We are independent “data controllers” for the purposes of the UK General Data Protection Regulation (EU) 2016/679 and the UK Data Protection Act 2018 (collectively referred to as the “Data Protection Laws”). This means we determine the “how” and the “why” of the processing of your Personal Data. We are committed to protecting your privacy and processing your Personal Data fairly and lawfully in compliance with the Data Protection Laws.
2. Fair and lawful processing
We will only process your Personal Data, where:
- you have given your consent to such processing (which you may withdraw at any time, as detailed at clause 9 below);
- the processing is necessary to provide our services to you under a contract we may have with you or your employer, or through this website;
- the processing is necessary for compliance with our legal obligations; and/or
- the processing is necessary for our legitimate interests or those of any third party recipients that receive your personal data (as detailed in clauses 5 and 7 below). By “processing”, we mean the collection, recording, storage, use, disclosure and any other form of operations or dealings with your Personal Data.
3. What personal data we collect about you
If we deal with you as a current or prospective customer or client, we typically collect and process the following types of Personal Data about you (but note this is not limited to):
- Your name, email address and other contact details (either personal or business, as may be necessary);
- Your role, position and/or job title within your employer;
- Your area of employment (e.g. marketing, sales, procurement);
- Details of your preferences for types of marketing events or activity; and
- Details of your visits to our premises;
- CCTV images when you are on our premises.
We do not collect any special category information (e.g. medical information, race or ethnic origin, religion) unless we have your consent to do so.
In certain circumstances it will be necessary for you to provide us with your Personal Data, to enable us to manage our operations, to provide services to you or your employer or to comply with our statutory obligations. In other circumstances, it will be at your discretion whether you provide us with Personal Data or not. However, failure to supply any of the Personal Data we request may mean that we are unable to maintain or provide services or products to you or your employer, or otherwise fulfil a contract we may have in place with you or your employer.
We make every effort to maintain the accuracy and completeness of all Personal Data which we store and to ensure your Personal Data is up to date. However, you can assist us with this considerably by promptly contacting us if there are any changes to your Personal Data, or if you become aware that we have inaccurate Personal Data relating to you (see clause 9 below).
4. How we Collect Personal Data
We usually collect your Personal Data directly from you during the course of your and/or your employer’s relationship with us. Your Personal Data will be collected when:
- You send us emails and other correspondence;
- We receive your business card;
- You sign and return any documentation to us;
- You sign up to receiving our marketing communications;
- You are named as an authorised person to trade on behalf of your employer;
- You sign up to use or access any of our products and/or services either on your own behalf, or on the behalf of your employer;
- You communicate with us using the “Contact Us” section of this website; and
- You visit our premises.
5. How we Use Personal Data
We will process your Personal Data in connection with the management of our relationship with you for the following purposes:
- for monitoring and assessing compliance with our policies and standards;
- for promotional and marketing materials and activities, including photos and videos;
- to carry out money laundering, financial and credit checks and for fraud and crime prevention and detection purposes;
- to provide you or your employer with requested products or services, or to otherwise fulfil our obligations under any contract we may have with your or your employer;
- to identify persons authorised to trade on behalf of our Customers, Suppliers and/or Service Providers;
- for administrative purposes in relation to the security and access of our systems, premises, platforms and secured websites and applications;
- to contact you about the services and products we offer (where we have received your consent to do so, or we believe that you may be interested in the material as it relates to similar products or services you have previously acquired, or indicated your interest in acquiring, from us);
- to comply with our legal and regulatory obligations and requests anywhere in the world, including reporting to and/or being audited by national and international regulatory bodies;
- to comply with court orders and exercise and/or defend our legal rights;
- for any other legitimate business purpose;
- as otherwise permitted or required by any applicable law or regulation;
- for recording and monitoring any incidents involving our vehicles;
- for investigating any claims related to incidents with our vehicles;
- for recording and monitoring the locations of our vehicles for the purpose of managing business operations;
- for recording and monitoring security of our premises and personnel; and/or
- for recording and monitoring health and safety incidents on our premises.
6. International Transfers of Personal Data
The Personal Data we collect from you may be transferred to (including accessed in or stored in) a country or territory located outside of the UK or European Economic Area (“EEA”), including to countries whose laws may not offer the same level of protection of Personal Data as are enjoyed within the UK or EEA.
Whenever we transfer your personal data out of the UK or EEA, we ensure a similar degree of protection is afforded to it, by ensuring at least one of the following safeguards is implemented:
- We will only transfer your persona data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission; or
- Where we use certain service providers, we may use specific contracts approved by the UK government, which give personal data the same protection it has in Europe.
Please contact us, if you want any additional information on the specific mechanisms used by us when transferring your personal data outside of the UK and/or EEA (our contact details can be found in Section 12 below).
7. When we may disclose your personal data
- to any group company of Conrad Energy Limited or Conrad Energy Group II Limited;
- to third parties who process your Personal Data on our behalf (such as our systems providers including cloud providers);
- to third parties who process your Personal Data on their own behalf but through providing us or your employer with a service on our behalf (such as our suppliers);
- to legal advisors, security services and companies providing services for money laundering checks, credit risk reduction and other fraud and crime prevention purposes and companies providing similar services, including financial institutions, credit reference agencies and regulatory bodies with whom such information is shared;
- to any third party to whom we transfer any of our business or assets;
- to any prospective buyer in the event we sell any part of our business or assets;
- to any government, regulatory agency, enforcement or exchange body or court where we are required to do so by applicable law or regulation or at their request;
- for law enforcement or crime detection purposes; and/or
- to our insurers where one of our vehicles is involved in accident involving you.
If you want further information about parties we share personal data with, please contact us on the details in Section 12 below.
8. How we protect your personal data
We are committed to safeguarding and protecting Personal Data and have implemented and maintain appropriate technical and organisational measures to ensure a level of security appropriate to protect any Personal Data provided to us from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored or otherwise processed. We aim to ensure that the level of security, and the measures adopted to protect your Personal Data, are appropriate for the risks presented by the nature and use of your Personal Data.
9. Your rights in relation to the personal data we collect
You have the following rights under the Data Protection Laws:
- the right to object to processing of your personal data;
- the right of access to personal data relating to you (known as data subject access request);
- the right to correct any mistakes in your information;
- the right to ask us to stop contacting you with direct marketing;
- the right to restrict your personal data being processed;
- the right to have your personal data ported to another controller;
- the right to withdraw your consent;
- the right to erasure; and
- rights in relation to automated decision making.
If you wish to exercise any of your rights (set out above), you can request this by emailing us at: firstname.lastname@example.org. We endeavour to respond to such requests within a month or less, although we reserve the right to extend this period where a request is complex.
In order to satisfy your request, we may request specific information from you in order to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure in order for us to comply with our security obligations and to prevent the unauthorised disclosure of your Personal Data.
10. How long we will hold your personal data for
We will only retain your Personal Data for as long as necessary to fulfil the purpose for which it was collected or to comply with legal, regulatory or internal policy requirements.
We keep information related to our contracts with our customers for 6 years after the contract terminates. CCTV recordings are retained for 30 days.
12. How you can contact us
Email: email@example.com for the attention of the Privacy Manager.
Post: Privacy Manager, Conrad Energy Limited, Suites D&E Windrush Court, Blacklands Way, Abingdon, OX14 1SY
13. How to lodge a complaint to the regulator
Should you wish to make a complaint about the management of your Personal Data, please email our Privacy Manager at firstname.lastname@example.org. We will make a record of your complaint and take any necessary steps to ensure that this is investigated and actioned accordingly.
If you are dissatisfied with our response, you are entitled to lodge a complaint with our data protection regulator if you consider that we have breached your data protection rights.
Our data protection regulator is the Information Commissioner’s Office (“ICO”). Information on how to do this is available on the ICO’s website at: www.ico.org.uk.