Privacy Policy

WasteAction Resource Efficiency Ltd and Warp It updated for GDPR compliance 25th May 2018
- reviewed 20th May 2019
- reviewed 20th May 2022
- reviewed 10th Feb 2023

1. Introduction

WasteAction Resource Efficiency Ltd must gather, store and use “personal data” as defined by the European Union Regulation (EU) 2016/679 in order to carry out account management activities. . The collection and processing of personal data is subject to restrictions aimed at protecting the privacy of individuals.

Where the policy discusses the processing of data for the necessary performance of the contract - i.e - registered customers to the Warp It portal, it will include data processor from both WasteAction Resource Efficiency Ltd and our software developers at who we have worked with since 2011 and who are also GDPR compliant.

We are registered with the Information Commissioner Office and we adhere to good practice in our data protection policy, including adherence to the General Data Protection Regulations and the PECR guidelines for records retention. A copy of our data protection certificate can be obtained from our website.

This privacy statement will describe the reasons why personal data is needed, how it will be used, who will be able to access the information and when it will be deleted from our records. It also explains your rights to access your data under data protection laws or seek to have it rectified or deleted. We will at all times comply with the provisions of the European Union General Data Protection Regulations (“GDPR”)

2. Personal data which we hold about you

We request very little identifying information from you which is not deemed sensitive data and is only used for specific set of purposes. The personal data we hold on you is:

● Full name
● Work email address
Other data we hold is:
● Company name
● Company address, including postcode
● Company telephone and mobile number

The above personal data is held for the following reasons:
● Processing is necessary for the performance of the contract with the data subject and maintenance of the site.
● For registration to certain areas of the Website including added value resources and newsletters.
● To allow us to consider your comments, queries and suggestions and respond if necessary.
● To allow us to respond to your enquiries for further information.
● To distribute requested materials.

If you visit the blog area of our site: sometimes, we may ask questions where you are not personally identifiable from your response although we may post responses on the Website. These instances will be highlighted to you but in all other instances, you should assume that we track any information you provide on a personally identifiable basis.

3. Purposes of processing

We will process your personal data for the purposes of:
● performing our obligations and exercising our rights under your registration to the Warp It site (if registered as a customer)
We will only process your personal data where one of the following apply:
● you have provided your consent for us to do so.
● processing is necessary for the performance of a contract [or to make preliminary arrangements for the creation of a contract]
● there is a legal obligation to do so; or

4. Third parties

To complete transactions with third parties, in this case, other approved Warp It institutions for the express purpose of reusing surplus assets, we will share personal data. Notably this will only include collected data of Full Name and works email address.

We do not pass any personal data to Third Parties other than outlined above. However we want your experience of the Warp It website and its available resources to be as informative and useful as possible, we provide a number of links to Third Party Websites. Always be aware of where you end up. Third Party Websites may send their own cookies to users, or otherwise collect data or solicit personal information. We assume no responsibility for the information gathering practices of websites that you are able to access through ours, and we encourage you to review each website's privacy policy before disclosing any personally identifiable information.

5. Transfers of your personal data outside the EEA

No customer data is transferred outside of EEA

6. Retention of your personal data

We will retain your personal data only so long as we reasonably require in light of the purposes for which we are holding it and all relevant legal, commercial and operational considerations.

Where we hold your data for the performance of a contract, your data will be held until the completion of the contract plus 3 months- unless otherwise instructed. We can delete data on termination of contract on request and provide a deletion certificate.

We frequently review the ICO and PECR guidelines for data retention.

7. Subject Access Rights

You have a right (referred to as the data subject access request, “DSAR”) to access the personal data that we hold about you. If you would like to exercise that right, you must submit a request to specifying the information that you want us to provide you.

We are obliged to respond to any such request within one month of receiving it (subject to limited exceptions).

We will inform you via email following receipt of your request and, if necessary, seek additional information from you about your request.

8. Accuracy of Information and Corrections

You have a right (referred to as the right to rectification) to have your personal data rectified if it is inaccurate or incomplete. If you become aware that any of the data that we hold about you is inaccurate, you can

● update your personal information on our website if you hold an account
● update your preferences at the bottom of any notification, email or newsletter you receive if you are subscribed to our mailing list or if we are contacting by terms of legitimate interest
● submit a request to

Please do this as soon as practical. We are obliged to comply with requests within one month. This may be extended to 3 months where a rectification request is complex.

9. Storage of Data

Data is stored securely in the UK. We do not transfer data outside of the UK.
Data protection policy accessible at

10. Deletion/Unsubscribe

You have a right (referred to as the right to erasure) to request the deletion or removal of your personal data where there is no compelling reason for its continued process. In these instances your data will be removed within one month apart from where we hold your email address on our mailing list, where your email address will then be held on email suppression list, which we must hold for legal reasons. You will be notified if any of your data must continue to be held for any legal reasons.

If you would like to exercise this right, you can:
● unsubscribe at the end of any marketing email you receive, if you want to unsubscribe. An unsubscribe link is included in every notification, email or newsletter email by law.
● submit a request to the We will then consider this request in accordance with obligations under data protection laws.

11. Transferring your personal data

You have a right (referred to as the right to data portability) to obtain and reuse your personal data for your own purposes across different services. This right allow you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way.

If you would like to exercise this right, you must submit a request to, specifying the information that you wish to be transferred.

We are obliged to comply with any such request within one month. This may be extended to 3 months where the rectification request is complex or multiple requests from the same data subject are received at the same time. We will notify you if an extension is necessary.

12. Restricting use of your personal data

You have a right (referred to the right to restrict processing) to block or suppress the processing of personal data in certain circumstances.

If you contest the accuracy of the personal data, processing may be restricted until the accuracy of the personal data has verified. This also applies where you contest that the processing is unlawful.

If you would like to exercise this right, you must submit a written request to, specifying the information that you wish us to impose a processing restriction on.

13. Data Protection officer and Complaints Process

We have appointed a Data Protection Officer who has overall day-to-day responsibility for the processing of personal data.

If you have any questions at all about this privacy notice or would like more information about any of the issues covered in it, please contact

If you have a concern or complaint about the way we have handled your personal data you have the right to complain to the information commissioner via the helpline 0303 123 1113 or by visiting the following website -