be found in your contract of employment and EMF's employee policies. If your application to work for us is unsuccessful, we will hold your personal data (including your CV) for twelve months from the date you are notified that you are unsuccessful. In certain circumstances we may need to keep your data for a longer period, in which case we will notify you, together with the reasons for the proposed extended retention period.

Transferring data overseas

Your personal data may be transferred to, stored at, and/or processed by people or organisations working in other countries outside of the UK. This includes transferring data to other members of our charitable group, and our partners, agents, service providers and legal and professional advisors. Any such transferral, storage or processing will be undertaken in accordance with the GDPR. We will take all steps reasonably necessary to ensure that your personal data is transferred, stored and processed securely.

Your data protection rights

Data subjects (people) about whom we hold personal data have the following rights under data protection law. You have different rights depending on the legal basis we have for using your data. If you have any questions about your rights in relation to your personal data, please contact our Data Protection Officer using the contact details listed above.

A right of access: you have the right to ask us for copies of your personal information. 

A right to rectification: you have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

A right to erasure: you have the right to ask us to erase your personal information in certain circumstances.

A right to restriction of processing: you have the right to ask us to restrict the processing of your personal information in certain circumstances.

A right to object to processing: you have the right to object to the processing of your personal information in certain circumstances.

A right to data portability: you have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

If you wish to make a request, please contact our Data Protection Officer using the contact details listed above.

How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us via our Data Protection Officer using the contact details listed above.

You can also complain to the ICO if you are unhappy with how we have used your data:

Information Commissioner’s Office

Wycliffe House
Water Lane

Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk