Privacy Policy | Home+ Energy

Overview

This Data Protection Statement applies to Home+ Energy (Home plus energy). For queries related to this statement, please contact info@homeplusenergy.co.uk

References to “We“, “Us“, the “Company“, “Home+ Energy“, and “Home Plus Energy” shall apply to the Company that is processing your Personal Data.

We provide compliance services for the construction industry. To learn more about Home+ energy and the services offered, please visit www.homeplusenergy.co.uk

Rights

Every individual has a right to understand how their data (definition below) is being used and to exercise control over it using data protection rights that are set out in the General Data Protection Regulation (“GDPR”). This Data Protection Statement seeks to ensure that you know:

What Personal Data we collect from you
What we are doing with your Data
That we will only use your Data for the purposes set out in this Data Protection Statement, your rights, and how you can exercise control over your Data

We make the following commitments. We will:

Not send you marketing emails if you do not want to receive them
Always ensure that we only share your Personal Data with third parties where necessary and with appropriate safeguards in place
Ensure appropriate technical and organisational measures are in place to protect your Data and keep it secure

You can access our full Data Protection Statement below. In it, we provide further information about what Personal Data we collect, what we use it for, why we collect it, what our legal basis is, who we share it with and how long we retain it. We also provide detailed information about your rights to your Data. If you have further questions, please contact us using the contact details above.

You have the right to complain to a supervisory authority, particularly in the country where you reside, place of work or place of the alleged infringement, if you consider that the processing of Personal Data infringes the GDPR.

Contact details for the relevant Supervisory Authorities are set out below for your information:

The contact details for the Information Commissioners Office (ICO) in the UK are:

Contact Information: https://ico.org.uk/global/contact-us/
Live Chat: ico.org.uk/livechat
Helpline: 0303 123 1113

We will post any changes on the Website. In some cases, we may provide you with additional notice of changes to this Data Protection Statement via email. We will always provide you with any notice before the changes take effect where we consider the changes to be material.

Personal Data

When we refer to “Personal Data” in this Data Protection Statement, we mean any information relating to an identified or identifiable natural person (‘Data Subject’); an identifiable natural person can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

The Purpose of this Data Protection Statement

This Data Protection Statement describes our approach to data protection. It sets out the basis on which any Personal Data we collect from you or that you provide will be used by us where we are controllers of that Personal Data for the GDPR. Please read this Data Protection Statement carefully to understand our views and practices regarding the Personal Data we collect and how we will treat it.

Who Does this Data Protection Statement Apply to?

This Data Protection Statement provides specific information relating to the following individuals whose Personal Data we process:

Business Contacts

This includes customers, suppliers, partners, and other business contacts of Home+ Energy.

General Contacts

This includes all other individuals whose Personal Data we process that are not covered in the other sections above, including website users.

Categories of Personal Data

Please select the relevant tab below to you, where you can view the categories of Personal Data processed. For each category, we have included an example of the type of Personal Data that may be part of that category:

Business Contacts

Contact data: may include a person’s name, email address, phone number, postal address, and other communication details (e.g. Microsoft Teams)

Communications data: may include personal data in email, phone, or letter communications with us.

Marketing data: may include your contact data, any preferences in receiving marketing from us, and your communication preferences.

Financial data: may include payment details

General Contacts

Contact data: may include a person’s email address, phone number, postal address, and other communication details (e.g. Microsoft Teams)

Identification data: may include a person’s name, date of birth

Communications data: may include personal data in email, phone, or letter communications with us

Marketing data: may include your contact data, any preferences in receiving marketing from us, and your communication preferences.

Web data: may include information provided on any forms on our Website and, to the extent that it includes Personal Data, information on the type of device you’re using, its IP address, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use.

Cookie preferences: Information to enable personalisation of services, analytics gathering and your marketing preferences

Our Legal Basis for Processing Personal Data

We process all personal data lawfully and follow the requirements of the law. The GDPR sets out the legal grounds for processing Personal Data. When the Company processes Personal Data, it is generally on one of the following legal bases:

Contract

We will process Personal Data where necessary to perform our obligations relating to or following any contract that we may have with you or to take steps at your request before entering that contract (e.g. our Terms of Service).

Consent

For certain processing activities, we may rely on your consent. Where we cannot collect consent for a processing activity, we will only process the Personal Data if we have another lawful basis for doing so. You can withdraw the consent provided by you at any time by contacting us at [ADD EMAIL ADDRESS]

Legitimate Interest

At times, we will need to process your data to pursue our legitimate business interests, for example, for administrative purposes, to collect debts owed to us, to provide information to you, and to expand our business opportunities. We may contact you regarding market research, complete customer surveys, operate, evaluate, maintain, develop and improve our websites and services, maintain their security, and protect intellectual property rights. We will not process your Data on a legitimate interest basis where the impact of the processing on your interests or fundamental rights and freedoms outweighs our legitimate interests. You may object to any processing we undertake on this basis. If you do not want us to process your Personal Data based on our legitimate interests, contact us at [ADD EMAIL ADDRESS] and we will review our processing activities.

Legal Obligation

If we have a legal obligation to process Personal Data, such as the payment of taxes, we will process Personal Data on this legal ground.

Our Processing Activities

We use your Personal Data to provide you with our services and assist us in our Company’s operation. Under data protection law, we must ensure that the purpose of processing is clear.

We have set out below the general purpose of processing, the categories of Personal Data processed and the related lawful basis for processing. For further details on our processing activities linked to you, please select the relevant link below:

Purpose of Processing

Categories of Personal Data

Lawful Basis

Administration of our relationship including

to manage/respond to a complaint/appeal

to keep you informed about Home+ Energy

to notify you of updates to this Data Protection Statement.

Contact Data

Correspondence Data

Identification Data

Legitimate Interests

Legal Obligation

Contract

To meet our regulatory obligations

Identification Data

Correspondence Data

Legal Obligation

Managing payments and administration of the contract

to process payments to and from Home+ Energy

to fulfil our legal/contractual obligations

to manage/respond to complaints/issues

Contact Data

Communication Data

Financial Data

Contract

Legitimate Interest

Legal Requirement

Marketing activities

to personalise marketing communications

to respond to any requests from you

to send newsletters and other information that is of Interest

to ask for opinions about products or services.

for marketing and general administration

Marketing Data

Contact Data

Web Data

Correspondence Data

Consent

Legitimate Interest

Marketing Contacts

Home+ Energy will only send you marketing communications where we have a lawful basis of either consent or legitimate Interests:

Consent means that you have provided consent for us to process your data and contact you, e.g., tick a box or submit a form.

Legitimate Interest – this means we have a legitimate business interest in processing your data, except where such interests are overridden by your interests or fundamental rights and freedoms requiring personal data protection. We do not use Legitimate Interests on a default basis and only if appropriate to the circumstances after considering the purpose of processing.

Should you wish to subscribe to our services, we may add your details to our mail list to send you information about Home+ Energy products, services or events that may be relevant. We request that all our Business Contacts only provide us with a Business Contact email address.

You will see a tick box or consent button to confirm consent is provided. You have a right to withdraw consent provided by you at any time. Please get in touch with us at [ADD EMAIL ADDRESS] to withdraw consent.

Business Contacts

The table below sets out the purpose for which we collect your Personal Data, our lawful basis for doing so, and the Personal Data we collect.

In limited circumstances, we may need to use your Personal Data for purposes other than those stated when we collected the Personal Data. Should this happen, we will notify you of this new purpose.

Purpose/Activity

Type of data

Lawful basis

Managing payments and administration of the contract

to process payments to and from our business
to fulfil our legal/contractual obligations
to manage/respond to complaints/issues
to generate placement activity on our systems for invoicing purposes
to communicate payroll and other financial information to Business Contact

Contact Data

Communication Data

Financial Data

Contract

Legitimate Interest

Legal Requirement

Service delivery activities
send customer surveys to improve our services

Contact Data

Communication Data

Financial Data

Contract

Legitimate Interest

Data Analytics

Manage and maintain a Customer Relationship Management tool (CRM) containing data subjects’ preferences, such as preferred communication methods, clinical interest areas, and research publications.

Combinations of data from publicly available data sets to identify customer business-related interests
Analytics of customer behaviours - Process by Consent only

Contact data

Marketing data

Communication data

Voice recording

Legitimate Interest

Consent

Website Delivery

to respond to web forms completed by you
to promote our products and services
to administer the Website
for internal operations, including support, troubleshooting, data analysis, testing, research, statistical and survey purposes
to ensure the safety and security of our Website and our services

Contact Data

Web Data

Communication Data

Consent

Legitimate Interest

Marketing activities

to keep in contact with Business Contacts and review requirements
to personalise marketing communications
to respond to any requests from you
to send newsletters and other information that may be of Interest

To ask for opinions about our products or services.

Marketing Data

Contact Data

Web Data

Consent

Legitimate Interest

General Contacts

The table below sets out the purpose for which we collect your Personal Data, our lawful basis for doing so, and the Personal Data we collect.

In limited circumstances, we may need to use your Personal Data for purposes other than those stated when we collected the Personal Data. Should this happen, we will notify you of this new purpose.

Purpose/Activity Lawful basis

Management of Corporate Affairs

to take minutes at board meetings
to enter partnerships and other commercial relations
to undertake appropriate due diligence

Identification Data

Contact Data

Communication Data

Financial Data

Contract

Legitimate Interest

Legal Obligation

Website Delivery

to respond to web forms completed by you;
to promote our products and services;
to administer the Website;
for internal operations, including support, troubleshooting, data analysis, testing, research, statistical and survey purposes
to ensure the safety and security of our Website and our services.
to enable users to receive newsletters for products and services
to provide tips and educational resources to website users through the Website

Contact Data

Communication Data

Web Data

Marketing Data

Consent

Legitimate Interest

Sources of Data

We receive Personal Data from a variety of sources. To understand the source/s of your data, please select from below:

Business Contacts

We will only ever source Personal Data relating to Business Contacts in a way that would be generally expected. We receive Personal Data about Business Contacts from a variety of sources, as follows:

the Business Contact often provides the Personal Data as part of the relationship;
the Personal Data may be collected from public sources;
the Personal Data may be collected indirectly from another person within the Company of the Business Contact;
the Personal Data may be collected through our Website;
the Personal Data may be collected indirectly from a website or a third party.

General Contacts

Website Data
We may collect Website User Personal Data from all visitors to our Website to improve our services and develop the Website.

Disclosure of Personal Data

Personal Data is shared in certain circumstances as follows:

to business partners and sub-contractors for the performance of any contract relating to our services provided by Home+ Energy, including email, Microsoft Teams, Communication Platforms, Customer Relationship Management Systems, web developers, payment processors, data aggregators, hosting service providers, external consultants, auditors, IT consultants and lawyers;

To analytics and search engine providers that assist us in the improvement and optimisation of our Website;

If we or substantially all our Company is merged with another company or acquired by a third party, in which case Personal Data held by us will be one of the transferred assets;

If we are under a duty to disclose or share Personal Data to comply with any legal obligation (including tax, audit or other authorities) or to enforce or apply any contracts that we have;

To protect our rights, property, or safety, or that of our Business Contacts, General Contacts, or others. This may include exchanging Personal Data with other companies and organisations for fraud protection.

To Business partners, in the case of personal data, we have your consent

to our post, distribution or courier partner to complete delivery;

to providers of services to Home+ Energy, including external consultants and hosting companies, marketing, legal and finance;

to Home+ Energy insurance brokers and providers where required for administering claims;

to our email distribution partner and service providers in the case of marketing and newsletters;

When we engage another organisation to perform services for us, we may provide them with information concerning the performance of those functions, including Personal Data. We do not allow third parties to use Personal Data except to provide these services.

Security

We will take all necessary steps to ensure that all Personal Data is treated securely following this Data Protection Statement and the law, including GDPR.

Transfers outside the EEA

We may need to transfer Personal Data outside the European Economic Area (EEA), Switzerland or the UK to provide our products and services. We ensure that any transfer of Personal Data outside the EEA, Switzerland or the UK is undertaken using legally compliant transfer mechanisms and per the GDPR.

If we transfer Personal Data outside of the EEA, Switzerland or the UK, we generally rely on the Standard Contractual Clauses adopted by the European Commission and any applicable country standard. We may also rely on some of the other legally compliant transfer mechanisms provided under the GDPR.

Cookies are small text files placed on your computer or mobile device by websites you visit, and they help us improve the products and services we offer you. They are used to make websites work or work more efficiently, as well as to provide information to the site’s owners. Cookies may allow a website to remember your activity over a period. Cookies are optional, and you do not have to accept them.

Our Cookie Notice sets out further information on the cookies we use on the Website and the purpose behind their respective uses.

Third Party Websites

Our Website may contain links to and from third-party websites. If you follow a link to any of these websites, please note that they have their privacy settings, and we do not endorse them. We do not accept any responsibility or liability for these third-party websites. Please undertake the appropriate due diligence before submitting Personal Data to these websites.

Retention

In some circumstances, we cannot specify the period we will retain your Personal Data. In such cases, we will determine the appropriate retention period based on balancing your rights against our legitimate interests. We may also retain certain Personal Data beyond the periods specified herein in some circumstances, such as where required for legal claims.

Business Contacts

Our retention policy for Business Contact Personal Data is as follows:

Purpose of Processing

Retention Period

Managing payments and administration of the Contract

Seven years

Service Delivery

Seven years

Website Delivery

Twelve months

Marketing Activities

Twelve months post-last communication with the data subject or if earlier upon unsubscribe.

General Contacts

Our retention policy for General Contact Personal Data is as follows:

Purpose of Processing

Retention Period

Website Delivery

As agreed with the data subject, whilst the legal basis remains

Rights

You have various rights relating to how your Personal Data is used.

Right of access to the Personal Data we hold on you

You have the right to ask for all the Personal Data we have about you. When we receive a request from you in writing, we must give you access to everything we’ve recorded about you, the details of the processing, the categories of personal data concerned, and the recipients of the personal data.

We will provide the first copy of your Data free of charge. However, we may charge you a reasonable fee for any additional copies.

We cannot give you access to a copy of your Personal Data in some limited cases, including where this might adversely affect the rights and freedoms of others.

Right of rectification of Personal Data

You should let us know if there is something inaccurate in your Personal Data.

We may not always be able to change or remove that Personal Data. However, we will correct factual inaccuracies and may include your comments in the record to show that you disagree.

Right of erasure of Personal Data (right to be forgotten)

In some circumstances, you can ask for your Personal Data to be deleted, for example, where:

Your Data is no longer needed because it was collected in the first place
You have removed your consent for us to use your Personal Data (where there is no other lawful basis for us to use it)
There is no lawful basis for the use of your Personal Data.
Deleting Personal Data is a legal requirement.

Where your Personal Data has been shared with others, we will do what we can to make sure those using your Personal Data comply with your erasure request.

Please note that we can’t delete your Personal Data where:

We are required to have it by law
It is used for freedom of expression.
It is used for public health purposes.
It is used for scientific or historical research or statistical purposes where deleting the Personal Data would make it difficult or impossible to achieve the processing objectives.
It is necessary for legal claims.

Right to restrict what we use your Personal Data for

You have the right to ask us to restrict what we use your Personal Data for where:

You have identified inaccurate Personal Data and have told us of it
We have no legal reason to use the Personal Data, but you want us to restrict what we use it for rather than erase it altogether.

When Personal Data is restricted, it can’t be used other than to store it securely and, with your consent, to handle legal claims and protect others, or where it’s for important public interests.

Right to have your Personal Data moved to another provider (data portability)

You have the right to ask for your Personal Data to be returned to you or another service provider of your choice in a commonly used format. This is called data portability.

This right only applies if we’re using your Personal Data with consent and if decisions were made by a computer and not a human being. It does not apply where it would adversely affect the rights and freedoms of others.

Right to object

You have the right to object to processing your Personal Data, which is based on public Interest or legitimate interest processing. We will no longer process the Personal Data unless we can demonstrate compelling grounds for the processing.

Right not to be subject to automated decision-making

You have the right not to be subject to a decision based solely on automated processing. This right shall not apply when processing your contract is necessary. The processing is undertaken with your explicit consent, or the processing is authorised by law.

You can make a complaint

You have the right to complain to the local supervisory authority for data protection in the EU member state where you usually reside, where you work or where you think data protection law infringement occurred.

Amendments to this Data Protection Statement

We will post any changes to this Data Protection Statement on the Website and, when doing so, will change the effective date at the top of this Data Protection Statement. Please check the date you last used our services to see if there have been any changes since you last used those services.

In some cases, we may provide you with additional notice of changes to this Data Protection Statement via email. We will always provide you with any notice before the changes take effect where we consider the changes to be material.

Thank you for reading our Data Protection Statement. Please get in touch with us at info@homeplusenergy.co.uk if you have any questions.