Home / Privacy Policy

Privacy Policy

Introduction

This Privacy Policy is provided by Aggregated Micro Power Holdings Limited and our subsidiaries AMP Biomass Fuel Ltd, AMP Energy Services Limited and AMP Clean Energy Services Limited (“AMP”, “we”, “our” or “us”) who are each a “controller” for the purposes of the UK General Data Protection Regulation (“UK GDPR”) as implemented by the Data Protection Act 2018 (collectively referred to as the “Data Protection Laws”).

At AMP, we are committed to protecting your information and take your privacy very seriously. Please read this Privacy Policy carefully as it contains important information on who we are and how and why we collect, store, use and share your personal data. It also explains your rights in relation to your personal data and how to contact us or supervisory authorities in the event you have a complaint.

This Privacy Policy applies when you visit our website https://www.ampcleanenergy.com and any mobile site or applications that link to this Privacy Policy (collectively, the “Sites”). It also applies where we provide our products and services to you or are in contact with you in other ways, whether in your capacity as an individual or as director, shareholder, partner, employee or other representative of a company or other organisation which uses our services.

If you have any questions about our Privacy Policy, if you would like to exercise any of your rights as described in this Privacy Policy, you can contact us using the information listed below:

Post:	Data Enquiries AMP Clean Energy Third Floor, 1 Dover Street London W1S 4LD
Telephone:	0808 806 2891
Email:	legal@ampcleanenergy.com

Changes to our Privacy Policy:

From time to time, we may change this Privacy Policy. The current version of this Privacy Policy will always be available from us in hard copy or on the Sites.

Updated and effective as of 29 March 2023.

Personal data we collect
How we use your personal data
How is processing your personal data lawful?
Sharing your personal data with other organisations
Is your personal data transferred outside of the UK?
Keeping your personal data secure
Monitoring processes that may involve your personal data
How long do we keep your personal data?
Your rights under the Data Protection Laws
Complaints

1. Personal data we collect:

1.1 If we deal with you as a current or prospective customer or client, we may collect, use, store and transfer different personal data relating to you in order to provide our services and products to you.

1.2 Personal data means any information from which a living individual can be identified. We may collect the following personal data from you when you are introduced to us, when we meet you in person, or when we are in contact by phone, email, or via the “Contact Us” section on our Sites, and when you register on the Sites or otherwise.

1.3 The categories of personal data that we may collect includes (but may not be limited to):

first and last name;
job title and company name (“where relevant”);
email address;
phone number;
postal address;
your professional memberships and interests;
billing information, transaction and payment card information;
information to check and verify your identity (e.g. your date of birth);
information to enable us to undertake credit or other financial checks on you;
location data, if you choose to give this to us;
demographic information, if you choose to give this to us;
dash cam recording from our vehicles; and
CCTV images when you are on our premises.

1.4 We do not generally seek to collect Special Category Data (e.g. data relating to an individual’s racial or ethnic origin, religious or philosophical beliefs, sexual orientation, or data concerning health or disabilities).

1.5 If we do collect Special Category Data, we will ask for your explicit consent to our proposed use of that information at the time of collection. We will also ensure that the processing is in accordance with the Data Protection Laws.

1.6 We will collect most personal data from you directly. We may also collect personal data about you from:

publicly accessible sources e.g. Companies House and HMRC;
third party sources of information e.g. business partners, subsidiaries, customer due diligence providers and credit reference agencies;
public sources e.g. on websites associated with you or your company or on social media platforms such as LinkedIn; and
a third party e.g. a person who has introduced you to us or other professionals (such as solicitors) you may engage.

1.7 If you interact with us online, we may also use cookies and other technological tools to collect information about your device and your use of our Sites, such as your device’s IP address, your user ID and session identifiers, what pages your device visited, and the time that your device visited our Site.

1.8 For more information on cookies, please see our Cookies Policy.

2. How we use your personal data:

2.1 We may use your personal data for the purposes set out in this Privacy Policy. We are allowed to do so on certain legal bases (please see “How is processing your personal data lawful” for further details).

2.2 The purposes for which we use and process your personal data (excluding Special Category Data) and the legal basis on which we carry out each type of processing are explained below:

Purpose:	Explanation:	Legal Basis:
Providing our goods and services	We collect, hold, use and disclose your personal data which is necessary to carry out our business functions or activities, including: providing our products and services to you and managing our contract with you;responding to your queries and providing you with information about the products and services that may be of interest to you;to enforce the terms and conditions and any contracts entered into with you; to enable you to register on our Sites and sign up to receiving our e-newsletters;complying with our legal and regulatory obligations, such as establishing your identity in order to comply with anti-money laundering regulations and our other legal and regulatory obligations;activities necessary to comply with professional, legal and regulatory obligations that apply to our business (e.g. under health and safety law, statutory returns or rules issued by professional regulators, or audits, enquiries or investigations by regulatory bodies); to send you information regarding the changes to our policies, other terms and conditions and other administrative information.	Contract, legal obligation and legitimate interests
Information Gathering	We may collect personal data from you electronically, for instance through our Sites. Each time you visit our Sites, we collect information about your use of the Site using cookies and other technological tools. The cookies we send to your device cannot read your hard drive, obtain any information from your browser or command your computer to perform any action.	Legitimate interests, consent
Marketing	We use your contact details in order to send you e-newsletters, to invite you to events or other functions, or send you communications concerning AMP marketing developments that we believe may be of interest to you. We may ask you to confirm or update your marketing preferences if you ask us to provide further services in the future, or if there are any changes in the law, regulation or structure of AMP. You can always opt out of receiving direct marketing-related email communications by contacting us using the contact details provided at the beginning of this Privacy Policy or, by selecting the unsubscribe link.	Legitimate interest, consent
CCTV and dash cams	We use CCTV to protect our premises and staff from vandalism and violence. We use dash cams on our company vehicles for the protection of our drivers. Where you are on our premises or if our vehicles visit your property, your image may be captured.	Legitimate interest

3. How is processing your personal data lawful:

3.1 We are allowed to process your personal data, for the purposes explained in this Privacy Policy, on the following legal bases:

Legitimate Interests: We are permitted to process your personal data if it is based on our ‘legitimate interests’. A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own.
Consent: Sometimes, we want to use your personal data in a way that is entirely optional for you, such as when you give consent for us to place cookies on your device. On these occasions, we will ask you to provide your consent.You can withdraw this consent at any time.
Contract: It is necessary for our performance of a contract you have agreed to enter with us. If you do not provide your personal data to us, we may not be able to carry out our obligations under the terms of your contract.
Legal Obligation: We are subject to legal obligations to process your personal data for the purposes of complying with applicable regulatory, accounting and financial rules, health and safety and to mandatory disclosures to government bodies, tax administrators and law enforcement agencies.

3.2 AMP will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you in a timely manner and we will explain the legal basis which allows us to do so.

4.1 We respect your privacy and will not share your personal data with third parties except as provided in this Privacy Policy. We only allow third parties who are our service providers to handle your personal data if we are satisfied they take appropriate measures to protect your personal data.

4.2 We may your share personal data, for the purposes listed above, with the following third parties:

Companies within the AMP group, including directors, staff and consultants based in the UK;
Professional advisors;
Third parties and business partners (for example, contract hauliers) who are a part of delivering your products and providing services, or operating our business (for example, insurers and brokers);
Our bank(s);
Governmental and regulatory bodies such as HMRC, and the Information Commissioner’s Office;
Other organisations and businesses who provide services to us including (but not limited to) debt recovery agencies, back up and server hosting providers, IT software and maintenance providers, document storage providers and suppliers of other back office functions;
Credit Reference and Fraud Prevention Agencies (see below); and
Market research organisations and marketing companies who help us to develop and improve our products and services.

4.3 We may also need to:

share personal data with external auditors, e.g. in relation to ISO and/or the audit of our accounts;
disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations; and
share some personal data with other parties, such as potential buyers of some or all of our business or during a restructuring—usually, all information will be anonymised but this may not always be possible, however, the recipient of the information will be bound by confidentiality obligations.

4.4 If you would like more information about who we share your personal data with and why, please contact us using the contact details provided at the beginning of this Privacy Policy. Some of the organisations listed above will also be controllers so you should review their privacy policy to understand how they will process your personal data.

5. Is your personal data transferred outside the UK?

5.1 We are based in the UK and have no interests outside the UK or the European Economic Area. However, we may transfer your personal data outside of the UK or European Economic Area to third-party providers (such as the customer relationship management platforms that we use).

5.2 Any transfers or processing of your personal data outside of the UK and/or the European Economic Area will be carried out in accordance with the Data Protection Laws to safeguard your privacy rights and to provide you with remedies in the unlikely event of a security breach. If you would like more information about the countries to which personal data is sent and why, please contact us using the contact details provided at the beginning of this Privacy Policy.

6. Keeping your personal data secure:

6.1 We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your personal data will do so only in an authorised manner and are subject to a duty of confidentiality.

6.2 We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

7. Monitoring processes that may involve your personal data:

7.1 In this section monitoring means any: listening to, recording of, viewing of, intercepting of, or taking and keeping records (as the case may be) of calls, email, text messages, social media messages, in person (face to face) meetings, website responses, and other communications.

7.2 We may, and we will carry out monitoring where the law requires it, or to comply with regulatory rules, to prevent or detect crime, in the interests of protecting the security of our communications systems and procedures and for quality control and staff training purposes. This information may be shared for the purposes described in the sections above.

8. How long do we keep your personal data?

8.1 In principle we will keep your personal data:

For as long as we have reasonable business needs, such as managing our relationship with you and managing our operations; or
For as long as we provide goods or services to you and then for as long as the relevant statutory limitation period applies; or
For as long as retention periods (to comply with legal and regulatory requirements or guidance) specify

8.2 In all instances, we will not keep your personal data for longer than necessary. Different retention periods apply for different types of personal data.

8.3 If you would like more information on how long we will retain your personal data, please contact us using the contact details provided at the beginning of this Privacy Policy.

9. Your rights under the Data Protection Laws:

9.1 All data subjects have the following rights under the Data Protection Laws, which can be exercised free of charge:

*Access*	The right to be provided with a copy of your personal data.
*Rectification*	The right to require us to correct any mistakes in your personal data.
*Erasure* (also known as the right to be forgotten)	The right to require us to delete your personal data – in certain situations.
*Restriction*	The right to require us to restrict processing of your personal data in certain circumstances, e.g. if you contest the accuracy of the data.
*Data Portability*	The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party – in certain situations.
*To Object*	The right to object to the processing of your personal data in certain circumstances (e.g. for direct marketing and profiling purposes). In certain situations, we may continue processing your personal data if we have a compelling reason to do so.
*Not to be subject to Automated Decision Making*	The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.

9.2 If you would like to exercise any of these rights, please contact us using the contact details provided at the beginning of this Privacy Policy.

9.3 In order to comply with your request, we may ask you to provide enough information to identify yourself as well as any additional identity information we may reasonably require. You will also need to let us know what right you want to exercise and the information to which your request relates.

9.4 We endeavour at all times to respect and to comply with these rights except where there are legal bases or compliance requirements to retain information contrary to those rights. In such cases we will advise you of the circumstances which prevent us meeting your request and the specific reasons.

9.5 For further information on each of your rights, including the circumstances in which they apply, please contact us using the contact details provided at the beginning of this Privacy Policy or see the Guidance from the UK Information Commissioner’s Office (ICO) on individual rights.

10. Complaints:

10.1 It is important to ensure that you have read this Privacy Policy carefully. If you do not think that we have processed your personal data in accordance with this policy, you should let us know as soon as possible.

10.2 You are also entitled to lodge a complaint with our data protection regulator, the Information Commissioner’s Office (ICO), which regulates and supervises the use of personal data in the UK. The ICO can be contacted on 0303 123 1113.

Cookie	Duration	Description
_GRECAPTCHA	5 months 27 days	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
PHPSESSID	session	This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
wordpress_test_cookie	session	This cookie is used to check if the cookies are enabled on the users' browser.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_130648884_1	1 minute	Set by Google to distinguish users.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
CONSENT	16 years 2 months 19 days 15 hours	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.

Cookie	Duration	Description
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.