Privacy Policy

CMCS Privacy Policy

Version 1

This document sets out full information about data the Compostable Materials Certification Scheme (CMCS) holds about individuals. If you would like to know about data CMCS may be holding about you, please read this document.

  1. Who we are and how to contact us

The CMCS is a certification scheme for compostable materials placed on the UK market.

For producers, we provide services for the assessment and labelling of compostable materials. For consumers, we provide assurance and confidence in the biodegradability of certified materials. We also provide a platform to check the status of certified materials and identify appropriate treatment options. You can find full details about the CMCS at

The CMCS is administered by Renewable Energy Assurance Limited, a wholly owned subsidiary of the Association for Renewable Energy and Clean Technology. Our address is: Brettenham House, 2-19 Lancaster Place, London WC2E 7EN. Our telephone number is: 020 7981 0850. The company number is: 05720606.

CMCS’s Data Privacy Contact is Georgia Phetmanh. You can contact us at Please note that all data about individuals captured will be used and held in accordance with the requirements of the General Data Protection Regulation and the Data Protection Act 2018.

  1. The data we hold about individuals and the purposes for which we hold it

In certain circumstances we hold data about individuals during the course of carrying out our role as Scheme administrator. We hold this data to assist us with managing applications.

All the data about individuals we hold, such as your name, telephone number and email address, has been provided to us by you by email, telephone, or post, for application to the scheme. We also hold data on individuals submitted during enquiries we receive from organisations or individuals interested in joining CMCS or learning more about CMCS (held on file and on our central server).

This information is recorded on a database; the CMCS database is only accessed by employees of REAL. The Certification Body also updates their own database with data related to your certified product and your contact details.

We occasionally issue session cookies when strictly necessary for the operation of the website. You can find out more about what cookies are, how to control them and delete them here: You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website. (Third party services such as Google Maps, Twitter and Facebook may also issue cookies.)

We use Google Analytics, which will issue cookies to help track how visitors use our website, this helps us monitor which pages you find useful and which you do not and help us provide a better website. These do not hold any personal information. Further information on Google Analytics and Privacy can be found here:

The CMCS website may contain links to other websites of interest. Once you have used these links to leave our site, you should note that we do not have any control over the other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

  1. The purpose for which we hold data about individuals and circumstances in which we share data

All the data we hold about individuals has been provided to us by you. We hold this data in order to deliver the services you have requested from us in one of the ways set out in section (2) above. We do not use your data for any purpose other than that for which you have provided it to us. If you have provided your individual data to us for any purpose, please be assured that we do not process your data in any way and nor do we publish your data in any format under any circumstances. We will never use the data you have provided us with for marketing purposes, nor will we pass it to any third parties for marketing purposes.

We share personal data with the Certification Body with the application documents, which are provided for the purpose of carrying out the certification assessment.

  1. The lawful bases for processing data about individuals

We are permitted to process your data only in certain, very specific circumstances set out in Article 6 of the GDPR. At least one of these must apply whenever we process personal data:

  • Consent: you have given clear consent for us to process your personal data for a specific purpose.
  • Contract: the processing is necessary for carrying out a contract we have with you, or because you have asked us to take specific steps before entering into a contract.
  • Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations).
  • Vital interests: the processing is necessary to protect someone’s life.
  • Public task: the processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.
  • Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect your personal data which overrides those legitimate interests.
  1. The rights of individuals about whom we hold data

As an individual about whom we hold data (data subject) you have the right to ask us:

  • whether we are holding any data about you and if so what data we are holding
  • for a copy of any data we are holding about you
  • to rectify any incorrect data we are holding about you
  • to delete the data we are holding about you if you no longer want us to hold it
  • not to use your data other than for the purpose you provided it to us for
  • to change the details of any consent you may have given at any time in writing for us to share your data with a specified third party.

To ask us any of these things you should send an email to We will respond to your email within 14 days of receiving it.

Finally, you have the right to complain to the Information Commissioner’s Office should you have reason to consider that CMCS has breached the policy set out in this statement or the regulations which underpin it in any way, here:

  1. The circumstances in which we share and transfer the data we hold about individuals

We will not under any circumstances transfer your data outside the European Economic Area (EEA) or an expressly permitted country. These are: Andorra, Argentina, Canada (only commercial organisations), Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay and USA (if the receiver belongs to the Privacy Shield). Given that, holding data about individuals on the internet, which is a global environment, means that it may be processed outside the EEA. If this were to be the case, the data will always be held securely and in line with the requirements of UK data protection legislation.

  1. The basis on which we hold and protect data about individuals

We will delete any data we hold about individuals after ten years unless you request us in writing within that time to continue to hold your data.

The CMCS website and the CMCS database are all protected and have a high level of security. We are committed to ensuring that your data is secure. To prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

  1. How individuals will know if we decide to change this Privacy Policy

Should we decide to change this Privacy Policy statement in any way we will put a notice on our website to inform you of the changes and what their significance could be for you. We will also make this information available in any emails we send out to individuals who could be affected.

The date on which this Privacy Policy statement was adopted is 29 April 2020. There is also a Version Control number at the start of the document so that you can easily trace any amendments which have been made to it and when.

  1. The Information Commissioner’s Office

You can contact the Information Commissioner’s Office using the following details:

Information Commissioner's Office,

Wycliffe House, Water Lane Wilmslow

Cheshire SK9 5AF

Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number Further contact details are available on the website: