GDPR Compliance

Your data protection rights under UK GDPR

faint-yield Energy Solutions Ltd takes data protection seriously. Following the United Kingdom's departure from the European Union, the UK General Data Protection Regulation (UK GDPR) governs how we handle personal data. This page explains our compliance approach and your rights under this legislation.

Our Commitment to Data Protection

We are committed to processing personal data lawfully, fairly, and transparently. Our data handling practices are designed to protect individual privacy while enabling us to provide effective energy efficiency services across the United Kingdom.

Data Controller Information

faint-yield Energy Solutions Ltd acts as the data controller for personal information collected through our website and in the course of delivering our services.

Registered Address: Unit 14, The Green Business Centre, 42 Maple Street, London EC1V 9BN
Company Number: 12847563
Data Protection Contact: [email protected]

Your Rights Under UK GDPR

The UK GDPR provides individuals with specific rights regarding their personal data. We are committed to facilitating the exercise of these rights:

Right of Access

You have the right to obtain confirmation that your data is being processed and to access a copy of that data. We will provide this information free of charge within one month of receiving your request. In certain circumstances, this period may be extended by two months for complex requests.

Right to Rectification

If personal data we hold about you is inaccurate or incomplete, you have the right to request correction. We will action valid rectification requests within one month.

Right to Erasure

Also known as the right to be forgotten, this allows you to request deletion of your personal data in certain circumstances, including when the data is no longer necessary for its original purpose or when you withdraw consent. Some data may be retained to comply with legal obligations.

Right to Restrict Processing

You may request that we limit how we use your data in specific situations, such as while a complaint is being investigated or if you contest the accuracy of your data.

Right to Data Portability

Where technically feasible, you can request to receive personal data you have provided to us in a structured, commonly used, and machine-readable format, or to have it transmitted directly to another controller.

Right to Object

You have the right to object to processing of your personal data in certain circumstances, particularly where we process data based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision Making

We do not currently use automated decision-making or profiling that produces legal effects or similarly significant impacts on individuals.

Lawful Basis for Processing

Under UK GDPR, we must have a valid lawful basis for processing personal data. Depending on the context, we rely on:

Data Minimisation

We collect only the personal data that is necessary for the specific purposes identified. We do not gather excessive information, and we regularly review our data holdings to ensure continued relevance.

Data Accuracy

We take reasonable steps to ensure personal data remains accurate and up to date. Clients are encouraged to notify us of any changes to their personal details so that our records can be updated accordingly.

Storage Limitation

Personal data is retained only for as long as necessary to fulfil the purposes for which it was collected or as required by law. Our retention periods are documented in our Privacy Policy and are subject to periodic review.

Security Measures

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or destruction. These measures are regularly reviewed and updated to address evolving security risks.

Third-Party Processors

When we engage third-party service providers who process personal data on our behalf, we ensure appropriate data processing agreements are in place. These agreements require processors to implement adequate security measures and process data only according to our instructions.

International Data Transfers

Personal data is primarily stored within the United Kingdom. Where transfers outside the UK are necessary, we ensure appropriate safeguards are implemented in accordance with UK GDPR requirements, such as Standard Contractual Clauses or adequacy decisions.

Data Breach Procedures

We have procedures in place to detect, report, and investigate personal data breaches. Where a breach is likely to result in a high risk to individuals' rights and freedoms, we will notify affected individuals without undue delay. Breaches meeting the reporting threshold will be notified to the Information Commissioner's Office within 72 hours.

Exercising Your Rights

To exercise any of your data protection rights, please contact us at [email protected]. We may need to verify your identity before processing your request. There is no fee for most requests, though we may charge a reasonable fee for manifestly unfounded or excessive requests.

Complaints

If you are dissatisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Website: ico.org.uk

We would appreciate the opportunity to address your concerns before you approach the ICO, so please consider contacting us first.

Updates to This Page

We may update this GDPR information from time to time to reflect changes in our practices or legal requirements. The date of the most recent revision will be indicated at the bottom of this page.

Last revised: January 2024