- We will only ever ask for what we really need to know.
- We will collect and use the personal data that you share with us transparently, honestly and fairly.
- We will always respect your choices around the data that you share with us and the communication channels that you ask us to use.
- We will put appropriate security measures in place to protect the personal data that you share.
- We will never sell your data.
en10ergy Limited (en10ergy) takes privacy of members and supporters information seriously.
en10ergy is a data controller and processor of yourinformation under the conditions of the Data Protection Act 2018. The 2018 Act replaces the 1998 Data Protection Act from May 25 2018.
Our postal address is: 15 Weir Hall Road, London N17 8LG.
Our data protection officer is Cara Jenkinson who can be contacted at firstname.lastname@example.org.
The statement below explains how we collect and use the information which you give us.
Our aim is to safeguard your privacy whilst providing a personalised and valuable experience. Collecting personal information is necessary if we are to satisfy the expectations and requirements of our supporters and members.
Our commitment to you:
- We will collect, process and use the personal data that you share with us in a way that is fair, transparent, and honest.
- We will only hold and use the personal data that you share with us in the ways you say we can.
- You have the right to amend or withdraw your consent about the ways in which we hold and use your personal data at any time.
- We will always respect your personal data rights as detailed in current data protection legislation.
- As a responsible organisation, we will always comply with our responsibilities and obligations as detailed in current data protection legislation.
- We will not share the information that you provide to us with other organisations unless you have provided consent for us to do that.
- We will update the data that you have shared with us regularly, and ensure it is accurate.
- We will log all changes that we make to the personal data that you share with us. You can ask to see the record of the changes at any time.
- We will do all that we can to protect the personal data that you share with us through reasonable technical and organisational safeguards and measures.
- We will always comply with the current UK Information Commissioner’s Office guidance
All the data that we use is held in accordance with the requirements laid out in current data protection legislation. If you have any requests concerning your personal information or any questions about how we manage our data, please contact our Data Protection Officer.
Ways in which we use your personal information
In some areas of our website and other communications, we ask you to provide personal information that will enable us to enhance your site visit or contact you with information you request or that may be of interest to you, e.g. in relation to share offers. We also collect your details when you email or call us with an enquiry so we can respond effectively to you.
We keep your personal information only for as long as required for the purposes for which it’s supplied. Where your information is no longer required, we will always make sure it is disposed of in a safe and secure manner.
We will only ever use your data in line with our commitments to you. Should you have any concerns about this, please contact our Data Protection Officer.
We will only ever contact you directly using the methods for which you have given your clear consent.
We want to give you as much control over the ways we communicate with you as possible. If you’d prefer we did things differently – or even stop contacting you entirely – all communications from us will always explain how to opt-out of future communications or change your preferences. Our aim is to give you complete control over how we use your personal data that you share with us.
How we hold and process your personal data
en10ergy holds data for shareholders who have shares in en10ergy solar projects, and others who are engaged in its community energy work.
- For shareholders, supporters details supplied (or subsequently updated) when applying for shares are held.
- For other individuals that are involved (for example as beneficiaries or partners) in our community energy work we may hold first name, surname, address, phone number(s), and email address.
To be compliant with the Data Protection Act 2018, we need to have a legal basis through which we may hold and process your data. Our legal basis for processing for holding data in relation to the two types of individuals above is legitimate interest.
Sharing your data
We will never sell your details to other organisations.
Keeping your details up to date
The accuracy of your information is important to us. If you change your home or email address, or if any of the other information we hold is inaccurate or changes in any way, or even if you simply wish to check that the data you have shared with us is up to date, please contact us by emailing our secretary at email@example.com..
We place great importance on the security of your personal information and will always take appropriate precautions to protect it.
Even with all these precautions, no data transmission over the internet can be guaranteed to be 100% secure. So, whilst we strive to protect your personal information, we cannot guarantee the security of any information which you disclose to us online and you must understand that you do so at your own risk.
We take care to protect your personal information. We take steps to ensure that access to personal information is restricted to volunteers who need it and that all volunteers who handle personal information are fully trained and kept up-to-date on our data management, security and privacy practices.
As part of our security measures, every time our website is accessed, we record the date, time and the IP address used. In some circumstances this may mean that record is linked to the personal data you have shared. Sometimes the device used to access the website (e.g. a mobile phone, tablet, laptop) may provide us with further information, such as the device and operating system. Using this information helps us to improve our site performance for example by understanding the times of day and days of week at which we see peak traffic, and to assess the popularity of different areas of the site.
Cookies are small pieces of information sent by a web server to a web browser, which enables the server to collect information from the browser. MHSG uses the WordPress tool for its website and cookies are used by WordPress if a user comments on a blog post.
Internet-based transfers and processing
The Internet works as a global environment. This means that using it to collect and process personal data often involves the international transmission of data, and on occasions processing of personal data by third parties (including social media companies) outside the European Economic Area.
Although this may happen, you can be reassured that the data will always be held securely and in line with the requirements of UK data protection legislation. However, we want you to be aware that by communicating electronically with us, you understand and agree to our processing of personal data in this way. If you do not agree to your personal data being processed by social media companies, please contact us at firstname.lastname@example.org.
This policy was last revised 24 April 2018.
Access to your personal information
Under the General Data Protection Regulation, you have the right to request and be sent:
- confirmation that your data is being processed;
- access to your personal data; and
- other supplementary information that we hold about you.
You can make a request by emailing us at email@example.com. We will take steps to confirm your identity before releasing any information to you. We will not charge you for providing the information that you request. We will respond to your request within one calendar month of the request, unless there are exceptional circumstances.
Your rights and acceptance of this policy
Any personal information submitted via our websites is treated in accordance with current UK data protection legislation (from May 25 2018, we will be working in accordance with the Data Protection Act 2018). To find out more about your entitlements under the current and future data protection legislation, visit the Information Commissioner’s website .
The protection of children is very important to us. If you are under 18, please do not provide us with any personal information.
Children should always ask a parent or guardian for permission before sending personal information to anyone online.
We will retain shareholders data for two years after they cease to become a shareholder, due to withdrawal of shares or repayment by en10ergy.
If you ask for your personal information to be deleted we will manage your request in a transparent way, and in line with our data retention policy. We may, however, retain a secure anonymised record for research and analytical purposes.
We regularly review the data we hold to ensure it is held in line with consent of the person who shared it with us.
Whilst we will take all reasonable steps to protect and secure your personal data, we cannot guarantee the confidentiality of any messages transmitted between you and us via email as these are potentially accessible by the public. We will not be liable to you or anyone else for any loss relating to any email message sent by you to us or by us to you.
Like many organisations, we can estimate how many supporters open our emails by counting how many have downloaded the images in them. We also track how many supporters click the links in our emails. By keeping track of which emails our supporters open and click, we can find out what content is popular, and therefore send more of the kind of emails our supporters read. It also means that if a supporter – like yourself – appears to have stopped opening or clicking emails, we can ask them why. This feedback helps us to improve our emails for the future.