Privacy Notice

Version 1.0 Effective from 20 May 2024

Introduction

We”, “us”, “our” and “GreenHearth” for the purposes of this notice means GreenHearth Limited a limited liability company incorporated in England and Wales with the registered number 15507918 and a data controller for the purposes of data protection law.

About this privacy notice

GreenHearth is committed to protecting the privacy and security of your personal information.

GreenHearth arranges and occasionally provides finance for investments in renewable energy along with associated works.   We need to collect personal data from potential clients, clients, introducers, lenders, suppliers, visitors to our website and other third parties to ensure we can provide these services and discharge our obligations to clients, lenders and others.

This privacy notice sets out the basis on which any personal information about you will be processed by us.  This privacy notice may be updated from time to time.

Data Protection Principles

We will comply with the data protection law.  This say that the personal data we hold about you must be:

  • used lawfully and in a transparent way;

  • collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;

  • relevant to the purposes we have told you about and limited only to those purposes;

  • accurate and kept up to date;

  • kept only as long as necessary for the purposes we have told you about; and

  • kept securely.

Personal Information we collect about you

We will collect and process various types of personal information about you. This includes information that you provide to us (by communicating with us, whether face-to- face, by phone, e-mail or otherwise); information we collect or generate about you (such as call recordings or information relating to your use of our technology platforms); information that we obtain from other sources (for example publicly available sources, such as the press, the electoral register, company registers and online search engines, social media), or information provided by third parties (such as credit reference, fraud prevention or government agencies).

This information may include:

  • contact details such as name, address, and e-mail addresses;

  • profile data including date of birth, gender, social media profiles, marital status, dependents, and general lifestyle information;

  • ID and official documents such as driving licence, passport;

  • your income or financial statements, asset and liabilities, payment history, bank details, and credit history;

  • communications to and from us,

  • information stored or processed on our IT systems, website, databases, and document management systems;

  • technical information about your computing devices and internet usage including use of our website, IP addresses, browser, operating system and anti-virus; and

  • marketing and communications preferences;

Where permitted by law the information may also include the following more sensitive types of personal data including:

  • any public or political positions you hold or those close to you hold for the purposes of assessing if you are a Politically Exposed Person.

  • criminal convictions or offences and alleged offences for specific and limited activities and purposes, such as to perform checks to prevent and detect crime, to comply with laws relating to money laundering, fraud, terrorist financing, bribery and corruption, and for international sanctions;

  • vulnerability.

If you provide us with any personal data relating to a third party (e.g. information of your spouse, children, parents or referees), you represent to us by providing the data to us, that you have obtained prior consent from that person.

For prospective clients, lenders and introducers, and other third parties, our processing is also necessary for our legitimate interests in that we need to collect this information in order to contact individuals in these organisations prior to entering into a contract or providing our services.

For example, we may collect information from online enquiries, quotes and referrals. Some of this information may also collected from publicly available information, from market research and purchased data.

Uses of your personal information

Your personal information may be processed in the following ways and for the following purposes:

  • for the day-to-day management of business and our relationship with you;

  • with your permission to market to you;

  • to check your identity and background and process and manage the broking activities we carry out including assessing your suitability;

  • to carry out screening against external databases, company records, sanctions lists and to establish connections to politically exposed persons, including adverse media checks.  This may include information relating to criminal offences obtained from screening;

  • with your explicit permission to carry out credit checks to support the preparation of lending proposals;

  • to monitor and record communications of any nature for, or with, the company. We will comply with all local laws, regulations when doing so. Such recordings to be used for training, development and may be used by us in evidence in the event of a dispute with you or a third party;

  • to monitor and record you use of technology to protect the company our employees and our customers and their data; and

  • for the analysis of our business and the creation of reports and research.

We are entitled to use your personal information in these ways because:

  • it is necessary for the performance of our contract with you (for example for the provision of your services);

  • we have legal and regulatory obligations to prevent and detect crime, money laundering, fraud, terrorist financing, bribery and corruption, and to comply with international sanctions;

  • the use of your personal information is necessary for our legitimate business interests in the course of running our business, or to establish, exercise and defend our legal rights; or

  • in relation to processing information relating to criminal convictions or offences, to comply with relevant laws and regulations, to prevent or detect unlawful acts, to exercise or defend our legal rights or in connection with legal proceedings, or

  • where we have obtained your explicit consent.

Disclosure of your information to third parties

We may need to share your personal information with third parties including:

  • other entities in our group structure;

  • with credit reference and fraud prevention agencies for the purposes of confirming your identity and to comply with regulatory obligations to prevent and detect crime, money laundering and fraud;

  • to third party lenders, suppliers, agents or vendors for the purposes of providing services to us, including third parties carrying out due diligence and screening checks on our behalf;

  • if we sell or finance any of our business or assets or if we are acquired by a third party, in which case we may disclose your personal information to the prospective buyer for due diligence purposes;

  • with courts, regulators (such as the Financial Conduct Authority), government bodies and similar organisations as required by law;

  • with the compliance departments of third parties with whom we both have relationships and they reasonably request it.

  • corporate auditors and legal or other advisors; and

  • to comply with any legal obligation, or to establish, exercise or defend our legal rights.

Where we share your data with third parties, we ensure that the  third parties will be subject to confidentiality requirements, and they will only be authorised to use your personal information as described in this privacy notice.

No searches with credit reference agencies that leave a record on your personal credit file will be carried out without your explicit consent.

Your personal information may be transferred to other countries and outside the European Economic Area (EEA) and processed by us, or third parties on the basis that anyone to whom we pass it protects it in the same way we would and in accordance with applicable laws.

Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality. If any data is shared to third parties, they will be subject to a duty of confidentiality.

Retention of personal information

Your information will be retained in line with our internal records management policies and retention schedules. How long we hold your personal information for will vary.  The retention period will be determined by various criteria including the type of record in which your information is included; the purpose for which we are using it (we will need to keep the information for as long as is necessary for that purpose); and legal obligations (laws or regulation may set a minimum period for which we have to keep your personal information).

The retention period will typically be seven years after the end of your relationship with us.

We may on exception retain your information for longer periods, particularly where we need to withhold destruction or disposal based on an order from the courts or an investigation by law enforcement agencies or regulators.

In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you.

Duty to inform us of changes

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your working relationship with us.

Your Rights

You have a number of legal rights in relation to the personal information that we hold about you. These rights include:

  • the right to be informed. This means that we must tell you how we use your data, and this is the purpose of this privacy notice.

  • the right to obtain information regarding the processing of your personal information and access to the personal information which we hold about you;

  • where we rely on your consent, the right to withdraw your consent to our processing of your personal information at any time. Please note, however, that we may still be entitled to process your personal information if we have another legitimate reason (other than consent) for doing so;

  • in some circumstances, the right to receive some personal information in a structured, commonly used and machine-readable format and/or request that we transmit that information to a third party in this form where this is technically feasible. Please note that this right only applies to personal information which you have provided to us;

  • the right to request that we rectify your personal information if it is inaccurate or incomplete;

  • the right to request that we erase your personal information in certain circumstances. Please note that there may be circumstances where you ask us to erase your personal information, but we are legally entitled, and in some cases obliged, to retain it;

  • the right to object to, and the right to request that we restrict, our processing of your personal information in certain circumstances. Again, there may be circumstances where you object to, or ask us to restrict, our processing of your personal information but we are legally entitled to continue processing your personal information and / or to refuse that request; and

  • the right to regulate any automated decision-making and profiling of personal data.  You have a right not to be subject to automated decision making in a way that adversely affects your legal rights.

You can read more about these rights on the Information Commissioner’s Office website here: ICO guide to individual rights

It is important to understand that in some cases, exercising your rights may mean that we are no longer able offer you our services.

Changes

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

We reserve the right to update this privacy notice at any time and will notify you of any changes. 

Complaints

If you have a concern about any aspect of our privacy practices, you can make a complaint. This will be acted upon promptly. To make a complaint, please contact us via one of the methods set out below. If you are not satisfied with our response to your complaint, you have the right to lodge a complaint with our supervisory authority, the Information Commissioner’s Office (ICO). You can find details about how to do this on the ICO website at ICO Concerns or by calling their helpline on 0303 123 1113.

Contact Us

If you would like further information on the collection, use, disclosure, transfer or processing of your personal information or to exercise any of the rights listed above you can speak to your regular contact, email us on compliance@greenhearth.energy  or write to us at The Compliance Department, GreenHearth c/o Evolve Tax & Accountancy, Unit 2, Fordham House, Fordham, Cambs, UK CB7 5LL.