Support us

Privacy policy

Version dated: November 2025

This Privacy Policy describes how The Climate Change Organisation (together with its subsidiaries and affiliates, referred to in this policy as “Climate Group” "we," or "us”) collect and process personal data.

Any future changes we may make to our privacy policy will be posted on this page.

Our approach to privacy 

Climate Group is committed to protecting and respecting your personal data and making every effort to ensure that this is processed in a fair, open and transparent way.

This privacy policy outlines how personal data we collect from you, or that you provide to us, will be processed by us. It describes the categories of personal data that we collect, how we use your personal data, how we secure your personal data, when we may disclose your personal data to third parties, and when we may transfer your personal data. The policy also describes your rights regarding the personal data that we hold about you, including how you can access, correct, and request erasure of your personal data.

For the purposes of the UK General Data Protection Regulation (UK GDPR), we are a ‘data controller’ and are responsible for this website. 

Personal data

By personal information, we mean information about you as an individual, that can directly or indirectly identify you, such as your name, address, email address, telephone number or financial details. Personal data does not include data where the identity has been removed (anonymous data). Further details of this definition can be found under Art. 4 of the UK GDPR.

Contact

You can send questions and comments regarding this privacy policy by emailing the Director of Governance at info@theclimategroup.org or by writing to Climate Group, The Clove Building, 4 Maguire Street, London SE1 2NQ, United Kingdom.

The types of personal data we collect

We mainly collect and process business contact data (such as your name, organisation name, job title and work email). Personal data may also, on occasion, include video images and photographs or online identifiers such as internet protocol (IP) addresses or cookie identifiers. 

We don’t usually collect sensitive or “special category” personal data that could identify you, such as religion, sexual orientation or race. If we collect any sensitive personal data (for example, as part of a recruitment process), this will only be collected and used in an appropriate way to fulfil obligations such as equal opportunities or safeguarding. Sometimes we monitor equal opportunities or EDI information (for example, as part of a recruitment application or in relation to speaker panels), but this will never be mandatory and only collected on an anonymised or pseudonymised basis, so that it is not made available to any third parties in a way that identifies you.

We take steps to ensure that the personal data that we collect about you is adequate, relevant, not excessive, and processed for limited purposes.

Why we collect and use personal data

We collect and process information to fulfil our objectives as an international not-for-profit, as further set out below, including to:

  • Process donations, sponsorship or other payments;
  • Provide the services that you or your organisation have requested or fulfil our contractual obligations, including relating to our members, funders and sponsors;
  • Update you with important information about our work, our campaigns and initiatives, such as our newsletters and annual updates, plus information about the work of our partner organisations;
  • Organise, carry out, and invite you to our events, networking activities or ‘round table’ discussions, including inviting you to attend, speak or participate in, or be otherwise a supplier for or involved in one or more of our events;
  • Communicate with our network or facilitate networking with the wider climate community;
  • Assess your suitability for a role you have applied for and to help us develop and improve our recruitment process;
  • Solve disputes, enforce contractual agreements, or carry out legal defence or activities;
  • Comply with legal or official regulators, including in relation to major gifts and donations; and
  • To better understand our supporters and to develop and grow our business.

How information is provided 

Most of the personal data we process has been provided directly to us by you when you interact with us directly, for example:

  • Registering on one of our websites (theclimategroup.org, there100.org, climateweeknyc.org, under2coalition.org);
  • Subscribing to one of our newsletters;
  • Making a donation or supporting us in another way;
  • Registering to attend or enquiring about an event;
  • Applying for a job, internship or secondment;
  • Taking one of our surveys; or
  • Downloading our app for Climate Week NYC (see more below).

In some cases personal data may be supplied to us by third parties, for example, we may obtain your information including business contact data through one of our partners who support us with funding or provide us with services or through members of our campaigns. 

We also provide certain benefits to our members and sponsors, such as our quarterly newsletter, climate-related or industry-specific information, and invitations to events. These benefits are set out in our hubs or in our agreements with you or your organisation. We send these benefits out to all our supporters, to the email addresses that are provided to us, unless specifically asked not to. Supporters can contact us at any time to change the email address for these communications at any time or to unsubscribe from optional communications. 

When you download our app 

If you download our Climate Week NYC app (the “app”), we may collect the following data, which may be linked to your identity, and use it for the following purposes:

Analytics Product Personalisation App Functionality
Identifiers: User ID
Contact Info: Physical Address, Email Address, Name
Contact Info: Physical Address, Email Address, Name
 
Identifiers: User ID
Identifiers: User ID

 

The following data, which may be collected but is not linked to your identity, may be used for the following purposes:

Analytics Product Personalisation App Functionality
Usage Data: Product Interaction, Other Usage Data
Location: Precise Location, Coarse Location
Location: Precise Location, Coarse Location 
Diagnostics: Crash Data, Performance Data, Other Diagnostic Data   
 
 

 

How we use your data from the app:

Contact info Location Identifiers Usage data Diagnostics
Name: Used for product personalisation, and app functionality. Linked to the user’s identity.
Precise location: Used for product personalisation, and app functionality
User ID: Used for app functionality, analytics, and product personalisation
Product interaction: Used for analytics
Crash data: Used for analytics
Email address: Used for app functionality, and product personalisation. Linked to the user’s identity.
Coarse location: Used for app functionality, and product personalisation
 
Other usage data: Used for analytics
Performance data: Used for analytics
Physical address: Used for product personalisation, and app functionality. Linked to the user’s identity.
 
 
 
Other diagnostic data: Used for analytics

Your data if you apply for a job or internship with us 

If you submit a job application and/or CV to us, we will collect your data including your name and contact details. We will also ask you about previous experience, education, referees, and for other data relevant to the role. You may also supply this information to us directly or through a recruitment consultant, website, or social media such as LinkedIn. 

As part of the application process, you may be asked to take part in interviews, assessment days, or a combination. 

If you are unsuccessful in the assessment for the role, we may ask you if you would like us to retain your details should any further suitable vacancies arise. There is no requirement for you to agree to this.

Should we make a conditional offer of employment or similar, we will ask for information for pre-employment checks, including proof of your identity, qualifications, and criminal records declaration. We will also contact your referees. 

Your data at our Events 

If you attend our events (such as Climate Week NYC, US Climate Action Summit or Climate Group Asia Action Summit) you will be asked to register as an attendee. We use this data to carry out our events and may need to share your details with our venue providers for health and safety or security reasons. We will set out more information about this in our registration forms. 

We may also need to share your personal data with a sponsor hosting a session within one of our events (such as a Roundtable) and fellow Roundtable attendees however, we will only share your data in this way if we have a legitimate interest in doing so or where we have your explicit consent.

If we intend to record an event, we will, at a minimum, let you know on the day of recording prior to any recording on-site. This may be done verbally. You will be told of the purpose of the recording and what we intend to do with the recording. 

Our legal basis for processing personal data

We will only use your personal data where there is a lawful basis to do so. 

Generally, this will be where we have a “legitimate interest” to process your information based on our work as an international not-for-profit driving climate action. When processing your personal data under 'legitimate interest' we will make sure that we consider your rights and interests and will balance our interests against yours. We will not process your personal data on the basis of legitimate interests if we think there is an imbalance.

Other lawful bases that we may use to process your personal data may be: to fulfil a contractual relationship, to fulfil a legal obligation, or consent. If we process under the lawful basis of ‘consent’ (for example, when you sign up to a newsletter mailing list), then you have the right to withdraw consent at any time by contacting us.

We keep a record of the legal basis for processing your personal data. Please note that we may process your information on more than one legal basis, depending on the specific purpose for such data.

How long do we keep personal information?

We only keep your personal data for as long as is reasonable and necessary for the relevant purpose. We have a retention policy for each area in which personal data is processed, to consider what data should be retained, for how long, and why. We review this process regularly and frequently audit the information that we hold. 

Sharing your data

We never sell your personal data to third parties, nor do we allow third parties to use it for marketing without your consent. 

However, we may share your information with our trusted partners and suppliers who work with us, or occasionally with a sponsor hosting and attendees at a Roundtable session that you attend at one of our events, for the purposes set out above. To ensure the security of your data, we require that third parties who work with us store personal data securely and comply with relevant data protection laws.

We may be required to disclose your information to comply with applicable local laws, regulations and codes of practice or in response to a valid request from a competent authority.

Cookies and our websites

When you visit our website, we may gather general information, including pages you visit and the services, events or information that are of most interest to you. We may also track the pages you visit when you click on links in emails from us.  We also use 'cookies' to help us manage our site effectively.  Read our full Cookie Policy.

Our site may, from time to time, contain links to and from the websites of third parties such as our partners and affiliates or (directly or indirectly) to donation platforms such as Classy, Benevity, Charity Checkout, or Just Giving. If you follow a link or provide donations through any of these websites, please note that they will have their own privacy and security policies and we do not accept any responsibility or liability for these policies. 

Please read the privacy policies of any website you visit before you submit any personal data or payment information to them.

Transferring data cross-border 

Your data may be processed by members of our staff across Climate Group and our affiliated entities, including those operating outside of the UK or European Economic Area (‘EEA’). Regardless of their location, all of our staff will be required to maintain data securely in accordance with this Privacy Policy and our internal policies in relation to data protection and information security.

From time to time, Climate Group may need to transfer personal data to third-party service providers located outside the UK or EU, such as when we organise non-UK events. We will take all necessary practical and contractual steps to ensure that your data is protected and processed in accordance with this policy, including via the use of “appropriate safeguards” (such as international data transfer agreements) for any such transfer, where these are required under EU and UK data protection law. Further information about the protective measures we use is available from the Director of Governance. 

If we are not able to use an adequacy decision or appropriate safeguard measure, a transfer outside of the UK or EU will only take place on the basis of your explicit consent, having been informed by us of the risks beforehand.

Security of your data 

We take appropriate measures to ensure that your personal data is stored securely using modern software that is kept up-to-date. Access to our CRM shall be limited via multi-factor authentication and user access controls. We also implement appropriate back-up and disaster recovery solutions. 

Furthermore, all our staff participate in internal training in relation to IT security and data protection.

We have procedures in place to deal with any data incidents or suspected data breaches. If there’s a breach we will promptly assess the risk to your rights and freedoms and, if appropriate, report this breach to the Information Commissioner’s Office.

Your legal rights

You have certain rights in respect of the personal data we hold about you.  If you wish to exercise any of these rights or make a complaint, please contact our Director of Governance via info@theclimategroup.org or write to us at Climate Group, The Clove Building, 4 Maguire Street, London SE1 2NQ, United Kingdom. 

Please note that there may be exceptions to the above rights, under applicable data protection laws. Generally, you will not need to pay a fee to exercise any of the rights below, unless we believe that your request for access is clearly unfounded or excessive. 

Your rights will depend on the circumstances but, in summary, the main rights you have are:

  • Right to confirm we process your personal data and, if so:
  • Right to access to your personal data;
  • Right to object to or restrict processing, or to withdraw consent (if previously given);
  • Right to delete, correct or complete personal data held about you;
  • Right to make the data available in a portable format; and
  • Right to opt-out of marketing emails from us, which you can exercise by emailing us or by clicking the unsubscribe link at the bottom of each email that you receive from us. 

You also have the right to make a complaint to the Information Commissioner’s Office (www.ico.org.uk ), who act as the UK regulator for data protection issues. However, we would appreciate it if you could contact us in the first instance so that we have the chance to deal with your concerns before you approach the ICO.