REPIC Limited is registered at Companies House with company registration number 05016750. RESC Limited is registered at Companies House with company registration number 06355083. REPIC Limited and RESC Limited are classed as data controllers under the General Data Protection Regulation (“GDPR”). GDPR defines your rights as an individual in relation to how we use your personal information. Its purpose is to ensure that organisations like ours do this in a fair and sensible way. To find out more information about GDPR, please visit www.ico.org.uk.
REPIC Limited and RESC Limited are registered as Data Controllers with the Information Commissioner’s Office (“ICO”).
When do we collect your personal information?
When we collect your personal information is listed in full in our data processing tables available here. We collect this information as a consequence of our business activities.
We process different types of personal data about you that we have either collected directly from you or obtained from third parties, including the company you represent. The circumstances under which we will process your personal data are listed in full in our processing tables and can include situations in which:
- you are a user of our Websites, repic.co.ukor www.responsible-recycling.co.uk (“Websites”), including if you register to use certain pages of our Websites and are granted access to those pages;
- the processing of your personal data is part of a registration by you or the organisation you represent, to use the services we offer;
- the processing relates to your (or your organisation’s) use of our services, or purchases you (or your organisation) make from us;
- the processing relates to your rights, or our obligations under Regulations with which we are required to comply;
- the processing relates to our use of your (or your organisation’s) services or other purchases we make from you or your organisation;
- we work with your organisation for another purpose;
- you otherwise communicate or engage with us;
- the processing relates to data we have collected from publicly available sources, including but not limited to registers or authorisations published by Government Departments; or
- the processing relates to contacting you with respect to your position in public office, which is relevant to our activities
What personal information do we collect?
The personal information which we can process about you is detailed in our processing tables available above.
What do we do with personal information which we collect?
We will use your personal information, only where we have a lawful basis for processing. We are required by law to always have a so-called “lawful basis” (i.e. a reason or justification) for processing your personal data. The table linked to above sets out the purposes for which we process your personal data and the relevant lawful basis on which we rely for that processing. For example, certain processing activities may be conducted on the lawful basis of:
- it being necessary for legitimate interests pursued by us (provided they do not unfairly prejudice your rights and freedoms or your own legitimate interests);
- it being necessary in order to comply with a legal obligation applicable to us; or
- you having given your consent.
Please note that where we have indicated in the table that our processing of your personal data is necessary for us to comply with a legal obligation, and you choose not to provide the relevant personal data to us, we may not be able to enter into or continue our contract or engagement with you.
Details of how we process your personal data and the legal basis on which we do this are detailed in our processing tables.
Your information will be used only to ensure the effective management of the REPIC and RESC Limited Compliance Schemes.
Who do we share your personal information with?
From time to time we may ask third parties to carry out certain business functions for us, such as the administration of our Website and IT support. These third parties will process your personal data on our behalf (as our processor). We will disclose your personal data to these parties so that they can perform those functions. Before we disclose your personal data to these third parties, we will seek to ensure that they have appropriate security standards in place to protect your personal data. Examples of these third party service providers include our IT systems software and maintenance, back up, and server hosting providers.
In certain circumstances, we will also disclose your personal data to third parties who will receive it as controllers of your personal data in their own right for the purposes set out above, where the relevant disclosure is:
- related to services provided to you or us by a third party acting independently to us but which has a relationship with us, for example certain payment fraud checking services;
- if we need to disclose your personal data in order to comply with a legal obligation, to enforce a contract or to protect the rights, property or safety of our employees, customers or others.
We have set out below a list of the categories of recipients with whom we are likely to share your personal data:
- IT support, Website, archiving companies and data hosting providers and administrators;
- consultants and professional advisors including legal advisors, organisations we engage to conduct research, including market research on our behalf and accountants;
- courts, court-appointed persons/entities, receivers and liquidators;
- business partners and joint ventures;
- governmental departments, statutory and regulatory bodies including (in the UK) the Information Commissioner’s Office, the Environment Agency, the police and Her Majesty’s Revenue and Customs;
- Other companies in our group;
- external companies or organisations in order to protect another organisation’s or our own legitimate interests provided such interests do not unfairly prejudice your rights and freedoms or legitimate interests, unless and to the extent that another lawful basis for such disclosure exists;
- organisations that provide services to you on our behalf, or the recipients of services that you provide to us
Will your personal information be transferred outside Europe?
It is unlikely that your information will be transferred outside of Europe (the European Economic Area), however if we do transfer your personal information to a country outside Europe, we will ensure that we do this in accordance with GDPR (for example, by putting in place an appropriate data transfer agreement). We will do this with a view to ensuring the level of protection which applies to your personal information processed in these countries is similar to that which applies within Europe. If you have any questions regarding the protection we provide for your data if and when it is transferred within the European Economic Area, please contact us using the contact details section at the bottom of this notice.
What about anonymised information?
We may also convert your personal data into statistical or aggregated form to better protect your privacy, or so that you are not identified or identifiable from it. Anonymised data cannot be linked back to you. We may use it to conduct research and analysis, including to produce statistical research and reports. For example, to help us understand and improve the use of our Website.
How do we protect your personal information?
In order to prevent unauthorised access or disclosure, damage or loss of your personal information, we take suitable physical and electronic, organisational and technical measures to this end, in accordance with our obligations under GDPR. This may include encryption (for example, this website is a secure site and transmissions to and from this site will be encrypted).
You are responsible for maintaining the confidentiality of your user ID and password which relate to your access to certain pages of this website and/or any account you set up with us. You agree to accept responsibility for all activities which occur in relation to the same. You should not permit other people to use your user ID or your password. Please contact us promptly using the details in the section “How to contact us” below if you believe your user ID or password may have been compromised. We will not be responsible to you if there is unauthorised access to your login details or unauthorised activity on this website as a result of your log-in details becoming known by someone else, unless this was due to our negligence.
Despite our efforts regarding security it is important to bear in mind that the internet is not a secure means of communication. Personal information communicated through the internet may be intercepted by other people. We cannot guarantee the security of personal information sent to us through this website. You accept that you use this website at your own risk.
How long do we keep your personal information for?
We will keep your personal information only for the time periods specified in our data retention policy, detailed in our IT Data Management and IT Policy, namely:
- We will keep all information for the duration of our contract with your organisation and for up to 7 years after this has expired where we consider this to form part of our business accounts or compliance records governing the running of a Producer Compliance Scheme for WEEE, Batteries and Packaging Waste, which for the avoidance of doubt, we consider to encompass member services and activities pertaining to the collection and treatment of WEEE and batteries.
- We will keep all other information for up to 7 years, if we consider its retention remains necessary,
It is possible that we may need to retain information for longer than those periods set out above. This will depend on a number of factors, including:
- any laws or regulations that we are required to follow;
- whether we are in a legal or other type of dispute with each other or any third party;
- the type of information that we hold about you; and
- whether we are asked by you or a regulatory authority to keep your personal data for a valid reason.
Once your information is no longer required, either in line with our retention policy, or sooner (if applicable), your data will be destroyed, deleted or made anonymous. Please note that should your information be forwarded to external parties then your information may be kept in line with that external organisation’s own retention policy, unless that external organisation is processing personal data on behalf of REPIC, in which case your information will be deleted in accordance with the requirements of the contract between REPIC and the data processor.
What are your rights?
Where our processing of your personal information is based on your consent, you have the right to withdraw your consent at any time. If you do decide to withdraw your consent we will stop processing your personal data for that purpose, unless there is another lawful basis we are relying on – in which case, we will let you know.
Where our processing of your personal data is based on our legitimate interests, you can object to this processing at any time. If you do this, we will need to show either a compelling reason why our processing should continue, which overrides your interests, rights and freedoms or that the processing is necessary for us to establish, exercise or defend a legal claim.
Where we are processing your personal data for direct marketing purposes, you have the right to object to that processing.
In addition to these rights, you also have the following right to:
- access your personal data and to be provided with certain information in relation to it, such as the purpose for which it is processed, the persons to whom it is disclosed and the period for which it will be stored;
- require us to correct any inaccuracies in your personal data without undue delay;
- require us to erase your personal data;
- require us to restrict processing of your personal data;
- receive the personal data which you have provided to us, in a machine-readable format, where we are processing it on the basis of your consent or because it is necessary for your contract with us (please see the tables above) and where the processing is automated; and
- object to a decision that we make which is based solely on automated processing of your personal data (however, we do not currently conduct any such decision making).
Should you wish to exercise your rights with regard any or all of the above points, please contact us using the details at the bottom of this notice. Individuals do also have a right, within the UK, to lodge a complaint with the Information Commissioner’s Office (www.ico.org.uk)similarly you may contact the organisation responsible for GDPR within your own Country.
This website is not intended for use by minors under the age of 13 and as such we request that minors under the age of 13 do not submit any personal information to us through this website. We recommend that parents and guardians remind their children to handle their personal data securely and responsibly on the internet.
This website does contain links to other websites. In addition, other websites outside our control may link to this website. We are not responsible for the privacy practices and contents of such other websites. You should exercise caution and look at the privacy statement applicable to the website in question.
Updating and obtaining access to or copies of your personal information
If any personal information which you have provided to us becomes out of date or inaccurate, please let us know by contacting us by email or by post using the details in the section “How to contact us” below.
If you wish to obtain access to or copies of the personal information which we hold about you please contact us in the same way.
From time to time (and subject to receiving your consent, if required) we will use your personal information for direct marketing purposes, to send you information by post email, text, SMS or telephone about our products and services which may be of interest.
Where your consent to receive direct marketing is required, you can of course refuse to give this consent. Also, if at any other time you wish to change your mind about receiving direct marketing you may opt-out at any time. You could do this either by contacting us by email or post using the details in the section “How to contact us” below or by following the instructions in the relevant direct marketing communication.
Please note that if you do later opt-out from receiving further direct marketing, we will cease sending any direct marketing communications to you but we may not necessarily remove your personal information from our database(s). This means that we may continue to hold your personal information (including your contact details) either in relation to other purposes for processing your personal data (as notified to you and on a separate lawful basis), including in order to ensure that we do not contact you further.
When you visit the Website, we generate one or more “cookies.”
The table below summarizes the different types of cookie we use on the Website, together with their respective purpose and duration (i.e. how long each cookie will remain on your device).
Two types of cookies may be used on the Website – “session cookies” and “persistent cookies”. Session cookies are temporary cookies that remain on your device until you leave the Website. A persistent cookie remains on your device for much longer or until you manually delete it (how long the cookie remains on your device will depend on the duration or “lifetime” of the specific cookie and your browser settings).
Purpose of Cookies used on the Website:
|Purpose of Cookie||What do they do?||Do these cookies collect my personal data / identify me?|
|Necessary||Cookies that are essential to making the Website work correctly. They enable visitors to move around our website and use our features. Examples include remembering previous actions (e.g. entered text) when navigating back to a page in the same session.||These cookies do not identify you as an individual.
If you do not accept these cookies, it may affect the performance of our website
|Performance||Cookies that help us understand how visitors interact with our web properties by providing information about the areas visited, the time spent on the website and any issues encountered, such as error messages. They help us improve the performance of our websites, alert of any concerns and more.||These cookies don’t identify you as an individual. All data is collected and aggregated anonymously.|
|Functionality||Cookies that allow our web properties to remember the choices you make (such as your user name, language or the region you are in) to provide a more personalized online experience.||The information these cookies collect may include personally identifiable information that you have disclosed, such as a username, for example. We shall always be transparent with you about what information we collect, what we do with it and with whom we share it.|
We do not currently employ any targeting or advertising cookies on our Website.
Cookies are files or pieces of information that may be stored on your computer (or other internet-enabled devices, such as a smartphone or tablet) when you visit the Website. A cookie will usually contain the name of the website from which the cookie has come from, the “lifetime” of the cookie (i.e. how long it will remain on your device) and a value, which is usually a randomly generated unique number.
Most internet browsers are initially set up to automatically accept cookies. You can change the settings to block cookies or to alert you when cookies are being sent to your device. There are a number of ways to manage cookies. Please refer to your browser instructions or help screen to learn more about how to adjust or modify your browser settings.
If you disable the cookies that we use, this may impact your experience while on the Website. For example, you may not be able to visit certain areas of the Website.
If you use different devices to view and access the Website (e.g. your computer, smartphone, tablet etc.), you will need to ensure that each browser on each device is adjusted to suit your cookie preferences
Specific cookies used on the Site including for Site Analytics and Performance
One of the cookies we use (PHPSESSID) is only set for a short period of time (it will expire after 30 days) and it is a functional cookie i.e. it is essential for parts of the site to operate and this is referred to in more detail in the table above. This cookie does not collect personal information about you (as described above). You may choose to delete or block this cookie (see above), but if you do some parts of our website may not work.
The only other cookies used by REPIC are Google Analytics cookies. They are persistent cookies i.e. they remain on your machine/device after a browser session is ended. With our permission a third party, i.e. Google, uses the information collected to compile reports and to help us to improve the website. These cookies collect information in an aggregated i.e. anonymous form (i.e. they do not collect personal information about you), including the number of visitors to the site, where visitors have come to the site from and the pages they visited. More information is provided on these below.
(_utma, _utmb, _utmc, _utmz)
(Full terms can be accessed at http://www.google.co.uk/analytics/tos.html)
Blocking or Deleting Cookies
You may delete and block all cookies from this site, but parts of the site may then not work.
More information on cookies and what they are used for can be found at: http://www.allaboutcookies.org/Should you choose to delete and block all cookies from this site you can find out how to do this for your particular browser by clicking ‘help’ on your browser’s menu or by visiting http://www.allaboutcookies.org/manage-cookies/index.html. However, many of our website features will not function if you disable cookies.
To opt out of being tracked by Google Analytics across all websites you will need to add the Google Analytics Opt out tool to your browser.
For more information on web-beacons, please visit http://www.allaboutcookies.org/faqs/beacons.html
How to contact us
Should you wish to discuss any aspect of the above notice with us, or discuss the personal information we hold on you as an individual, please contact us (using the subject reference ‘for the attention of the Data Protection Officer’) by writing, telephoning or emailing us at:
REPIC Limited, RESC Limited
REPIC House, Waterfold Business Park, Waterfold Bury, Greater Manchester BL9 7BR Tel: 0161 272 0001