top of page



Climate Action for Associations Limited (CAFA) respects and is committed to protecting your privacy. We aim to maintain consistently high standards in our use and storage of your personal data, and endeavour to comply with the Data Protection Act 1998, the EU General Data Protection Regulation (GDPR) and other relevant legislation.

To reflect changes in privacy laws, this updated Privacy Policy aims to clearly inform you of how we use your personal data, how we ensure it is kept secure and your choices about its use. We hope this can help you to make informed decisions when using our website or other services we provide.

In this Privacy Policy, references to “we”, “us” and “our” refer to CAFA. Personal data, as defined by the GDPR, means any information which relates to a living individual who can be identified, either directly or indirectly, from this information. For example, your name, email address, postal address, telephone number and other personal details.

From time to time we will update this Privacy Policy, so we encourage you to refer back to this page regularly. In addition to this Privacy Policy, each service offered by us may have additional privacy provisions that are specific to the particular service. You will always be informed of these supplemental provisions at the time you provide your personal data.

Using Links to External Sites

Please remember that when you use a link to go from our website to another website, our Privacy Policy no longer applies. Your browsing and interaction on any other website or your dealings with any other third party service provider, is subject to that website’s or third party service provider’s own rules and notices/policies.

We do not monitor, control, or endorse the information collection or privacy practices of any third parties. This Privacy Policy applies solely to information collected by us through our website or services and does not apply to these third party websites and third party service providers.

Our Contact Details

If you have any questions about this Privacy Policy you can contact us in the following ways:

  • Write to us: Data Protection Officer, Climate Action for Associations Limited, 6th Floor, Charles House, 108-110 Finchley Road, London NW3 5JJ. Registered in England and Wales under the company number 13206511; 

  • Email us:

Collection of Your Personal Data

We collect personal data from you when you enquire about or request a product or service directly from us. The information we routinely collect will include your contact details (e.g. name and email address).

When You Visit Our Website

When you visit our website for the first time, you will receive a “pop-up” notice informing you that we use cookies. Some personal data (for example a unique identifier, your IP address and geographical location) will be collected through our and our technology partners’ use of cookies and similar technologies.

We may also research publicly available sources (e.g. websites and LinkedIn) and use external suppliers, to identify business contacts who are likely to be interested in CAFA relevant offers. We will only collect the minimal amount of information required for this purpose (e.g. name, job title, company and contact details) and when we contact you we will endeavour to ensure we provide you with a way to object to us continuing to retain your personal data.

The Lawful Bases We Rely On

Under the GDPR there are six lawful bases under which organisations can collect, use and store personal data. We have identified four which we rely upon for our business activities:

  • Contractual – in many circumstances we rely on the lawful basis of “performance of a contract”. This enables us to respond to you when you express an interest in CAFA and/or CAFA solutions and to fulfil any requests.

  • Consent – in some circumstances we rely on your specific consent, whereby you actively agree and “opt-in”. We will always make it clear how you can withdraw your consent at any time.

  • Legal Obligation – there will be circumstances under which we are legally obliged to hold your personal data or required to disclose it to a third party by law.

  • Legitimate Interests – for some of our activities we rely on our legitimate business interests to collect and use your personal data. In such cases, we have balanced our interests with yours and do not believe these activities will have a negative impact on your privacy rights and freedoms. We specifically rely on legitimate interests to:

    • Manage specific topics and aspects of our digital and live events.

    • Send you marketing and communications related to relevant and selected solutions, innovations, products and services.

    • Ask you to respond to surveys and polls.

    • Connect you with like-minded CAFA members to encourage learning.

    • Promote selected partners.

You can always object to our marketing messages. If you wish to object to our reliance on legitimate interests for any other purpose, please use our contact details above.

How We Use Your Personal Data

We will use your personal data for the purposes of fulfilling a product or service you have requested, which includes:

  • Responding to your enquiries about our products and services.

  • Provision and delivery of a product or service.

Marketing Communications

When we collect your personal data, we will include a specific notice to inform you and give you choices about future direct marketing communications from us.

We will only send you direct marketing communications when you have either:

  • Provided your consent (e.g. ticked a box or clicked a “button” to submit a form).

  • Where we believe we can demonstrate a legitimate business interest and have balanced this with your interests and privacy.

It is always your choice and you can stop receiving direct communications from us at any time. We will provide a clear and easy way to do this.

For electronic marketing communications (via phone) we adhere to the rules of the Privacy and Electronic Communications Regulations.

Personalised Marketing Content

We want to ensure our communications are of interest to you. We therefore use the information we know about you to tailor messages to be as relevant to you as possible. We will use publicly available sources to try and do this. You have the right to object, but once you do, this will mean we will be unable to send you marketing communications in future.

Access Your Personal Data

You can request a copy of the personal data we may hold relating to you, and the purposes for which we are using it, at any time. This is known as a Subject Access Request.

In responding to such a request we may ask for proof of your identity, to ensure we do not inadvertently send your personal data to another person. We will endeavour to respond to any such requests as soon as possible, but at least within one calendar month. Please use our contact details above.

Amend Your Personal Data

If you discover or believe the personal data we hold for you is out of date or incorrect please let us know and we will rectify this as soon as possible. Please use our contact details above.

Delete Your Personal Data

If you wish for your personal data to be deleted we will assess any such request on a case-by-case basis. We will respond to you as soon as possible, at least within one calendar month of receiving your request. Please use our contact details above.

Keeping Your Data Secure

Ensuring your personal data is kept secure is of the highest importance to us. We hold your personal data on our secure systems, mainly based within the UK and the European Economic Area (EEA).

Your personal data may be transferred to a country outside the European Economic Area (EEA). This may be required for the purposes of our staff based outside the EEA or where a supplier of a service is based outside the EEA. We will take all reasonable steps necessary to ensure your personal data is treated securely.

We are committed to protecting the security of the personal data we hold. We deploy appropriate technical and organisational measures to ensure your personal data is kept securely and to prevent any unauthorised access. We have robust procedures and features in place to prevent such unauthorised access.

We hold personal data for a variety of different purposes and the length of time we keep your information for will vary depending on the products and services we are providing to you. We will only keep your personal data for a reasonable period of time and we base this on the purpose for which we are using it.

We are committed to the privacy, safety and security of our customers. If you discover a potential security vulnerability, we would ask you to please report it just to us in a responsible manner. Please email us and we will respond to you as soon as possible. This provides us with an opportunity to work with you and quickly address and resolve any issue. Publicly disclosing a potential vulnerability could put the wider community at risk, and therefore we encourage you to come to us first. We’ll keep you informed as we move forward with our investigations.

Cookie Notice

The aim of our Cookie Notice is to provide you with a summary of the tracking technologies we use and how you can control what is set and when. We keep our Cookie Notice under regular review to best reflect the technology we use on our sites.

Flash Cookies: A local shared object, sometimes called a “Flash cookie,” is a data file that can be created on your computer by the website you visit. They are most often used to enhance your web-browsing experience.
Log Files: We use log files to record events that occur on our website. This may include, though not exclusively, the type, content or time of transaction made via your device. These audit trails allow us to analyse activities on our websites.

Your Cookie Control Options

When you use our website for the 1st time you will be notified about our use of cookies via a “pop up” banner. This is to inform you that cookies or similar technologies are deployed on your device.

You can choose to disable your web browser’s ability to accept cookies. Please note that if you choose to do this, you may not be able to access or take advantage of many features of the service and some parts of the website may not work properly.

You can control how cookies are set within your browser settings. Each browser is different so check the ‘Help’ menu of your particular browser to learn how to change your cookie preferences.

Our Main Technology Partners

We work directly with a number of technology partners to maintain and enhance our website including Google Analytics to provide insight into how visitors find and use our web pages so that we can evaluate and develop them.

External Web Services

We use a number of web services to display external content, e.g. YouTube. These could set cookies or track your activity anonymously. CAFA takes no responsibility for external content providers data protection efforts. For full information you should read the privacy policies of these sites.


Last updated: 23 February 2021

bottom of page