GDPR Privacy Notice

Last updated: 16 March 2023

This privacy notice (notice) explains how we, the Combustion Engineering Association of Netpark, Thomas Wright Way, Sedgefield, County Durham, TS21 3FD (we, us, our) process your personal data if you access or use our online services including our website, online content and features or if you otherwise engage with us online or offline.

If you have any question about your data protection rights or if you do not understand anything explained in this notice, please contact us [email protected].

WHO DOES THIS PRIVACY NOTICE APPLY TO?

This notice applies to:

the users of our website, online content and features;
our members and event participants;
our service providers and business partners;
our job applicants; and
anyone else who interacts with us, if you call, email or visit us or otherwise engage with us online or offline.

WHAT TYPES OF PERSONAL DATA DO WE PROCESS?

“Personal data” generally means any information that identifies you or relates to you.

Depending on your interaction with us, this may include the details of your enquiry, contact information, membership information, usage information, your profile and other information.

For more information, please see the “categories of personal data” section below.

DATA ACCURACY

We will trust that you provide to us your accurate, complete and up to date personal data. We ask that you keep us informed of any changes.

How is your personal DATA collected?

We collect your personal data as follows:

From you, if you complete a membership application form or enquiry form on our website, when you send us an email, when you become a member and attend our training sessions or events, when you deal with our representatives, when you visit our offices or otherwise deal with us.

From your user interactions with our website, online content and features, for example, when you navigate our website or otherwise interact with our online services.

From the public domain, such as information on the internet, Companies House, social media or other public records.

From third parties, such as our corporate members (who may provide us with your details during the application process), recruitment agencies, your referees, social media platforms and other third parties.

If you provide information about others, please ensure you have their consent to do so or let us know if you do not.

WHY DO WE PROCESS your personal data?

This section explains what personal data is necessary for each purpose. We include some but not all processing activities to make the notice easier to read. However, please contact us if you would like more information. We keep our processes and data collection under review and will update this notice should any personal data no longer be necessary for the given purpose.

The “lawful basis” column explains how we comply with a technical legal justification for data processing. Please contact us if you have any questions.

Purpose	Personal data	Lawful basis of processing
To assist with your enquiries.	details of enquiry contact information	Necessary for our legitimate interest in responding to enquiries and complying with best practice or, as the case may be, necessary for taking steps prior to entering into a contract.
To provide services to our members and our corporate members such as providing our training courses, conferences and seminars and other services.	contact information member information usage information	Necessary for performance of our contract with you as our member, or for our legitimate interest in providing our services to our corporate members (your employer).
To provide our online services including our website, online content and features to you and the general public which may remember your preferences or include personalised content and services.	profile information technical information usage information	Necessary for our legitimate interest in providing our online services to the public and complying with best practice, the performance of our contract with our members and compliance with our legal obligations. Where required by law, we rely on your consent to deploy cookies or similar technologies on your device or to read information on your device except where necessary for essential services. Your consent is obtained if you select your choices in our cookie panel. Your choices will extend to first party and third party cookies. Please see the cookies section below for further information.
To send you service communications about matters relevant to your membership and your engagement with us, surveys and other feedback requests, etc.	contact information member information usage information	Necessary for the performance of our contract with you and our legitimate interest in understanding how our services are used and viewed by our members and keeping our members informed.
To send you relevant marketing communications including by email, phone, text message and other means.	contact information member information details of enquiry	Our legitimate interest in promoting our association to our members and others. You will have the right to opt-out from future marketing communications. We will obtain your consent where required by law (for example, in relation to marketing sent to non-members)which you can withdraw at any time or we might rely on the existing relationship (soft opt-in) exemption which allows us to send you marketing without consent in certain circumstances.
To assess your job application and for business administration purposes. For example, if you apply for a job, we will review your CV, publicly available information about you, information from your previous employers and professional references.	contact information details of your enquiry public information special categories of personal data your background information	Necessary for our legitimate interest in considering applications, responding to queries and, as the case may be, necessary for taking steps prior to entering into a contract. Special categories of personal data may be processed as is necessary in the context of employment and social security laws.
To develop and improve our services, content and features, and organisation	Pseudonymised member information usage information profile information security information technical information	Necessary for our legitimate interest in analytics and service development. Where required by law, we rely on your consent to deploy cookies or similar technologies on your device or to read information on your device except where necessary for essential services. Your consent is obtained if you select your choices in our cookie panel. Your choices will extend to first party and third party cookies. Please see the cookies section below for further information.
To ensure the proper administration of our organisation, including to: keep appropriate records;resolve complaints;enforce our agreements; debt collection; andsimilar purposes.	all personal data as is necessary and proportionate	Necessary for compliance with our legal obligations,to establish, exercise or defend legal claims and necessary for our legitimate interest in the proper administration of our organisation and services and protecting our reputation.
To ensure information security ofour information systems, premises, meetings and communications.	usage information security information	Necessary for our legitimate interest in ensuring the security of people, our organisation and assets and compliance with our contractual obligations, and as is necessary for compliance with our legal obligations.
To ensure your health and safety at our premises or to make reasonable adjustments on account of your disability.	special categories of personal data	Necessary for our legitimate interest in ensuring health and safety and good accessibility at our premises in the substantial public interest and as is necessary for compliance with our legal obligations.
To engage our third party service providers and advisors who may process your personal data on our behalf or otherwise to facilitate the provision of our services and the fulfilment of essential service functions including cloud storage, backup, telecommunications, information security, professional advice and other services.	all personal data as is necessary and proportionate	Necessary for our legitimate interest in providing our services and running our organisation.
To monitor interactions and operations for the prevention and detection of crime including fraud, and to share information with law enforcement authorities and other stakeholders.	all personal data as is necessary and proportionate	Necessary for our legitimate interest in protecting people, our organisation and assets and detecting and preventing crime, and as is necessary for compliance with our legal obligations.
To share data with another organisation in accordance with the law for the purposes of a joint venture, collaboration, merger or acquisition.	all information as is lawful, necessary and proportionate	Necessary for our legitimate interest in engaging in activities to promote our organisation and as is necessary for compliance with our legal obligations.
Processing and sharing your personal data in connection with legal claims and law enforcement or regulatory requests.	all personal data as is necessary and proportionate	Necessary for compliance with our legal obligations, to establish, exercise or defend legal claims or for our legitimate interest in complying with best practice.

We may process your personal data for other purposes which are compatible with the existing ones. However, we will obtain your prior consent for any new purpose where required by law.

COOKIES AND SIMILAR TECHNOLOGIES

We utilise technologies that enable us to store information, or access information stored, on your device such as your computer or smartphone, including:

Cookies are small text files sent to or accessed by your web browser which will enable you to navigate our online services and features. Cookies sit on your device and make themselves known to us when you access online services such as our website or app. We see how you as our returning user navigate our services on different occasions and what content you might be interested in.
Pixels or tags are tiny graphics files that are downloaded when you interact with our online services. This will then alert us that you have opened an email, clicked on content or other action. These are typically used to capture interaction information and measure the relevance of our content.
Tracking URLs are custom generated links that help us understand which page you come to us from and later go to.
Local storage is used to more efficiently manage the temporary storage of information that allows you to access our services on your device.
Digital fingerprint is used to recognise your device based on your device & browser data without relying on cookies.

Like most organisations with online presence, we use cookies and similar technologies to (as is further described in our “why” section):

provide our services which is not possible without certain essential cookies;
functional cookies to remember your settings and preferencesto improve your experience, speed up your searches and recognise you when you return to our service; and
understand our online traffic through analytics tools.

To accomplish this, we will, in certain cases, also link information from cookies and similar technologies with personal data held about you.

We will deploy cookies and similar technologies ourselves (first party cookies). However, our services may also include cookies and similar technologies deployed by third parties (third party cookies).

WHO IS YOUR PERSONAL DATA DISCLOSED TO?

We may share your personal data with the following third parties:

Our service providers, business partners and advisors as required for the proper administration of our organisation or in the context of our services. In some cases, the service provider such as our payment processor will process your payment card data, and we will not store or collect your payment card data.
The public if you interact with us on social media or as required by law
Recruitment agent, your former employer or other person proving a reference about you
Our corporate member, if it pays for your membership, who may seek information about your participation in CEA activities, such as training as evidenced by a certificate, and similar information;
HMRC, the Police and other authorities as strictly required by law or best practice
Third party where ordered by the court or necessary in establishing, exercising or defending legal claims
Another organisation in case of a merger, acquisition or collaboration
Other third parties where you have provided consent

HOW DO WE SECURE YOUR PERSONAL DATA?

We have put in place appropriate organisational and technical measures to safeguard your personal data that we keep on premise and on our systems.

We seek to ensure our third-party service providers do the same. We only appoint service providers under an appropriate contract who provide sufficient guarantees about data security in accordance with applicable law.

No system is completely secure and we cannot fully guarantee the security of your personal data. We will deal with any personal data breach in accordance with our incident response procedure and will notify you and the regulator where we are legally required to do so.

We put in place measures to restrict access to your personal data on a “need to know” basis.

HOW LONG IS YOUR DATA KEPT?

We will retain your personal data for as long as it is necessary for the purposes set out above or longer, as may be required by law, for legal claims or otherwise. By way of example, the following retention periods may apply.

Details of your enquiry	One year from collection
Member information	6 years from when membership termination
Job applications	6 months from collection
Other data	6 years from collection

After the retention period, your personal data will either be securely deleted or anonymised, and it may be used for analytical purposes.

WHERE WE STORE YOUR PERSONAL DATA

Generally, your personal data will be held in the UK but some of our service providers will store data in the EU, the US and other countries.

However, we may use or make available tools which require the transfer of your personal data outside the UK such as the US. In these cases, we will satisfy ourselves that your data protection rights are adequately protected by appropriate technical, organisational and contractual safeguards in accordance with data protection laws before any such transfer.

Opt-out

[If you would like us to stop sending you marketing communications and to process your personal data for direct marketing purposes, please contact us.

You can request to stop receiving our marketing communications at any time by clicking on the unsubscribe link at the bottom of each marketing message and we will add you to a suppression list or otherwise arrange that you no longer receive marketing communications.

In relation to cookies and similar technologies, if you delete or clear data on your device, the next time you visit our online services our cookie consent banner will reappear, and you will need to select your preferences again. Remember that if you change your settings to exclude cookies in your browser or device but later request services by interacting with our service features, this may override your browser or device settings.

Your rights

Subject to certain exemptions, limitations and appropriate proof of identity, you have the following rights in relation to your personal data:

Right to information about matters set out in this notice. You may also contact us for further details about our data retention policy, international data transfers and other matters that are unclear.
Right to make an access request to receive a copy of your personal data held by us.
Right to rectification of any inaccurate or incomplete personal data.
Right to withdraw consent previously provided.
Right to object to our processing of personal data based on our legitimate interests.
Right to erasure of personal data that is no longer needed, for example, you can seek a deletion of your member information.
Restriction on the processing of personal data.
Right to human intervention in respect of any automated decision-making without human involvement that significantly affected you.
Right to data portability from one service provider to another, where applicable.
Right to lodge a complaint with the Information Commissioner’s Office.

All requests will be processed without undue delay and no later than within one month. If we cannot process your request within this period, we shall explain why and process it as soon as possible thereafter.

Cookies and similar technologies. You can withdraw consent by changing your settings in our cookies consent banner. While we try to ensure that your choices are fully respected, this may not always be possible, particularly where third parties are involved. For this reason, aside from relying on your cookie choices, please also consider turning off the automatic download feature in your browser, as described at allaboutcookies.org; and opting out from third party services that deploy cookies and similar technologies, such as Google Analytics, by visiting www.google.com/settings/ads or by downloading the opt-out add-on at https://tools.google.com/dlpage/gaoptout.

What happens if I disable cookies? By disabling cookies, you may experience a reduced online service. For example, opting out of functional cookies may mean that you will have to set your preferences each time to access our website.

THIRD PARTIES MAY PROCESS YOUR PERSONAL DATA

Our website, content and features and services may involve the use of third party services, social media platforms such as Twitter and Facebook, or other third party services.

We may also share your personal data with third parties, such as payment services providers, public authorities and others who process your personal data for their own purposes.

You should check the privacy statements of these third parties and we are not responsible for how they may process your personal data. Please note some of them may use your personal data for business administration, product development or advertising purposes.

CATEGORIES OF PERSONAL DATA

We process the following categories of personal data about you:

Contact information	including your home or business address, telephone, email and similar information.
Details of enquiry	Details of your enquiry, service request, job application or other communication.
Member information	Including your name, email address and information provided by you or collected or otherwise processed about you during your membership such as records of training you have completed, attendance at our events and conferences and our engagement with you as a member.
Profile information	including your demographic information from our analytics and advertising partners, your preferences and interests known, observed or inferred by using analytics, advertising or other tools and sources including notes of your past interactions with us.
Public information	from public registers, databases, social media, the Internet and similar sources.
Security information	includingactivity data, network monitoring and logging data, antivirus scan, information in security logs and similar information.
Special categories of personal data	including your race, ethnic origin, religious or philosophical beliefs, sexual orientation, political or trade union affiliation and information about your health.
Technical information	including online identifiers, internet protocol (IP) address, details of operating system, browser type, language, time zone setting, location, date and time of access, local storage data and similar information obtained from your device, browser, an APIor similar source.
Usage information	including about how you navigate our website and online content, clickstream data with URLs visited previously, webpage interaction, such as scrolling, clicks, and mouse-overs, methods used to browse away from our website, email open rates, click rates, view rates, active time spent, ‘likes’ on our social media pages and similar online activity information.
Your background information	including your personal, professional and financial information obtained from you, public sources and third parties such as former employers, colleagues and similar information.

UPDATES TO THIS NOTICE

If we make any changes to our notice, you will be able to see them on this page, as indicated by the “Last updated” date at the top.

If any such changes significantly affect you, we will ask for your prior consent where we are required to do so by law.

How To Get In Touch