Scroll Top

Privacy Policy


Thank you for visiting the REFINE website.

This privacy policy is part of the REFINE website and solely concerns processing of personal data with the REFINE project due to the operation of the website. This covers personal data that you provide us with through the website, and the personal data that you see on our website.

We are committed to processing personal data responsibly, securely, and proportionally throughout our activities in compliance with the General Data Protection Regulation (GDPR) 2016/679.

Who we are

The REFINE project is a Horizon 2020 funded Research and Innovation Action.

The goal of the REFINE project is to contribute to the supply of sufficient and attractive financing sources to energy efficiency investments. Central to the development of a strong energy efficiency service market is ensuring the availability of financing sources for EES projects.

REFINE’s core objectives are:

  • Enhancing the refinanceability of EES projects
  • Amplifying the use of refinancing schemes in EES business practice

The REFINE consortium is made up of 11 partner organisations from across Europe with expertise in the areas of refinancing and energy efficiency projects. The project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement no. 894603.

For the purposes of this website, the data controller is Carr Communications, registered in Dublin, Ireland, under registered number 42175, with a registered office at 24 Fitzwilliam Place, Dublin 2, D02 T296. You can contact the data controller by e-mailing


Personal data processed through the website

Should you contact us through the website, we are going to collect your contact details and the message you provided us with. We are not going to collect metadata that you did not expressly provide us with.

The content we upload or otherwise make available through the website might contain personal data, such as the names of our researchers and their work.


Legal bases of processing

For the personal data received through the contact form, we hold the following lawful bases for processing personal data:

  • Consent (Art.6.1.a of the GDPR) – When you consent directly to the processing of your personal data, for example, when you subscribe to our newsletter. If you provide us with sensitive personal data, falling within Art. 9 of the GDPR (such as dietary requirements for an event), we will process it under Art. 9.2.a of the GDPR.
  • Legitimate interests (Art.6.1.f) – We process personal data when it is necessary for us to achieve the following legitimate interests:
    • Enhancing our research delivery, by providing information about REFINE to the individuals we deem as likely to be interested in our project. This may include:
      • Sending invitations and providing access to guests attending our events and webinars
      • Monitoring the activity on this project website.
    • Should the recipient of the information communicate to us that they are not interested in further communications from us, we will cease processing their personal data.

For the personal data we communicate through the website, the following lawful bases of our processing are held:

  • Consent (Art.6.1.a of the GDPR) – When we have received consent to publish personal data – e.g., a blog post from one of our researchers.
  • Legal obligations (Art.6.1.c of the GDPR) – We may process personal data in order to meet a legal obligation, e.g., promoting project results to multiple audiences, including the media and the public.
  • Legitimate interests (Art.6.1.f) – We process personal data when it is necessary for us to achieve the following legitimate interests (as long as they are not overridden by the data subject’s interests):
    • Enhancing our research delivery, by providing information about REFINE’s activities on the website
    • Undertaking dissemination activities.

How we secure your personal data when we process it

We have put technical and organisational security policies and procedures in place to protect personal data (including sensitive personal data) from loss, misuse, alteration or destruction. Wherever possible, we ensure that access to your personal data is password-protected. We encrypt EU-classified data and such data are restricted only to a limited number of individuals who need to access it. Those individuals who have access to the data are required to maintain the confidentiality of such information. We install and regularly update all security and anti-virus software in use on all of our systems. Nevertheless, the security of data transmitted over the Internet cannot be completely guaranteed. In addition, the consortium will be conducting a data protection impact assessment (in line with Art. 35 of the GDPR) over the duration of the project, wherein the consortium will identify and assess any ethical or data protection risks and find solutions to overcome any such risks.

Please be aware that transmissions over the Internet are never completely private or secure.