2018 has been an exciting year for EOGB with company milestones, making strides in research and development and the launch of a new brand into the UK heating market. As we look back on our bumper year, we wanted to share some of our favourite
EOGB Energy Products Ltd collects and processes personal information, or data, relating to anybody that has interacted with EOGB or its website to manage the working relationship. This personal information may be held by the Company on paper or in electronic format.
The Company is committed to being transparent about how it handles your personal information, to protect the privacy and security of your personal information and meet its data protection obligations under the General Data Protection Regulation (“GDPR”) and the Data Protection Act 2018. The purpose of this privacy notice is to make you aware of how and why we will collect and use your personal information both during and after your interaction with the Company. We are required under the GDPR to notify you of the information contained in this privacy notice.
Any questions you have in relation to this policy or how we use your personal data should be sent to email@example.com or addressed to The Data Protection Officer, EOGB, 5 Howard Road, Eaton Socon, St Neots, Cambs. PE19 8ET.
Data protection principles
Under the GDPR, there are six data protection principles that the Company must comply with. These provide that the personal information we hold about you must be:
- Processed lawfully, fairly and in a transparent manner.
- Collected only for legitimate purposes that have been clearly explained to you and not further processed in a way that is incompatible with those purposes.
- Adequate, relevant and limited to what is necessary in relation to those purposes.
- Accurate and, where necessary, kept up to date.
- Kept in a form which permits your identification for no longer than is necessary for those purposes.
- Processed in a way that ensures appropriate security of the data.
The Company is responsible for, and must be able to demonstrate compliance with, these principles. This is called accountability.
What types of personal information do we collect about you?
Personal information is any information about an individual from which that person can be directly or indirectly identified.
The Company can collect, use and processes a range of personal information about you. This includes (as applicable):
- your contact details, including your name, address, telephone number and personal e-mail address
- your date of birth
- your marital status and dependants
- the start and end dates of your engagement
- details of your skills, qualifications and experience
- your professional memberships
- your National Insurance number
- Information required to complete employment or business interactions
The Company may also collect, use and process the following special categories of your personal information (as applicable):
- information about your health, including any medical condition, whether you have a disability in respect of which the Company needs to make reasonable adjustments
- information about criminal convictions and offences.
We will also collect additional personal information throughout the period of your working relationship with us. Whilst some of the personal information you provide to us is mandatory and/or is a statutory or contractual requirement, some of it you may be asked to provide to us on a voluntary basis. We will inform you whether you are required to provide
certain personal information to us or if you have a choice in this. You will be advised if information collected is mandatory or voluntary.
Your personal information may be stored in different places, including as a paper record or in the IT systems.
Accidents or incidents
If an accident or incident occurs on our property, at one of our training courses or involving one of our staff then we’ll keep a record of this (which may include personal data and sensitive personal data).
Why and how do we use your personal information?
We will only use your personal information when the law allows us to. These are known as the legal bases for processing. We will use your personal information in one or more of the following circumstances:
- enter into, or perform, a contract with you
- receiving payment (e.g. direct debits, credit and debit cards);
- maintaining databases of our customers;
- performing our obligations under training renewal dates
- fulfilling orders for goods or services
- helping us respect your choices and preferences (e.g. if you ask not to receive marketing material, we’ll keep a record of this).
- Internal research and analysis
- comply with a legal duty
- protect your vital interests
- for our own (or a third party’s) lawful interests, provided your rights don’t override the these.
- In any event, we’ll only use your information for the purpose or purposes it was collected for
We may also occasionally use your personal information where we need to protect your vital interests (or someone else’s vital interests).
We need all the types of personal information listed under “What types of personal information do we collect about you?” primarily to enable us to perform our contract with you and to enable us to comply with our legal obligations. In some cases, we may also use your personal information where it is necessary to pursue our legitimate interests (or those of a third party), provided that your interests or your fundamental rights and freedoms do not override our interests. Our legitimate interests include: performing or exercising our obligations or rights under the direct relationship that exists between the Company and you as its employee, worker or contractor; pursuing our business by employing (and rewarding) employees, workers and contractors; performing effective internal administration and ensuring the smooth running of the business; ensuring the security and effective operation of our systems and network; protecting our confidential information; and conducting due diligence on employees, workers and contractors. We believe that you have a reasonable expectation, as our employee, worker or contractor, that we will process your personal information.
What if you fail to provide personal information?
If you fail to provide certain mandatory personal information when requested or required, we may not be able to perform the contract we have entered into with you, or we may be prevented from complying with our legal obligations. You may also be unable to exercise your statutory or contractual rights.
Change of purpose
We will only use your personal information for the purposes for which we collected it. If we need to use your personal information for a purpose other than that for which it was collected, we will provide you, prior to that further processing, with information about the new purpose, we will explain the legal basis which allows us to process your personal information for the new purpose and we will provide you with any relevant further information. We may also issue a new privacy notice to you.
Who has access to your personal information?
Your personal information may be shared internally within the Company, the Company may also share your personal information with other third parties in the context of a potential sale or restructuring of some or all its business. In those circumstances, your personal information will be subject to confidentiality undertakings.
We may also need to share your personal information with a regulator or to otherwise comply with the law.
We may share your personal information with third parties where it is necessary to administer the contract we have entered into with you, where we need to comply with a legal obligation, or where it is necessary for our legitimate interests (or those of a third party).
How does the Company protect your personal information?
The Company has put in place measures to protect the security of your personal information. It has internal policies, procedures and controls in place to try and prevent your personal information from being accidentally lost or destroyed, altered, disclosed or used or accessed in an unauthorised way. In addition, we limit access to your personal information to those employees, workers, agents, contractors and other third parties who have a business need to know in order to perform their job duties and responsibilities. You can obtain further information about these measures from our data protection officer.
Where your personal information is shared with third-party service providers, we require all third parties to take appropriate technical and organisational security measures to protect your personal information and to treat it subject to a duty of confidentiality and in accordance with data protection law. We only allow them to process your personal information for specified purposes and in accordance with our written instructions and we do not allow them to use your personal information for their own purposes.
The Company also has in place procedures to deal with a suspected data security breach and we will notify the Information Commissioner’s Office (or any other applicable supervisory authority or regulator) and you of a suspected breach where we are legally required to do so.
For how long does the Company keep your personal information?
The Company will only retain your personal information for as long as is necessary to fulfil the purposes for which it was collected and processed, including for the purposes of satisfying any legal, tax, health and safety, reporting or accounting requirements.
The Company will generally hold your personal information for the duration of your employment or engagement. The exceptions are:
- Legal requirement with our regulatory bodies for up to 6 years to protect against legal risk, e.g. if they could be relevant to a possible legal claim in a tribunal, County Court or High Court.
Personal information which is no longer to be retained will be securely and effectively destroyed or permanently erased from our IT systems and we will also require third parties to destroy or erase such personal information where applicable.
In some circumstances we may anonymise your personal information so that it no longer permits your identification. In this case, we may retain such information for a longer period.
Your rights in connection with your personal information
As a data subject, you have a number of statutory rights. Subject to certain conditions, and in certain circumstances, you have the right to:
- request access to your personal information - this is usually known as making a data subject access request and it enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it
- request rectification of your personal information - this enables you to have any inaccurate or incomplete personal information we hold about you corrected
- request the erasure of your personal information - this enables you to ask us to delete or remove your personal information where there’s no compelling reason for its continued processing, e.g. it’s no longer necessary in relation to the purpose for which it was originally collected
- restrict the processing of your personal information - this enables you to ask us to suspend the processing of your personal information, e.g. if you contest its accuracy and so want us to verify its accuracy
- object to the processing of your personal information - this enables you to ask us to stop processing your personal information where we are relying on the legitimate interests of the business as our legal basis for processing and there is something relating to your particular situation which makes you decide to object to processing on this ground
- data portability - this gives you the right to request the transfer of your personal information to another party so that you can reuse it across different services for your own purposes.
If you wish to exercise any of these rights, please contact our data protection Officer. In the limited circumstances where you have provided your consent to the processing of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. This will not, however, affect the lawfulness of processing based on your consent before its withdrawal. If you wish to withdraw your consent, please contact our data protection officer. Once we have received notification that you have withdrawn your consent, we will no longer process your personal information for the purpose you originally agreed to, unless we have another legal basis for processing.
If you believe that the Company has not complied with your data protection rights, you have the right to make a complaint to the Information Commissioner’s Office (ICO) at any time. The ICO is the UK supervisory authority for data protection issues.
Transferring personal information outside the European Economic Area
The Company will not transfer your personal information to countries outside the European Economic Area.
Disclosing and Sharing data
We will never sell your personal data. If you have opted-in to marketing, we may contact you with information about our partners, or third party products and services, but these communications will always come from EOGB and are usually incorporated into our own marketing materials (e.g. advertisements in magazines or newsletters).
We may share personal data with subcontractors or suppliers who provide us with services. For example, if you order something from EOGB, your name and address will be shared with the delivery company. However, these activities will be carried out under a contract which imposes strict requirements on our supplier to keep your information confidential and secure.
We use personal data to communicate with people and to promote EOGB. This includes keeping you up to date with our news, updates, campaigns and training information EOGB will now ask you to “opt-in” for most communications. This includes all our marketing communications. This means you’ll have the choice as to whether you want to receive these messages and be able to select how you want to receive them (post, phone, email, text).
You can decide not to receive communications or change how we contact you at any time. If you wish to do so please contact us by emailing firstname.lastname@example.org, writing to EOGB 5 Howard Road, Eaton Socon, St Neots, Cambs. PE19 8ET or telephoning 01480 477066 (Lines open 8.30am – 4.30pm, Mon – Fri).
Some of our premises have CCTV and you may be recorded when you visit them. CCTV is there to help provide security and to protect both you and EOGB. CCTV will only be viewed when necessary (e.g. to detect or prevent crime) and footage is only stored temporarily. Unless it is flagged for review CCTV will be recorded over.
EOGB complies with the Information Commissioner’s Office CCTV Code of Practice, and we put up notices so you know when CCTV is in use.
EOGB’s operations are based in the UK and we store our data within the European Union. Some organisations which provide services to us may transfer personal data outside of the EEA, but we’ll only allow them to do if your data is adequately protected.
Links to other sites
Our website contains hyperlinks to many other websites. We are not responsible for the content or functionality of any of those external websites (but please let us know if a link is not working by using the 'Contact us' link).
When purchasing goods or services from any of the businesses that our site links to, you will be entering into a contract with them (agreeing to their terms and conditions) and not with EOGB.
Changes to this privacy notice
The Company reserves the right to update or amend this privacy notice at any time, including where the Company intends to further process your personal information for a purpose other than that for which the personal information was collected or where we intend to process new types of personal information. We will issue you with a new privacy notice when we make significant updates or amendments. We may also notify you about the processing of your personal information in other ways.