|Post:||Data Enquiries AMP Clean Energy Third Floor, 1 Dover Street London W1S 4LD|
|Telephone:||0808 806 2891|
Updated and effective as of 29 March 2023.
Table of Contents
- Personal data we collect
- How we use your personal data
- How is processing your personal data lawful?
- Sharing your personal data with other organisations
- Is your personal data transferred outside of the UK?
- Keeping your personal data secure
- Monitoring processes that may involve your personal data
- How long do we keep your personal data?
- Your rights under the Data Protection Laws
1. Personal data we collect:
1.1 If we deal with you as a current or prospective customer or client, we may collect, use, store and transfer different personal data relating to you in order to provide our services and products to you.
1.2 Personal data means any information from which a living individual can be identified. We may collect the following personal data from you when you are introduced to us, when we meet you in person, or when we are in contact by phone, email, or via the “Contact Us” section on our Sites, and when you register on the Sites or otherwise.
1.3 The categories of personal data that we may collect includes (but may not be limited to):
- first and last name;
- job title and company name (“where relevant”);
- email address;
- phone number;
- postal address;
- your professional memberships and interests;
- billing information, transaction and payment card information;
- information to check and verify your identity (e.g. your date of birth);
- information to enable us to undertake credit or other financial checks on you;
- location data, if you choose to give this to us;
- demographic information, if you choose to give this to us;
- dash cam recording from our vehicles; and
- CCTV images when you are on our premises.
1.4 We do not generally seek to collect Special Category Data (e.g. data relating to an individual’s racial or ethnic origin, religious or philosophical beliefs, sexual orientation, or data concerning health or disabilities).
1.5 If we do collect Special Category Data, we will ask for your explicit consent to our proposed use of that information at the time of collection. We will also ensure that the processing is in accordance with the Data Protection Laws.
1.6 We will collect most personal data from you directly. We may also collect personal data about you from:
- publicly accessible sources e.g. Companies House and HMRC;
- third party sources of information e.g. business partners, subsidiaries, customer due diligence providers and credit reference agencies;
- public sources e.g. on websites associated with you or your company or on social media platforms such as LinkedIn; and
- a third party e.g. a person who has introduced you to us or other professionals (such as solicitors) you may engage.
1.8 For more information on cookies, please see our Cookies Policy.
2. How we use your personal data:
2.2 The purposes for which we use and process your personal data (excluding Special Category Data) and the legal basis on which we carry out each type of processing are explained below:
|Providing our goods and services||We collect, hold, use and disclose your personal data which is necessary to carry out our business functions or activities, including: providing our products and services to you and managing our contract with you;responding to your queries and providing you with information about the products and services that may be of interest to you;to enforce the terms and conditions and any contracts entered into with you; to enable you to register on our Sites and sign up to receiving our e-newsletters;complying with our legal and regulatory obligations, such as establishing your identity in order to comply with anti-money laundering regulations and our other legal and regulatory obligations;activities necessary to comply with professional, legal and regulatory obligations that apply to our business (e.g. under health and safety law, statutory returns or rules issued by professional regulators, or audits, enquiries or investigations by regulatory bodies); to send you information regarding the changes to our policies, other terms and conditions and other administrative information.||Contract, legal obligation and legitimate interests|
|Information Gathering||We may collect personal data from you electronically, for instance through our Sites. Each time you visit our Sites, we collect information about your use of the Site using cookies and other technological tools. The cookies we send to your device cannot read your hard drive, obtain any information from your browser or command your computer to perform any action.||Legitimate interests, consent|
|CCTV and dash cams||We use CCTV to protect our premises and staff from vandalism and violence. We use dash cams on our company vehicles for the protection of our drivers. Where you are on our premises or if our vehicles visit your property, your image may be captured.||Legitimate interest|
3. How is processing your personal data lawful:
- Legitimate Interests: We are permitted to process your personal data if it is based on our ‘legitimate interests’. A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own.
- Consent: Sometimes, we want to use your personal data in a way that is entirely optional for you, such as when you give consent for us to place cookies on your device. On these occasions, we will ask you to provide your consent.You can withdraw this consent at any time.
- Contract: It is necessary for our performance of a contract you have agreed to enter with us. If you do not provide your personal data to us, we may not be able to carry out our obligations under the terms of your contract.
- Legal Obligation: We are subject to legal obligations to process your personal data for the purposes of complying with applicable regulatory, accounting and financial rules, health and safety and to mandatory disclosures to government bodies, tax administrators and law enforcement agencies.
3.2 AMP will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you in a timely manner and we will explain the legal basis which allows us to do so.
4. Sharing your personal data with other organisations:
4.2 We may your share personal data, for the purposes listed above, with the following third parties:
- Companies within the AMP group, including directors, staff and consultants based in the UK;
- Professional advisors;
- Third parties and business partners (for example, contract hauliers) who are a part of delivering your products and providing services, or operating our business (for example, insurers and brokers);
- Our bank(s);
- Governmental and regulatory bodies such as HMRC, and the Information Commissioner’s Office;
- Other organisations and businesses who provide services to us including (but not limited to) debt recovery agencies, back up and server hosting providers, IT software and maintenance providers, document storage providers and suppliers of other back office functions;
- Credit Reference and Fraud Prevention Agencies (see below); and
- Market research organisations and marketing companies who help us to develop and improve our products and services.
4.3 We may also need to:
- share personal data with external auditors, e.g. in relation to ISO and/or the audit of our accounts;
- disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations; and
- share some personal data with other parties, such as potential buyers of some or all of our business or during a restructuring—usually, all information will be anonymised but this may not always be possible, however, the recipient of the information will be bound by confidentiality obligations.
5. Is your personal data transferred outside the UK?
5.1 We are based in the UK and have no interests outside the UK or the European Economic Area. However, we may transfer your personal data outside of the UK or European Economic Area to third-party providers (such as the customer relationship management platforms that we use).
6. Keeping your personal data secure:
6.1 We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your personal data will do so only in an authorised manner and are subject to a duty of confidentiality.
6.2 We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
7. Monitoring processes that may involve your personal data:
7.1 In this section monitoring means any: listening to, recording of, viewing of, intercepting of, or taking and keeping records (as the case may be) of calls, email, text messages, social media messages, in person (face to face) meetings, website responses, and other communications.
7.2 We may, and we will carry out monitoring where the law requires it, or to comply with regulatory rules, to prevent or detect crime, in the interests of protecting the security of our communications systems and procedures and for quality control and staff training purposes. This information may be shared for the purposes described in the sections above.
8. How long do we keep your personal data?
8.1 In principle we will keep your personal data:
- For as long as we have reasonable business needs, such as managing our relationship with you and managing our operations; or
- For as long as we provide goods or services to you and then for as long as the relevant statutory limitation period applies; or
- For as long as retention periods (to comply with legal and regulatory requirements or guidance) specify
8.2 In all instances, we will not keep your personal data for longer than necessary. Different retention periods apply for different types of personal data.
9. Your rights under the Data Protection Laws:
9.1 All data subjects have the following rights under the Data Protection Laws, which can be exercised free of charge:
|Access||The right to be provided with a copy of your personal data.|
|Rectification||The right to require us to correct any mistakes in your personal data.|
|Erasure (also known as the right to be forgotten)||The right to require us to delete your personal data – in certain situations.|
|Restriction||The right to require us to restrict processing of your personal data in certain circumstances, e.g. if you contest the accuracy of the data.|
|Data Portability||The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party – in certain situations.|
|To Object||The right to object to the processing of your personal data in certain circumstances (e.g. for direct marketing and profiling purposes). In certain situations, we may continue processing your personal data if we have a compelling reason to do so.|
|Not to be subject to Automated Decision Making||The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.|
9.3 In order to comply with your request, we may ask you to provide enough information to identify yourself as well as any additional identity information we may reasonably require. You will also need to let us know what right you want to exercise and the information to which your request relates.
9.4 We endeavour at all times to respect and to comply with these rights except where there are legal bases or compliance requirements to retain information contrary to those rights. In such cases we will advise you of the circumstances which prevent us meeting your request and the specific reasons.
10.2 You are also entitled to lodge a complaint with our data protection regulator, the Information Commissioner’s Office (ICO), which regulates and supervises the use of personal data in the UK. The ICO can be contacted on 0303 123 1113.