Skip to main content

Privacy Policy

ECA Website and App Privacy Policy

1.    Introduction
ECA is the leading trade association for the engineering services and electrotechnical sector. Under the ECA Rules, organisations can join ECA as members and/or as associates or affiliates.

At ECA, we respect your privacy and are committed to protecting your personal information.

However, if you have not directly provided your personal data to us, it may have been disclosed (or approved) to ECA by your employer/client, or a designated participant (usually termed the Nominated or Additional Representative) in the course of becoming an ECA member, associate, affiliate or industry stakeholder.

When personal data has been disclosed to ECA in this way your employer/client is responsible for ensuring that you have been informed of how your data will be used.

This policy explains how we collect information, what we do with it and what controls you have over your personal information when interacting with us. We are committed to complying with Data Protection Legislation including the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

2.    Your Privacy
We take our duty to process your personal information very seriously.

We may change this document from time to time to reflect the latest view of what we do with your information. Please check back frequently; you will be able to see if changes have been made by the date it was last updated at the end of the document.

Refer to the sections below for more details on how and why we use your personal information:

3.    Website and MyECA App Usage
Our website uses cookies. Cookies are small text files that are placed on your device (e.g. computer, smartphone or other electronic device) when you browse websites, to help provide you with the best experience we can (e.g. by helping us to recognise you and your device and store some information about your preferences or past actions).

The MyECA App may collect usage and diagnostic data, but it is not linked to your identity.

For further information on cookies please see our Cookie Policy.

4.    When you contact us via email
When you make an enquiry via email, the information in the email will only be used to respond to your request or question, you may be added to any mailing lists which are directly rlevant to your query, unless you ask us not to. We try to respond to email queries as promptly as possible but it can take the team 48 hours or more (on days when ECA is open for business) to respond to email queries especially at busy times, so please be patient with us.

5.    When you complete an enquiry form for one of our levels of membership
When you complete an enquiry form to find out more about our levels of membership (Member, ECA Commercial Associate, ECA Consultant & Specifier Associate, ECA Educational Associate) or our free ECA Consultant & Specifier Scheme, the information on the form will be used to contact you, usually via telephone, about your required membership level and provide more information about the membership and its benefits. 

6.    When you become a Member or Associate
When you become a Member or Associate, we maintain your personal information to be able to provide you with - including through our Regional and Branch networks - information on the benefits of membership, including; regional and branch groupings, structures, networking, governance, intelligence and support services, events and opportunities, as well as special offers and training. Some of our member benefits are provided by selected third parties. Their contact information and relevant discount codes are available in the membership portal.

We only collect sufficient information to be able to provide you with member services. 

7.    The Regional and Branch Network
ECA has a Regional and Branch network. The Regional and Branch Committees are run by volunteer member representatives – they all therefore operate in the engineering services and electrotechnical sector. Regional Executive Committees and Branches manage and operate social, CPD/training/educational, local governance and networking and engagement, events.

When you join ECA, you will be asked which regional and branch group you would like to belong to as part of the joining process. The Regional Committee will contact you directly with information about the activities available. You can choose to unsubscribe from these communications at any time. 

8.    When you take part in online research or surveys
Occasionally, we ask for feedback on your interaction with the website, our services or your membership experience. We will use a secure online platform to gather your responses which may include your name and contact details in case we need to contact you to follow up on your answers. 

9.    Links to other websites
In order to be able to provide you with additional services such as advice and discounts from selected partners, we may redirect you from our website to a third-party website owned and operated by certain trusted third parties. We also use key industry stakeholders to sign-post original sources, collaborate, innovate and provide you with awareness of complimentary services and products.

We cannot ensure the security of these websites and we recommend that you review the privacy policies for any third-party websites you visit as we cannot accept any liability for the way they manage your personal information. 

10.    Staying up to date
We would like to send you information about key industry issues, products and services, competitions and special offers, which may be of interest to you. Where we have your consent or it is in our legitimate interests to do so, we may do this by post, email, telephone, text message (SMS), automated call or push notification.

11.    The information we need
ECA is what’s known as the ‘data controller’ of the personal information you provide to us. This means that we decide what information we need, how we manage and secure it and when we delete it. Your relationship with us determines how much information we collect from you. For example, your name, address and contact details are required to manage your membership services and access to our systems. We require bank account and payment details to collect payment for invoices for services and membership fees. We will only ever collect the information needed to provide you with advice and services.

We will be very clear with you about the reason for collecting information and how we intend to use, share and store that information at the point we collect it. 

12.    Collecting your personal information
We collect personal information from you through a variety of different methods including when you:

  • Sign up to find out more about our membership services
  • Become a member or associate
  • Become a selected supplier or partner
  • Ask for more information
  • Send us correspondence via email
  • Give us feedback

If you have not directly provided your personal data to us, it may have been disclosed (or approved) to ECA by your employer, or a designated participant (usually termed the Nominated or Additional Representative) in the course of becoming an ECA member, associate, affiliate or industry stakeholder. When personal data has been disclosed to ECA in this way your employer is responsible for ensuring that you have been informed of how your data will be used.

By registering or allowing the registration of your personal data with us, either personally or by a designated company participant either through the website or the MyECA App or in any other way, you are aware of our processing of your personal data.

13.    Children
The website and MyECA App are not intended for anyone under 16 and we do not knowingly collect or use personal information relating to children. 

14.    Where is your information stored?
Wherever possible, all the personal information we process is processed within the UK or European Economic Area (EEA).  Some of our third-party service providers, for example Web hosting, are based outside the UK or EEA so their processing of your personal information will involve a transfer outside the UK or EEA.

Whenever we transfer your personal information outside of the UK or EEA, we do our best to make sure a similar degree of security of personal information by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal information to countries that have been deemed to provide an adequate level of protection for personal information by the European Commission; or
  • Where we use certain service providers, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission or Information Commissioner’s Office which give personal information the same protection it has in the UK.

15.    If you fail to provide the information requested
If you fail to provide the information requested where we need the personal information for either legal or accounting purposes or to fulfil our contract with you, we may need to cancel your services.

Before cancelling your services, we will notify you that you are required to provide the missing information and give you a further reminder before cancellation.

16.    Sharing your information
Other than in the following circumstances, we do not share your information with organisations outside the ECA Group or with individuals unless we are obliged to by law, for purposes of national security, taxation or criminal investigations:

  • If you have agreed that we may do so
  • If we run an event in partnership with other named organisations, your details may need to be shared. We will be very clear what will happen to your personal information when you register.

And we will never sell your personal information to other organisations.

17.    Lawful Basis
When we process your personal information, we have a lawful basis in place. There are different lawful bases on which we rely.

The legal bases we may rely on include:

  • consent: where you have given us clear consent for us to process your personal information for a specific purpose. An example of this would be an enquiry form which you have completed allowing us to respond to your query.
  • contract: where our use of your personal information is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract. An example of this would be the personal information related to your membership so that we can provide you with membership benefits and advice. 
  • legal obligation: where our use of your personal information is necessary for us to comply with the law (not including contractual obligations). An example of this would be the record of invoices paid because we need to retain that information for seven years for accounting purposes. 
  • vital interests: Where our use of personal information is necessary to protect someone’s life and the individual is incapable of giving consent. An example of this would be someone being unconscious at one of our events and the need to provide information to ensure medical care for the individual. 
  • public task: where our use of your personal information is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law. An example of this would be the initial covid restrictions where we were required to gather information for health purposes and to restrict the spread of the virus. 
  • legitimate interests: where our use of your personal information is necessary for our legitimate interests or the legitimate interests of a third party (unless there is a good reason to protect your personal information which overrides our legitimate interests). An example of this would be sharing your personal information with Regional Committees to provide support and training at a local level to you. 

Wherever we use legitimate interests as a lawful basis, we will have undertaken a Legitimate Interest Assessment to assess the impact on you and to provide an audit trail of the decisions and justification for processing on the basis of legitimate interests.

18.    Retaining your information
We hold your information only as long as necessary for each reason that we use it. For example, invoices are retained for a period of seven years to comply with accounting requirements. We have a retention policy in place and during the retention period we ensure the security and integrity of the information held. If you wish to know more about our retention practices, then please contact us. 

19.    Securing your information
We have put in place security measures to prevent your personal information from being accidentally lost, used, altered, disclosed, or accessed without authorisation. We ensure that only those employees and partners, who need access to your personal information as part of their business role, are given access. They will only process your personal data on our instructions and our contracts ensure that the information is kept confidential.

We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach if we need to.

20.    What are your rights?
You have a number of rights about how the personal information you provide can be used. These are:

  • Transparency over how we use your personal information (right to be informed).
  • The ability to request a copy of the information we hold about you, which will be provided to you within one month (right of access).
  • Update or amend the information we hold about you if it is wrong (right of rectification).
  • Ask us to stop using your information (right to restrict processing).
  • Ask us to remove your personal information from our records (right to be 'forgotten').
  • Object to the processing of your information for marketing purposes (right to object).
  • Obtain and reuse your personal information for your own purposes (right to data portability).
  • Not be subject to a decision when it is based on automated processing (automated decision making and profiling).

If you would like to know more about your rights under data protection law, you can find out more at the Information Commissioner’s Office website, www.ico.org.uk.

If you wish to raise a complaint on how we have handled your personal information, please contact us so that we may investigate the matter. If you are not satisfied with our response or believe we are not processing your personal information in accordance with the law, you can complain to the Information Commissioner’s Office (ICO).

21.    How to contact us
If you wish to talk through anything in our privacy policy, find out more about your rights or obtain a copy of the information we hold about you, please contact us by:

  • emailing dataprotection@eca.co.uk or
  • writing to Data Protection Officer at The Electrical Contractors’ Association Ltd, ECA Court, 24-26 South Park, Sevenoaks, Kent, TN13 1DU or
  • Phoning us on 020 7313 4800.

We will be happy to help. 

22.    Do you need extra help?
If you would like this Privacy Policy in another format (for example: audio, large print, braille) please contact us (see ‘How to contact us’ above).

23.    About Us
ECA is registered with the Information Commissioner’s Office as a Data Controller. Our registration number is Z6608419.

The Electrical Contractors’ Association Ltd is a company registered in England and Wales. Registered company number: 00143669 whose registered office is, ECA Court, 24-26 South Park, Sevenoaks, Kent, TN13 1DU.

Last Updated December 2022.