Growing the Low Carbon Economy

Across the South East

Low Carbon Across the South East (LoCASE) Privacy Notice

This privacy policy sets out how LoCASE uses and protects any information that you give LoCASE when you use or register for additional entries on this website.

LoCASE is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement.

We may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes.

We do not store credit card details nor do we share customer details with any third parties.

This policy is effective from 25th May 2018.

Security

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

How we use cookies

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual.

The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

Links to other websites

Our website may contain links to enable you to visit other websites of interest easily. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Identity and contact details of Controller

Low Carbon Across the South East (LoCASE) is an EU funded project delivered by a partnership including Kent County Council, Essex County Council, East Sussex County Council, Southend on Sea Borough Council, Thurrock Council and the University of Brighton. Kent County Council is a controller of personal information for the purposes of the General Data Protection Regulation (‘GDPR’) (1). Our contact details for data protection purposes are as follows:

Information Resilience and Transparency Team at [email protected]

You can contact our Data Protection Officer, Benjamin Watts, at [email protected]. Or by post at Data Protection Officer, Office of the General Counsel, Kent County Council, Sessions House, County Hall, Maidstone, ME14 1XQ.

The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns or telephone 03031 231113.

For further information visit https://www.kent.gov.uk/about-the-council/about-the-website/privacy-statement

Purpose of this Privacy Notice

This Privacy Notice tells you what to expect when LoCASE processes personal information. It tells you the purposes for which we may process your personal information and the legal basis for the processing (‘processing’ includes us just keeping your personal information).

Why do we collect and store personal information?

LoCASE needs to collect, process and store personal information about you in order to deliver services to the organisations and individuals that are receiving financial and non-financial services through the programme.

Legal basis for processing

We will always get your consent to process your personal information. People contacting us to access our services will be asked to sign a data protection consent form as part of the Eligibility Questionnaire.

Under the GDPR, consent is a legal basis for processing personal information.

Information we may hold about you and how we use it

The information we hold on our records concerns our relationship with you. For example:

  • We hold contact details for you, so we can communicate with you by your preferred means, and keep you informed about services we offer which may be useful to you.
  • We may keep an electronic and/or hand-written record of your telephone calls and emails to us for monitoring purposes to ensure we are delivering a good service.
  • We record the findings of surveys and other research to help us improve our services and evidence-based policy The information you provide will be anonymous unless you agree that we can use your details.

This list is not exhaustive, as we hold records of most contacts we have with you, or about you, and we process this information so we can deliver services to you. Generally, the information we hold will have been provided by you when you contacted us to access LoCASE, but we may also hold information provided by third parties where this is about the work you do to help ensure you are able to reduce costs by cutting emissions and promote the opportunities of the low carbon market.

We will only ask for personal information that is appropriate to enable us to deliver our services. In some cases, you can refuse to provide your details if you deem a request to be inappropriate. However, you should note that this may impact our ability to provide some services to you if you refuse to provide information that stops us from doing so.

How we manage your personal information

We process your personal information in accordance with the principles of the General Data Protection Regulation (‘GDPR’).

We will treat your personal information fairly and lawfully and we will ensure that information is:

  • Processed for limited purposes.
  • Kept up-to-date, accurate, relevant and not excessive.
  • Not kept longer than is necessary.
  • Kept secure.

Access to personal information is restricted to authorised individuals on a strictly need to know basis.

We are committed to keeping your personal details up to date, and we encourage you to inform us about any changes needed to ensure your details are accurate.

To help us to ensure confidentiality of your personal information we may ask you security questions to confirm your identity when you call us. We will not discuss your personal information with anyone other than you, unless you have given us prior written authorisation to do so.

Periods for which we will store your personal information

We will only hold your records during the period of our relationship with you and for a set period afterwards to allow us to meet our legal obligations including resolving any follow up issues between us. We usually keep records about you for up to seven years.

Sharing your personal information

Normally, only LoCASE staff will be able to see and process your personal information. However, there may be times when we will share relevant information with third parties for the purposes outlined above, or where we are legally required to do so. When sharing personal information, we will comply with all aspects of the GDPR.

Where necessary or required, we may share information as follows:

• With third party service providers, in connection with services performed on our behalf. Our relationships with such providers are governed by our contracts with them which include strict data sharing and confidentiality protocols.

This list is not exhaustive as there are other circumstances where we may also be required to share information, for example:

• To meet our legal obligations.
• In connection with legal proceedings (or where we are instructed to do so by Court order).
• To protect the vital interests of an individual (in a life or death situation).

Your rights under the GDPR

You have a number of rights under the GDPR:

Access to personal information

Under the GDPR, you have a right to ask us what personal information we hold about you, and to request a copy of your information. This is known as a ‘subject access request’ (SAR). SARs need to be made in writing (we have a subject access form you can use for this purpose) and we ask that your written request is accompanied by proof of your identify. We have one calendar month within which to provide you with the information you’ve asked for (although we will try to provide this to you as promptly as possible).

Rectification

If you need us to correct any mistakes contained in the information we hold about you, you can let us know by contacting us at [email protected]

Erasure (‘right to be forgotten’)

You have the right to ask us to delete personal information we hold about you. You can do this where:
• The information is no longer necessary in relation to the purpose for which we originally collected/processed it.
• Where you withdraw consent.
• Where you object to the processing and there is no overriding legitimate interest for us continuing the processing.
• Where we unlawfully processed the information.
• The personal information has to be erased in order to comply with a legal obligation.

We can refuse to erase your personal information where the personal information is processed for the following reasons:
• To exercise the right of freedom of expression and information.
• To enable functions designed to protect the public to be achieved e.g. government or regulatory functions.
• To comply with a legal obligation or for the performance of a public interest task or exercise of official authority.
• For public health purposes in the public interest.
• Archiving purposes in the public interest, scientific research historical research or statistical purposes.
• The exercise or defence of legal claims; or
• Where we have an overriding legitimate interest for continuing with the processing.

Restriction on processing

You have the right to require us to stop processing your personal information. When processing is restricted, we are allowed to store the information, but not do anything with it. You can do this where:
• You challenge the accuracy of the information (we must restrict processing until we have verified its accuracy).
• You challenge whether we have a legitimate interest in using the information.
• If the processing is a breach of the GDPR or otherwise unlawful.
• If we no longer need the personal data but you need the information to establish, exercise or defend a legal claim.

If we have disclosed your personal information to third parties, we must inform them about the restriction on processing, unless it is impossible or involves disproportionate effort to do so.

We must inform you when we decide to remove the restriction giving the reasons why.

Objection to processing

You have the right to object to processing where we say it is in our legitimate business interests. We must stop using the information unless we can show there is a compelling legitimate reason for the processing, which override your interests and rights or the processing is necessary for us or someone else to bring or defend legal claims.

Withdrawal of consent

You have the right to withdraw your consent to us processing your information at any time. If the basis on which we are using your personal information is your consent, then we must stop using the information. We can refuse if we can rely on another reason to process the information such as our legitimate interests.

Right to data portability

The right to data portability allows you to obtain and reuse their personal data for your own purposes across different services. It allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way. The right only applies to personal data you have provided to us where the reason we are relying on to use the information is either your consent or for the performance of a contract. It also only applies when processing is carried out by us using automated means.

Changes to this Privacy Notice

We keep our privacy notice under regular review and will place any updates on our website; you will be notified of any major changes to this policy.

Further information

For further information on how to request your personal information and how and why we process your information, you can contact us using the details below.

The Information Commissioner (ICO) is also a source of further information about your data protection rights. The ICO is an independent official body, and one of their primary functions is to administer the provisions of the GDPR.

You have the right to complain to the ICO if you think we have breached the GDPR.

You can contact the ICO at:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or ring 0303 123 1113. (http://www.ico.org.uk/).

Comments and Questions

If you have any questions about our Privacy Policy, the practices of this site or your dealings with this web site, please contact us by writing to [email protected] or at the postal address detailed on our Contact Page.

Your use of this Website signifies that you consent to our Privacy Policy as described in this document. LoCASE reserves the right to change or update our Privacy Policy at any time by notifying visitors of the existence and location of the new or revised Privacy Policy. This Privacy Policy was last updated in May 2018. If you have additional questions about this web site, please contact us.

__________________________________

(1) By this we mean the Regulation as supplemented and amended by the Data protection Act 2018