Privacy Policy Statement

Information about how RECC holds data about individuals

Please click here to download the Privacy Policy Statement as a PDF.

This document sets out full information about data Renewable Energy Consumer Code (RECC) holds about individuals. If you would like to know about data RECC may be holding about you, please read this document.

1. Who we are and how to contact us

RECC sets and enforces consumer protection standards for businesses selling, leasing and installing small-scale renewable energy generating systems and other related energy efficiency technologies. You can find full details about the Code at www.recc.org.uk .

RECC is administered by Renewable Energy Assurance Ltd and sponsored by Renewable Energy Association. It is approved by the Chartered Trading Standards Institute under its Consumer Codes Approval Scheme. Our address is: York House, 23 Kingsway, London WC2B 6UJ. Our telephone number is: 020 7981 0850. The company number is: 05720606.

RECC’s Data Privacy Contact is Virginia Graham. You can contact us at privacy@recc.org.uk . Please note that all data about individuals captured will be used and held in accordance with the requirements of the General Data Protection Regulation and the Data Protection Act 2018.

2. The data we hold about individuals and the purposes for which we hold it

In certain circumstances we hold data about individuals during the course of carrying out our role as Code administrator. We hold this data to assist us in dealing with your inquiries and requests, handling your disputes, and administering our membership records. We therefore hold this data in pursuit of our legitimate interests as a Consumer Code Administrator.

All the data about individuals we hold, such as your name, address, telephone number and email address, has been submitted to us by you by email, telephone, post or online. The purposes for which you have submitted data to us include, but are not limited to:

  • RECC’s Dispute Resolution Service (and held on the RECC dispute resolution database and in paper files);
  • RECC’s Membership Application Process for the purpose of applying to join RECC as a member, and as part of the due diligence checks we carry out, whether you are linked to a limited company or a partnership or whether you are a sole trader (held on the customer relationship management (CRM) database and in paper files);
  • RECC’s Membership Renewal Process for the purpose of updating your membership details (held on the customer relationship management (CRM) database, in the drop box and in paper files);
  • RECC’s Non-Compliance Process for the purpose of seeking to demonstrate compliance with the Code and Bye-Laws when requested to do so (held in the drop box or in paper files);
  • RECC’s Monitoring Process in order to provide feedback about RECC’s members (held on the customer relationship management (CRM) database or in paper files).

We occasionally issue session cookies when strictly necessary for the operation of the website. You can find out more about what cookies are, how to control them and delete them here: www.aboutcookies.org . You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website. (Third party services such as Google Maps, Twitter and Facebook may also issue cookies.)

We use Google Analytics, which will issue cookies to help track how visitors use our website, this helps us monitor which pages you find useful and which you do not, and help us provide a better website. These do not hold any personal information. Further information on Google Analytics and Privacy can be found here: www.google.co.uk/intl/en/analytics/privacyoverview.html .

RECC newsletters employ tracking so that we can monitor at an individual level whether a recipient has opened the email and what content they have clicked on. We only send our newsletter to recipients who have signed up to receive it. Recipients are able easily to unsubscribe from the newsletter if they wish.

The RECC website may contain links to other websites of interest. Once you have used these links to leave our site, you should note that we do not have any control over the other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

3. The purpose for which we hold data about individuals and circumstances in which we share data.

All the data we hold about individuals has been provided to us by you. We hold this data in order to deliver the services you have requested from us in one of the ways set out in section (2) above. We do not use your data for any purpose other than that for which you have provided it to us. If you have provided your individual data to us for any purpose please be assured that we do not process your data in any way and nor do we publish your data in any format under any circumstances. We will never use the data you have provided us with for marketing purposes, nor will we pass it to any third parties for marketing purposes.

We hold data about individuals who have asked us to assist them with resolving a dispute with a renewable energy installer business. (We refer to this as the RECC Dispute Resolution Service.) If you register a dispute with RECC, we have a legitimate interest as a Code Administrator to process the personal data submitted. We may share your personal data with other relevant bodies in order to expedite the resolution of your dispute. These include the installer business, the installer business’s certification body, the energy regulator and the financial regulator, for example.  You will always be able to object to the use of your personal data. We may disclose your data if we are required to do so by law, or in order to enforce our own legal rights.

RECC’s customer relationship (CRM) database contains a register of all RECC members, whether a company, a sole trader or a limited partnership. When you applied to become a RECC member, you consented to the name and contact details of your business being published on our website. RECC’s Bye Laws require you to consent to this going forward. The purpose for which we publish details about RECC members on our website is in order to generate leads for your business by enabling consumers to contact you.

Within RECC’s customer relationship (CRM) database we hold data about you if you have told us that you are the Primary Contact for a RECC member including where you are a sole trader. (If you are the Primary Contact and you are also a Director of a registered company, most of your information will already be in the public domain and available at Companies House.) We use your details to contact you about RECC membership administration issues, and to send you information and news by emails.

4. The lawful bases for processing data about individuals

We are permitted to process your data only in certain, very specific circumstances set out in Article 6 of the GDPR. At least one of these must apply whenever we process personal
data:

  • Consent: you have given clear consent for us to process your personal data for a specific purpose.
  • Contract: the processing is necessary for carrying out a contract we have with you, or because you have asked us to take specific steps before entering into a contract.
  • Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations).
  • Vital interests: the processing is necessary to protect someone’s life.
  • Public task: the processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.
  • Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect your personal data which overrides those legitimate interests.

5. The rights of individuals about whom we hold data

As an individual about whom we hold data (data subject) you have the right to ask us:

  • whether we are holding any data about you and if so what data we are holding
  • for a copy of any data we are holding about you
  • to rectify any incorrect data we are holding about you
  • to delete the data we are holding about you if you no longer want us to hold it not to use your data other than for the purpose you provided it to us for
  • to change the details of any consent you many have given at any time in writing for us to share your data with a specified third party.

To ask us any of these things you can send an email to privacy@recc.org.uk . We will respond to your email within 14 days of receiving it.

Finally, you have the right to complain to the Information Commissioner’s Office should you have reason to consider that RECC has breached the policy set out in this statement or the regulations which underpin it in any way, here: https://ico.org.uk .

6. Transfer of the data we hold about individuals

We will not under any circumstances transfer your data outside the European Economic Area (EEA) or an expressly permitted country. These are: Andorra, Argentina, Canada (only commercial organisations), Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay and USA (if the receiver belongs to the Privacy Shield). Given that, holding data about individuals on the internet, which is a global environment, means that it may be processed outside the EEA. If this were to be the case, the data will always be held securely and in line with the requirements of UK data protection legislation.

7. The basis on which we hold and protect data about individuals

We will delete any data we hold about individuals after ten years unless you request us in writing within that time to continue to hold your data.

The RECC website, the RECC dispute resolution database and the RECC CRM database are all protected and have a high level of security. We are committed to ensuring that your data is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

8. How individuals will know if we decide to change this Privacy Policy

Should we decide to change this Privacy Policy Statement in any way we will put a notice on our website to inform you of the changes and what their significance could be for you. We will also make this information available in any emails we send out to individuals who could be affected.

The date on which this Privacy Policy Statement was adopted is 11 July 2018. There is also a Version Control number at the start of the document so that you can easily trace any amendments which have been made to it and when.

9. The Information Commissioner’s Office

You can contact the Information Commissioner’s Office using the following details: Information Commissioner's Office
Wycliffe House, Water Lane Wilmslow
Cheshire SK9 5AF

Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number Further contact details are available on the website: https://ico.org.uk/ .

20.01.2020