1. IMPORTANT NOTICE
This is the Privacy Notice of EnergySys Limited (company number 03487903) whose registered office is at Newton House, 38 Newton Road, Liphook, Hampshire, England, GU30 7DX (“EnergySys”, “we”, “us” or “our”) and sets out how we collect, use, share, secure and process your personal data. It also details your choices regarding our use of your personal information, and how you can access and correct any information we hold. This Privacy Notice also provides certain information that is legally required and lists your rights in relation to your personal data. Please read this Privacy Notice to understand how we may use your personal data.
This Privacy Notice applies to www.energysys.com, a site owned and operated by EnergySys and relates to personal information that identifies “you” meaning customers, potential customers, suppliers and any other individuals who browse our website. If you are an employee, contractor or otherwise engaged in work for us or applying to work for us, a separate privacy notice applies to you instead.
This Privacy Notice may vary from time to time so please check it regularly to ensure that you are aware of any changes. This updated version of this Privacy Notice is published in July 2023.
2. HOW TO CONTACT US
This Privacy Notice applies where we are a controller in respect of your personal data – this is where we decide how and why your personal data is processed.
EnergySys may send out promotional emails (such as newsletters) to individuals who provide personal information and have not opted-out of EnergySys’ mailing list. We use those communications to gauge the effectiveness of our advertising and marketing campaigns. Recipients may opt-out of receiving promotional emails from us by following the “unsubscribe” instructions provided in each promotional email or by emailing email@example.com.
Hudson House, 8 Albany Street
Edinburgh EH1 3QB
Telephone: +44 (0)1224 433 493
If there is anything you want to know about our product, our company, where and how we operate, or anything else, please get in touch using the above details.
3. CATEGORIES OF PERSONAL DATA WE COLLECT
The categories of personal data about you that we may collect, use, store, share and transfer are:
- Individual Data. This includes personal data which relates to your identity, such as your first name, middle name, last name, username or similar identifier, marital status, title, date of birth and gender and your contact details such as your billing address, delivery address, email address and telephone numbers where you voluntarily submit that information in order to download content, or via sales technical support;
- Organisation Data. This includes the name of the organisation of visitors who voluntarily submit that information in order to download content or via sales technical support questions;
- Marketing Data. This includes personal data which relates to your advertising preferences, such as information about your preferences in receiving marketing materials from us and our third parties and your communication preferences as well as your personal interests;
- Information Technology Data. This includes personal data which relates to your use of our website, such as your internet protocol (IP) address, login data, traffic data, weblogs and other communication data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website;
- Account and Profile Data. This includes personal data which relates to your account or profile on our website, such as your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses;
- Economic and Financial Data. This may include personal data which relates to finances, such as bank account and payment card details and information which we collect for the purposes of the prevention of fraud;
- Sales Data. This includes personal data which relates to the transactions you have conducted with us, such as details about payments, details of subscriptions to our services or publications and other details of products and services purchased from us;
- Audio and Visual Data. This includes personal data which is gathered using our CCTV or other recording systems such as Teams or Zoom in the form of images, video footage and sound recordings that is taken at any of our locations or otherwise by us for promotional purposes;
- Health Data. This includes personal data which is gathered for health and safety purposes including any accident report or claim log or any information you provide about allergies or other medical conditions during the booking process;
- Market Research Data. This includes personal data which is gathered for the purposes of market research, such as price comparison information.
We may also create Personal Data about you, for example, if you contact us by telephone to make a complaint, for example about our services or goods, then we may make a written record of key details of the conversation so that we can take steps to address the complaint.
We also obtain and use certain aggregated data such as statistical or demographic data for any purpose (“Aggregated Data”). Aggregated Data may be derived from your personal data but does not directly or indirectly reveal your identity. For example, we may aggregate your
Information Technology Data to calculate the percentage of users accessing a specific feature on our website. However, if we re-combine or re-connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Notice.
In addition, we may obtain certain special categories of your data / sensitive personal data, and this Privacy Notice specifically sets out how we may process these types of personal data. The special categories of data are: (i) personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; and (ii) the processing of genetic data, biometric data for the purposes of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
We do not collect any information about criminal convictions and offences.
4. THE SOURCES FROM WHICH WE OBTAIN YOUR PERSONAL DATA
We obtain your personal data from the following sources:
- Directly from you, either in person (at our locations or otherwise), via our website or by telephone or via mobile devices. This could include personal data which you provide when you:
- place an order for our products or services;
- create an account on our website;
- subscribe to our publications;
- request information on our products or services or for other marketing to be sent to you;
- enter into a promotion;
- complete a survey from us or give us feedback
- From someone else, such as:
- analytics providers (such as Google);
- our provider of customer feedback such as SurveyMonkey);
- AWS, our provider of online orders;
- advertising networks (such as LinkedIn);
- search information providers (such as Google);
- providers of technical, payment and delivery services (such as AWS);
- providers of validation services (such as Okta and Microsoft);
- third party sources from whom we have purchased certain data about you, (i.e. data brokers or aggregators and we may combine this data with data we already have;
- Trade publications;
- From publicly available sources, such as:
- Companies House.
5. HOW WE USE YOUR PERSONAL DATA
We collect personal data about you in order to:
- perform our contractual obligations to you. This would include:
- processing and performing any bookings and orders placed by you;
- orders placed by us where you are a supplier;
- making or receiving payments, fees and charges; and
- collecting and recovering money owed.
- manage our relationship with you including:
- to send you important notices such as communications about changes to our terms and conditions and policies (including this Privacy Notice);
- to provide you with important real-time information about products or services you have ordered from us (e.g. a change of time or location due to unforeseen circumstances);
- to fulfil orders;
- to verify identity;
- to send information requested;
- to deal with your enquiries, provide support and validation services, provide upgrade information and security updates and inform customers about ordered products and services;
- contacting you to discuss support, renewal and the purchase of additional products and services; and
- to ask you to leave a review or feedback on us;
- administer our business and carry out business activities;
- market and sell our products and services, make suggestions and recommendations to you about goods or services that may be of interest to you, deliver relevant website content and advertisements to you and to measure or understand the effectiveness of our advertising;
- communicate with you about, and administer your participation in, promotions or events.
- for internal purposes to use data analytics, to identify usage trends, determine and measure the effectiveness of promotional campaigns and advertising and to improve our website, products/services, marketing, customer relationships and experiences;
- protect our business including to deal with any misuse of our website and to comply with our security policies at our locations;
- use your personal data to comply with our own legal and industry obligations e.g. to comply with health and safety requirements, or to assist in a police investigation;
- for our blogs;
- to detect and prevent fraud and other illegal activities (and to assist regulators, trade bodies and law enforcement agencies in relation to the same);
- finance, restructure, sell, make ready for sale or dispose of our business in whole or in part including to any potential buyer or their advisers;
- use our knowledge of any health-related personal data you disclose to us in the event of illness or injury or some other related emergency or to record any accident or injury or other incident you may suffer when visiting any of our locations;
- investigate and defend any third-party claims or allegations;
6. OUR LAWFUL BASIS FOR PROCESSING YOUR PERSONAL DATA
Where we may rely on consent
For certain purposes it may be appropriate for us to obtain your prior consent. The legal basis of consent is only used by us in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way.
In the event that we rely on your consent, you may at any time withdraw the specific consent you give to our processing your personal data. Please contact us using the contact details set out in paragraph 2 to do so. Please note even if you withdraw consent for us to use your personal data for a particular purpose we may continue to rely on other lawful bases to process your personal data for other purposes.
Examples of when we may rely on your consent to process your personal data include:
- Personal testimonials or similar endorsements from satisfied customers. Any customer wishing to update or delete a testimonial may do so by contacting us at firstname.lastname@example.org.
- where we would like to use photos or images taken of you in promotional materials;
- where we or our carefully selected third parties have new products and services which we think you will be interested in.
Other legal bases we may rely on:
Where we are relying on a basis other than your consent, the lawful basis for processing personal data will be one of the following:
- the processing is necessary in order for us to comply with our legal obligations (such as compliance with anti-money laundering legislation);
- the processing is necessary for the performance of a contract you are party to or in order to take steps at your request prior to you entering into a contract;
- processing is necessary for the establishment, exercise or defence of legal claims; or
- the processing is necessary for the pursuit of our legitimate business interests. In particular, our legitimate interests include:
- the provision of goods and services;
- the recovery of debt;
- the provision of administration and / or IT services;
- the security of our IT network;
- the prevention of fraud;
- marketing of goods and services and promotion of our business;
- the reorganisation or sale or refinancing of the business or a group restructure.
- the study in how to develop and the update of our products and services;
- the development of our business strategy;
- protecting our business and property.
- the processing is necessary in order to protect the vital interests of an individual e.g. where there is a medical emergency at one of our premises.
Extra conditions for sensitive personal data:
Where we are processing your sensitive / special category personal data one of the following conditions will also apply:
- you have given your explicit consent to the processing;
- the processing relates to personal data which are manifestly made public by you;
- the processing is necessary for the establishment, exercise or defence of legal claims;
- the processing is necessary to protect an individual’s vital interests where the individual cannot give consent.
7. WHO RECEIVES YOUR PERSONAL DATA
We may disclose your personal data to:
- our group companies and affiliates or third party data processors who may process data on our behalf to enable us to carry out our usual business practices, including those who provide services on our behalf or help us with our business activities. Any such disclosure will only be to the extent necessary and for the purposes set out in and in accordance with this Privacy Notice. EnergySys never sells personal information to third parties. We restrict third party processors from sending spam associated with our site, brand or products and any individual receiving an unsolicited email relating to EnergySys’ products and services should forward the entire message and headers to email@example.com;
- our PR agency and feedback;
- HMRC, legal and other regulators or authorities, including those who request your personal data or to report any potential or actual breach of applicable law or regulation;
- external professional advisers such as accountants, bankers, insurers, auditors and lawyers;
- third parties which are considering or have decided to acquire some or all of our assets or shares, merge with us or to whom we may transfer our business (including in the event of a reorganisation, dissolution or liquidation);
- third parties operating plugins or content (such as Facebook, Twitter, Instagram) on our website or our blogs which you choose to interact with.
8. PERSONAL DATA ABOUT OTHER PEOPLE WHICH YOU PROVIDE TO US
If you provide personal data to us about someone else (such as one of your directors or employees, or someone with whom you have business dealings) you must ensure that you are entitled to disclose that personal data to us and that, without our taking any further steps, we may collect, use and disclose that personal data as described in this Privacy Notice.
You must ensure the individual concerned is aware of the various matters detailed in this Privacy Notice, as those matters relate to that individual, including our identity, how to contact us, the way in which we collect and use personal data and our personal data disclosure practices, that individual's right to obtain access to the personal data and make complaints about the handling of the personal data, and the consequences if the personal data is not provided.
9. ACCURACY OF YOUR PERSONAL INFORMATION
It is important that the personal data we hold about you is accurate and current and we take all reasonable precautions to ensure that this is the case but we do not undertake to check or verify the accuracy of personal data provided by you. Please keep us informed if your personal data changes during your relationship with us either by logging onto your account on the website or by contacting us. We may require that the updated information is verified before accepting the change request. We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal data that you provide to us.
10. INTERNATIONAL TRANSFERS OF PERSONAL DATA
It is possible that personal data we collect from you may be transferred, stored and/or processed outside the United Kingdom including outside the European Economic Area including to Australia and the United States of America in order for you to benefit from our services.
In connection with such transfers we will ensure that:
- there are appropriate safeguards in place such as binding corporate rules or approved model contractual clauses, addendum or IDTA. A copy of the appropriate safeguard can be obtained by contacting us using the contact details set out in paragraph 2 or
- the transfer is to a country that provides an adequate level of protection; or
- one of the derogations for specific situations applies to the transfer including explicit consent or necessary for the performance of a contract or exercise or defence of legal claims.
11. HOW LONG WE WILL STORE YOUR PERSONAL DATA FOR
We will store your personal data for the time period which is appropriate in accordance with the following criteria:
- the on-going business operation / relationship that we have with you;
- the completion of the purpose for which the personal data was given;
- our legal obligations in relation to that personal data and other legal requirements;
- the type and size of the data held and whether any if it is deemed to be special category personal data;
- resolve disputes and enforce our rights;
- taking account of any applicable industry standards; or
- our accounting requirements in relation to that personal data.
12. CONTRACTUAL OR STATUTORY REQUIREMENTS ON YOU TO PROVIDE PERSONAL DATA
In certain circumstances the provision of personal data by you is a requirement to comply with the law or a contract, or necessary to enter into a contract.
It is your choice as to whether you provide us with your personal data necessary to enter into a contract or as part of a contractual requirement. If you do not provide your personal data then the consequences of failing to provide your personal data are that we may not be able to perform to the level you expect under our contract with you. An example of this would be providing an email address to set up an account with us where we are unable to set up the account if we do not provide us with your email address, where we are unable to provide you with certain products or services as we do not have your full details, or where we cannot perform our contract with you at all because we rely on the personal data you provide in order to do so. Please see our terms and conditions for further details.
13. YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA
Subject to applicable law including relevant data protection laws, in addition to your ability to withdraw any consent you have given to our processing your personal data (see paragraph 6), you may have a number of rights in connection with the processing of your personal data, including:
- the right to request access to your personal data that we process and control;
- the right to request rectification of any inaccuracies in your personal data or, taking into account the purposes of our processing, to request that incomplete data is completed;
- the right to request, on legitimate grounds as specified in law:
- erasure of your personal data that we process or control; or
- restriction of processing of your personal data that we process or control;
- the right to object, on legitimate grounds as specified in law, to the processing of your personal data;
- the right to receive your personal data in a structured, commonly used and machine-readable format and to have your personal data transferred to another controller, to the extent applicable in law; and
- the right to lodge complaints regarding the processing of your personal data with the Information Commissioner’s Office or other relevant supervisory body. Please see https://ico.org.uk/concerns/ for how to do this.
If you would like to exercise any of the rights set out above, please contact us at firstname.lastname@example.org or by writing to us at the address listed at paragraph 2. We may ask for additional proof of the validity of a request if we have any doubts regarding its authenticity. We will respond to requests within a reasonably timeframe.
14. TECHNICAL AND SECURITY MEASURES
We take the security your personal data seriously and have technical and organisational measures to ensure a level of security appropriate to the risk. We use a mixture of measures including utilising technology to combat cybersecurity, data management techniques, user access and management procedures, physical security and guidelines for personnel. EnergySys only transmits personal information, including sensitive personal information, using secure sockets layer technology (SSL).
Our measures are aimed at having the ability to:
- ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; and
- restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.
Unfortunately, no method of transmission over the Internet or electronic storage is 100% secure. While EnergySys strives to use commercially acceptable standards to protect personal
information, EnergySys cannot guarantee absolute security. If you have any questions about the security of your personal information, please contact us at email@example.com.
15. LINKS TO OTHER WEBSITES