DATA PROTECTION STATEMENT
Alfa Energy needs to gather and use certain information about individuals. We process personal information to enable us to provide consultancy and advisory services, to promote our services, to maintain our own accounts and records, and to support and manage our employees. This policy sets out our commitment to data protection and individual rights and obligations in relation to personal data.
This statement describes how this personal data is collected, handled and stored to meet our data protection standards and ensure legal compliance. It ensures that we:
- Comply with data protection law and follows good practice
- Protect the rights of employees, customers and partners
- Are open about how we store and process individuals’ data
- Protect ourselves from the risk of a data breach
We have appointed Elvin Ahmovic as the person responsible for data protection compliance within we. He can be contacted at firstname.lastname@example.org. Questions about this policy or requests for further information should be directed to him.
“Special categories of personal data” means information about an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation, and biometric data.
“Criminal records data” means information about an individual’s criminal convictions and offences and information relating to criminal allegations and proceedings.
“Competent Authority” means the Secretary of State, Ofgem, or any local or national agency, authority, department, inspectorate, industry or regulatory body, minister, ministry official, statutorily constituted customer committees and their representative bodies, or public or statutory person (whether autonomous or not) of, or of the government of, the United Kingdom or of the European Community, acting ostensibly within its authority;
“Data Protection Law” means any national implementing laws, regulations, and secondary legislation, as amended or updated from time to time, in the United Kingdom in relation to data privacy laws and including, but not limited to, the General Data Protection Regulation (EU) 2016/679) as and when it becomes applicable on and from 25 May 2018;
“Personal data” is any information that relates to an individual who can be identified from that information.
“Processing of personal data” is any use that is made of data, including collecting, storing, amending, disclosing, or destroying it.
“Third Party Processor” means any third parties or sub-contractors engaged by Alfa Energy in connection with processing the Personal Data.
“Alfa Energy Group members; Alfa Energy Ltd., Alfa Energy LLC, Alfaenergie Beratung und Vermittlung GmbH, Energy Trading Company D.O.O., Code Line Solutions D.O.O.
Types of Information Processed
We process Personal Data in relation to agreed energy services. We ensure that we collect only essential data, such as contact details including company name, contact name, address, telephone number and email, and any other type of Personal Data that may be advised by us from time to time. In addition to that, we also record phone calls, which are not shared but are used for training and compliance purposes.
Data Protection Principles
We collect and process personal data in accordance with the following data protection principles:
- Lawfully, fairly and in a transparent manner.
- Only for specified, explicit, and legitimate purposes.
- Only where it is adequate, relevant, and limited to what is necessary for the purposes of processing.
- We keep accurate personal data and take all reasonable steps to ensure that inaccurate personal data is rectified or deleted without delay.
- We keep personal data only for the period necessary for processing.
- We adopt appropriate measures to make sure that personal data is secure and protected against unauthorised or unlawful processing and accidental loss, destruction, or damage.
We tell individuals the reasons for processing their personal data, how we use such data, and the legal basis for processing in our privacy notices. We will not process personal data of individuals for other reasons.
Where we process special categories of personal data or criminal records data to perform obligations or to exercise rights in employment law, we do it in accordance with a policy on special categories of data and criminal records data.
We will update personal data promptly if an individual advises that his/her information has changed or is inaccurate.
IT Security Measures
We keep a record of our processing activities in respect of personal data in accordance with the requirements of the General Data Protection Regulation (GDPR). We retain client information within our CRM system and our IT services are outsourced to a company that operates its delivery in compliance with ISO 27001. User details are also held in relation to usernames, password, and recipient details for accessing Alfa Energy systems.
Website Protection Measures
Sensitive and private data exchange between the Site and its Users happens over an SSL-secured communication channel and is encrypted and protected with digital signatures.
Organisational Data Protection Measures
We shall take all reasonable steps to ensure the reliability and integrity of any employees who have access to the Personal Data and ensure that only such Supplier Personnel required by us to assist us in meeting our obligations under this Agreement (which may include assistance with systems administration) and no other employees have access to such Personal Data.
Transfers to Third Parties
If at any time during the Term, we wish to appoint a sub-contractor, we may do so provided that:
- the sub-contractor contract (as it relates to the protection of Personal Data) is on terms that are substantially the same as, and in any case no less onerous than, the terms set out in these Data Processing Terms; and
- the sub-contractor’s right to Process Personal Data terminates automatically, for whatever reason, on expiry or termination of this Agreement or the sub-contract, whichever is earlier.
We do not disclose Personal Data to a third party (including a sub-contractor) in any circumstances unless it is necessary to provide the service or otherwise without the Client’s prior written consent. For Third Party Requests, the Supplier shall use reasonable endeavours to advise the Client in advance of such disclosure, unless it is prohibited by law or regulation from notifying the Client of that disclosure, in which case it shall do so as soon as practicable thereafter (where permitted by law or regulation).
Transfer of Personal Data to a Restricted Country
To the extent that we are acting for and on behalf of the Client in relation to Processing that we are carrying out arising out of, or in connection with, the provision of the Services, we shall not make (nor instruct or permit a third party to make) a Data Transfer except:
- within wes governed by the same corporate rules;
- if the third party has first obtained our prior written consent;
- if the third party has put in place measures to ensure compliance with the Data Protection Laws, including entering into or procuring that the applicable Approved Sub-contractors enter into the contracts regulating data processing standards.
Data Retention Policy
We shall not retain Personal Data for longer than is necessary to perform the contract, fulfil a legal obligation, or protect other legitimate companies’ interests;
We shall (on a request from the Client) make available to the Client in electronic form any or all of the Personal Data.
As a data subject, individuals have a number of rights in relation to their personal data.
Subject access requests
Individuals have the right to make a subject access request. If an individual makes a subject access request, we will tell him/her:
- whether or not his/her data is processed and if so why, the categories of personal data concerned, and the source of the data if it is not collected from the individual;
- to whom his/her data is or may be disclosed, including to recipients located outside the European Economic Area (EEA) and the safeguards that apply to such transfers;
- for how long his/her personal data is stored (or how that period is decided);
- his/her rights to rectification or erasure of data or to restrict or object to processing;
- his/her right to complain to the Information Commissioner if he/she thinks we has failed to comply with his/her data protection rights; and
- whether or not we carry out automated decision-making and the logic involved in any such decision-making.
We will also provide the individual with a copy of the personal data undergoing processing. This will normally be in electronic form if the individual has made a request electronically unless he/she agrees otherwise.
If the individual wants additional copies, we will charge a fee, which will be based on the administrative cost to we of providing the additional copies.
To make a subject access request, the individual should send the request to email@example.com. In some cases, we may need to ask for proof of identification before the request can be processed. We will inform the individual if they need to verify his/her identity and the documents we require.
We will normally respond to a request within one month from the date it is received. In some cases, such as where we process large amounts of the individual’s data, we may respond within three months of the date the request is received. We will write to the individual within one month of receiving the original request to tell him/her if this is the case.
If a subject access request is manifestly unfounded or excessive, we are not obliged to comply with it. Alternatively, we can agree to respond but will charge a fee, which will be based on the administrative cost of responding to the request. A subject access request is likely to be manifestly unfounded or excessive where it repeats a request to which we have already responded. If an individual submits a request that is unfounded or excessive, we will notify him/her that this is the case and whether or not we will respond to it.
Individuals have a number of other rights in relation to their personal data. They can require us to:
- rectify inaccurate data;
- stop processing or erase data that is no longer necessary for the purposes of processing;
- stop processing or erase data if the individual’s interests override our legitimate grounds for processing data (where we rely on its legitimate interests as a reason for processing data);
- stop processing or erase data if processing is unlawful; and
- stop processing data for a period if data is inaccurate or if there is a dispute about whether or not the individual’s interests override our legitimate grounds for processing data.
To ask us to take any of these steps, the individual should send the request to firstname.lastname@example.org.
Personal Identification Information
Alfa Energy may collect personal identification information from Users in a variety of ways, including, but not limited to, when Users visit our Site, engage in live chat, subscribe to a newsletter, respond to a survey, fill out a form, and participate in all other services or features we make available on our Site. Users may be asked for, as appropriate, name, email address, mailing address, phone number, and energy supplier contact information. The User may also visit our Site anonymously. Alfa Energy will collect personal identification information from the User only if they voluntarily submit such information to us. Users can always refuse to supply personal identification information, which may prevent the User from engaging in certain Site related activities.
Non-personal Identification Information
We may collect non-personal identification information about Users whenever they interact or browse through our Site. The non-personal identification information may include the browser name, internet protocol (IP) information, technical browser information, and means of connection to our Site, such as the operating system, browser type, Internet service providers utilized, and other similar information.
Web Browser Cookies
How Company Uses Collected Information
Alfa Energy Ltd. may collect and use a User’s personal information for the following purposes:
- To improve customer service
- To help us respond to customer service requests and provide support more efficiently
- To personalize the User’s experience
- To understand how our Users use the services and resources provided on our Site;
- To improve our Site
- To improve our products and services;
- To run a promotion, contest, survey, live chat, or other Site features
- To generate potential business opportunities for the business
- To send the User information. Such information can include marketing material, market reports, and other topics that might interest the User
- To send periodic emails
We may use the email address to respond to a User’s inquiry, question, and/or other requests. If the User decides to opt-in to our mailing list, they will receive emails that may include company news, updates, a related product, or service information, among others. If at any time the User would like to unsubscribe from receiving future emails, Alfa Energy includes detailed unsubscribe instructions at the bottom of each email. If the User is having any conflicts with our reports, they may contact us via our Site.
We do not sell, trade, or rent User personal identification information to others. Alfa Energy may share generic aggregated demographic information not linked to any personal identification information regarding the User with our business partners, trusted affiliates, and advertisers for the purposes outlined in “How We Use Collected Information”. Alfa Energy may use third party service providers to help us operate our business and the Site or administer activities on our behalf, such as sending out newsletters or surveys. Alfa Energy may share the User’s information with these third parties for those limited purposes provided that the User has given permission.
Third Party Websites
The User may find advertising or other content on our Site that link to the sites and services of our partners, suppliers, advertisers, sponsors, licensors, and other third parties. Alfa Energy does not control the content or links that appear on these sites and are not responsible for the practices employed by websites linked to or from our Site. Also, these sites or services, including their content and links, may constantly be changing. These sites and services may have their own privacy policies and customer service policies. Browsing and interaction on any other website, including websites that link from/to our Site, is subject to that website’s own terms and policies.
If you have any questions about this website data policy, the practices of this Site, or your dealings with this Site, please contact us at:
Alfa Energy Ltd.
1 Haven Green,
London, W5 2UU
Tel: +44 (0) 20 8810 7743
Fax: +44 (0) 20 8810 8080
Fax: +44 (0) 20 8043 0039
This Policy was last updated on May 24, 2018.