Greenarc Energy Ltd provides liquid fuel and additional fuel-related services to Domestic, Commercial and Public sector customers across the UK. As a responsible company it is our duty to ensure that all of the activities we conduct are in accordance with both British and European Law to protect our customers, our prospective customers, our staff members and our company as a whole.
The following Privacy and Data Security Policy has been written in accordance with The Privacy and Electronic Communications (EC Directive) Regulations 2003 and the new EU General Data Protection Regulations 2018.
What data do we process?
In Greenarc Energy Ltd we collect and process a wide range of data for the purpose of the sale and supply of liquid fuel products and associated equipment and services (including tanks, and boiler servicing), to comply with legal obligations and to improve our products and services.
Some of this data we process is classified as personal data as it is used to identify an individual.
The types of data we store include:
At Greenarc Energy Ltd we do not store what is commonly classed as “sensitive personal data” such as religious beliefs, trade union membership, political options, genetic data, biometric data or data relating to an individuals sexual orientation.
In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
We store enough data to be able to operate our business. We do not store needless data such as a customers birth date or detailed information on their type of residence etc as this is not necessary to carry out our activities. At a quarterly meeting we review the data that we store and decide if the stored/processed data is still necessary.
We are bound by HMRC to store all historical sales data of liquid fuel for 7 years.Prospective customer data is deactivated when the data processor identifies that there is not an opportunity for the sale of our goods
Our systems are protected by a double firewall and our on premise server is kept in a locked environment, the only member of staff to have access to this environment is our Technical Manager and our Commercial Director.
Excluding company directors and managers, staff are unable to access our transactional systems both remotely and outside of set company hours.
All staff passwords are changed on a regular basis to keep an individuals system secure and staff members are instructed not to share their password with any other member of staff.
We have initiated a policy to ensure that all equipment that can be updated with the latest security protocols (provided by Microsoft and other vendors) are regularly kept updated.
A continuously updated log of all of our core ICT equipment which can access data is kept. This log includes the make, model and serial number of all of these devices and includes such things as laptops, servers, mobile phones etc.
To carry out our operations it is from time to time necessary to share our data with other suppliers who provide a service to our company. For example our delivery vehicles use an in-cab system to work out a schedule of deliveries. Data must be transferred from our core system to their system to be able to undertake this function. As part of preparation for GDPR all of our third party data processors have been contacted to confirm that they have their own GDPR policies in place, this has been documented.
In relation to the transfer of data, under no circumstances do share our database to any third party for third party sales and marketing purposes unless explicitly agreed by the data subject.
All of our websites in Greenarc Energy Ltd (and the wider group of companies) all have a Secure Sockets Layer (SSL) level of encryption.
We recognise that one of the easiest ways to fall foul of proper data security is at a humans hand. With this in mind, staff are trained to understand the importance of data security and how to perform their duties in a secure way.
This website uses session cookies to allow you to carry information across pages of our site and avoid having to re-enter information. These cookies expire at the end of your visit to our website. You have the ability to accept or decline cookies by modifying the settings in your browser. However, you may not be able to use all the interactive features of our site if cookies are disabled.
You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser (like Google Chrome, Netscape Navigator, FireFox, Microsoft Edge or Internet Explorer) settings. Each browser is a little different, so look at your browser Help menu to learn the correct way to modify your cookies. If you turn cookies off, you may not have access to some features that make your experience on our website more efficient and some of our services may not function properly.
We may collect some information about you using web technology, so it may not be readily apparent to you that it is being collected. For instance, when you come to our site your IP address is collected so that we know where to send information you are requesting (web pages). An IP address is often associated with the place from which you enter the Internet like your ISP (Internet service provider), your company, or your school. This information is not personally identifiable.
The existing customer data that we process is done so under a combination of the “fulfilment of contract”, “consent of the individual” and “legitimate interest”.Prospective customers’ data is processed by either “consent of the individual” or “legitimate interest”.
Although all activities are to be taken to prevent a data breach in the first place, Greenarc Energy Ltd acknowledges the requirement to report all data breaches within 72 hours to the Information Commissioners Office.
The core processing principles of the data processed within Greenarc Energy Ltd are shown below.
At Greenarc Energy Ltd we want to make sure that the information we process on a data subject is accurate. If a data subject wishes to update their data (for example, with a new contact number or a change of surname) this can be done with ease by contacting our Customer Experience team.
A key part of the new General Data Protection Regulations is “the right to be forgotten”. Due to our HMRC obligations, we have interpreted this part of the legislation as an in essence “full unsubscribe” for customers. This means the “closing of an account” and the cessation of all further sales and marketing activities.Throughout all of our digital marketing activities, we make the ability to unsubscribe from further communications readily available. It is not our companies desire to provide sales and marketing messaging to individuals who do not wish to receive it.
At Greenarc Energy Ltd we acknowledge that if a subject access request is issued by the data owner we have up to one month to process this request and this cannot be chargeable.
The ability to extract a customer’s data for this very purpose has been incorporated into our core systems.
If you have a question about this privacy and data security policy you can contact our Information Officer by the following methods:
Telephone: 0345 646 1410Email: email@example.comMail:Greenarc Energy Ltd Unit 9 The Craggs Country Business ParkNew RoadCragg ValeHebden BridgeWest Yorkshire, HX7 5TT