Privacy Policy

Introduction

This Privacy Policy is provided by Aggregated Micro Power Holdings Limited and our subsidiaries AMP Biomass Fuel Ltd, AMP Energy Services Limited and AMP Clean Energy Services Limited (“AMP”, “we”, “our” or “us”) who are each a “controller” for the purposes of the UK General Data Protection Regulation (“UK GDPR”) as implemented by the Data Protection Act 2018 (collectively referred to as the “Data Protection Laws”).

At AMP, we are committed to protecting your information and take your privacy very seriously.  Please read this Privacy Policy carefully as it contains important information on who we are and how and why we collect, store, use and share your personal data.  It also explains your rights in relation to your personal data and how to contact us or supervisory authorities in the event you have a complaint.

This Privacy Policy applies when you visit our website https://www.ampcleanenergy.com and any mobile site or applications that link to this Privacy Policy (collectively, the “Sites”).  It also applies where we provide our products and services to you or are in contact with you in other ways, whether in your capacity as an individual or as director, shareholder, partner, employee or other representative of a company or other organisation which uses our services.

If you have any questions about our Privacy Policy, if you would like to exercise any of your rights as described in this Privacy Policy, you can contact us using the information listed below:

Post:Data Enquiries AMP Clean Energy Third Floor, 1 Dover Street London W1S 4LD
Telephone:0808 806 2891
Email:legal@ampcleanenergy.com

Changes to our Privacy Policy:

From time to time, we may change this Privacy Policy. The current version of this Privacy Policy will always be available from us in hard copy or on the Sites.

Updated and effective as of 29 March 2023.

Table of Contents

  1. Personal data we collect
  2. How we use your personal data
  3. How is processing your personal data lawful?
  4. Sharing your personal data with other organisations
  5. Is your personal data transferred outside of the UK?
  6. Keeping your personal data secure
  7. Monitoring processes that may involve your personal data
  8. How long do we keep your personal data?
  9. Your rights under the Data Protection Laws
  10. Complaints

1. Personal data we collect:

1.1 If we deal with you as a current or prospective customer or client, we may collect, use, store and transfer different personal data relating to you in order to provide our services and products to you.

1.2 Personal data means any information from which a living individual can be identified.  We may collect the following personal data from you when you are introduced to us, when we meet you in person, or when we are in contact by phone, email, or via the “Contact Us” section on our Sites, and when you register on the Sites or otherwise.

1.3 The categories of personal data that we may collect includes (but may not be limited to):

  • first and last name;
  • job title and company name (“where relevant”);
  • email address;
  • phone number;
  • postal address;
  • your professional memberships and interests;
  • billing information, transaction and payment card information;
  • information to check and verify your identity (e.g. your date of birth);
  • information to enable us to undertake credit or other financial checks on you;
  • location data, if you choose to give this to us;
  • demographic information, if you choose to give this to us;
  • dash cam recording from our vehicles; and
  • CCTV images when you are on our premises.

1.4 We do not generally seek to collect Special Category Data (e.g. data relating to an individual’s racial or ethnic origin, religious or philosophical beliefs, sexual orientation, or data concerning health or disabilities).

1.5 If we do collect Special Category Data, we will ask for your explicit consent to our proposed use of that information at the time of collection.  We will also ensure that the processing is in accordance with the Data Protection Laws.

1.6 We will collect most personal data from you directly. We may also collect personal data about you from:

  • publicly accessible sources e.g. Companies House and HMRC;
  • third party sources of information e.g. business partners, subsidiaries, customer due diligence providers and credit reference agencies;
  • public sources e.g. on websites associated with you or your company or on social media platforms such as LinkedIn; and
  • a third party e.g. a person who has introduced you to us or other professionals (such as solicitors) you may engage.

1.7 If you interact with us online, we may also use cookies and other technological tools to collect information about your device and your use of our Sites, such as your device’s IP address, your user ID and session identifiers, what pages your device visited, and the time that your device visited our Site.

1.8 For more information on cookies, please see our Cookies Policy.

2. How we use your personal data:

2.1 We may use your personal data for the purposes set out in this Privacy Policy.  We are allowed to do so on certain legal bases (please see “How is processing your personal data lawful” for further details).

2.2 The purposes for which we use and process your personal data (excluding Special Category Data) and the legal basis on which we carry out each type of processing are explained below:

Purpose:Explanation:Legal Basis:
Providing our goods and servicesWe collect, hold, use and disclose your personal data which is necessary to carry out our business functions or activities, including: providing our products and services to you and managing our contract with you;responding to your queries and providing you with information about the products and services that may be of interest to you;to enforce the terms and conditions and any contracts entered into with you; to enable you to register on our Sites and sign up to receiving our e-newsletters;complying with our legal and regulatory obligations, such as establishing your identity in order to comply with anti-money laundering regulations and our other legal and regulatory obligations;activities necessary to comply with professional, legal and regulatory obligations that apply to our business (e.g. under health and safety law, statutory returns or rules issued by professional regulators, or audits, enquiries or investigations by regulatory bodies); to send you information regarding the changes to our policies, other terms and conditions and other administrative information.Contract, legal obligation and legitimate interests
Information GatheringWe may collect personal data from you electronically, for instance through our Sites.  Each time you visit our Sites, we collect information about your use of the Site using cookies and other technological tools.  The cookies we send to your device cannot read your hard drive, obtain any information from your browser or command your computer to perform any action.Legitimate interests, consent
MarketingWe use your contact details in order to send you e-newsletters, to invite you to events or other functions, or send you communications concerning AMP marketing developments that we believe may be of interest to you.  We may ask you to confirm or update your marketing preferences if you ask us to provide further services in the future, or if there are any changes in the law, regulation or structure of AMP.  You can always opt out of receiving direct marketing-related email communications by contacting us using the contact details provided at the beginning of this Privacy Policy or, by selecting the unsubscribe link.Legitimate interest, consent
CCTV and dash camsWe use CCTV to protect our premises and staff from vandalism and violence.  We use dash cams on our company vehicles for the protection of our drivers.  Where you are on our premises or if our vehicles visit your property, your image may be captured.Legitimate interest

3. How is processing your personal data lawful:

3.1 We are allowed to process your personal data, for the purposes explained in this Privacy Policy, on the following legal bases:

  • Legitimate Interests: We are permitted to process your personal data if it is based on our ‘legitimate interests’.  A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.  We will carry out an assessment when relying on legitimate interests, to balance our interests against your own.
  • Consent: Sometimes, we want to use your personal data in a way that is entirely optional for you, such as when you give consent for us to place cookies on your device.  On these occasions, we will ask you to provide your consent.You can withdraw this consent at any time.
  • Contract: It is necessary for our performance of a contract you have agreed to enter with us.  If you do not provide your personal data to us, we may not be able to carry out our obligations under the terms of your contract.
  • Legal Obligation: We are subject to legal obligations to process your personal data for the purposes of complying with applicable regulatory, accounting and financial rules, health and safety and to mandatory disclosures to government bodies, tax administrators and law enforcement agencies.

3.2 AMP will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.  If we need to use your personal data for an unrelated purpose, we will notify you in a timely manner and we will explain the legal basis which allows us to do so.

4. Sharing your personal data with other organisations:

4.1 We respect your privacy and will not share your personal data with third parties except as provided in this Privacy Policy. We only allow third parties who are our service providers to handle your personal data if we are satisfied they take appropriate measures to protect your personal data.

4.2 We may your share personal data, for the purposes listed above, with the following third parties:

  • Companies within the AMP group, including directors, staff and consultants based in the UK;
  • Professional advisors;
  • Third parties and business partners (for example, contract hauliers) who are a part of delivering your products and providing services, or operating our business (for example, insurers and brokers);
  • Our bank(s);
  • Governmental and regulatory bodies such as HMRC, and the Information Commissioner’s Office;
  • Other organisations and businesses who provide services to us including (but not limited to) debt recovery agencies, back up and server hosting providers, IT software and maintenance providers, document storage providers and suppliers of other back office functions;
  • Credit Reference and Fraud Prevention Agencies (see below); and
  • Market research organisations and marketing companies who help us to develop and improve our products and services.

4.3 We may also need to:

  • share personal data with external auditors, e.g. in relation to ISO and/or the audit of our accounts;
  • disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations; and
  • share some personal data with other parties, such as potential buyers of some or all of our business or during a restructuring—usually, all information will be anonymised but this may not always be possible, however, the recipient of the information will be bound by confidentiality obligations.

4.4 If you would like more information about who we share your personal data with and why, please contact us using the contact details provided at the beginning of this Privacy Policy.  Some of the organisations listed above will also be controllers so you should review their privacy policy to understand how they will process your personal data.

5. Is your personal data transferred outside the UK?

5.1 We are based in the UK and have no interests outside the UK or the European Economic Area. However, we may transfer your personal data outside of the UK or European Economic Area to third-party providers (such as the customer relationship management platforms that we use).

5.2 Any transfers or processing of your personal data outside of the UK and/or the European Economic Area will be carried out in accordance with the Data Protection Laws to safeguard your privacy rights and to provide you with remedies in the unlikely event of a security breach.  If you would like more information about the countries to which personal data is sent and why, please contact us using the contact details provided at the beginning of this Privacy Policy.

6. Keeping your personal data secure:

6.1 We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully.  We limit access to your personal data to those who have a genuine business need to access it.  Those processing your personal data will do so only in an authorised manner and are subject to a duty of confidentiality.

6.2 We also have procedures in place to deal with any suspected data security breach.  We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

7. Monitoring processes that may involve your personal data:

7.1 In this section monitoring means any: listening to, recording of, viewing of, intercepting of, or taking and keeping records (as the case may be) of calls, email, text messages, social media messages, in person (face to face) meetings, website responses, and other communications.

7.2 We may, and we will carry out monitoring where the law requires it, or to comply with regulatory rules, to prevent or detect crime, in the interests of protecting the security of our communications systems and procedures and for quality control and staff training purposes.  This information may be shared for the purposes described in the sections above.

8. How long do we keep your personal data?

8.1 In principle we will keep your personal data:

  • For as long as we have reasonable business needs, such as managing our relationship with you and managing our operations; or
  • For as long as we provide goods or services to you and then for as long as the relevant statutory limitation period applies; or
  • For as long as retention periods (to comply with legal and regulatory requirements or guidance) specify

8.2 In all instances, we will not keep your personal data for longer than necessary.  Different retention periods apply for different types of personal data.

8.3 If you would like more information on how long we will retain your personal data, please contact us using the contact details provided at the beginning of this Privacy Policy.

9. Your rights under the Data Protection Laws:

9.1 All data subjects have the following rights under the Data Protection Laws, which can be exercised free of charge:

AccessThe right to be provided with a copy of your personal data.
RectificationThe right to require us to correct any mistakes in your personal data.
Erasure (also known as the right to be forgotten)The right to require us to delete your personal data – in certain situations.
RestrictionThe right to require us to restrict processing of your personal data in certain circumstances, e.g. if you contest the accuracy of the data.
Data PortabilityThe right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party – in certain situations.
To ObjectThe right to object to the processing of your personal data in certain circumstances (e.g. for direct marketing and profiling purposes).  In certain situations, we may continue processing your personal data if we have a compelling reason to do so.
Not to be subject to Automated Decision MakingThe right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.

9.2 If you would like to exercise any of these rights, please contact us using the contact details provided at the beginning of this Privacy Policy.

9.3 In order to comply with your request, we may ask you to provide enough information to identify yourself as well as any additional identity information we may reasonably require. You will also need to let us know what right you want to exercise and the information to which your request relates.

9.4 We endeavour at all times to respect and to comply with these rights except where there are legal bases or compliance requirements to retain information contrary to those rights. In such cases we will advise you of the circumstances which prevent us meeting your request and the specific reasons.

9.5 For further information on each of your rights, including the circumstances in which they apply, please contact us using the contact details provided at the beginning of this Privacy Policy or see the Guidance from the UK Information Commissioner’s Office (ICO) on individual rights.

10. Complaints:

10.1 It is important to ensure that you have read this Privacy Policy carefully.  If you do not think that we have processed your personal data in accordance with this policy, you should let us know as soon as possible.

10.2 You are also entitled to lodge a complaint with our data protection regulator, the Information Commissioner’s Office (ICO), which regulates and supervises the use of personal data in the UK.  The ICO can be contacted on 0303 123 1113.