Privacy Policy
Last updated: December 15, 2024
Shephartri Green Energy Ltd ("we", "our", or "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website shephartri.com or use our services.
This policy is designed to comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access or use our website or services.
Data Controller Information
Company: Shephartri Green Energy Ltd
Address: 45 Renewable Way, Birmingham B15 2DT, United Kingdom
Email: [email protected]
Phone: 0121 654 3210
ICO Registration: ZA123456
1. Information We Collect
1.1 Personal Information
We may collect personal information that you voluntarily provide to us when you:
- Request a quote or consultation through our website forms
- Subscribe to our newsletter or marketing communications
- Contact us via phone, email, or other communication methods
- Schedule an appointment or service visit
- Apply for financing or government grants through our services
- Leave reviews or feedback about our services
This personal information may include:
- Full name and contact details (address, phone number, email)
- Property information and energy usage data
- Financial information for quotes and financing applications
- Communication preferences and marketing permissions
- Any other information you choose to provide
1.2 Technical Information
When you visit our website, we automatically collect certain technical information, including:
| Information Type | Purpose | Legal Basis |
|---|---|---|
| IP address and location data | Security, analytics, and service improvement | Legitimate interest |
| Browser type and version | Website compatibility and optimization | Legitimate interest |
| Device information | Responsive design and user experience | Legitimate interest |
| Website usage patterns | Analytics and content improvement | Consent (cookies) |
| Referral sources | Marketing effectiveness analysis | Legitimate interest |
2. How We Use Your Information
We process your personal information for the following purposes:
2.1 Service Delivery
- Providing quotes and consultations for renewable energy systems
- Scheduling and conducting site surveys and installations
- Processing warranty claims and providing customer support
- Maintaining records for regulatory compliance and quality assurance
2.2 Communication
- Responding to your inquiries and service requests
- Sending service updates and appointment confirmations
- Providing technical support and maintenance reminders
- Sending newsletters and educational content (with your consent)
2.3 Business Operations
- Processing payments and managing financial transactions
- Complying with legal and regulatory requirements
- Maintaining business records and improving our services
- Preventing fraud and ensuring website security
2.4 Marketing (with consent)
- Sending promotional offers and service announcements
- Conducting market research and customer surveys
- Personalizing marketing content and communications
- Managing social media interactions and content
3. Legal Basis for Processing
Under UK GDPR, we process your personal data based on the following legal grounds:
3.1 Consent
We rely on your explicit consent for:
- Marketing communications and newsletters
- Non-essential cookies and tracking technologies
- Sharing testimonials and case studies
3.2 Contract Performance
We process data to fulfill our contractual obligations when:
- Providing renewable energy system installations
- Delivering maintenance and support services
- Processing payments and managing warranties
3.3 Legal Obligation
We process data to comply with legal requirements, including:
- MCS certification and installation standards
- Health and safety regulations
- Financial services and anti-money laundering rules
- Tax and accounting requirements
3.4 Legitimate Interest
We process data for legitimate business interests, such as:
- Website security and fraud prevention
- Business analytics and service improvement
- Customer relationship management
- Internal administration and record-keeping
4. Information Sharing and Disclosure
We do not sell, trade, or rent your personal information to third parties. We may share your information in the following circumstances:
4.1 Service Partners
We work with trusted partners to deliver our services:
- Installation Teams: Certified subcontractors who perform installations
- Equipment Suppliers: Solar panel and equipment manufacturers for warranties
- Financial Partners: Banks and finance companies for loan applications
- Government Bodies: For grant applications and regulatory compliance
4.2 Technology Providers
- Website Hosting: Secure hosting providers for our website and databases
- Email Services: For newsletter and communication delivery
- Analytics Platforms: For website performance and user behavior analysis
- CRM Systems: For customer relationship management
4.3 Legal Requirements
We may disclose your information when required by law or to:
- Comply with legal processes or court orders
- Respond to government requests or regulatory inquiries
- Protect our rights, property, or safety
- Prevent fraud or investigate security incidents
5. Data Security
We implement appropriate technical and organizational measures to protect your personal information:
5.1 Technical Safeguards
- SSL/TLS encryption for all data transmission
- Secure database storage with access controls
- Regular security updates and system monitoring
- Firewall protection and intrusion detection systems
5.2 Organizational Measures
- Staff training on data protection and privacy
- Access controls and need-to-know principles
- Regular security audits and risk assessments
- Incident response procedures for data breaches
6. International Data Transfers
We primarily process data within the UK. When we transfer data outside the UK, we ensure adequate protection through:
- Adequacy decisions recognized by the UK government
- Standard contractual clauses approved by the ICO
- Certification schemes and codes of conduct
- Binding corporate rules for multinational partners
7. Data Retention
We retain your personal information only as long as necessary for the purposes outlined in this policy:
| Data Type | Retention Period | Reason |
|---|---|---|
| Customer installation records | 25 years | Warranty obligations and safety requirements |
| Financial and tax records | 7 years | Legal and regulatory compliance |
| Marketing communications | Until consent withdrawn | Ongoing marketing relationships |
| Website analytics data | 26 months | Business analytics and improvement |
| Quote and inquiry data | 3 years | Customer service and follow-up |
8. Your Rights
Under UK GDPR, you have the following rights regarding your personal information:
8.1 Right of Access
You can request a copy of the personal information we hold about you, including details about how we process it.
8.2 Right to Rectification
You can ask us to correct any inaccurate or incomplete personal information.
8.3 Right to Erasure
You can request deletion of your personal information in certain circumstances, such as when it's no longer necessary for the original purpose.
8.4 Right to Restrict Processing
You can ask us to limit how we use your personal information in specific situations.
8.5 Right to Data Portability
You can request your personal information in a structured, machine-readable format for transfer to another service provider.
8.6 Right to Object
You can object to processing based on legitimate interests or for direct marketing purposes.
8.7 Right to Withdraw Consent
You can withdraw your consent at any time where we rely on consent as the legal basis for processing.
9. Cookies and Tracking Technologies
Our website uses cookies and similar technologies. Please refer to our Cookie Policy for detailed information about:
- Types of cookies we use
- How to manage cookie preferences
- Third-party cookies and analytics
- Your choices regarding tracking technologies
10. Children's Privacy
Our services are not directed to children under 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately so we can delete it.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will:
- Post the updated policy on our website with the revision date
- Notify you of significant changes via email if you're on our mailing list
- Provide additional notice for material changes that affect your rights
12. Contact Information and Complaints
Contact Our Data Protection Team
If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:
Email: [email protected]
Phone: 0121 654 3210
Post: Data Protection Officer, Shephartri Green Energy Ltd, 45 Renewable Way, Birmingham B15 2DT
Complaints to the ICO
You have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have not handled your personal information properly:
ICO Website: ico.org.uk
ICO Helpline: 0303 123 1113
Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
13. Definitions
Personal Information/Data: Any information relating to an identified or identifiable natural person.
Data Controller: The entity that determines the purposes and means of processing personal data (Shephartri Green Energy Ltd).
Data Processor: An entity that processes personal data on behalf of the data controller.
Processing: Any operation performed on personal data, including collection, recording, organization, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, alignment, combination, restriction, erasure, or destruction.
This Privacy Policy was last updated on December 15, 2024, and is effective immediately.