Privacy Policy

Introduction

At AMP Clean Energy we are committed to protecting your information and take your privacy very seriously. Please read our privacy policy carefully as it contains important information on who we are and how and why we collect, store, use and share your personal data. It also explains your rights in relation to your personal data and how to contact us or supervisory authorities in the event you have a complaint.

We collect, use and are responsible for certain personal data about you. When we do so we are subject to the UK General Data Protection Regulation (“GDPR”) as implemented by the Data Protection Act 2018.

Table of Contents

1. About this Privacy Policy
2. About AMP Clean Energy
3. Contacting us
4. Data Protection Principles
5. Data we collect
6. How we use your information
7. Email Marketing
8. Sharing your personal information with other organisations
9. Where is your personal data held?
10. Is your personal information transferred outside the UK?
11. Do you have to provide your personal information to us?
12. Monitoring processes that may involve your personal information
13. Automated decision making
14. How long do we keep personal information?
15. Your rights under data protection laws
16. Keeping your data secure
17. Changes to our Privacy Policy

1. About this Privacy Policy

This Privacy Policy applies when you visit our website https://www.ampcleanenergy.com and any mobile site or applications that link to this Privacy Policy (collectively, the “Sites”). It also applies where we are in contact with you in other ways whether in your capacity as an individual or as director, shareholder, partner, employee or other representative of a company or other organisation.

2. About AMP Clean Energy

We are Aggregated Micro Power Holdings Limited (“AMP”, “we”, “our” and “us”), registered in England and Wales at Companies House under company number 08372177. Our registered office is at 1 Dover Street, London, W1S 4LD.  

This privacy policy also applies to our subsidiary companies, including:

  • AMP Biomass Fuel Ltd, registered in England and Wales under number: 05735950 with its registered office at 1 Dover Street, London, W1S 4LD
  • AMP Energy Services Limited, registered in England and Wales under number: 07342849 with its registered office at 1 Dover Street, London, W1S 4LD

3. Contacting us

If you have any questions about our privacy policy or your information, or to exercise any of your rights as described in this privacy policy on under data protection laws, you can contact us:

By post:
Data Enquiries
AMP Clean Energy
1 Dover Street
London
W1S 4LD

By telephone:
0207 382 7800

By email:
legal@ampcleanenergy.com

4. Data Protection Principles

In accordance with GDPR, AMP adheres to the following seven statutory principles when processing personal data:

  • 1. Lawfulness, fairness and transparency: personal data is processed in a lawful, fair and in a transparent manner in relation to individuals.
  • 2. Purpose limitation: personal data is only collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
  • 3. Data minimisation: personal data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
  • 4. Accuracy: personal data must be accurate and, where necessary, kept up to date.
  • 5. Storage limitation: personal data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.
  • 6. Integrity and confidentiality: personal data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised our unlawful processing and against accidental loss, destruction or damage by using appropriate technical or organisational measures.
  • 7. Accountability: AMP is responsible for, and must demonstrate compliance with, the above six principles.

5. Data we collect

5.1 Information you provide us

You may provide us with personal data when you are introduced to us, when we meet you in person, or when we are in contact by phone, email, via the Sites and when you register on the Sites or otherwise.

The categories of personal data you provide includes (but may not be limited to):

  • first and last name;
  • job title and company name;
  • email address;
  • phone number;
  • postal address;
  • your professional memberships and interests;
  • billing information, transaction and payment card information;
  • information to check and verify your identity (e.g. your date of birth);
  • information to enable us to undertake credit or other financial checks on you;
  • location data, if you choose to give this to us
  • demographic information, if you choose to give this to us

5.2 Information we collect from third parties

We collect most of this information from you directly. We also work in conjunction with third parties (including, for example, business partners, subsidiaries) and may receive information about you from them.

We also collect information about you:

  • from publicly accessible sources e.g. Companies House and HMRC;
  • from third party sources of information e.g. customer due diligence providers and credit reference agencies;
  • which you have made public on websites associated with you or your company or on social media platforms such as LinkedIn; and
  • from a third party e.g. a person who has introduced you to us or other professionals (such as solicitors) you may engage.

5.3 Information we collect online – cookies

If you interact with us online, we use cookies and other technological tools to collect information about your device and your use of our Sites, such as your device’s IP address, your user ID and session identifiers, what pages your device visited, and the time that your device visited our Site.

For more information on cookies, please see our Cookie Policy.

5.4 Special Category Data

We do not generally seek to collect Special Category Data on the Sites.

Special Category Data is defined by GDPR to include personal data revealing sensitive information such as (but not limited to) racial or ethnic origin, religious or philosophical beliefs, sexual orientation or data concerning health.

If we do collect Special Category Data, we will ask for your explicit consent to our proposed use of that information at the time of collection. We will also ensure that the processing is in accordance with the principles set out in section 4 above (‘Data Protection Principles’) and one of the relevant statutory conditions set out in GDPR are met.

6. How we use your information

Under data protection law, we can only use your personal data if we have a proper reason, for example:

  • where you have given consent;
  • to comply with our legal and regulatory obligations;
  • for the performance of a contract with you or to take steps at your request before entering into a contract; or
  • for our legitimate interests or those of a third party.

A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own.

AMP will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you in a timely manner and we will explain the legal basis which allows us to do so.

Where we rely on legitimate interests as a lawful basis, we will carry out a balancing test to balance our interests against your own.

The purposes for which we use and process your information (excluding sensitive personal data) and the legal basis on which we carry out each type of processing are explained below

6.1 To enter into and perform contracts with you

It is necessary for us to process your data in this way in order to take steps before entering into a contract with you and to fulfil our contractual obligations to you.

6.2 To provide you with information and services that you request from us

It is in our legitimate interest to respond to your queries and provide any information requested in order to generate and develop business. To ensure we offer a good and responsive service, we consider this use to be proportionate and will not be prejudicial or detrimental to you.

6.3 To enable you to register on our Sites and access restricted areas, and sign up to e-newsletters.

It is in our legitimate interest to provide our services to you and to register you at your request.

6.4 To send you e-newsletters and marketing communications concerning AMP, market developments or notifications we believe may be of interest to you.

It is in our legitimate interest to promote and market our services. We consider this use to be proportionate and will not be prejudicial or detrimental to you.
You can always opt out of receiving direct marketing-related email communications by sending us an email or by following the unsubscribe link.

6.5 To invite you to events or other functions we believe may be of interest to you.

It is in our legitimate interest to market our services. We consider this use to be proportionate and we will not be prejudicial or detrimental to you.
You can always opt out of receiving direct marketing-related email communications by sending us an email or by following the unsubscribe link.

6.6 To populate our database which we use for marketing purposes.

It is in our legitimate interest to market our services. We endeavour to ensure that the contacts in our database are relevant and up-to-date.
We consider this use to be proportionate and will not be prejudicial or detrimental to you.

6.7 To enforce the terms and conditions and any contracts entered into with you

It is in our legitimate interest to enforce our terms and conditions of service. We consider this to be necessary for our legitimate interests and proportionate.

6.8 To send you information regarding the changes to our policies, other terms and conditions and other administrative information.

It is in our legitimate interest to ensure that any changes to our policies and other terms are communicated to you. We consider this use to be proportionate and  will not be prejudicial or detrimental to you.

6.9 Preventing or detecting fraud against you or us

It isIt is in our legitimate interest (and/or those of a third party) to ensure that fraud that could be carried out against you and/or us is minimised.

6.10 Activities necessary to comply with professional, legal and regulatory obligations that apply to our business (e.g. under health and safety law, statutory returns or rules issued by professional regulators)

It is in our legitimate interest to comply with our legal and regulatory obligations

6.11 Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies

It is in our legitimate interest (and/or those of a third party) to comply with our legal and regulatory obligations

6.12 Updating and enhancing customer records

It is in our legitimate interest (and/or those of a third party) to comply with our legal and regulatory obligations and to ensure that we can perform our contract(s) with you or take steps at your request before entering into a contract.

6.13 Preventing unauthorised access and modifications to systems

It is in our legitimate interest (and/or those of a third party) to comply with our legal and regulatory obligations and to prevent and detect criminal activity that could be damaging for you and/or us.

6.14 Operational reasons, such as improving efficiency, training and quality control

It is in our legitimate interest (and/or those of a third party) to be as efficient as we can to deliver the best service to you.

6.15 Ensuring business policies are adhered to (e.g. policies covering security and internet use)

It is in our legitimate interest (and/or those of a third party) to be following our own internal procedures so we can deliver the best service to you.

6.16 Ensuring the confidentiality of commercially sensitive information

It is in our legitimate interest (and/or those of a third party) to protect trade secrets and other commercially sensitive and/or valuable information and also to comply with our legal and regulatory obligations.

7. Email Marketing

We may use your personal data to send you updates (e.g. by email, text message, telephone or post) about our services and to contact you according to your marketing preferences.

For email marketing to an individual subscriber with whom we have not previously engaged as a customer, we need your consent to send you marketing emails.

We may ask you to confirm or update your marketing preferences if you ask us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.

We have a legitimate interest in using your personal data for marketing purposes (see above ‘6. How we use your information’). This means we do not usually need your consent to send you marketing information. However, where consent is needed, we will ask for this separately and clearly.

Where you provide consent, you may withdraw your consent at any time.

You have the right to opt out of receiving email marketing communications from us at any time by:

  • Contacting us using the contact details provided above; or
  • Using the ‘unsubscribe’ link in emails; or
  • Sending us an email to: legal@ampcleanenergy.com

8. Sharing your personal information with other organisations

We respect your privacy and will not share your personal data with third parties except as provided in this Privacy Policy.

We may share information for the purposes above with the following third parties in order to fulfil our contracting obligations:

  • Companies within the AMP group, including directors, staff and consultants based in the UK
  • Professional advisors;
  • Third parties and business partners (for example, contract hauliers) who are a part of delivering your products and providing services, or operating our business (for example, insurers and brokers);
  • Our bank(s);
  • Governmental and regulatory bodies such as HMRC, and the Information Commissioner’s Office;
  • Other organisations and businesses who provide services to us including (but not limited to) debt recovery agencies, back up and server hosting providers, IT software and maintenance providers, document storage providers and suppliers of other back office functions;
  • Credit Reference and Fraud Prevention Agencies (see below); and
  • Market research organisations and marketing companies who help us to develop and improve our products and services.

We only allow our service providers to handle your personal data if we are satisfied they take appropriate measures to protect your personal data.

We may also need to:

  • share personal data with external auditors, e.g. in relation to ISOand/or the audit of our accounts;
  • disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations;
  • share some personal data with other parties, such as potential buyers of some or all of our business or during a restructuring—usually, information will be anonymised but this may not always be possible, however, the recipient of the information will be bound by confidentiality obligations.

If you would like more information about who we share our data with and why, please contact us (see ‘3. Contacting us’ above).

9. Where is your personal data held?

Personal data may be held at our offices and those of our group companies, third party agencies, service providers, representatives and agents as described above (see above: (see 8. Sharing your personal information with other organisations’ as above).

Some of these third parties may be based outside the UK/EEA. For more information, including on how we safeguard your personal data when this happens, see below: ‘9. Is your personal information transferred outside the UK’.

10. Is your personal information transferred outside the UK?

We are based in the UK and have no interests outside the UK or the European Economic Area. Data may be transferred outside of the UK or EU by one of the customer relationship management platforms that we use, Hubspot. Hubspot conforms to the UK-US privacy shield and are therefore GDPR compliant.

Should this change in the future, we will make sure that suitable safeguards are in place.

11. Do you have to provide your personal information to us?

We may be unable to provide services or deliver products to you if certain information is not provided to us. We will let you know if the information we request from you is optional.

12. Monitoring processes that may involve your personal information

We may monitor where permitted by law and we will do this where the law requires it, or to comply with regulatory rules, to prevent or detect crime, in the interests of protecting the security of our communications systems and procedures and for quality control and staff training purposes. This information may be shared for the purposes described in the sections above.

In this section monitoring means any: listening to, recording of, viewing of, intercepting of, or taking and keeping records (as the case may be) of calls, email, text messages, social media messages, in person (face to face) meetings, website responses, and other communications.

13. Automated decision making

We currently do not use technology that makes automated decisions. However, with technological advancements there may come processes that determine whether to offer you a product or service, price, credit terms and conditions, or payment methods available using automated decision making. If we do this we will advise you where it is involved, with relevant contracts, legal authorisation, or seek your explicit consent if that is required.

14. How long do we keep your personal information?

In principle we will keep your personal information:

  • For as long as we have reasonable business needs, such as managing our relationship with you and managing our operations; or
  • For as long as we provide goods or services to you and then for as long as the relevant statutory limitation period applies; or
  • For as long as retention periods (to comply with legal and regulatory requirements or guidance) specify.

In all instances, we will not keep your personal data for longer than necessary. Different retention periods apply for different types of personal data.

15. Your rights under data protection laws

All individuals have the following rights under GDPR, which can be exercised free of charge:

AccessThe right to be provided with a copy of your personal data
RectificationThe right to require us to correct any mistakes in your personal data
Erasure (also known as the right to be forgotten)The right to require us to delete your personal data – in certain situations
Restriction of processingThe right to require us to restrict processing of your personal data in certain circumstances, e.g. if you contest the accuracy of the data
Data portabilityThe right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party – in certain situations
To objectThe right to object: —at any time to your personal data being processed for direct marketing (including profiling); —in certain other situations to our continued processing of your personal data, e.g. processing carried out for the purpose of our legitimate interests. 
Not to be subject to automated individual decision makingThe right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you 

If you would like to exercise any of those rights, please email, call or write to us—see above: ‘3. How to contact us’ and provide enough information to identify yourself and any additional identity information we may reasonably request from you and let us know what right you want to exercise and the information to which your request relates.

We endeavour at all times to respect and to comply with these rights except where there are legal bases or compliance requirements to retain information contrary to those rights. In such cases we will advise you of the circumstances which prevent us meeting your request and the specific reasons.

For further information on each of those rights, including the circumstances in which they apply, please contact us (see ‘3 – Contact Us’ above) or see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights.

16. Keeping your data secure

We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

17. Changes to our privacy policy

From time to time, we may change this Privacy Policy. The current version of this Policy will always be available from us in hard copy or on the Sites.

Updated and effective as of 17 November 2021.