Who we are
The NetZero Buildings website is brought to you by NetZero Buildings, a company incorporated and registered in England and Wales with company number 08751011 and registered office is at 5th floor, Synergy House, 114 118 Southampton Row, London, WC1B 5AA. NetZero Buildings is part of a group which is made up of different legal entities, including:
NZB Investment Limited a company incorporated and registered in England and Wales with company number 10071122 with registered office is at 5th floor, Synergy House, 114 118 Southampton Row, London, WC1B 5AA
UK Energy Partners Holding Ltd, a company incorporated and registered in England and Wales with company number 09870296 with registered office is at 5th floor, Synergy House, 114 118 Southampton Row, London, WC1B 5AA (“Net Zero Buildings Group”).
what personal data we may collect from you;
how we will use, store and protect your personal data;
with whom we may share personal data; and
your rights under relevant data protection laws.
Third party links
The NetZero Buildings website may contain links to and from other applications, plug-ins and websites of other networks, advertisers, and affiliates. If you follow a link to any of these websites, please note that they (and any services that may be accessible through them) have their own privacy policies and that we do not accept any responsibility or liability for these policies or for any personal data that may be collected through these apps, websites or services. Please check these policies before you submit any personal data to these websites or use such services.
Lawful basis for processing
Under data protection laws, we must have a legal basis in order to process your personal data. The legal bases on which we may process your data are:
- Consent: where you have consented for us to process your personal data for one or more specific reasons.
- Performance of a contract: in order to perform a contract we may have with you.
- Legal obligation: where processing of the data is required by law.
- Public interest: where processing is necessary for the performance of a task carried out in the public interest.
What data we may collect from you
We may collect and process the following personal data about you:
- Identity data: first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender
- Contact data: billing address, delivery address, email address and telephone numbers.
- Financial data: bank account and payment card details.
- Transaction data: details about payments to and from you and other details of products and services you have purchased from us.
- Technical data: internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
- Marketing and communications data: your preferences in receiving marketing from us and our third parties and your communication preferences.
How we collect information from you
We collect your personal data in a number of ways:
- Directly: contact, and identity data directly provided by you when you fill in online forms or correspond with us in any way, for example when:
- submitting a query;
- requesting or consenting to marketing materials being sent to you; or
- providing us with feedback.
- From third parties/public sources:
- technical data may be obtained from the following parties:
(a) analytics providers such as Google based outside the EU;
(b) advertising networks such as Linkedin based outside the EU
(c) search information providers based inside OR outside the EU.
- identity and contact data from publicly available sources such as Companies House and the Electoral Register based inside the EU.
How we use your personal data
We may use your personal data for the following purposes:
- to provide the requested services to you;
- in accordance with our legitimate interests (in circumstances where your interests and fundamental rights do not override our interests);
- to personalise your experience on the NetZero Buildings website;
- to provide customer service, including to respond to your enquiries and fulfil any of your requests for information;
- to send you important information regarding our services and/or other technical notices, updates, security alerts, and support and administrative messages;
- as we believe to be necessary or appropriate:
- in order to comply with a legal obligation. This applies where the processing is necessary for us to comply with the law;
- to protect our legitimate rights, privacy, property or safety, and/or those of a third party and your rights do not override those interests.
It is important to us that we only provide you with tailored offers and promotions for services which you may want or need. You will therefore only receive such offers from us if you have consented to, and have not at any point opted out from, receiving marketing communications from us.
Opting out from receiving marketing communications from us is easy and you may do so at any time by contacting us at firstname.lastname@example.org. We will process your request to be opted-out of marketing within 30 days of receipt.
We will ensure that we obtain your consent before we share your personal data with any company outside of the NetZero Buildings Group for marketing purposes.
Where you opt out of receiving these marketing communications, we may still process your personal data for other required purposes, as specified in section 5 above.
Retention of your data
We will not retain your personal data for longer than is necessary for the purposes for which the personal data is processed. This means that your data will only be retained for as long as it is still required to provide you with services or is necessary for legal reasons. When calculating the appropriate retention period for your data, we consider the nature and sensitivity of the data, the purposes for which we are processing the data, and any applicable statutory retention periods. Using these criteria, we regularly review the personal data which we hold and the purposes for which it is held and processed.
When we determine that personal data can no longer be retained (or where you request us to delete your data in accordance with your right to do so (please see section 11 below for more information), we ensure that this data is securely deleted or destroyed.
However, please note that, in some circumstances we may decide to retain your personal data for research or statistical purposes.
For more details about our retention periods, please contact us at email@example.com.
Accuracy of your data
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Security of your data
In order to protect your personal data, Net Zero Buildings Group has appropriate organisational and technical security measures. These measures include restricting access to your personal data to certain employees, ensuring our internal IT systems are suitably secure, and implementing procedures to deal with any suspected data breach.
In the unlikely event of a data breach, we will take steps to mitigate any loss or destruction of data and, if required, will notify you and any applicable authority of such a breach.
Transfer of your data
Transfers to members of our group
We may share your data with other members of the NetZero Buildings Group.
Transfers to third parties
There may be circumstances in which we may also need to share your personal data with certain third parties, including third parties located outside of the EEA.
The third parties to which we may transfer your personal data include:
- Not Applicable
The security of your data is important to us and we will, therefore, only transfer your data to such third parties if:
- you have expressly consented to your data being shared with specific third parties;
- the third party needs to access the personal data for the purposes of providing any contracted services to you;
- the third party has agreed to comply with NetZero Buildings’s instructions, required data security standards, policies, and procedures and put adequate security measures in place;
- the transfer complies with any applicable cross border transfer restrictions and suitable safeguards have been put in place; and
- a fully executed written contract that contains suitable obligations and protections has been entered into between the parties.
As mentioned above, we will only transfer your data where suitable safeguards have been put in place. These safeguards are intended to ensure a similar degree of protection is afforded to your data wherever it may be transferred and include:
- only transferring your personal data to countries which have been deemed to provide an adequate level of protection for personal data by the European Commission;
- where your data will be transferred outside of the EEA, entering into specific contractual terms which have been approved by the European Commission and which give personal data the same protection as within the EEA; or
- where your data will be transferred to the US, ensuring that the third party to which we are transferring your data is part of the Privacy Shield.
For more information on the safeguards used by Net Zero Buildings when transfers of personal data to third parties, please contact us at firstname.lastname@example.org.
You have certain rights in relation to the personal data we process and hold about you. These include:
- Right to rectification: you have the right to require us to correct any inaccuracies in your data.
- Right to erasure: you have the right to require us to delete your data, subject to certain legal requirements.
- Right to restriction of processing: you have the right to require us to restrict the way in which we process your personal data. You may wish to restrict processing if, for example:
- You contest the accuracy of the data and wish to have it corrected;
- You object to processing but we are require to retain the data for reasons of public interest; or
- If you would prefer restriction to erasure.
- Right to data portability: you have the right to obtain from us easily and securely the personal data we hold on you for any purpose you see fit.
- Right to object to processing: you have the right to require us to stop processing your personal data should you wish the data to be retained but no longer processed.
- Right of access: you have the right to request access to personal data that we may process about you.
- Right to withdraw consent: you have the right at any time to withdraw consent allowing us to process your personal data.
If you would like to exercise any of the above rights, please:
- put your request in writing;
- include proof of your identity (such as a copy of your driving licence or passport) and address (such as a recent utility or credit card bill); and
- specify the right you wish to exercise.
We will respond to requests made by you within one month.
We will not charge a fee for you to exercise any of the rights listed above.
For more information about the cookies we use, please see our Cookies Policy.
You should also be aware that you have the right to raise any concerns in relation to how we process your personal data to the Information Commissioner’s Office (ICO).
Full name of legal entity: Net Zero Buildings
Name or title of DPL: Aris Davelis
Email address: email@example.com
Address: 5th floor, Synergy House, 114 118 Southampton Row, London, WC1B 5AA
Telephone number: 0203 758 8466
Fair processing policy
- The General Data Protection Regulation (“GDPR”) requires companies to provide sufficient information to individuals in relation to how their data is processed. This can include implementing fair processing notices which describe the processing undertaken by the organisation.
- This is an example of a fair processing notice which a company may wish to put in to effect. It should be used as guidance only and should be tailored where necessary for your own requirements.
- This fair processing notice is drafted to be presented, and made available, to your customers, website users, and other third parties with whom you may have relationships. It should be displayed on your website at any points at which personal data is collected from individuals.
- Please note that this fair processing notice is intended to provide information to individuals only. If you have determined that you are relying on consent as the legal basis for processing any personal data (including, for example, marketing), you will need to implement consent wording which should include specific details about the processing undertaken and which entities will be relying on the consent. Further, you will need to include a mechanism by which individuals can actively consent to marketing, usually via an “opt-in” tick box. If you require further information about consent wording, please let us know.
- Please refer to the comments included in this fair processing notice which describe how certain sections (in square brackets) should be completed by you. You should ensure that all comments are deleted once you have completed the required sections in the fair processing notice.
Fair Processing Notice