Legal & Privacy

Last updated: May 2026 – Version 1.0

Scope: This Privacy Notice applies to the REN21 main website at www.ren21.net and all sub-pages hosted under that domain. It covers the full range of REN21’s digital services and activities accessible through the main website, including publications and data tools, event registration, newsletters, membership services, and general enquiries. It does not apply to the RBE Hub (rbehub.ren21.net), which is governed by a separate Privacy Notice available on that platform. It does not apply to third-party websites or services linked from our website.

This Privacy Note is based on a Sample Data Privacy Policy Statement as provided by the Law Offices of Weiß & Partner.

The entity responsible for determining the purposes and means of processing personal data through this website is: 

Renewable Energy Policy Network for the 21st Century e.V. 

Operating through its Secretariat at:

158 ter rue du Temple, 75003 Paris, France

Email: secretariat@ren21.net

Website: www.ren21.net 

REN21 is registered as a non-profit association (eingetragener Verein, e.V.) in Germany. All data processing activities are conducted through its operational Secretariat in Paris, France, which constitutes the relevant GDPR establishment for the purposes of this Notice. The competent lead supervisory authority is therefore the CNIL (France). 

REN21 does not have a formal Data Protection Officer (DPO) but has designated a Data Protection Lead within the Secretariat as the primary contact for all privacy matters. REN21 processes personal data in compliance with the EU General Data Protection Regulation (GDPR) and applicable French data protection law. 

REN21 is the global multi-stakeholder network dedicated to advancing the transition to renewable energy. With approximately 130 institutional members and a community of over 4,000 experts and practitioners worldwide, REN21 produces knowledge products, convenes dialogue, and supports collective advocacy to place renewables at the heart of global policy and economic decision-making. 

The REN21 website (www.ren21.net) serves as the primary digital presence of the organisation, providing access to: 

• Knowledge products: the Global Status Report, Renewables Futures Report, thematic briefs, policy briefs and data visualisations. 

• The REN21 Policy Database and interactive data tools, including the REN21 Chatbot. 

• Information about REN21 events: RENdez-vous Dialogue Series, Change Academy, Change Labs, and international conferences. 

• Membership information and member services. 

• News, press releases, media resources, and social media content. 

• Job and consultancy opportunities. 

• General information about REN21’s mission, governance and programmes. 

Separate platform: The RBE Hub (rbehub.ren21.net) is a distinct platform operated by REN21 and is governed by its own Privacy Notice. If you are using the RBE Hub, please refer to that notice. 

The personal data we collect depends on how you interact with the REN21 website. We collect data in the following categories: 

3.1  Data You Provide Directly 

• Contact and identity data: 

• Name, job title, organisation, email address, country, phone number. 

• Provided when you contact REN21, subscribe to communications, register for events, or apply for membership. 

• Publication and resource access data: 

• • Name and email address where requested in exchange for access to publications, reports or data tools. 

• Event registration data: 

• • Name, job title, organisation, email address, country, dietary or accessibility requirements (where collected for in-person events). 

• • Note: dietary and accessibility data may constitute sensitive data; it is used solely for event logistics and is not retained beyond the event. 

• Peer review and expert contribution data: 

• • Name, affiliation, area of expertise, and content of contributions to REN21 knowledge processes, consultations or peer reviews. 

• Enquiry and correspondence data: 

• • The content of messages sent via contact forms, including press enquiries, partnership enquiries, and general correspondence. 

• Recruitment and application data: 

• • CV, cover letter, professional background, and contact details submitted in response to job or consultancy opportunities. See Section 11. 

• Chatbot interaction data: 

• • Queries submitted to the REN21 Chatbot or AI-powered data tools. See Section 8. 

3.2  Data Collected Automatically 

• Website usage and analytics data: 

• • Pages visited, session duration, navigation paths, device type, browser type, referral source, geographic region (country level). 

• • Collected via analytics tools subject to your cookie preferences. 

• Technical and security data: 

• • IP addresses, server access logs, HTTP request metadata. 

• • Collected automatically for security purposes. Retained for maximum 90 days. 

3.3  Data From Third-Party Sources 

• Social media interactions: 

• • If you interact with REN21’s social media content (LinkedIn, Instagram, YouTube, Bluesky) embedded on or linked from this website, those platforms may collect data according to their own privacy policies. REN21 does not receive your personal data from embedded social media widgets unless you explicitly submit a form or message. 

REN21 does not collect or intentionally process sensitive personal data through this website, with the limited exception of dietary and accessibility data for in-person events (used solely for logistics). REN21 does not sell personal data. 

Under GDPR Article 6, REN21 relies on the following legal bases for its data processing activities: 

Legitimate interests: Where REN21 relies on legitimate interests, a Legitimate Interests Assessment (LIA) has been conducted and is maintained internally. It covers web analytics, email engagement analytics, stakeholder CRM, security logging, and responses to enquiries. The LIA is available to data subjects upon request: secretariat@ren21.net. 

The REN21 website uses cookies. Cookies are small text files stored on your device when you visit a website. We use two categories: 

5.1  Strictly Necessary Cookies 

These cookies are essential for the website to function. They are activated automatically and do not require consent. They include: 

• Session and security cookies set by the WordPress CMS and server infrastructure (OVH). 

• Load-balancing and content delivery cookies (set by our hosting infrastructure). 

• Cookie consent preference storage (to remember the choices you make on the consent banner). 

5.2  Analytics and Performance Cookies (Consent Required) 

These cookies are not essential. They are only activated after you give consent via the cookie banner on your first visit. They help us understand how visitors use the website and improve its content and structure. 

• We use Google Analytics (with IP anonymisation enabled). 

• Usage data is aggregated; no individual user profiles are built. 

• You may accept, decline or change your cookie preferences at any time via the cookie banner or settings. 

• You may also use the Google Analytics opt-out browser add-on: tools.google.com/dlpage/gaoptout. 

5.3  Third-Party and Embedded Content Cookies 

Some pages of the REN21 website include embedded content from third-party platforms (for example, YouTube videos, social media posts). When you interact with such content, those third-party platforms may set their own cookies on your device. REN21 does not control these cookies. Please refer to the relevant platform’s privacy policy: 

• YouTube (Google LLC): policies.google.com/privacy 

• LinkedIn: linkedin.com/legal/privacy-policy 

• Instagram (Meta): privacycenter.instagram.com 

• Bluesky: bsky.social/about/support/privacy-policy 

Embedded third-party content is loaded only where technically necessary or where you have consented to the relevant cookies. Where possible, privacy-enhanced embed modes (e.g. YouTube Privacy-Enhanced Mode) are used. 

The REN21 website provides access to a wide range of knowledge resources, including the Global Status Report, the Renewables Futures Report, thematic briefs, the REN21 Policy Database, and data visualisation tools. 

• Open access resources: Most publications are available without registration. No personal data is collected for accessing these resources. 

• Gated resources: Some resources may require submission of a name and email address. Where this applies, the legal basis is consent. Submitted contact details may be used to send relevant communications, subject to your preferences. You may opt out at the point of submission. 

• Policy Database: The REN21 Policy Database is accessible without registration. Usage is subject to analytics cookies in accordance with your preferences. 
• Dynamic data visualisations: Embedded data tools may generate analytics data in accordance with your cookie preferences. No personal data from visualisation interactions is stored at individual level. 

REN21 organises a range of events including the RENdez-vous Dialogue Series, Change Academy, Change Labs, Hard Talks, and its Annual Members Gathering. Where events are open to external registration: 

• Registration data (name, job title, organisation, email, country) is collected for the purpose of managing attendance and communications related to the event. 

• In-person events may additionally collect dietary preferences or accessibility requirements. This data is used solely for logistics and is deleted within 30 days of the event. 

• Registrant contact details may be used to send event-related communications (joining instructions, materials, follow-up surveys). They are not used for general marketing without separate consent. 

• Event attendance records may be retained in the CRM to maintain a record of professional engagement with REN21. 

• Some REN21 events may be recorded. Where this is the case, participants will be informed in advance and their consent sought where legally required. 

Third-party event platforms: If you register for an event through a third-party platform (e.g. Zoom, Eventbrite), that platform’s privacy policy also applies. REN21 selects event platforms that maintain adequate data protection standards and enters DPAs where required. 

The REN21 website includes an AI-powered chatbot and dynamic data tools designed to help users navigate REN21’s knowledge base and renewable energy data. 

• Queries submitted to the chatbot are processed to generate responses. Queries are not linked to personally identifiable information unless you choose to provide it. 

• Session data from chatbot interactions is not retained beyond the session unless you explicitly provide contact information or subscribe to follow-up communications. 

• REN21 does not use chatbot interactions to profile users or to make automated decisions with legal or significant effects. 

• Chatbot interactions may be reviewed in anonymised form by REN21 staff to improve the quality of the tool. 

Note: If you include personal information in a chatbot query (e.g. your name, email or affiliation), please be aware this may be processed as part of your session. We recommend not including sensitive personal information in queries. 

REN21 works with trusted third-party providers who process personal data on its behalf. All processors are bound by Data Processing Agreements (DPAs) under GDPR Article 28.

Personal data is never sold, rented or traded. It may be disclosed where required by applicable law or to protect REN21’s legal rights. 

The REN21 website is hosted on a dedicated server managed by OVH SAS (Roubaix, France) and maintained by Orentis Services SARL (Paris, France). Both providers are EU-based; no international data transfer occurs in connection with website hosting or CMS management. 

Several of REN21’s service providers operate outside the European Economic Area, including in the United States. All international transfers of personal data are governed by appropriate GDPR Chapter V safeguards: 

• Standard Contractual Clauses (SCCs) approved by the European Commission are in place with Google, Microsoft, and other US-based processors. 

• IP anonymisation is applied before any analytics data leaves the EEA where technically possible. 

• Data minimisation measures limit the volume of personal data transferred to processors. 

You may request details of the specific safeguards applicable to any international transfer by contacting secretariat@ren21.net. 

REN21 publishes job vacancies, internship opportunities and consultancy tenders on its website. When you apply: 

• Your application data (CV, cover letter, professional background, contact details) is processed for the purpose of evaluating your application. The legal basis is pre-contractual necessity (GDPR Article 6(1)(b)). 

• Application data is shared only with members of the Secretariat involved in the recruitment process. It is not shared with third parties. 

• If your application is unsuccessful, your data will be deleted within 6 months of the close of the recruitment process, unless you expressly consent to retention for future opportunities. 

• If your application is successful, relevant data is transferred to your personnel file and processed under the terms of your employment contract. 

Third-party platforms: Applications submitted through third-party job platforms (e.g. LinkedIn) are subject to those platforms’ privacy policies in addition to this Notice. 

REN21 maintains active presences on LinkedIn, Instagram, YouTube, and Bluesky. This Privacy Notice does not govern the processing of personal data on those platforms, which are governed by the respective platform’s privacy policy. 

• When REN21 shares content on social media, it does not receive personal data about users who interact with that content unless they send a direct message or submit a form. 

• Embedded social media content on the REN21 website may allow those platforms to set cookies. This is managed through the cookie consent banner (see Section 5.3). 

• REN21 uses social media analytics (e.g. LinkedIn Page Analytics, YouTube Analytics) to understand the reach of its content. These analytics are aggregate and anonymised and are not linked to data held on the REN21 website. 

Personal data is retained only for as long as necessary for the purposes for which it was collected. Specific retention periods are as follows: 

When data is no longer required, it is securely deleted or irreversibly anonymised. REN21 conducts an annual data review each January to ensure retention periods are observed. 

Under the GDPR, you have the following rights regarding your personal data:

Response timeframe. REN21 will acknowledge all rights requests within 72 hours and provide a substantive response within one calendar month. In complex cases this may be extended by a further two months; you will be notified within the first month if an extension is required (GDPR Article 12(3)). 

Competent Supervisory Authority 

Commission Nationale de l’Informatique et des Libertés (CNIL) 

3 place de Fontenoy — TSA 80715 — 75334 Paris Cedex 07, France 

Website: www.cnil.fr 

Telephone: +33 1 53 73 22 22 

Note: You also have the right to lodge a complaint with the supervisory authority in the EU member state of your habitual residence or place of work. 

REN21 does not engage in automated decision-making or profiling within the meaning of GDPR Article 22. No decisions with legal or similarly significant effects are made about individuals based solely on automated processing of their personal data. 

AI-powered tools on the REN21 website (the Chatbot, data visualisations) are informational tools that generate responses to queries. They do not make decisions about users, assess their eligibility for any service, or produce outputs that affect their legal or professional status. 

REN21 implements appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration or disclosure, including: 

• Encrypted transmission via TLS/HTTPS across all website pages. 

• Role-based access controls limiting data access to authorised Secretariat staff. 

• Data Processing Agreements with all third-party processors. 

• Security log monitoring and documented incident response procedures. 

• Annual review of data protection measures and processor relationships. 

In the event of a personal data breach likely to result in a risk to individuals, REN21 will notify the CNIL within 72 hours of becoming aware, and will notify affected individuals directly where the risk is high (GDPR Articles 33–34). 

The REN21 website and its services are directed at professionals and institutions in the renewable energy, policy, and development sectors. They are not intended for use by children under 16 years of age. REN21 does not knowingly collect personal data from children. If you believe a child has submitted personal data to REN21, please contact secretariat@ren21.net and the data will be deleted promptly. 

This Privacy Notice may be updated periodically to reflect changes in legal requirements, digital services, or data processing practices. The current version, with its date, is always available at www.ren21.net/privacy. Where changes are material, subscribed users will be notified by email. 

For any questions, requests or concerns about this Privacy Notice or the processing of your personal data, please contact: 

REN21 Data Protection Lead 

Renewable Energy Policy Network for the 21st Century e.V. 

158 ter rue du Temple, 75003 Paris, France 

Email: secretariat@ren21.net