REPIC Limited is registered at Companies House with company registration number 05016750. RESC Limited is registered at Companies House with company registration number 06355083. REPIC Limited and RESC Limited are classed as data controllers under the General Data Protection Regulation (“GDPR”). GDPR defines your rights as an individual in relation to how we use your personal information. Its purpose is to ensure that organisations like ours do this in a fair and sensible way. To find out more information about GDPR, please click here.
REPIC Limited and RESC Limited are registered as Data Controllers with the Information Commissioner’s Office (“ICO”).
When do we collect your personal information?
When we collect your personal information is listed in full in our data processing tables available here. We collect this information as a consequence of our business activities.
We process different types of personal data about you that we have either collected directly from you or obtained from third parties, including the company you represent. The circumstances under which we will process your personal data are listed in full in our processing tables and can include situations in which:
- you are a user of our Websites, www.repic.co.uk or www.responsible-recycling.co.uk (“Websites”), including if you register to use certain pages of our Websites and are granted access to those pages;
- the processing of your personal data is part of a registration by you or the organisation you represent, to use the services we offer;
- the processing relates to your (or your organisation’s) use of our services, or purchases you (or your organisation) make from us;
- the processing relates to your rights, or our obligations under Regulations with which we are required to comply;
- the processing relates to our use of your (or your organisation’s) services or other purchases we make from you or your organisation;
- we work with your organisation for another purpose;
- you otherwise communicate or engage with us;
- the processing relates to data we have collected from publicly available sources, including but not limited to registers or authorisations published by Government Departments; or
- the processing relates to contacting you with respect to your position in public office, which is relevant to our activities
What personal information do we collect?
The personal information which we can process about you is detailed in our processing tables available above.
What do we do with personal information which we collect?
We will use your personal information, only where we have a lawful basis for processing. We are required by law to always have a so-called “lawful basis” (i.e. a reason or justification) for processing your personal data. The table linked to above sets out the purposes for which we process your personal data and the relevant lawful basis on which we rely for that processing. For example, certain processing activities may be conducted on the lawful basis of:
- it being necessary for legitimate interests pursued by us (provided they do not unfairly prejudice your rights and freedoms or your own legitimate interests);
- it being necessary in order to comply with a legal obligation applicable to us; or
- you having given your consent.
Please note that where we have indicated in the table that our processing of your personal data is necessary for us to comply with a legal obligation, and you choose not to provide the relevant personal data to us, we may not be able to enter into or continue our contract or engagement with you.
Details of how we process your personal data and the legal basis on which we do this are detailed in our processing tables.
Your information will be used only to ensure the effective management of the REPIC and RESC Limited Compliance Schemes.
Who do we share your personal information with?
From time to time we may ask third parties to carry out certain business functions for us, such as the administration of our Website and IT support. These third parties will process your personal data on our behalf (as our processor). We will disclose your personal data to these parties so that they can perform those functions. Before we disclose your personal data to these third parties, we will seek to ensure that they have appropriate security standards in place to protect your personal data. Examples of these third party service providers include our IT systems software and maintenance, back up, and server hosting providers.
In certain circumstances, we will also disclose your personal data to third parties who will receive it as controllers of your personal data in their own right for the purposes set out above, where the relevant disclosure is:
a) related to services provided to you or us by a third party acting independently to us but which has a relationship with us, for example certain payment fraud checking services;
b) if we need to disclose your personal data in order to comply with a legal obligation, to enforce a contract or to protect the rights, property or safety of our employees, customers or others.
We have set out below a list of the categories of recipients with whom we are likely to share your personal data:
a) IT support, Website, archiving companies and data hosting providers and administrators;
b) consultants and professional advisors including legal advisors, organisations we engage to conduct research, including market research on our behalf and accountants;
c) courts, court-appointed persons/entities, receivers and liquidators;
d) business partners and joint ventures;
f) governmental departments, statutory and regulatory bodies including (in the UK) the Information Commissioner’s Office, the Environment Agency, the police and Her Majesty’s Revenue and Customs;
g) Other companies in our group;
h) external companies or organisations in order to protect another organisation’s or our own legitimate interests provided such interests do not unfairly prejudice your rights and freedoms or legitimate interests, unless and to the extent that another lawful basis for such disclosure exists;
i) organisations that provide services to you on our behalf, or the recipients of services that you provide to us
Will your personal information be transferred outside Europe?
It is unlikely that your information will be transferred outside of Europe (the European Economic Area), however if we do transfer your personal information to a country outside Europe, we will ensure that we do this in accordance with GDPR (for example, by putting in place an appropriate data transfer agreement). We will do this with a view to ensuring the level of protection which applies to your personal information processed in these countries is similar to that which applies within Europe. If you have any questions regarding the protection we provide for your data if and when it is transferred within the European Economic Area, please contact us using the contact details section at the bottom of this notice.
What about anonymised information?
We may also convert your personal data into statistical or aggregated form to better protect your privacy, or so that you are not identified or identifiable from it. Anonymised data cannot be linked back to you. We may use it to conduct research and analysis, including to produce statistical research and reports. For example, to help us understand and improve the use of our Website.
How do we protect your personal information?
In order to prevent unauthorised access or disclosure, damage or loss of your personal information, we take suitable physical and electronic, organisational and technical measures to this end, in accordance with our obligations under GDPR. This may include encryption (for example, this website is a secure site and transmissions to and from this site will be encrypted).
You are responsible for maintaining the confidentiality of your user ID and password which relate to your access to certain pages of this website and/or any account you set up with us. You agree to accept responsibility for all activities which occur in relation to the same. You should not permit other people to use your user ID or your password. Please contact us promptly using the details in the section “How to contact us” below if you believe your user ID or password may have been compromised. We will not be responsible to you if there is unauthorised access to your login details or unauthorised activity on this website as a result of your log-in details becoming known by someone else, unless this was due to our negligence.
Despite our efforts regarding security it is important to bear in mind that the internet is not a secure means of communication. Personal information communicated through the internet may be intercepted by other people. We cannot guarantee the security of personal information sent to us through this website. You accept that you use this website at your own risk.
How long do we keep your personal information for?
We will keep your personal information only for the time periods specified in our data retention policy, detailed in our IT Data Management and IT Policy, namely:
- We will keep all information for the duration of our contract with your organisation and for up to 7 years after this has expired where we consider this to form part of our business accounts or compliance records governing the running of a Producer Compliance Scheme for WEEE, Batteries and Packaging Waste, which for the avoidance of doubt, we consider to encompass member services and activities pertaining to the collection and treatment of WEEE and batteries.
- We will keep all other information for up to 7 years, if we consider its retention remains necessary,
It is possible that we may need to retain information for longer than those periods set out above. This will depend on a number of factors, including:
- any laws or regulations that we are required to follow;
- whether we are in a legal or other type of dispute with each other or any third party;
- the type of information that we hold about you; and
- whether we are asked by you or a regulatory authority to keep your personal data for a valid reason.
Once your information is no longer required, either in line with our retention policy, or sooner (if applicable), your data will be destroyed, deleted or made anonymous. Please note that should your information be forwarded to external parties then your information may be kept in line with that external organisation’s own retention policy, unless that external organisation is processing personal data on behalf of REPIC, in which case your information will be deleted in accordance with the requirements of the contract between REPIC and the data processor.
What are your rights?
Where our processing of your personal information is based on your consent, you have the right to withdraw your consent at any time. If you do decide to withdraw your consent we will stop processing your personal data for that purpose, unless there is another lawful basis we are relying on – in which case, we will let you know.
Where our processing of your personal data is based on our legitimate interests, you can object to this processing at any time. If you do this, we will need to show either a compelling reason why our processing should continue, which overrides your interests, rights and freedoms or that the processing is necessary for us to establish, exercise or defend a legal claim.
Where we are processing your personal data for direct marketing purposes, you have the right to object to that processing.
In addition to these rights, you also have the following right to:
- access your personal data and to be provided with certain information in relation to it, such as the purpose for which it is processed, the persons to whom it is disclosed and the period for which it will be stored;
- require us to correct any inaccuracies in your personal data without undue delay;
- require us to erase your personal data;
- require us to restrict processing of your personal data;
- receive the personal data which you have provided to us, in a machine-readable format, where we are processing it on the basis of your consent or because it is necessary for your contract with us (please see the tables above) and where the processing is automated; and
- object to a decision that we make which is based solely on automated processing of your personal data (however, we do not currently conduct any such decision making).
Should you wish to exercise your rights with regard any or all of the above points, please contact us using the details at the bottom of this notice. Individuals do also have a right, within the UK, to lodge a complaint with the Information Commissioner’s Office www.ico.org.uk similarly you may contact the organisation responsible for GDPR within your own Country.
This website is not intended for use by minors under the age of 13 and as such we request that minors under the age of 13 do not submit any personal information to us through this website. We recommend that parents and guardians remind their children to handle their personal data securely and responsibly on the internet.
This website does contain links to other websites. In addition, other websites outside our control may link to this website. We are not responsible for the privacy practices and contents of such other websites. You should exercise caution and look at the privacy statement applicable to the website in question.
Updating and obtaining access to or copies of your personal information
If any personal information which you have provided to us becomes out of date or inaccurate, please let us know by contacting us by email or by post using the details in the section “How to contact us” below.
If you wish to obtain access to or copies of the personal information which we hold about you please contact us in the same way.
From time to time (and subject to receiving your consent, if required) we will use your personal information for direct marketing purposes, to send you information by post email, text, SMS or telephone about our products and services which may be of interest.
Where your consent to receive direct marketing is required, you can of course refuse to give this consent. Also, if at any other time you wish to change your mind about receiving direct marketing you may opt-out at any time. You could do this either by contacting us by email or post using the details in the section “How to contact us” below or by following the instructions in the relevant direct marketing communication.
Please note that if you do later opt-out from receiving further direct marketing, we will cease sending any direct marketing communications to you but we may not necessarily remove your personal information from our database(s). This means that we may continue to hold your personal information (including your contact details) either in relation to other purposes for processing your personal data (as notified to you and on a separate lawful basis), including in order to ensure that we do not contact you further.