Privacy Policy

The Energy Managers Association (EMA) Privacy Policy describes how we process personal data collected during the course of our activities as a professional membership body and provider of energy management related products, services and information.

The EMA is committed to respecting the privacy of individuals and is compliant with the requirements of the UK General Data Protection Regulation (GDPR), which is designed to ensure personal data is processed lawfully, fairly, transparently and for specific, explicit and legitimate purposes. The EMA is registered with the Office of the Information Commissioner, registration number ZA384449.

Please read this Privacy Policy carefully and ensure that you understand it. This Privacy Policy applies to your use of the EMA website and any email correspondence related to our activities. Our website may contain links to other websites. Please note that we have no control over how your data is collected, stored, or used by other websites and we advise you to check the privacy policies of any such websites before providing any data to them.

This Privacy Policy was last updated on 17 May 2024.

1. Collection of data

1.1. During the course of its work, the EMA collects personal data which identifies individuals or that can be used to identify individuals when combined with other information in the possession of the EMA or likely to come into its possession.

1.2. Personal data is collected by a variety of means, face-to-face, mail, phone, internet and e-mail, at events, conferences, exhibitions and training courses. This personal data may include information such as name, age, home address, telephone number, e-mail address, organisation name, job title, business address, IP address, membership number and grade, examination records, bank and payment details, education and training details, CPD records, application details, CVs and assessment records.

2. Use of data

2.1. Personal data held by the EMA may be accessed and used by the EMA and trusted associates as necessary in order to fulfil the EMA’s role and to complete its activities.

2.2. All personal data is processed and stored securely, for no longer than is necessary in light of the reason(s) for which it was first collected and consented for. We will comply with our obligations and safeguard your rights under the GDPR at all times.

2.3. Our use of your personal data will always have a lawful basis, either because it is necessary for our performance of a contract with you, because you have consented, or we have a legitimate interest for the use of your personal data for the fulfilment of our role and/or activities.

2.4. We believe that it is reasonable to expect that if you applied for one of our services you are content for us to collect and otherwise use your personal data to offer or provide the services that you have signed up to.

2.4.1. If you are/were part of the EMA membership, we use your personal data to administer and manage your membership, for the purposes of assessing membership applications, allocating a membership level, providing member benefits, internal administration of your membership, and for statistical and analytical purposes.

2.4.2. If you are/were part of the EMA ESOS Lead Assessor Register, we use your personal data to administer and manage your ESOS Lead Assessor process and registration, for the purposes of assessing the process applications, CVs, qualifications, assessment grades, for awarding a Lead Assessor status and allocating a registration number, providing industry updates, for continuous administration of your ESOS Lead Assessor registration, statistical and analytical purposes, and for auditing purposes by the Environment Agency.

2.4.3. If you have registered for or contacted us about any EMA products or services including events, training, publications and advertising, you will receive essential communications relating to the fulfilment of those products and services.

2.4.4. We may also use your personal data to send e-mail notifications alerting you to EMA information which may be of interest and to promote and develop our activities, products and services.

2.5. The data you provide to us will be held on our servers in the UK and our databases and cloud storage are protected by industry standard security technology, such as industry standard firewalls and password protection. Furthermore, the employees who have access to Personal Data shall handle such data properly and in accordance with our security protocols and strict standards of confidentiality.

2.6. You have the right to withdraw your consent to using your personal data at any time, and to request that it is deleted (please contact us using the details in section 7).

3. Data sharing

3.1. As data controller, the EMA takes all reasonable steps to ensure that personal data remains in a secure environment and we will never sell personal data to third parties, but we may share it with trusted associates, suppliers and contractors for the purposes of administering and managing our services and activities.

3.2. The EMA may also share personal data with government authorities, if legally required to do so, or if the EMA believes it necessary in connection with an investigation of any activity that is illegal.

4. Data processing

Personal data held by the EMA may be managed by trusted third party data processors.

4.1. The EMA holds personal data relating to members and contacts on a database provided by a third party provider, Zoho Office Suite. Zoho Office Suite demonstrated their commitment to data privacy and protection by meeting the industry standards for ISO 27001 and SOC 2 Type 2, is certified by the EU-US ‘Privacy Shield’, and provides a secure service that is compliant with the requirements of data protection law. Further information can be found at: https://www.zoho.eu/gdpr.html

4.2. Some personal data is stored using Dropbox, file sharing and storage solution. Dropbox complies with the EU-U.S. and Swiss–U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the European Economic Area, and Switzerland to the United States. You can find Dropbox’s Privacy Shield certification here. You can also learn more about Privacy Shield at https://www.privacyshield.gov

4.3. We also use a third party provider, MailChimp, to manage the delivery of our emails. MailChimp is certified by the EU-US ‘Privacy Shield’ and obligated to comply with the European General Data Protection Regulation. If you do not wish to receive these materials, simply click the Unsubscribe link in any email. Further information can be found at http://mailchimp.com/legal/privacy 

4.4. To host digital events and training, we use Zoom and Microsoft Teams, both organisations operate globally, which means that personal data may be transferred, stored (for example, in a data center), and processed outside of the country or region where it was initially collected.

Zoom protects personal data in accordance with their Privacy Statement wherever it is processed and takes appropriate contractual or other steps to protect it under applicable laws. Where personal data of users in the UK are being transferred to another country outside the UK which has not been recognised as having an adequate level of data protection, they ensure that the transfer is governed by the European Commission’s standard contractual clauses.

Microsoft adheres to the principles of the EU-U.S. and Swiss-U.S. Privacy Shield frameworks, although Microsoft does not rely on the EU-U.S. Privacy Shield Framework as a legal basis for transfers of personal data in light of the judgment of the Court of Justice of the EU in Case C-311/18. To learn more, visit the U.S. Department of Commerce’s Privacy Shield website. Further information can be found at https://privacy.microsoft.com/en-gb/privacystatement.

4.5. To enable online payments, we use Stripe Services, Stripe Payments Europe transfers personal data to Stripe, Inc., in the U.S. To ensure the adequate protection of personal data, Stripe is certified to the EU-U.S. and Swiss-U.S. Privacy Shield Framework. For more information, please read Stripe’s Privacy Shield Policy at https://stripe.com/gb/privacy

4.6. The online payments are supported by Automattic, that provides services through WordPress.com, and Jetpack (including WooCommerce Services) and collects information which is necessary to process an order, such as credit card and billing information, and calculating applicable taxes. For full information on the data that is automatically collected and how it is used, please visit https://automattic.com/privacy-notice/. For more information regarding the use of the collected information, please refer to the Automattic’s Privacy Policy at https://automattic.com/privacy/.

4.7. For support with our accounting purposes we use Xero, which is certified as compliant with ISO/IEC 27001:2013, which is globally recognised as the premier information security management system (ISMS) standard. Xero produces a Service Organization Control (SOC 2 Type II) report since 2016, which is available on request. This report is the result of an independent auditor’s examination of Xero’s cloud-based accounting system relevant to the Trust Services Criteria for Security, Availability, and Confidentiality. For more information, please refer to Xero’s Privacy Policy at https://www.xero.com/uk/legal/privacy/.

5. Our website

5.1. Cookies are simple text files which are stored on your computer or mobile device to help you use a website smoothly. Cookies do not collect personal information, and they cannot be used to identify you personally. The EMA website makes use of cookies to find out how visitors interact with our site to ensure that our content is easy to find, useful and reliable, and the capacity is sufficient for the best possible visitor experience. Users are offered to consent or reject cookies when they visit our website.

5.2. Throughout our website we have integrated social media share buttons from third party websites such as LinkedIn and Twitter. Pages with this embedded content may present cookies from these websites over which the EMA has no control. You should check the relevant third party website for more information about how these cookies are controlled.

6. Your Rights

As a data subject, you have the following rights under the GDPR, which this Privacy Policy and our use of personal data have been designed to uphold:

6.1. The right to be informed about our collection and use of personal data (please contact us using the details in section 7);

6.2. The right of access to the personal data we hold about you (please contact us using the details in section 7);

6.3. The right to rectification if any personal data we hold about you is inaccurate or incomplete (please contact us using the details in section 7);

6.4. The right to be forgotten – i.e. the right to ask us to delete any personal data we hold about you (please contact us using the details in section 7);

6.5. The right to restrict (i.e. prevent) the processing of your personal data (please contact us using the details in section 7);

6.6. The right to object to us using your personal data for particular purposes (please contact us using the details in section 7);

6.7. For further information about your rights, please contact the Information Commissioner’s Office https://ico.org.uk/concerns

7. Contact details

If you have any comments, questions or concerns about how the EMA handles personal data, or in relation to your personal data held by the EMA, please contact the EMA’s Data Protection Officer: Jana Skodlova, Data Protection Officer, Energy Managers Association, Suite 77, 95 Mortimer Street, London, W1W 7GB; [email protected]

8. Changes to the EMA Privacy Policy
Any changes to this Privacy Policy will be posted on the EMA website so you are always aware of what information we collect, how we use it, and under what circumstances we disclose it. If at any time we decide to use your information in a manner significantly different from that stated in this Privacy Policy, or otherwise disclosed to you at the time it was collected, we will notify you by email, and you will be able to choose whether or not we use your information in the new manner.

This Privacy Policy was last updated on 17 May 2024.