Carbon Credentials Energy Services Ltd (CCES) is a registered data controller (Registration number ZA038750) and will collect and use information about clients and associated parties. This privacy notice outlines what you the data subject can expect when Carbon Credentials collects your information.
The Company is committed to protecting personal data and how the Company implements that commitment with regards to the collection and use of personal data.
The Company is committed to:
- Ensuring that it complies with the five data protection principles outlined by the General Data Protection Regulations (GDPR);
- Meeting its legal obligations as laid down by the Data Protection Act 2018 and the General Data Protection
Regulation (GDPR) (EU) 2016/679;
- Establishing appropriate retention periods for personal data;
- Ensuring that data subjects’ rights can be appropriately exercised;
- Providing adequate security measures to protect personal data;
- Ensuring that a nominated officer is responsible for data protection compliance and provides a point of contact for all data protection issues;
- Ensuring that all clients are made aware of good practice in data protection;
- Providing adequate training for all clients responsible for personal data;
- Ensuring that everyone handling personal data knows where to find further guidance;
- Ensuring that queries about data protection, internal and external to the organisation, are dealt with effectively and promptly;
- Regularly reviewing data protection procedures and guidelines within the organisation; and
- Making clients aware of how to identify special categories of personal information and how to process it lawfully and according to the company policy.
Data Protection and the GDPR requires that personal data shall be:
- Processed lawfully, fairly and in a transparent manner in relation to individuals (‘lawfulness, fairness and transparency’);
- Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be incompatible with the initial purposes (‘purpose limitation’);
- Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (Privacy by design);
- Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’); and,
- Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals (‘storage limitation’).
How we collect your personal data
Legal basis for holding your data
This Policy applies to the processing of personal data wholly or partly by automated means and to the processing other than by automated means of personal data which form part of a filing system or are intended to form part of a filing system.
Non-Employees personal information collected
Much of the data collected is provided directly by our clients during possible or actual engagement. Any data received from our clients is used strictly for the business purposes defined in the agreement between the client and Carbon Credentials.
Data received from recruitment candidates will be used for the sole purpose of that engagement, no other use is permitted or accepted.
When visiting the Carbon Credentials website (https://carboncredentials.com) like many websites, we use “cookies”. Cookies are small pieces of information sent to your device and kept on its internal storage to allow our website to recognize you and optimize the actions performed by you on our website. We use strictly necessary and functional cookies to enable you to move around the site to provide basic features. You can set your browser to not to accept should you desire.
The following types of cookies are used by CCES:
hssc – Visitor Browser
hssrc – Determine if visitor has restarted their browser
hstc – Determine incremental session number and time stamp
_ga – Stores client Id
_gat – Limits number or requests that have to be made to doubleclick.net, it does not store any user information
_gid – Used to distinguish unique users
hubspotutk – First party cookies specific to a domain
wow.anonymousId – Tracks company IP’s, website history and additional contact info
wow.data – Only stores active menu information
wow.trackingData – Web server cookie, does cannot track your browsing activity
There are links on our CCES webpage that direct users to other web sites, we are not responsible for the privacy policies on those websites as they may differ from our own.
What personal information/data do we process about you
CCES has identified the purposes for processing personal data and will collect and process only personal data that is necessary for the proper conduct of its business.
Your data and our retention policy
All data that CCES retain about individuals has a statutory retention period. We will not retain your data longer than the stated statutory retention period. This aligns to the CCES retention schedule.
Information used is categorised into the following data sets and has the following retention schedule:
Minimum Storage Duration from first contact. In most circumstances this will also be the minimum holding period upon cessation of relationship with the Company.
Disclosures to third parties
Where external computer systems are required to facilitate the purposes for which your personal data is retained, client’s data may be shared with software suppliers. Any such transfer will be subject to a formal agreement between Carbon Credentials and those suppliers, to ensure protection of your personal data.
Information obtained from suppliers
CCES will undertake to ensure that where any personal information that is obtained from a supplier, while in the control of CCES, it will be stored and processed commensurate with the data protection principles contained within this policy. Information obtained from clients only relates to engagement for sales and marketing and to complete contractual or legal obligations.
How your data is protected
CCES ensures that it has appropriate security measures in place to protect the personal data it holds. Data is only transferred when necessary into other services within CCES when processing a contract, this can involve using manual or automated processes.
Where we store your personal information/data
All the personal data we process is processed by our clients in the UK, however for the purposes of IT hosting and maintenance information is located on servers within the European Union and the US. Where it is held on servers based in the US, it is held in compliance with the EU-US Privacy Shield Framework or under the appropriate GDPR model clauses.
Your rights as a data subject
Data Subject Access Request
Under data protection legislation, you have the right to request access to information we hold about you.
Correcting and updating your personal information
You can request to alter, change or remove your personal data.
You have the right to withdraw consent to the processing of your information. If any objection request is made verbally it is beneficial to follow this in writing,
Erasing your personal information
You can request the erasure of your data.
Your right to complain to the regulator – ICO
If you have a concern about the way we are collecting or using your personal data, we ask that you raise your concern with us in the first instance by contacting our Data Protection Lead. (See below)
Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/.
Name: Data Protection Lead
Address: Carbon Credentials, 5th Floor, 103-113 Regent Street, London, W1B 4HL, UK
Telephone: +44 (0)20 3053 6655
Dated: 21 November 2018