Management of personal data
The personal information IRF may collect from you and the uses to which it is put
We may collect personal information about you whenever we contact you, you contact us, or if we have entered into (or are preparing to enter into) a contract with the other party.
In particular, we may collect and process the following information:
- Information provided by filling in forms or following e-mail links on our website, or received from you when we contact you by telephone, e-mail, post or other means.
- Information collected when we enter into or prepare to enter into a contract or agreement with you or an organization in which you are involved in any capacity.
- Information to better provide you with the services you require or information about our projects, developments, policies and activities.
- Information needed to respond to a request, inquiry or complaint you have made.
- Information collected by us from publicly available sources.
- Information collected by third parties on our behalf.
Please note that we assume, unless you tell us otherwise, that we may use and disclose your personal information in ways that we reasonably believe are necessary to provide our services and information to you (including as described in this statement and as agreed between us).
Specifically, we may collect, store and use your personal information for the following purposes:
If you contact us via our website:
We will collect your personal details in order to contact you and correspond with you in response to your enquiry or expression of interest in one or more IRF projects or other business interests.
By contacting us via any of the channels on our website, you will have consented to us processing your data in this way.
If you are a stakeholder :
We may collect, store and use your email address for the purpose of contacting you about IRF projects and/or policies and activities.
We consider that it is in both our legitimate interests to retain this personal information to keep you informed of IRF activities (including project and/or policy developments) that may impact you as a stakeholder.
In some cases, we may collect, store and use your political opinions where these have been manifestly made public by you or where you have given your explicit consent, for the purpose of contacting you about IRF projects and/or policies.
With whom we share your personal information:
We use consultants, suppliers, contractors and other professionals and work with government departments, agencies, local authorities and non-departmental public bodies to help us develop our projects. We may therefore share your personal data with the following third parties where necessary:
- Law firms
- Government agencies such as Ofgem
- Information Commissioner
- People with whom you have authorized us to share your personal information
- Joint ventures
We may give them personally identifiable information, but only to the extent that they need it to perform their specific functions. Where possible and appropriate in the circumstances, we have entered into contracts with third parties containing obligations regarding the use and security of personal information to ensure its protection to the extent possible.
How long we keep your personal information:
We only keep your personal information for as long as it is needed for the purposes for which it is processed. The length of time we keep your personal information depends on the purposes for which we use it and/or the law.
This means that some of your personal information will be retained for a short period of time, for example when you make a complaint and that complaint is resolved without the need for follow-up, while other information may be retained for a longer period of time, for example where a specified period is required by law or our relationship requires it. If you would like more information about our retention of your data, you can contact us at the email addresses listed below.
Provide information to IRF about third parties:
You must not give us personal information about anyone else (such as named contacts, co-owners or close relatives) without first obtaining their consent for us to disclose and use it. If you provide information about these third parties, we will assume that they have given their consent, although we may always ask them for confirmation.
Where IRF stores your personal data and security measures:
We have put in place what we believe to be appropriate technical and organisational security measures to protect your personal information from unauthorised or unlawful use, and from accidental loss, damage or destruction. We have strict confidentiality agreements (including data protection obligations) in place with our third party service providers. We will not pass on any personal information we collect to third parties for marketing purposes unless we specifically inform you of this.
Unfortunately, the transmission of information via the Internet is not completely secure. If you provide us with personal information via our websites, we will do our best to protect it, but we cannot guarantee its security and any transmission is at your own risk. Once we receive your personal information, we will use strict procedures and security features to try to prevent unauthorised access.
Other circumstances in which IRF may disclose your personal information:
We may disclose your personal information to any member of our group, i.e. our subsidiaries, our ultimate holding company and its subsidiaries.
We may disclose your personal information to third parties:
- In the event that we sell or buy a business or assets, in which case we may disclose your personal information to the prospective seller or buyer of such business or assets, but only if such disclosure is reasonably required for the purposes of the sale or purchase;
- If all or substantially all of our assets are acquired by a third party, your personal information may be one of the transferred assets;
What are your rights?
In accordance with the GDPR, you can contact us at firstname.lastname@example.org.
To exercise any of the following rights you have in relation to our processing of your personal information:
- Right of access - you have the right to obtain confirmation that your personal information is being processed and to access your personal information
- Right of rectification - you have the right to have your personal information corrected if it is inaccurate or incomplete
- Right to erasure (right to be forgotten) - you have the right to request the deletion or removal of your personal information where there is no legitimate reason for us to continue processing it
- Right to restrict processing - you have the right to request (where you have given us consent) that your consent be withdrawn or that we block or delete the processing of your personal information by sending an email to the inbox set out above.
- Right to data portability - you have the right to obtain and re-use your personal information for your own purposes in different services as the processing is based on your consent.
In addition, you have the right to file a complaint with our Data Protection Officer at email@example.com if you believe that your personal information is not being processed in accordance with this privacy statement. If you believe, after contacting us, that your "Data Protection" rights are not being respected, you may submit a complaint to the CNIL.
Any changes we may make to our statement in the future will be posted on this page.