REBA's Privacy Policy

Keeping your data safe

This privacy policy (together with our terms of use and any other documents referred to on it) applies to REBA Group Ltd. We at REBA take your privacy seriously. This policy covers the collection, processing and other use of personal data under the Data Protection Act 1998 (“DPA”) and the General Data Protection Regulations (“GDPR”).

For the purpose of the DPA and GDPR we are the data controller and any enquiries regarding the collection or processing of your data should be addressed to The Director, REBA Group Ltd, 7c Vera Road, London SW6 6RW, United Kingdom.

By using the reba.global website you are accepting and consenting to the practices described in this policy. We are registered with the Information Commissioner’s Office for this purpose. (Registration number CSN2475735)

Visitors to our website
When someone visits www.reba.global we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.

Use of cookies by REBA
You can read more about how we use cookies on our Cookies page.

Users who sign up for Professional Membership incl. REBA’s regular alerts
You will give us personal information by filling in forms on our website or by corresponding with us by phone, e-mail or otherwise. Details collected will include:

  • Your full name, company name, job role, contact details incl. work phone and email address, some profile details incl. your role and responsibilities.

We process personal information using the lawful basis of legitimate interests and for legitimate business purposes, which include some or all of the following:

  • Where processing enables us to enhance, modify, personalise or otherwise improve our services / communications for the benefit of our Members
  • To identify and prevent fraud
  • To enhance the security of our network and information systems
  • To better understand how users interact with our website
  • To inform Members about our products and services via email communications, which we think will be of interest to you
  • To carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us
  • To provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about (unless you opt out of these communications)
  • To notify you about changes to our service
  • To determine the effectiveness of promotional campaigns and advertising

Whenever we process data for these purposes we will ensure that we always keep your Personal Data rights in high regard and take account of these rights. You have the right to object to this processing if you wish, and if you wish to do so please email us at [email protected]. Please bear in mind that if you object this may affect our ability to carry out tasks above for your benefit.

rebaLINK
rebaLINK is REBA’s online networking and due diligence platform. Only approved Professional Members are entitled to access this platform. rebaLINK is exclusively for the use of HR, reward & benefits professionals that do not supply paid-for products or services to the benefits, reward or HR community. It is a vendor-free and recruiter-free environment that is accessed with a password.

All Professional Members are automatically enrolled in this digital platform, as part of the services REBA provides for supporting HR, reward & benefits professionals in their roles.

The information Professional Members provide about themselves, either when completing their Networking Profile, or at the point of Membership application, is behind a password-only access wall. This information is not shared outside of the rebaLINK platform by REBA at any time, but Users may utilise the platform to message fellow Members or potential suppliers. If they do not include their contact details in these messages, then their details will not be shared outside of the platform.

If a Member wishes to stop receiving notifications from the rebaLINK platform about posts that match their profile details, then they can opt-out of them via their Networking Profile / My Account page. Or they can email us at [email protected].

All communications via the rebaLINK platform use SSL encryption.

Users who sign up for a reba.global web account (web users)

Web users will receive REBA’s regular information alerts and can opted out from those emails either by logging in to their account, or by unsubscribing at the foot of the email.

When registering we collect your personal information as outlined under the above heading “Users who sign up for Professional Membership”.

Whenever we process data for these purposes we will ensure that we always keep your Personal Data rights in high regard and take account of these rights. You have the right to object to this processing if you wish, and if you wish to do so please click here. Please bear in mind that if you object this may affect our ability to carry out tasks above for your benefit.

People who are prospective Professional Members
As an organisation we target HR, benefits and reward professionals in order to grow our community. We have sourced their business contact details through official GDPR-compliant list broking companies such as Electric Marketing, Alert UK and Honch Data Limited. These individuals have consented to 3rd party communications through list research that these list broking companies have carried out. We subscribe to updates of the records to ensure any gone-aways are removed regularly. All contacts can unsubscribe from any of the email communications we send to them. 

Email information alerts
We use third party provider, ReadyMembership, to send our regular email campaigns including Member Information alerts, marketing emails to prospective Members and transactional emails generated by the website. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our emails.

People who register for REBA events and webinars
We use market-leading 3rd-party providers including FieldDrive, GoToWebinar and ReadyMembership for secure registration and ticketing for REBA's events and webinars. When collecting registrations we gather contact details and some profiling information relevant to the particular event, in order to tailor the event content for the needs of the delegates. At the point of registration we ask delegates to confirm their eligibility for the event, for their agreement to the event terms and conditions and for their communication preferences after the event.

Links to these providers' own privacy policies are available at the point of registration and on their own websites.

If delegates agree to the sharing of their details with the event/webinar sponsors after an event, then we advise them that they need to refer to the privacy policies of each of the event sponsors. The details of the event sponsors are found on the relevant REBA event page.

People who respond to our research surveys
REBA conducts in-depth research into both technical and high-level issues, in order to provide essential business information for our Members and the wider HR, benefits and reward community.
We invite our Members and other senior HR, benefits and reward practitioners to participate in these surveys. If they respond we ask for their contact details and their responses to the detailed survey. At the point of response, we ask the respondents if they are happy for us to follow up with them by email to find out more about their survey input.

All data gathered for surveys is processed in order to establish the findings of the survey, and is then published in a report. We do not attribute responses to individual companies unless agreed with each individual contributor on a case by case basis. This will be made very clear to respondents ahead of the report being published. Unless respondents are told otherwise, the data we publish is only used in the aggregate.

As a thank you for completing the survey we send the final published report to the respondents. We keep their contact details for this purpose. Respondents can opt-out of REBA’s information alerts at any time.

We use Survey Monkey to conduct our research surveys. Survey Monkey is certified under and complies with the EU-US Privacy Shield Program and its principles as set forth by the US Department of Commerce and the European Commission regarding the collection, use, and retention of personal data from EU member states. Please refer to their Privacy Policy here.

Keeping your details up-to-date
As a registered reba.global user or a REBA member (Professional or Associate) you may review, correct, update or change your personal information at any time by logging in to your personal Update My Details page. Alternatively, you can contact us at [email protected]. If we learn that you have changed role or moved company, REBA will attempt to find your new work details and update your account so that your access can be continued.

Search engine
Our website search is powered by Pixl8. Search queries and results are logged anonymously to help us improve our website and search functionality. No user-specific data is collected by REBA or any third party.

People who contact us via social media
We use a third-party provider, Hootsuite to manage our social media interactions on X (formerly Twitter). If you send us a private or direct messages via social media the message will be stored by Hootsuite for three months. It will not be shared with any other organisations.

People who email us
We use Google's GMail as our email client, which encrypts and protects email traffic for us. If your email service does not support encryption, you should be aware that any emails we send or receive may not be protected in transit.

We also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.

People who contact us via the Contact Us form
Where enquiries are submitted to us we will use the information supplied to us to deal with the enquiry and any subsequent issues and to check on the level of service we provide. We use SSL encryption to submit the forms. SSL (https) encrypts all data sent from the browser to the server.

Disclosure of your information

We may share your information with selected third parties including:

  • Business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you. (We would only provide your contact information to a business partner or supplier if you have specifically requested information: for example via a sponsor's tick box at the bottom of a webinar booking form to request a related report.)
  • We do not disclose information about identifiable individuals to our advertisers, but we may provide them with aggregate information about our users (for example, we may inform them that 500 users have clicked on their advertisement on any given day). We may also use such aggregate information to help advertisers reach the kind of audience they want to target. We may make use of the personal data we have collected from you to enable us to comply with our advertisers' wishes by displaying their advertisement to that target audience.
  • Analytics and search engine providers that assist us in the improvement and optimisation of our site.

We may disclose your personal information to third parties:

  • In the event that we sell or buy any business or assets, we may disclose your personal data to the prospective seller or buyer of such business or assets.
  • If REBA Group Ltd or substantially all of its assets are acquired by a third party, personal data held by it about its customers will be one of the transferred assets.
  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use or terms and conditions of supply and other agreements; or to protect the rights, property, or safety of REBA Group Ltd, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

Where we store your personal data
The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. We shall take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

The security of your Personal Information is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Your rights
You have the right to ask us not to process your personal data for marketing purposes. We will inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by indicating such at the time that you sign up to our website. You can also exercise the right at any time by contacting us at The Director, REBA Group Ltd, 7c Vera Road, London SW6 6RW, United Kingdom.

Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

Retention Policy
Our data retention policy is as follows:

  • Professional Members: we will retain the personal data, submitted to us via our online Membership form, for as long as the individual wishes to be a Member. If there is a period of over 3 years during which we don’t receive interaction (email opens, digital platform activity, event attendance) from individual Members, then we will not retain the data longer than this period. If a Member opts out of email information alerts, they will continue to be a Member unless they contact us specifically to request otherwise.
  • Associate Members: our customers provide us with their data so we can fulfil a business contract with them. We will retain this data for up to 5 years in order to have a historical record of activity with these customers.
  • Event delegates: we will retain the personal data, submitted to us via our online booking form, for up to 3 years. Event delegates often choose to return to events they’ve previously attended, so in order to inform past delegates and registrants about future relevant events we will retain their data. If we do not receive interaction (email opens, bookings or event attendance) from event contacts for over 3 years, then we will delete their data after this period.
  • Research respondents: those who respond to any of our research surveys are contributing to in-depth insight reports. We store findings of the data submitted for up to 10 years for trend recording, but we only hold contact data for up to 3 years in order to be able to contact respondents with regards to future research projects and reports. If we do not receive any further input from these respondents, and they are not engaged in other areas of communication with us after 3 years, such as participating in REBA events, joining as a Member or reacting to emails, then we will not retain their data after this period.

Customer relationship management: centralised data storage
We securely store the personal data of our Professional Members, Associate Members, prospective members and prospective event sponsors, in a CRM platform called HubSpot which is integrated with REBA's web platform on ReadyMembership. This gives us the opportunity to profile individuals so that we are able to tailor our products, services and communications effectively for our audience. Records are stored as per the above outlined retention periods. HubSpot’s privacy policy is here.

Access to information
Under the General Data Protection Regulations (“GDPR”) you have the right to access information held about you, and you have the right to be forgotten by REBA Group Ltd. Contact us at [email protected] for more information or to make a request.

Changes to our privacy policy
If our Privacy Policy changes in any way, we will place an updated version on this page, and, where appropriate, notified to you by e-mail. Regularly reviewing this page ensures that you are always aware of what personal information we collect, how we use it and under what circumstances, if any, we will share it with other parties.

Contact
Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to The Director, REBA Group Ltd, 7c Vera Road, London SW6 6RW, United Kingdom

Last updated: March 2023