Inspired’s GDPR and Privacy Notice
Welcome to an Inspired Energy plc (we, our or us, as applicable) owned and operated website. For further information about us and our contact details, please go to our CONTACT US section below. References in this Privacy Notice to our website refer to all websites operated by the Group and references to services are to services provided to you or the organisation that you represent under a contract with us.
We are committed to respecting your privacy. This Privacy Notice is intended to inform you about how we collect, use and protect any personal data we collect about you when you use our website or services. It sets out how we comply with the data protection laws (the General Data Protection Regulation (UK GDPR) tailored by the Data Protection Act 2018) and what your rights are.
For the purposes of data protection laws, unless otherwise stated in your specific contract of services, we will be the controller of any of your personal data.
We have appointed a data privacy manager who is responsible for the personal data collected and used by us; if you have any questions about this Privacy Notice, please use the details set out within the CONTACT US section below.
This Privacy Notice provides details about:
- what personal data we collect
- where we collect your personal data from
- the purpose and legal basis for using personal data provided to us who we share your personal data with
- how long we will keep your personal data
- where we transfer your personal data to
- how we aim to protect your privacy
- your legal rights relating to your personal data
What personal data do we collect?
We may collect the following information about you:
- Identity Data including first name, last name, username or similar identifier, title.
- Contact Data including your business email address, business telephone number (including mobile number, business address).
- Details of the correspondence (including e-mail correspondence) you send and receive from us: this includes letters and emails, SMS, MMS and other electronic communication and may in some cases include audio recording of telephone conversations.
- Usage Data – including how you use our website, such as your login time, changes to your account data, user name and password. This is not collected by cookies, but by analysing your usage from the actions you take in connection with our website.
- Marketing and Communications Data including your preferences in receiving marketing from us and your communication preferences.
- Any other personal data you choose to disclose to us.
We also collect, use and share Aggregated Data in connection with your usage, such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Notice.
We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
We may use your personal data to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or the instructions provided in any email we send.
Where do we collect your personal data from?
We may collect your personal data directly or indirectly from you, for example when you:
- engage with us during the course of our relationship with you or the business you work for including in receipt of services from us;
- use our website including when you complete a web form to ask us to contact you or you sign up to an email alert with us;
- communicate with us regarding our website to ask a question, report a problem or for any other reason; and raise a query, complaint, claim, legal dispute on behalf of yourself or the business you work for.
We may collect your personal data from the business you work for, for example when they:
- give us your business email address, so that we can invite you to register to use features on our website or allow us to contact you in order to deliver the contracted services
Other third parties
We may also collect personal data from third parties who have your consent or some other lawful basis for doing so including:
- Companies House;
- social media platforms such as LinkedIn; Instagram, YouTube, Twitter or public Facebook page.
How do we use your data?
|Purpose||Personal Information Used||Lawful Basis|
|To invite you to register to use our website||Identity Data, Contact Data||Performance of a contract with the business that you work for|
|To manage our relationship with you including notifying you of changes to our website or this policy||Identity Data, Contact Data, Marketing and Communications Data||Your consent. Performance of a contract with you. Necessary for our legitimate Interests (to keep records updated and to analyse how our customers/users use our website)|
|To administer and protect our business and our website including troubleshooting, data analysis and system testing||Identity Data, Contact Data, Usage Data||Necessary for our legitimate Interests (for running our business, provision of administration and IT services, network security)|
|To measure and analyse the effectiveness of the advertising we serve you||Identity Data, Contact Data, Usage Data, Marketing and Communications Data||Consent Necessary for our legitimate Interests (to develop our products/services and grow our business)|
|To gather analysis or valuable information and monitor trends so we can improve our website||Identity Data, Contact Data, Usage Data, Marketing and Communications Data||Consent Necessary for our legitimate Interests (to develop our products/services and grow our business)|
|Deal with your queries or complaints, claims, legal disputes or raise queries, claims, legal disputes or complaints with you or the business you work for||All the personal information we collect||Performance of a contract with the business that you work for. Necessary for our legitimate interests (to develop our products/services and grow our business). To defend, bring or establish legal claims|
|Enter into and perform contracts, where we are supplying services to you||All the personal information we collect||To enter into and perform contracts with either yourself or the organisation that you represent. We have a legitimate to properly perform contracts with third parties|
Where you have given us your consent to use your personal data in a particular manner, you have the right to withdraw this consent at any time, which you may do by contacting us as described in the CONTACT US section below. We will generally only process your personal data based on your consent in relation to direct marketing.
Please note however that the withdrawal of your consent will not affect any use of the data made before you withdrew your consent and we may still be entitled to hold and process the relevant personal data to the extent that we are entitled to do so on a basis other than your consent. Withdrawing consent may also have the same effects as not providing the information in the first place, for example we may no longer be able to provide marketing information to you.
To ensure you are kept up to date, we use personal data for marketing purposes and may send you postal mail, texts and/or emails to update you on the latest offers and events. We may also show you online media communications through external social media platforms such as LinkedIn, Instagram, YouTube, Twitter and Facebook, and external digital advertisers such as Google.
You have the right to opt out of receiving marketing communications from us at any time, by:
1. informing us that you wish to change your marketing preferences by contacting our customer support team at firstname.lastname@example.org
2. making use of the simple “unsubscribe” link in emails; and/or
3. contacting our data privacy manager using the details set out within the CONTACT US section below.
This will not stop service messages such as order updates and other non-marketing communications.
Who do we share your personal data with?
We may share your personal data with the following third parties:
- We may employ third party service providers and individuals to facilitate and support our website, provide the web service on our behalf or assist us in analysing how our website is used.
- We use Brighter IR to provide our email alert service if you choose to register for email alerts via our website.
- Other companies within our group and affiliates.
- Purchasers, investors, funders and advisers if we sell or negotiate to sell all or part of our business or assets or restructure our business whether by merger, re-organisation or otherwise.
- Our advisors including legal or other advisors.
- Your advisors including legal or other advisors.
Under certain circumstances we may be required to disclose your personal data if required to do so by law or in response to valid requests by public authorities (e.g. a court/tribunal or a government agency), regulators, law enforcement agencies, security services, insurers.
These third parties have access to your personal data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
How long we keep your personal data for?
We will not retain your personal data for longer than as is necessary for the purposes for which it has been obtained set out in this Privacy Notice and only then for as long as there is any risk of a potential claim, which will be dependent upon the limitation period for the particular type of claim.
Various laws, accounting and regulatory requirements applicable to us also require us to retain certain records for specific amounts of time. In relation to your personal data, we will hold this only for so long as we require that personal information for legal or regulatory reasons or for legitimate organisational purposes. We will not keep your data for longer than is necessary for the purposes for which we collect them.
We will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our website, or we are legally obligated to retain this data for longer periods. We will anonymise your Usage Data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this data indefinitely without further notice to you.
Our Data Retention Privacy Notice sets out the length of time we will usually retain personal data and where these default periods might be changed; you can request a copy of our Data Retention Privacy Notice by using the details set out in the CONTACT US section below. We have set out below the main retention periods which will apply:
- For users, we check accounts annually to see if they are being used. We reserve the right to delete your account and any personal data or other information associated with your use of our website if we identify during an annual review that there is no activity on your account by giving you 180 days prior written notice.
- For marketing contacts it will generally be a period of 2 years after we were last in contact with you.
- For individuals seeking information, making complaints or otherwise corresponding with us it will generally be 2 years.
Where do we transfer your personal data to?
Your information, including personal data, may be transferred to, and maintained on computers located outside the United Kingdom and outside the EEA where the data protection laws may differ.
We will take all the steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Notice and no transfer of your personal data will take place to an organisation or a country unless there are adequate controls in place including the security of your data and other personal information.
Please contact us using the details set out in the CONTACT US section set out below if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
How do we protect your personal data?
The security of your data is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.
Where you have chosen a password that enables you to access services, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Once we have received your information, we will use strict procedures and security features to try to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way.
Systems are hosted in a secure data centre facility with restricted physical access to the equipment or servers. Data stored within the service is encrypted in accordance with industry standards. Periodic Vulnerability and Penetration testing of our website are undertaken.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator when we are legally required to do so.
What rights do you have under the general data protection regulation – the GDPR?
If you are a resident of the UK under the data protection laws you have certain rights relating to your personal data.
- The right to be informed about how your personal data is being used.
- The right to request access to personal data we hold about you.
- The right to request that we delete your personal data in certain circumstances, for example when the data is no longer necessary for the purposes for which we collected it.
- The right of rectification where the personal data is out-of-date, inaccurate or incomplete.
- The right to object to certain automated decision-making processes using your personal data including profiling.
- The right to restrict processing your personal data.
- The right to data portability; the right to be provided with a copy of the information we have on you in a structured, machine-readable and commonly used format and transferred to another data controller.
- The right to object to processing your personal data and/or to withdraw consent at any time where we relied on your consent to process your personal information.
You should note that some of these rights, for example the right to require us to transfer your data to another service provider or the right to object to automated decision making, may not apply as they have specific requirements and exemptions which apply to them and they may not apply to personal information recorded and stored by us. However, some have no conditions attached, so your right to withdraw consent or object to processing for direct marketing are absolute rights.
Please note that we may request specific information in order to verify your identity before responding to such requests. This is another appropriate security measure to ensure that personal data is not disclosed to any personal who has no right to receive it.
Whilst this Privacy Notice sets out a general summary of your legal rights in respect of personal data, this is a very complex area of law. More information about your legal rights can be found on the Information Commissioner’s website at https://ico.org.uk/for-the-public/.
If you wish to exercise any of the above rights please use the details provided below within the CONTACT US section.
You as have the right to complain to the Information Commissioner’s Office at Wycliffe House, Water Lane, Wilmslow, SK9 5AF, United Kingdom if you believe we have not handled your personal data in accordance with the law. More information, including contact details, is available at https://ico.org.uk.
Links to other sites
Our website may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party’s site. We strongly advise you to review the privacy notice of every site you visit.
We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites.
Changes to this privacy notice
We may update our Privacy Notice from time to time. We will notify you of any changes by posting the new Privacy Notice on this page.
We will let you know via email and/or a prominent notice on our website, prior to the change becoming effective and update the date of posting at the bottom of this Privacy Notice.
You are advised to review this Privacy Notice periodically for any changes. Changes to this Privacy Notice are effective when they are posted on this page.
Our website is operated by, and/or services are provided by, Inspired Energy Solutions Ltd. We are registered in England and Wales under company number 04005541 and ICO Registration Z4999309 and have our registered office at 29 Progress Park Orders Lane, Kirkham, Preston, England, PR4 2TZ.
To contact us, please email email@example.com or telephone +44 (0)1722 689249
Date: 1st March 2021
Next Review Date: Annually or at point of incident
Approved and Authorised
Name: Mark Dickinson
Position: Chief Executive Officer