Privacy Policy

Privacy Policy

EMF is committed to processing personal data in a transparent, fair and lawful manner in compliance with the Data Protection Act 2018, the UK GDPR and the Privacy and Electronic Communications Regulations, and to honouring the rights of data subjects. This policy explains how we process your personal data and your rights in relation to that data. If we make changes to this privacy policy that affect how we handle your data, it will be updated and made available on our website.

Our contact details

Ellen MacArthur Foundation and Ellen MacArthur Foundation Trading Limited

The Sail Loft, 42 Medina Rd, Cowes, Isle of Wight PO31 7BX, United Kingdom

Data Protection Officer: Jo Bootle

+44 (0) 1983 296463

privacy@ellenmacarthurfoundation.org

Scope of this policy

This privacy policy applies when:

  • You attend our offices

  • You use our websites, community platform or Network Portal, together known as EMF Digital Services

  • We provide services to you (including when you are part of our Network)

  • You contact us to request information from us or provide information to us

  • You are engaged by us to provide services

  • You attend events or webinars or participate in projects hosted by us

  • You join our mailing lists

  • You apply to work for us

The data we collect

The type of personal data we typically collect includes your name, contact details such as email address, phone number and address, and your organisation and job title. When you use our websites or other digital platforms, we may collect your IP address, your actions on our website and your marketing preferences (where they have been indicated). Where necessary, we may ask you to provide additional personal data such as your nationality. You may choose to provide additional data to us, such as your professional photograph. We may collect specific data related to an event, such as your dietary requirements.

If you apply to work for us, we may collect data such as your gender, marital status, dependents and next of kin, medical and health data, employment references and work history, visa and right to work data, bank account and tax data, details of criminal convictions, and data used for equal opportunities monitoring such as sexual orientation, religion and ethnic data.

How we obtain your data

We may collect your personal data from you directly, and/or indirectly from your organisation or other organisations we work with. We may also receive data from third parties, such as your former employers, employment agencies, medical and health professionals, regulatory bodies and from publicly available sources.

How we use your data

We use your personal data for different purposes, depending on the reason you have given it to us or we have otherwise collected it.

Our offices

If you visit our offices, you may be recorded on our CCTV systems and your data may be entered into our databases to make a record of your visit.

Our websites, Network portal and community platform

If you use our websites, we may use your data to personalise and improve your experience of our website. If you submit content to or make an application via our websites, we will use your data to process that content or application and communicate with you about it.

If you use our websites to apply to participate in initiatives such as Circulytics or the Global Commitment, we will use your data to process your application. If your application is accepted, we will use your data in accordance with the ‘Our Network and stakeholders’ section below.

If you apply to join our Network portal and use our community platform, we will use your data to process your application and, if you are accepted, to generate a profile for you. If you choose to make your profile visible to others on the community platform, we will use your data to do this. You can choose to hide your profile if you do not wish this data to be visible. If your organisation is a part of our Network, some information about you and your engagement with EMF will be visible to other Network Portal users within your organisation, namely your name, job title, country, the time and date you last logged in to the community platform and your engagement with certain learning resources events, and projects provided by EMF or on behalf of EMF. If you do not consent to the use of your data as set out in this Policy in any way, you may opt out by requesting deletion of your account by notifying us at community@emf.org.

We use cookies on our websites. Please refer to our Cookie Policy for more information.

Our Network and stakeholders

If you are a member of our Network or part of a group of stakeholders we work with, we will use your data to communicate with you about your work with us (including in any application process) and provide details of EMF’s or other stakeholders’ activities which may be relevant to you, including through email marketing newsletters where appropriate. See the ‘marketing’ section below for more information.

Contacting us

If you contact us to request information from us or to provide information to us, we will process your data to respond to that request or process the information you have provided.

Suppliers

If you provide services to us, we will use your data so we can both fulfil our obligations under the contract between us.

Events and webinars

If you participate (or sign up to participate) in one of our events, we may process your personal data (such as your name, email, biography and other data you choose to provide to us) to communicate with you about the event, to provide the event to you and to follow up with you after the event with relevant information.

If we take photos, videos or audio recordings at an event (whether in-person or online), we may use those photos and recordings for purposes consistent with our charitable objectives, including sharing them with third parties. See the ‘how we share your data’ section below for more information.

Marketing

Mailing lists (email marketing)

If (i) you sign up to receive our newsletter, or (ii) are listed as the primary contact of an organisation which is a Strategic Partner, Partner or Member in our Network and are determined to be a ‘corporate subscriber’ under the Privacy and Electronic Communications Regulations, we will use your data to send you the newsletter and other communications, which may be interactive.

If you are part of certain programmes or initiatives, we may use your data to send you tailored newsletters and information on those programmes or initiatives.

We actively monitor our email subscription lists to ensure they are up to date. We use a third-party service provider to monitor these lists and to send you these emails.

Social media marketing

We may use the email address you have provided to us to tailor our posts that you see on social media channels (such as LinkedIn and Twitter).

Job applications

If you apply to work for us, we may use your personal data to assess your suitability for the role you have applied for, to check your right to work, to assess your health and safety needs, to obtain expert medical opinions when making decisions about your fitness for work, to make decisions regarding salary and benefits, in business planning and restructuring exercises, when dealing with any legal claims made against us, and to prevent fraud or corruption.

If we have a legal right or obligation to do so, we may ask you to undergo a Disclosure and Barring Service (“DBS”) check (or an equivalent check in other jurisdictions in which you have lived or worked). In these circumstances, we may process data relating to criminal convictions, including allegations, investigations, and proceedings, to assess your ability and/or suitability to perform a certain role.

Our legal bases

Under the data protection legislation, we are required to have a legal basis to process your personal data. The legal bases we rely on are set out below.

Contractual obligation

Where we have a contract with you or your organisation, we may use your data to fulfil that contract. For example, we may contact the individual named in the contract to discuss the operation of the contract, or if there are any disputes in relation to it. You may be bound by the contract to provide some personal data to us (such as details of an individual to whom formal notices should be sent) and if you do not provide this data, we may be unable to fulfil the contract.

Consent

We will ask for your consent to process your data where it is legally required or reasonable for us to do so. If you provide your consent to us processing your data (for example, when you opt in to receiving our newsletter), we will rely on your consent as a legal basis. You are able to withdraw your consent at any time. You can do this by contacting our Data Protection Officer using the contact details listed above. You can withdraw your consent to receiving our email newsletter by clicking the unsubscribe link at the bottom of the email.

Legitimate interest

We may have a legitimate interest in processing your data. We will rely on this basis when it is not appropriate for us to rely on your consent or another legal basis.

We will rely on having a legitimate interest provided that processing your data is necessary and your interests do not outweigh the legitimate interest. We will only process your data when you would reasonably expect for us to do so. This includes when we send you information relevant to projects you are involved in, or share your data with third parties who are involved in our activities (such as event co-hosts and partners) and third-party providers who support our core operations, such as IT service providers or contractors. This also includes where we create materials which feature your personal data, such as recordings of events which feature your name or image.

Our legitimate interests include:

  • furthering our charitable objectives;

  • promoting the idea of a circular economy;

  • the broader societal benefits that a move towards a circular economy will create; and

  • the benefits of our work to those we interact with, including helping individuals learn about the circular economy, and supporting our stakeholders to implement the principles of a circular economy in their work.

Legal obligation

Where we are required to provide data to a third party by law, we will provide that data to that third party. We may rely on this legal basis when processing your data as part of a job application, to ensure we comply with employment law and other relevant laws.

Special categories of data

We process special categories of data in accordance with the UK GDPR, which imposes stricter rules on what we can do with that data compared with other personal data. Special categories of data include data relating to your health, gender, sexual orientation, race, ethnic origin, religion, trade union membership and criminal convictions. Typically, we only process such data when you apply to work for us. We may be required by law to ask for some of this data, and if you do not provide it to us, we may be unable to process your application. We may ask for your dietary requirements where we are hosting an event at which we may provide food to you. Your dietary requirements may reveal personal data relating to your religion or other characteristics, and may therefore be considered special category data. 

Children’s data

We take particular care when processing children’s data. We put additional safeguards in place, such as conducting data protection impact assessments, where we intend to process children’s data. Where appropriate, we design our systems and processes to ensure they are appropriate for children’s use. 

How we share your personal data

We may share your personal data with other members of our charitable group. Our charitable group includes our subsidiaries and any associated companies or charities, including those in the EU, the United States, China and Brazil. Where necessary, your data will be added to our databases, and may be accessed by our staff worldwide. Where your data is used in other countries, we have taken steps to ensure that the data is appropriately protected.

We may also share personal data with selected third parties including our funders, partners, agents, service providers and legal and professional advisors where it is necessary or advisable to do so as part of our activities. We may share your data with third parties in order to tailor our content that you see on other platforms, including on social media channels. When we share data with third parties, we put contractual arrangements and security mechanisms in place to protect the data and to comply with our data protection, confidentiality and security obligations.

We may also share personal data with third parties if we are under a duty to disclose it in order to comply with any law or legal obligation (including to investigate or prevent crime), or to protect our rights, our property or the safety of others, or where you have consented to us doing so.

When you participate (or sign up to participate) in one of our events, we may share your personal data (such as your name, email, biography and other data you choose to provide to us) with other event participants and third parties we work with in organising, hosting and promoting the event.

We may share photos and audio and/or video recordings taken at events with other event participants and third parties we work with in organising, hosting and promoting the event, and we may make them available to the public via our website and social media channels or include them in other materials we create in support of our charitable objectives.

In respect of the Network portal, see section Our websites, Network portal and community platform.

How we store your data

Your data is stored securely on EMF’s internal systems and by third-party hosts who implement secure data storage procedures.

We will only hold your data for as long as necessary for the purposes for which it was collected, or if we are required to hold it for operational or legal purposes. We periodically review the data we hold to determine whether it is still necessary for us to be holding it for those purposes. We may contact you to check whether you still want us to hold your data if we cannot establish whether we have heard from you in three years. If we do not hear from you after attempting to make contact with you, or we otherwise determine that we no longer need to hold it, we will dispose of your data securely by erasing it from our systems or putting it beyond use.

Our retention periods for different categories of personal data are set out below. In certain circumstances we may need to keep your data for a longer period, in which case we will notify you, together with the reasons for the proposed extended retention period. If you are an employee or contractor, further details of how your data is processed can be found in your contract and our employee policies.

Contact data

Name, organisation, job title, work email address and work phone number

Three years after the last contact

Unsuccessful job applications

Data relating to unsuccessful applications to work for us

Six months from the date of notification to the candidate

DBS checks and other vetting 

Item

Description

Retention Schedule

Contact data

Name, organisation, job title, work email address and work phone number

Three years after the last contact

Unsuccessful job applications

Data relating to unsuccessful applications to work for us 

Six months from the date of notification to the candidate

DBS checks and other vetting 

Data relating to criminal offences received as part of a job  application which is unsuccessful

Six months (maximum) from the date of receipt of the data

Dietary and disability data

Dietary preferences and allergy data, and details of disabilities, of third parties, each as required to enable participation at in-person events

Three months (maximum) after the relevant event

Transferring data overseas

Your personal data may be transferred to, stored at, and/or processed by people or organisations working in other countries outside of the UK. This includes transferring data to other members of our charitable group, and our partners, agents, service providers and legal and professional advisors. Any such transferral, storage or processing will be undertaken in accordance with the UK GDPR. We will take all steps reasonably necessary to ensure that your personal data is transferred, stored and processed securely.

Your data protection rights

 

Data subjects (people) about whom we hold personal data have the following rights under data protection law. You have different rights depending on the legal basis we have for using your data. If you have any questions about your rights in relation to your personal data, please contact our Data Protection Officer using the contact details listed above.

A right to be informed: you have the right to know how we use your data. This is the purpose of this privacy policy.

A right of access: you have the right to ask us for copies of your personal data.

A right to rectification: you have the right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete data you think is incomplete.

A right to erasure: you have the right to ask us to erase your personal data in certain circumstances.

A right to restriction of processing: you have the right to ask us to restrict the processing of your personal data in certain circumstances.

A right to object to processing: you have the right to object to the processing of your personal data in certain circumstances.

A right to data portability: you have the right to ask that we transfer the personal data you gave us to another organisation, or to you, in certain circumstances.

Where you have provided consent to our use of your data, you also have the unrestricted right to withdraw that consent at any time. Withdrawing your consent means that we will stop processing the data that you had previously given us consent to use. There will be no consequences for withdrawing your consent. However, in some cases, we may continue to use the data where we have a legitimate reason for doing so.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

If you wish to make a request, please contact our Data Protection Officer using the contact details listed above.

How to complain

If you have any concerns about our use of your personal data, you can make a complaint to us via our Data Protection Officer using the contact details listed above.

You can also complain to the Information Commissioner’s Office (ICO) if you are unhappy with how we have used your data:

     

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

 

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk