General Data Protection Regulation

1Energy Group Limited Privacy Policy Statement

Introduction

1Energy Group Limited (“1Energy”) respects the privacy of every individual whose personal information it handles. We are committed to respecting and protecting personal data and will process personal data provided to 1Energy only in accordance with applicable data protection and privacy laws.

Personal data includes information relating to natural persons who can be identified or who are identifiable, directly from the information in question or who can be indirectly identified from that information in combination with other information.

The main objective of this Privacy Policy Statement (“Statement”) is to provide a clear indication of how 1Energy collects, stores and uses personal data.

When this Statement mentions “company”, “we”, “us”, “our” all of those terms refer to 1Energy Group Limited (company number: 11532815).

This Statement is not an exhaustive description of how we process the personal information of natural persons. If you have any questions about this Statement, or our privacy related practices, please contact us at: info@1energy.uk.

This Statement has been approved by the Board of 1Energy.

Data protection laws

1Energy processes data in line with UK laws and regulations; more specifically the General Data Protection Regulation.

This regulation became effective on 25 May 2018.

How do we collect personal information?

We will collect information from you when you interact with us in person, in writing, by telephone and by email. For example, when you are an actual or potential customer or an actual or potential business partner, advisor, consultant or supplier. If you email us your CV, or if you have a meeting with a representative of 1Energy and provide us with your business card.

We may also receive information from other sources, such as third parties who collect personal information from you and pass it on to us. For example, where we conduct verification checks as part of our ‘Know Your Customer’ policies and procedures.

What types of personal information do we collect?

Personal information that we hold about you (including through our website) may include names, work addresses, email addresses, contact numbers, job title, employer organisation. Information required to verify your identity, for example passports, identification documents and proof of home address for anti‐money laundering and Know Your Customer, references, background and other similar checks, or any other personal information that you provide to us.

1Energy will take all reasonable steps to keep your personal information accurate and, where necessary, up‐to‐date. Please notify us at: info@1energy.uk if you believe that any of the information 1Energy holds about you is incorrect.

Grounds for processing

To process your data lawfully we will use your information on one or more of the following grounds:

  • you are a party to a contract and processing your personal data is necessary for the performance of contract;
  • it is in our legitimate interests to do so and where such interests are not overridden by your privacy interests;
  • it is required for our or our funders compliance with legal and regulatory obligations, including their FCA duties to their clients, or where disclosures are requested by authorities, regulators or governmental bodies;
  • we have obtained your consent where one of the above grounds cannot reasonably be relied upon.

Your personal data will not be sold to third parties, marketing agencies or processed in an unlawful manner. If we seek to use your personal data for a purpose beyond that for which it was originally collected, we will seek your consent or look to rely on another valid legal ground to process your personal information in accordance with applicable law.

How do we use your personal information?

We will use your personal information, and may share your personal data with other third parties acting on our behalf (as detailed below) in respect of:

  • maintaining contact records and providing business updates;
  • communicating with you about and sending invitations for presentations, events and meetings with representatives of 1Energy;
  • communicating with you about potential business or career opportunities;
  • obtaining professional services from our third parties, including consultants, auditors, accountants and lawyers;
  • complying with anti‐money laundering and Know Your Customer, references, background and other checks;
  • compliance with our regulatory and legal obligations, including fiduciary duties and obligations to clients, or requests for disclosures from a court, regulatory or governmental body;
  • conducting due diligence with regard to potential or actual investment opportunities;
  • improving marketing materials;
  • evaluating potential candidates for future recruitment and assessing your application if you have applied for a job with us;
  • responding to your enquiries and resolving your complaints.

Who might we provide your personal information to?

There are circumstances where we may be compelled or wish to disclose your personal information to third parties. This will only take place in accordance with applicable law and on the basis of one or more of the lawful grounds for processing (detailed above). This may include sharing your personal information with companies who process personal information on our behalf, such as third party outsourced service providers to facilitate the provision of our services, providers of cloud hosting solutions and professional advisers, such as lawyers, fund administrators, accountants or other consultants and group entities. 1Energy will ensure that, where a third party is used for specific reasons, the service provider has agreed to protect and maintain the security and confidentiality of the information that 1Energy shares with them.

Sensitive or special category personal data

Certain types of data require extra safeguards, in particular information about children, the “special categories” of personal data including racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sexual orientation, genetics, and biometrics, and criminal offences (including allegations and sentencing). We generally do not need this information so please do not send it to us.

Retention and deletion

1Energy will retain personal information for a period that will vary depending on the purposes that it was collected for, as well as the requirements of any applicable law or regulation. Destruction of data will be carried out in accordance with 1Energy’s data retention policy. Where the retention schedule requires destruction instead of archival, the following shall apply:

  • Paper records will be shredded by a provider who grants documented evidence of its destruction in the form of a certificate or video evidence.
  • Electronic records shall be deleted from live systems but may be retained on back‐ups in line with the back‐up retention schedule.
  • Physical equipment capable of storing data shall be disposed of either by (i) physical destruction (crushing) or (ii) by government certified levels of electronic shredding. All electronic shredding shall come with a certificate of destruction.

Limitations on the transfer of personal data

The GDPR restricts data transfers to countries outside the UK in order to ensure that the level of data protection afforded to individuals by the GDPR is not undermined. Equivalent requirements apply in the EU. 1Energy individuals transfer personal data originating in one country across borders when they transmit or send that data to a different country or view/access it in a different country.

If 1Energy individuals need to transfer data outside of the UK or, if operating from an EU establishment outside the EU*, please speak to the Head of Finance or Board of Directors.

Measures put in place to safeguard your personal data

We have put in place several technical and organisational measures aimed at protecting the confidentiality, the integrity and the availability of your personal data:

  • All the endpoints of the company are protected with antivirus.
  • Encryption technology is in use to protect the integrity of the personal data we process.
  • A password policy is currently in place to ensure that the data stored on our systems is only accessible to authorised personnel.
  • Our data is backed-up to ensure that it is readily available in the event of technical problems or disaster recovery.
  • We restrict access to personal information to those employees and third parties who need to know that information for the purposes set out in this Statement.

While 1Energy takes appropriate technical and organisational measures to safeguard the personal information that you provide, no transmission over the internet can ever be guaranteed secure and 1Energy cannot guarantee its security by this method of transmission.

Your rights

Under data protection laws you have certain rights, including the right to: access, rectify, withdraw consent, erase, restrict, transport and object to the processing of your personal information. You also have a right to lodge a complaint with the Information Commissioner’s Office (see further details below) if you believe your information is not being processed in accordance with the law. Should you wish to exercise any of your rights, please contact: info@1energy.uk. We will do our best to respond within 30 days, but if it is going to take longer we will contact you to ask for further time.

Privacy and the internet

1Energy’s website www.1Energy.uk uses cookies. Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owner of the site.

The main objective of cookies is to provide us with data that we can use to improve our website in order to provide you with a better service. Google Analytics is in use to collect information about how visitors use our website.

Please see 1Energy’s Cookie Policy at www.1Energy.uk for further details.

When using our website without adjusting your web browser to block them, you are consenting to these types of cookies being stored on your device.

Additional information

The Information Commissioner’s Office: If you would like to learn more about the General Data Protection Regulation, you can visit:

UK: the ICO’s website following this link: https://ico.org.uk/. You can also find an overview of the GDPR following this link: https://ico.org.uk/for‐organisations/data‐protectionreform/overview‐of‐the‐gdpr/

Notification of changes

This Statement is dated October 2022. We may amend this Statement from time to time without notice. An amended Statement will be posted and available on our website. We may change the Statement for a number of reasons, including changes in law, market practice or our treatment of your personal information.

* Please note that this includes transfer of personal data from an EU establishment to the UK.