Dave Green Energy Services

 PRIVACY POLICY 

Objective

To ensure that personal data that Dave Green Energy Services retains during the course of its activities complies with the General Data Protection Regulations (GDPR). 

Scope

All practical projects, consultancy projects and administrative activities undertaken by Dave Green Energy Services. 

Responsibilities

Dave Green is regarded as the Data Controller for the purposes of GDPR and has ultimate responsibility for the safe storing, using and deleting of personal data. 

The data Dave Green Energy Services holds about individuals and the purposes for which it is held

All the data about individuals held by Dave Green Energy Services, such as name, address, telephone number and email address, will be obtained by email, telephone, post, online or in person as part of one of the following methods: 

  • Through an enquiry to Dave Green Energy Services for information about their services;
  • As part of a contract that is being delivered on behalf of Dave Green Energy Services;
  • When an individual has been involved in a Dave Green Energy Services project;
  • When an individual has complained about Dave Green Energy Services through their Customer Complaint Procedure;
  • When an individual has provided their contact details at a Dave Green Energy Services meeting, project or other type of event.

The legal basis for which Dave Green holds personal data is ‘contract’. Personal data will be held for no longer than is necessary to meet contractual obligations or to meet legal requirements e.g. audit purposes. 

Dave Green Energy Services holds this data in order to deliver their services including consultancy and project development.  Data will not be used for any purpose other than that for which it has been provided.  Dave Green Energy Services will not process an individual’s data in any way nor publish data in any format unless in a report or on the website with prior consent.  Dave Green Energy Services will never pass or sell data to any third parties for marketing purposes.

The Dave Green Energy Services website may contain links to other websites of interest although Dave Green Energy Services does not have any control over third-party websites.  Dave Green Energy Services cannot be responsible for the protection and privacy of any information which is provided whilst visiting such sites and such sites are not governed by this Privacy Procedure

The rights of individuals about whom Dave Green Energy Services holds data

An individual about whom Dave Green Energy Services holds data (the data subject) has the right to request:

  • Whether Dave Green Energy Services is holding any data about them and if so, what data;
  • For a copy of any data Dave Green Energy Services is holding about them;
  • To rectify any incorrect data Dave Green Energy Services is holding about them;
  • To delete the data Dave Green Energy Services is are holding about them if they no longer want Dave Green Energy Services to hold it;
  • Not to use any data other than for the purpose it was provided for;
  • To change the details of any consent that was given at any time in writing to Dave Green Energy Services.

 To request changes or details of these rights (a Subject Access Request), an individual should send an email to the Data Controller info@davegreenenergy.co.uk.  The Data Controller will respond to the email within 14 days of receiving it.

Should an individual have reason to consider that Dave Green Energy Services has breached this Privacy Procedure or the regulations which underpin it in any way, they have the right to complain to the Information Commissioner’s Office (ICO) at ico.org.uk.

 The basis on which Dave Green Energy Services holds and protects data about individuals

Dave Green Energy Services will only hold data when there is a lawful basis for doing so.  This will be when:

 Clear, unambiguous consent has been given to Dave Green Energy Services in writing or online to store personal data; or,

  • There is a contractual requirement to store or share data when delivering a contract for Dave Green Energy Services.

 Dave Green Energy Services is committed to ensuring that personal data is secure.  In order to prevent unauthorised access or disclosure, Dave Green Energy Services will ensure that suitable physical, electronic and managerial procedures to safeguard and secure the information it collects online are maintained.  This will include the following actions:

 When emailing information to a list of recipients, BCC (Blind Carbon Copy) must be used to ensure personal data from email addresses is not shared;

  • Use of memory sticks for transporting data will be minimised and when required to be used, must encrypt data held on the memory sticks;
  • All software must be set for automatic updates, particularly anti-virus and malware software;
  • The website must be set for automatic security updates;
  • All computers and laptops must be password protected;
  • Secure passwords will be used and their security will be reviewed on a regular basis. Passwords will be changed where there are concerns about their security;
  • Data on computer databases will be securely protected in locked premises when not occupied by Dave Green Energy Services staff or associates;
  • Regular backups of data will be automatically scheduled, including to secure off-site storage.

 

Data that has been obtained as part of a grant-funded programme (including business name and bank account details) will be stored according to the requirements of the grant. 

 The circumstances in which Dave Green Energy Services shares and transfers the data held about individuals

Dave Green Energy Services will disclose data if required to do so by law.

 Dave Green Energy Services will not under any circumstances transfer personal data outside the European Economic Area (EEA).

 Actions required in the event of a breach of data

In the event of a data breach, the following actions must take place immediately:

 

  • Investigation by the Data Controller on what data has been breached;
  • Containing the breach and recovering from the impact – including changing passwords and restoring data from backups;
  • Assessing the risk – is there the possibility of distress or harm?
  • Deciding who needs to be informed – depending upon whether the breach is likely to result in a risk to individuals rights and freedoms;
  • Learn from the incident – how can practices be improved to stop an incident happening again?

 If the breach is likely to result in a risk to individuals rights and freedoms then the ICO must be informed.  Unless the breach is very minor, it is worthwhile contacting the ICO for advice on containing the breach and receiving recommendations to prevent future data breaches.  Further information is available at ico.org.uk/for-organisations/report-a-breach.

 The Data Controller will notify affected individuals within 24 hours of being aware of a data breach to inform them of the data that has been breached and the actions being taken.

 Notifying individuals when there is a change to this privacy policy

When any changes are required to Dave Green Energy Services’ Privacy Procedure, the Data Controller will put a notice on Dave Green Energy Services’ website to inform individuals of the changes and what their significance could be for them.  Dave Green Energy Services will also make this information available in any emails sent out to individuals who could be affected.

Make a free website with Yola