Privacy Policy
General
At Renewables Connect, we hold paramount the respect for individuals’ rights to privacy and the safeguarding of personal information. This Privacy Policy delineates the rationale behind the collection of your personal information, the nature of information gathered, its processing procedures, and provides you with your entitlements concerning such data.
The term “Personal information” (also interchangeably referred to as ‘personal data’) pertains to information concerning a living individual that permits identification either on its own or when amalgamated with other data.
Throughout this Privacy Policy, the term “processing” encompasses all activities pertaining to your personal information, including but not limited to collection, handling, storage, sharing, access, utilisation, transfer, security measures, and disposal of information.
Renewables Connect is steadfast in its commitment to ensuring the protection of your privacy. Any personal data furnished to us by you directly or through a third party shall be employed solely by us in strict adherence to this notice. Your data will be processed securely and in consonance with prevailing data protection regulations.
We reserve the right to update this notice periodically by revising the Privacy Policy on our official website (www.renewables-connect.co.uk ). We strongly advise you to peruse our website periodically for any modifications. This policy shall be deemed effective as of 13th May 2024, and any alterations thereafter shall be considered in force from the date of their implementation.
Topics:
- Who are we?
- Data Controller
- Applicability of this Privacy Notice
- Types of Personal Information Processed
- Information Acquisition Process
- Utilisation of Your Personal Data
- Sharing of Your Personal Dat
- Security
- Marketing
- Our Website
- Retention of Personal Data
- Your rights
- Exercising your rights
- Children’s Privacy
- Changes to this Privacy Policy
- How to contact us
Who are we?
Renewables Connect (‘Renewables Connect’, ‘the Company’, or ‘we’), are Renewables Connect Ltd, registered in Scotland under registration number 791286, whose registered office is at Muirhouses Farm, Grange, Errol, Perthshire, PH2 7TB.
Data Controller
Name: Hamish Bottomley
Email: [email protected]
Address: Muirhouses Farm, Grange, Errol, Perthshire, PH2 7TB.
Telephone: 01821 642 508
Applicability of this Privacy Notice
This privacy notice extends to:
- All individuals who visit our website or who engage with us through postal correspondence, telephone communication, electronic mail, social media platforms, or any other means, including digital channels.
- All individuals who are presently or formerly our clients.
- All individuals who serve as primary points of contact for our clients, where either they themselves or their organisations are current or former patrons of our services.
- All individuals associated with our clients (hereinafter referred to as “client-related individuals”), such as tenants or leaseholders, in instances where our client functions as the landlord.
- All individuals who maintain business relations with us, either directly or through their organisations, encompassing suppliers of goods or services to us, providers of professional services, parties demonstrating an interest in our operations, or those maintaining any other form of business affiliation with us. This category includes instances where the involved organisation acts as a public authority, an industry entity, regulatory body, or similar administrative entity.
Types of Personal Information Processed
Personal Information:
We gather an array of personal information, including but not limited to:
- Contact Information: Such as full name, email address, phone number, and physical address.
- Account Information: Including username, password, and any pertinent details provided upon account creation.
- Payment Information: Transactional details encompassing, bank details, billing addresses, and transaction history.
- Location Information: Both approximate and precise geographical data collected through the utilisation of location-based services.
- Demographic Information: Data sets such as age, gender, and user interests, amassed through analytics tools like Google Analytics.
Usage and Device Information:
We actively gather data pertaining to user behaviour and device attributes, including:
- Website Usage: Tracking user interaction patterns, encompassing pages visited, links clicked, and features utilised.
- Device Information: Capturing device specifics such as device type, operating system, browser type, and IP address.
Other Information:
Full list of all other information gathered by our Platform and Database:
- Location Data: Records precise coordinates (latitude and longitude) of user’s current location.
- Search API: Stores search queries made by users, including keywords and search results.
- Drawing API: Captures user interactions with map elements, such as drawing shapes or routes.
- GeoJSON Storage: Saves geographic data entered or modified by users in GeoJSON format, including polygons, lines, and points.
- Subscription Data: Records details of user subscriptions, including subscription plans, renewal dates, and payment history.
- Logged Pages: Tracks user access to specific pages or content within the membership site, including timestamps of page visits.
- Content Creation: Stores details of content created by users, including posts, pages, and custom post types, along with metadata such as publication dates, authorship, and categories/tags.
- Last Login Date: Records the timestamp of the user’s last login to the WordPress site, aiding in user activity tracking and account management.
- Security Events: Logs various security-related events, including failed login attempts, malware scans, firewall rules triggered, and security threats detected.
- IP Blocking: Records IP addresses of blocked users or malicious actors, along with reasons for blocking and block duration.
- Live Traffic: Captures real-time traffic data, including IP addresses, user agents, requested URLs, and HTTP methods, for security analysis and monitoring.
- File Integrity Monitoring: Monitors changes to website files and directories, logging file modifications, additions, or deletions for security auditing purposes.
- Session Cookies: Temporary cookies stored in the user’s browser session, containing session IDs or tokens for session management and user authentication.
- Persistent Cookies: Long-term cookies stored in the user’s browser, used for tracking user preferences, analytics data, and personalized content delivery.
- Customer Profiles: Maintains customer profiles with information such as names, email addresses
- Transaction Metadata: Stores transaction metadata, including timestamps, transaction IDs, and status updates, for payment processing and financial reporting purposes.
- User Interaction Events: Tracks user interactions with website elements, such as clicks, form submissions, and video plays, providing insights into user engagement and behaviour.
- Referral Sources: Identifies the sources of website traffic, including search engines, referral websites, social media platforms, and direct visits, for traffic analysis and marketing attribution.
- User IDs: Assigns unique identifiers to users for cross-device tracking and user journey analysis, allowing for a more cohesive understanding of user behaviour across different sessions and devices.
- Server Logs: Records server access logs, including IP addresses, access times, requested URLs, and HTTP response codes, for website performance monitoring and security analysis.
- Resource Usage Metrics: Monitors resource usage metrics, such as CPU utilization, memory usage, and disk space consumption, to optimize website performance and ensure server stability.
- Backup Data: Stores website backup files and database backups, containing website content, configurations, and user data, for disaster recovery and data retention purposes.
Information Acquisition Process
Your information encompasses all personal data collected and retained by us, comprising:
- Information voluntarily provided by you.
- Information acquired during the course of our association.
- Information received from third parties.
- Information obtained through the technology utilised to access our services (e.g., website usage data, including demographic or statistical insights such as IP geographic location and web client details).
- Information gleaned from publicly accessible sources, such as company registers.
Utilisation of Your Personal Data
At Renewables Connect, we employ your personal data exclusively where necessary to lawfully conduct our business operations. Our utilisation of collected data includes, but is not limited to:
- Understanding the requirements of either you or your organisation.
- Providing you or your organisation with the services for which we have been engaged.
- Enhancing the quality of said services.
- Managing interactions with our business associates.
- Facilitating the collection of payments for services rendered.
- With your consent, communicating via email regarding additional services we believe may be of interest to you.
- Facilitating and managing service provision.
- Processing transactions and financial transactions.
- Personalising user experiences via tailored content delivery.
- Communicating pertinent account information, updates, and transactional notifications.
- Analysing website performance and optimising service delivery.
- Detecting and mitigating technical issues, security threats, and fraudulent activities.
- Complying with applicable legal and regulatory obligations.
A comprehensive delineation of the purposes for which your information may be utilised is provided in Schedule 1 – Purposes of Processing.
Sharing of Your Personal Data
We refrain from divulging your personal information to any external entities beyond Renewables Connect unless:
- We have obtained explicit permission from you.
- In instances where you function as a client-related individual, we may share relevant information with our client as necessary for the provision of services to said client.
- When necessitated by the provision of a service to our client, we may disclose information to our client or client contacts (e.g. to a Developer who is enquiring about a Landowner’s site).
- Engaging service providers, contractors, and business partners to facilitate service provision and operational functions.
- Collaborating with payment processors and financial institutions for transaction processing purposes.
- Partnering with analytics and advertising entities for website performance analysis and targeted advertising endeavours.
- Compliance with legal obligations mandates the sharing of your personal data with law enforcement agencies, judicial bodies, government entities, or regulatory bodies.
- We engage third-party service providers, such as agents and subcontractors acting on our behalf.
- Collaboration with debt collection agencies, legal representatives, and other professional advisors may require the sharing of your personal data.
- Sharing of your personal data is permissible by law, essential for our legitimate interests or those of a third party, and not contradictory to the aforementioned purposes. Refer to Schedule 1 for further details.
Renewables Connect maintains a strict policy of refraining from sharing your information for marketing endeavours outside the Company.
In instances where we engage contractors for the processing of your personal data, we undertake measures to ensure their compliance with stringent security provisions. These measures entail the execution of binding legal agreements, stipulating that they shall process your data solely upon our explicit written instructions and in alignment with appropriate security protocols.
Upon your request, we are prepared to share your personal information with any third party, provided you furnish us with explicit consent to do so. It is essential to note that we disclaim responsibility for any usage of your personal information by such third parties, as their conduct will be regulated by their agreement with you and any privacy statement they may furnish to you.
The bulk of the personal information retained by us is stored and processed within the United Kingdom. In the event of information transfer to countries beyond the UK, such transfers will only occur under the following circumstances:
- Where the Information Commissioner’s Office (ICO) has ascertained that the country or organisation receiving your information will ensure its adequate protection.
- Where we have entered into a contractual agreement with the receiving organisation, the terms of which have been endorsed by the ICO, to guarantee the adequate protection of your information.
- Upon your explicit consent to transfer information to a country outside the UK.Top of Form
Security
At Renewables Connect, we are dedicated to upholding the security of your information, both within our organisation and with third parties acting on our behalf. To mitigate the risk of unauthorised access or disclosure, we have implemented appropriate physical, electronic, and managerial protocols to safeguard and fortify the information we process. Regular assessments are conducted to ensure the continued adequacy and currency of our security measures. Nonetheless, it’s important to note that no data transmission method is entirely immune to security breaches.
Our Website
Cookies:
Cookies are text files placed on your computer to gather standard internet log and visitor behaviour information. This data is utilised to monitor visitor utilisation of our website and to compile statistical reports on website activity, thereby enabling us to enhance and tailor it to meet customers’ requirements.
For additional information, please visit www.aboutcookies.org.uk or www.allaboutcookies.org.
You reserve the right to accept or decline cookies, and the aforementioned websites provide instructions on how to remove cookies from your browser. However, it is important to note that in certain instances, some features of our website may not function properly as a result.
Other Websites:
While our website may feature links to other websites of interest, please be aware that this privacy notice exclusively pertains to our website (www.renewables-connect.co.uk). Hence, exercise caution and review the privacy statement of the respective website when navigating to external links.
Retention of Personal Data
We will retain your personal data solely for the duration necessary to fulfil the purposes for which it was collected, including meeting any legal, accounting, or reporting obligations, unless an extended retention period is necessitated or permissible by law.
In determining the appropriate retention period for personal data, we take into account various factors, including the volume, nature, and sensitivity of the personal data, the potential risks associated with unauthorised use or disclosure, the purposes for which we process the personal data, and whether alternative means exist to achieve those purposes, as well as relevant legal requirements.
In the absence of specific legal, regulatory, or contractual obligations, our standard retention period for personal data is seven years following the conclusion of any relationship between you and us. Subsequently, if the data is no longer necessary for its originally intended purpose, it will be securely destroyed.
Retention periods may be subject to alteration periodically in accordance with business, legal, and regulatory requirements. On exceptional occasions, we may retain your information for extended periods, particularly if required to withhold destruction or disposal pursuant to a court order, investigation by law enforcement agencies, or regulatory inquiry. This measure ensures that the Company can furnish records as evidence if necessary.
Your Rights
We are committed to ensuring that you are fully aware of your rights concerning the personal information we process about you. Below, we outline these rights and the circumstances under which they are applicable:
Right of Access
You possess the right to access your personal information held by us.
Commonly referred to as a “subject access request,” you may request access to review the personal information we hold about you and verify the lawfulness of its processing. Should you wish to exercise this right, please contact our Data Controller.
Right to Withold
You possess the right to not to disclose certain personal information; however, this may impact access to specific website features and the services we can provide to you.
Right of Erasure
You maintain the right to request the deletion of your personal information.
This right may be exercised if you believe that:
- We no longer require your information for the purposes for which it was provided.
- You have granted consent for the processing of your personal information and wish to retract your consent.
- Your information is being utilised unlawfully.
However, please be aware that we may not always be able to comply with your erasure request due to specific legal reasons, which will be communicated to you, if applicable, subsequent to your request. It is important to note that the right of erasure does not extend to personal data processed under the necessity of contractual performance with individuals.
Should you request the deletion of your information, please note that it may necessitate the suspension of the service(s) we provide to you.
Right of Rectification
You are entitled to request the correction of any inaccuracies in your data.
Requests for rectification should be communicated verbally or in writing to our Data Controller.
Right of Restriction
You have the right to request the limitation of processing of your personal information if you believe that:
- You require the verification of the accuracy of your personal data.
- The processing of your data is unlawful, but you oppose its deletion.
- You need us to retain the data even if we no longer require it, as you require it for the establishment, exercise, or defence of legal claims.
- You have objected to the processing of your data, pending the verification of whether our legitimate interests override your own interests.
Should you request the restriction of processing your information, please note that it may result in the suspension of the service(s) we provide to you.
Right of Data Portability
Where consent has been sought for the processing of your personal information or where you have provided information for the purpose of entering into a contract with us, you have the right to receive the personal information you provided us in a portable format. To request the transfer of your personal information, please contact our Data Controller.
Right of Objection
If we rely on legitimate interests (or those of a third party) as the basis for processing your personal information, you have the right to object to such processing. You may also request the restriction of processing based on your specific circumstances, unless we can demonstrate compelling legitimate grounds for the processing, which override your interests, or where processing is necessary for the establishment, exercise, or defence of legal claims.
Depending on the circumstances, we may need to cease processing your personal information entirely or, upon request, erase your information. Please note that if you object to the processing of your information, it may necessitate the suspension of the service(s) we provide to you.
Marketing
You retain the right to object at any time to the processing of your personal information for direct marketing purposes. For further details, please refer to the section on ‘Marketing’ above.
Withdrawal of Consent
Should we rely on your consent for the processing of your personal information, you reserve the right to withdraw your consent at any time. We will always clearly indicate when your consent is required for specific processing activities.
Exercising Your Rights
Should you wish to exercise any of the rights outlined above, please reach out to our Data Controller. We may require specific information from you to confirm your identity and ensure your entitlement to access your personal information or exercise any other rights. This is a precautionary security measure aimed at preventing the disclosure of personal information to unauthorised individuals. Additionally, we may contact you to request further information pertaining to your request to expedite our response.
You will not be charged a fee to access your personal information or exercise any other rights. However, in instances where your request is deemed unfounded, repetitive, or excessive, we reserve the right to levy a reasonable fee or refuse to comply with your request.
We endeavour to respond to all legitimate requests within one month. However, if your request is particularly intricate or if multiple requests have been submitted, it may take longer to provide a response. In such instances, we will duly notify you and keep you apprised of the progress.
Children’s Privacy
Our website and services are not directed towards individuals under the age of 13. We do not knowingly collect personal information from minors. If you suspect inadvertent collection of data from a minor, please contact us immediately.
Changes to this Privacy Policy
We reserve the right to modify this Privacy Policy periodically to reflect alterations in our practices or legal obligations. Notification of substantial changes will be conveyed by posting the updated Privacy Policy on our website.
How to Contact Us
We are committed to ensuring the lawful, fair, and secure processing of your personal information. Should you have any queries regarding our privacy policy, the information we hold about you, or concerns regarding our practices, please do not hesitate to contact us:
- Via email at [email protected]
- Address: Muirhouses Farm, Grange, Errol, Perthshire, PH2 7TB.
You also possess the right to lodge a complaint with the Information Commissioner’s Office regarding the manner in which we process your personal information. If you remain dissatisfied with our response, you have the option to contact the Information Commissioner’s Office at:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113
Website: www.ico.org.uk
Schedule 1 – Purposes of Processing
We are committed to utilising and sharing your personal information solely where necessary to conduct our lawful business operations. To ensure transparency, we have outlined in detail below the purposes for which your personal information may be utilised:
Contractual Necessity:
Where you are a client, we may process your information if deemed necessary to establish a contractual agreement with you for the provision of our services or to fulfil our obligations under such a contract. Similarly, in cases where you are a business contact supplying (or expressing intent to supply) goods or services to us (e.g. as a sole trader), we may process your personal information if essential to entering into a contractual agreement for the supply of said goods or services, or to meet our obligations under such a contract. Kindly note that refusal to provide the requested personal information may impede our ability to continue providing services to you or receiving goods or services from you. This processing may include:
- Provision and administration of the service(s) throughout your engagement with the Company, including executing your instructions and addressing any queries.
- Management and maintenance of our relationship with you, and for continuous customer service.
Legal Obligation:
In order to render certain services, we are mandated by law to collect and process specific personal information about you. Refusal to provide the requested personal information may hinder our ability to continue providing the services to you. This processing may involve:
- Sharing data with police, law enforcement, or other government agencies where legal obligations exist, including reporting suspicious activity and complying with court orders.
- Investigation and resolution of complaints received.
- Investigations into breaches of conduct and the Company’s policies by our employees.
- Provision of assurance that the Company has effective processes in place to identify risks to the business.
Legitimate Interests
We reserve the right to process your personal information where it aligns with our legitimate interests as an organisation, provided such processing does not undermine your interests or fundamental rights and freedoms.
In the ordinary course of conducting our business, we may engage in the processing of personal information to oversee and manage our business and financial affairs. It is imperative for us to ensure the efficient operation of our processes and systems to sustain our business operations. This may encompass processing your information to:
- Monitor, maintain, and enhance internal business processes, information, and data, as well as market knowledge, technology, and services.
- Identify and mitigate conflicts of interest.
- Provide services to your organisation (in instances where you serve as a client contact).
- Obtain goods or services from a third-party supplier (if you act as a business contact on behalf of another organisation).
- Facilitate internal record-keeping and staff training initiatives.
- Safeguard business continuity, undertake disaster recovery measures, and respond to business incidents and emergencies.
- Ensure our legal interests and rights are protected.
As a business entity, it is incumbent upon us to safeguard our clients’ interests by providing them with the most suitable service and by continually enhancing both our services and our standing as a Company. To this end, it may be necessary to process your information to facilitate the following:
- Identification of new business opportunities, fostering inquiries, and nurturing our relationship with you.
- Monitoring the performance of our services.
- Conducting analyses on customer complaints to rectify errors and enhance customer service.
Moreover, as a business enterprise, it is imperative for us to manage our risks and ascertain the scope and terms of the services we can offer. This may involve processing your information for the following purposes:
- Conducting customer due diligence (CDD).
- Managing fees owed to us.
- Pursuing the collection and recovery of outstanding debts owed to us.
This document was reviewed on the 13th of May 2024.