1.Our company values regarding user privacy and data protection
-User privacy and data protection are human rights.
-We have a duty of care our customers, staff and stakeholders with their data.
-Data is a liability and should only be collected and processed when necessary
-We dislike spam as much as you do.
-We will never sell, rent or otherwise distribute or make public your personal information.
Along with our business and internal computer systems, this website is designed to be used by UK residents only. It complies with the following national and EU legislation with regards to the data protection of our customers, partners and user privacy.
-Data Protection Act 1998 (DPA)
-Data Protection Bill 2018
-EU General Data Protection Regulations 2018 (GDPR)
3.Personal data that this website collects and why we collect it
This website collects and uses personal information for the following reasons:
3.1 Website Visitor Tracking
This website uses Google Analytics to track user interaction. We use this information to determine the number of people using our website, to better understand how you find and use our website, your journey to and from our site but also how you travel through it.
Google Analytics records data that does not identify you as an individual such as geographical location, your type of device, your type of internet browser, operating system and age group.
Disabling cookies on your internet browser will stop Google Analytics from tracking any part of your visit to any area of our website. For further information on cookies in section 4. Disabling cookies via our pop up reminder may also prevent some areas of our website to operate in the way they are intended.
3.2 Contact Forms
We use several different contact forms on this website. Should you choose to contact us by using our contact forms in any area of our website, none of the data that you supply will be stored by this website.
Data collected with these forms are the basic building blocks required to provide you with our products and services. Not providing this information or asking us to stop using it, will prevent us from offering our products and services to you.
3.3 Email Links
We provide a number of different email links for your convenience on our website. Should you choose to contact us by using our email links, none of the data that you supply will be stored by this website. You will essentially transfer off of our website and into your own email system.
3.4 Other Websites
Our website contains links to enable you to visit other sites of interest easily. Once you have used these links to leave our site you should note that we do not have any control of the other website. We cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Data collected about your interaction with this website is not transferred to or otherwise shared with the website you are transferring to.
3.5 Other People’s data
You must not send us personal information about someone else without first getting his or her consent for it to be used and disclosed in the ways set out in this statement. This is because we will assume he or she has agreed, although we may still ask for confirmation from them. Where you do give us information about someone else, or someone else discloses a connection with you, that information may be taken into account with your other personal information.
A cookie is a small text file containing information that our website transfers to your computer’s hard disk or other electronic devices for record-keeping purposes and allows us to analyse our site traffic patterns. It does not contain chocolate chips, you cannot eat it and there is no special hidden jar.
You can disable cookies by changing settings in the preferences or options menu in your browser. You can set your browser to reject or block cookies or tell you when a website tries to put a cookie on your electronic device. You can also delete cookies that are already stored on your device. Please be aware deleting and blocking all cookies from our website may stop parts of the site from working.
To find out more about cookies, including seeing what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org
If you do not wish to accept cookies from our website, please leave this site immediately and then delete and block all cookies from this site.
5.How we store your personal information
As detailed under section 3 above, if you contact us by using our contact forms, the information you provide will not be stored on the website’s database.
We endeavour to take all reasonable steps to protect your personal information. However, we cannot guarantee the security of any data that you disclose online and we will not be responsible for any breach of security unless this is due to our negligence or wilful default.
Once we receive your information into our in-house systems, your data will be stored securely on our own servers and within our own systems in line with legal requirements.
6.About this website’s server
This website is hosted by an external partner who are regulated and operate to ensure the protection of data accordingly.
7.Our Third Party Data Controllers and Data Processors
We use a number of third parties to process personal data on our behalf. These third parties have been carefully selected and all of them comply with the legislation set out in section 2.
The Company set out above shares your personal information with the following organisations. In some cases these organisations may be an additional Data Controller and/or Data Processors, depending on the source of grant funding in your personal circumstances. Due to the breadth of products and services offered by the Company, please contact the Company for any clarification you may require with regards to your personal data journey.
In any event, your information will only be used to deliver your chosen products or services.
Google Analytics is based in the U.S. and complies with the EU-US Privacy Shield.
The Department for Work and Pensions, based in the UK, overlooking applications of DWP recipients for grant funding. Their Information Charter can be found here.
The Department of Business, Energy and Industrial Strategy is based in the UK and oversees the meeting of energy efficiency legislation.
ECO Grant funding suppliers differ for each property and are dependent on postcode, type of measure and funding required. All obligated suppliers are listed here.
We will specifically ask you if you would like to hear from us in the future. Many of our offers are dependent on government policy, especially the availability of grant funding, where those who may not be eligible today, may be in the future. Enabling us to contact you in the future with offers of products and services does not prevent you from removing yourself from our distribution lists in the future. Contact us via firstname.lastname@example.org with the subject line ‘remove’ and we will do so.
We will report any unlawful data breach relevant to this website, our in-house database or the database of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach, if it is apparent that personal data stored in an identifiable manner has been lost, stolen or accidentally destroyed.
Our first point of contact in such cases is the Information Commissioners Office (ICO) as our regulatory authority in all aspects of privacy and data protection. The ICO can be contacted via www.ico.org.uk and our registration with them can be found on the public register.
10. Data Controller
The data controller of this website is B-Ecosmart Limited. Our registration with the ICO can be found on the public register under our registered address.
12.Your Rights under the GDPR from May 2018
a)The right to be informed.
We meet your rights by providing you with this Privacy Statement.
b)The right of access.
You have the right to obtain confirmation that your data is being processed and access to your personal information, also known as Subject Access Rights.
c)The right of rectification.
You have the right to update us with any changes to your personal information if it is inaccurate or incomplete.
d)The right of erasure.
The right to erasure is also known as ‘the right to be forgotten’. The broad principle underpinning this right is to enable you to request the deletion or removal of personal data whether there is no compelling reason for its continued processing.
e)The right to restrict processing.
When processing is restricted, you permit us to store your personal data, but do not allow us to further process it. We can retain just enough information about you to ensure that the restriction is respected in future.
f)The right to data portability.
It allows you to obtain and reuse your personal data for your own purposes across different services. It allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability.
g)The right to object.
You have the right to object to processing on legitimate interests or the performance of a task in the public interest, direct marketing and processing for purposes of scientific or historical research and statistics.
h)The right to lodge a complaint with a supervisory authority.
The supervisory authority with regards to data protection and privacy is the Information Commissioners Office (ICO). Contact them on www.ico.org.uk or telephone 0303 123 1113.
13. Subject Access Request
You have the right to see your personal data as defined under the legislation that we keep about you upon receipt of a written request. Any request should be sent to our head office for processing.
We will ask you to verify your identity and will not provide such information until such time as we are satisfied that you have a right to this information.
Information will be provided to you within 30 days unless in exceptionally challenging situations where we may advise you of an extension of up to 60 days.
14. Data Retention
Once you have provided your information, the Company will retain your information as relevant to your product, service, grant funding and installation arrangements as outlined below.
Record Type Retention Period
Company accounts, Finance & VAT records 6 years and current
Money Laundering 5 years
Internal audit records 6 years
Communication records (including enquiries) 12 months from transaction
Warranty Records for Cavity Wall Insulation, 25 years from transaction
External Wall Insulation & Internal Wall Insulation
ECO Customer Records including installation 6 years from transaction
Consumer Credit Records 6 years from last transaction
Health and Safety Accident and Incident Records 40 years
Waste 3 years from transaction
Electronic Waste (WEEE) 4 years from transaction
Data Record destruction records 6 years after activity
15. Changes to our privacy statement
This privacy statement may change from time to time in line with legislation, industry changes and internal company developments. We will not explicitly inform our customers, partners or website users of these changes.