Privacy Notice

The Scenario pModelling Tool can be used to support decision making and policy drivers in pursuit of emission reduction targets.


Your personal data is data which by itself or with other data available to Ricardo Energy & Environment can be used to identify you. This data protection statement sets out how Ricardo Energy & Environment will use your personal data.

Privacy notice

The Scenario Modelling Tool (SMT - is provided by Ricardo Energy & Environment part of the Ricardo Group. Data is being processed by Ricardo Energy & Environment (the data processor) who are contracted to run the project on behalf of Defra (the data controller). Defra is the data controller for pages starting with - for example, If you follow a link to a service provided by another government department, agency or local authority, that organisation will:

  • Be the data controller
  • Be responsible for processing any data you share with them
  • Publish and manage their own privacy notice with details of how to contact them

Purpose of processing personal Information

Participation in the sign-up element of the SMT is voluntary but should you wish to get involved, some personal information must be provided so that we may process your registration. This information is as follows:

  • Your name
  • Your email address
  • Your organisation or local authority (where applicable)

What data we collect

The additional personal data we collect from you includes:

  • When logging in to the Scenario Modelling Tool (SMT) and your interactions with the tool
  • How you use the SMT notification emails - for example whether you open them and which links you click on
  • Your Internet Protocol (IP) address, and details of which version of web browser you used
  • Information on how you use the site, using cookies and page tagging techniques

We will not identify you through analytics information, and we will not combine analytics information with other data sets in a way that would identify who you are.

We continuously test and monitor our data protection controls to make sure they’re effective and to detect any weaknesses.

Our legal basis for processing your data

The legal basis for processing personal data in relation to site security is our legitimate interests through administration of the tool, and the legitimate interests of our users, in ensuring the security and integrity of the SMT

Legitimate interest

At Ricardo we take your privacy seriously and will only use your personal information to administer your account so that we may enable you access to the secure programme area of the website. It is important for Ricardo to ensure that participants are who they say they are in order to ensure the integrity of the data collected. We will not share your personal information with any third party, and it will not be used for marketing purposes or any other purposes other than that specified for the purposes of this tool. Should you wish to remove your access credentials you may do so by sending a request for the removal of your details to

What we do with your data

The data we collect may be shared with other government departments, agencies and public bodies. We will not:

  • Sell or rent your data to third parties
  • Share your data with third parties for marketing purposes
  • Use your data in analytics

We will share your data if we are required to do so by law - for example, by court order, or to prevent fraud or other crime.

How long we keep your data

We will only retain your personal data for as long as:

  • it is needed for the purposes set out in this document
  • the law requires us to

Children’s privacy protection

Our services are not designed for, or intentionally targeted at, children 13 years of age or younger. We do not intentionally collect or maintain data about anyone under the age of 13.

Where your data is processed and stored

We design, build and run our systems to make sure that your data is as safe as possible at all stages, both while it’s processed and when it’s stored. All personal data is stored in the European Economic Area (EEA). How we protect your data and keep it secure We are committed to doing all that we can to keep your data secure. We have set up systems and processes to prevent unauthorised access or disclosure of your data - for example, we protect your data using varying levels of encryption. We also make sure that any third parties that we deal with keep all personal data they process on our behalf secure. Security We implement security safeguards designed to protect your data, such as HTTPS. We regularly monitor our systems for possible vulnerabilities and attacks. However, we cannot warrant the security of any information that you send us. There is no guarantee that data may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. We are committed to ensuring that your Personal Data is secure. In order to prevent unauthorized access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the Personal Data we collect.

  • All the Personal Data you provide us is stored in a secure computing environment protected by secure firewalls to prevent unauthorized access.
  • We control access so that only people who need to access the system can do so. All staff within Ricardo Energy & Environment are provided security training and are required to adhere to a comprehensive set of security policies, procedures, and standards related to their jobs.
  • We use Secure Sockets Layer (SSL) protocol with 128-bit encryption. This means that all the information sent between your computer and our secure computer environment is encrypted or scrambled so that no one can read it in transit.
  • Your rights

You have the right to request:

  • information about how your personal data is processed
  • a copy of that personal data
  • that anything inaccurate in your personal data is corrected immediately
You can also:
  • raise an objection about how your personal data is processed
  • request that your personal data is erased if there is no longer a justification for it
  • ask that the processing of your personal data is restricted in certain circumstances If you have any of these requests, get in contact with our Privacy Team.
Contact us or make a complaint Contact the Privacy Team if you:
  • have a question about anything in this privacy notice
  • think that your personal data has been misused or mishandled

Privacy Team You can also contact our Data Protection Officer (DPO):

Data Protection Officer
Cabinet Office
70 Whitehall
The DPO provides independent advice and monitoring of our use of personal information. You can also make a complaint to the Information Commissioner, who is an independent regulator.

email :
Telephone: 0303 123 1113
Textphone: 01625 545860
Monday to Friday, 9am to 4:30pm
Find out about call charges

Information Commissioner's Office
Wycliffe House
Water Lane
Cheshire SK9 5AF

Changes to this policy We may change this privacy policy. In that case, the ‘last updated’ date at the bottom of this page will also change. Any changes to this privacy policy will apply to you and your data immediately.