IES must gather, store and use “personal data” as defined by the European Union Regulation (EU) 2016/679 in order to market our products and services to you. The collection and processing of personal data is subject to restrictions aimed at protecting the privacy of individuals.
We are registered with the Information Commissioner Office and we adhere to good practice in our data protection policy, including adherence to the General Data Protection Regulations and the PECR guidelines for records retention. A copy of the data protection policy can be obtained from our website or by emailing email@example.com.
This privacy statement will describe the reasons why personal data is needed, how it will be used, who will be able to access the information and when it will be deleted from our records. It also explains your rights to access your data under data protection laws or seek to have it rectified or deleted. We will at all times comply with the provisions of the European Union General Data Protection Regulations (“GDPR”)
2. Personal data which we hold about you
We request very little identifying information from you and only for specific set of purposes.
The personal data we hold on you is:
- Full name
- Company name
- Email address
- Job role
- Company address, including postcode
- Company telephone and mobile number
- IP address
- Email marketing preferences
Your personal data is held:
- For registration to certain areas of the Website including competitions;
- To allow us to consider your comments, queries and suggestions and respond if necessary;
- To allow us to respond to your enquiries for further information; and
- To distribute requested materials
Sometimes, we may ask questions where you are not personally identifiable from your response although we may post responses on the Website. These instances will be highlighted to you but in all other instances, you should assume that we track any information you provide on a personally identifiable basis.
3. Purposes of processing
We will process your personal data for the purposes of:
- Sending you marketing information out or;
- performing our obligations and exercising our rights under your contract of IESVE licence
We will only process your personal data where one of the following apply:
- you have provided your consent for us to do so.
- processing is necessary for the performance of a contract [or to make preliminary arrangements for the creation of a contract]
- there is a legal obligation to do so; or
- processing is necessary for the purposes of the legitimate interests pursued by IES or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
4. Third parties
In processing your personal data for any of these purposes, we may from time to time pass it to our partner companies. A full and up-to-date list can be found in Appendix one.
We will write to all third parties and ask them for a copy of their data protection policy. If we are not satisfied that they have sufficient safeguards in place for the protection of personal data, we will request a change in process or may switch provider.
5. Transfers of your personal data outside the EEA
IES is an international business and, from time to time, we may transfer your personal data outside the EEA as follows:
- Your personal data will be stored on a CRM cloud system, currently Salesforce, which is headquartered in USA
- Your personal data may be stored in an Event Technology platform, currently Eventbrite, which is headquartered in USA, if you have registered for an IES event.
6. Retention of your personal data
We will retain your personal data only so long as we reasonably require in light of the purposes for which we are holding it and all relevant legal, commercial and operational considerations.
Where we hold your data for the performance of a contract, your data will be until the completion of the contract plus 2 years.
Where we hold your data with your consent, we will ask you to provide your consent again after 5 years.
If you choose to unsubscribe from receiving marketing emails from us your email address will be held on our email suppression list in order to prevent us from contacting you again via email. This is held under the Legal Obligation basis in order for us to comply with GDPR law.
We frequently review the ICO and PECR guidelines for data retention.
7. Subject Access Rights
You have a right (referred to as the data subject access request, “DSAR”) to access the personal data that we hold about you. If you would like to exercise that right, you must submit a request to firstname.lastname@example.org specifying the information that you want us to provide you.
We are obliged to respond to any such request within one month of receiving it (subject to limited exceptions).
We will inform you via email following receipt of your request and, if necessary, seek additional information from you about your request.
8. Accuracy of Information and Corrections
You have a right (referred to as the right to rectification) to have your personal data rectified if it is inaccurate or incomplete. If you become aware that any of the data that we hold about you is inaccurate, you can
- update your personal information on our website if you hold an account
- update your preferences at the bottom of any eshot you receive if you are subscribed to our mailing list
- submit a request to email@example.com
Please do this as soon as practical. We are obliged to comply with requests within one month. This may be extended to 3 months where a rectification request is complex.
9. Storage of Data
Personal data will be stored in password protected software as a service CRM, event technology platform and email marketing platform, password protected documents within electronic folders or locked filing cabinets, which are only accessible to members of the marketing team. We do not hold any sensitive personal data.
You have a right (referred to as the right to erasure) to request the deletion or removal of your personal data where there is no compelling reason for its continued process. In these instances your data will be removed within one month apart from where we hold your email address on our mailing list, where your email address will then be held on email suppression list, which we must hold for legal reasons. You will be notified if any of your data must continue to be held for any legal reasons.
If you would like to exercise this right, you can:
- unsubscribe at the end of any marketing email you receive, if you want to unsubscribe. An unsubscribe link is included in every IES mail shot email by law.
- submit a request to the firstname.lastname@example.org. We will then consider this request in accordance with obligations under data protection laws.
11. Transferring your personal data
You have a right (referred to as the right to data portability) to obtain and reuse your personal data for your own purposes across different services. This right allow you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way.
If you would like to exercise this right, you must submit a request to email@example.com, specifying the information that you wish to be transferred.
We are obliged to comply with any such request within one month. This may be extended to 3 months where the rectification request is complex or multiple requests from the same data subject are received at the same time. We will notify you if an extension is necessary.
12. Restricting use of your personal data
You have a right (referred to the right to restrict processing) to block or suppress the processing of personal data in certain circumstances.
If you contest the accuracy of the personal data, processing may be restricted until the accuracy of the personal data has verified. This also applies where you contest that the processing is unlawful.
If you would like to exercise this right, you must submit a written request to firstname.lastname@example.org, specifying the information that you wish us to impose a processing restriction on.
13. Data Protection officer and Complaints Process
We have appointed a Data Protection Officer who has overall day-to-day responsibility for the processing of personal data.
If you have any questions at all about this privacy notice or would like more information about any of the issues covered in it, please contact email@example.com
If you have a concern or complaint about the way we have handled your personal data you have the right to complain to the information commissioner via the helpline 0303 123 1113 or by visiting the Information Commissioner's Office website.
A list of all third party companies that we share personal data with is listed below:
We share project website users contact details with our research and development partners as part of our European Union projects. Projects which Integrated Environmental Solutions Limited and IES R&D Limited are partners can be found on the EU Community Research and Development Information Service (CORDIS) website. Project partners are listed for each individual project.