Privacy Policy

This privacy policy explains how The Green Energy Network collects, uses, and protects your personal data when you visit our website or get in touch with us. It is written to meet our obligations under the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

1. Who we are

The Green Energy Network is operated by [Your full name], trading as The Green Energy Network, a sole trader based in the United Kingdom. For the purposes of UK data protection law, [Your full name] is the data controller for the personal data collected through this website.

You can contact us at:

• Email: [your contact email]
• Postal address: [your contact address]

We are not required to appoint a Data Protection Officer, and we have not appointed one voluntarily. Any data protection enquiries should be sent to the contact details above.

2. The personal data we collect and why

The table below sets out the categories of personal data we collect, why we collect it, our lawful basis for processing it under Article 6 of the UK GDPR, and how long we keep it.

2.1 Contact form submissions

• Data collected: your name, email address, phone number (if you provide one), and the contents of your message.
• Purpose: to respond to your enquiry and follow up where appropriate.
• Lawful basis: legitimate interests (Article 6(1)(f) UK GDPR) — it is in our legitimate interest to respond to people who get in touch, and you would reasonably expect us to use your details for this purpose.
• Retention: kept for up to 12 months after our last contact with you, then deleted. If we go on to enter a business relationship, your data will be retained under that relationship's own terms.

2.2 Website usage data (analytics)

• Data collected: aggregated and pseudonymised information about visits to our website provided by Webflow's built-in analytics, including approximate location (country/region), device type, browser, pages viewed, and referring site. We do not use this data to identify individual visitors.
• Purpose: to understand how the website is used and improve its content and performance.
• Lawful basis: legitimate interests (Article 6(1)(f) UK GDPR) — it is in our legitimate interest to understand how our website performs. Where any non-essential cookies are used, we rely on your consent (Article 6(1)(a) UK GDPR and Regulation 6 of PECR).
• Retention: in line with Webflow's analytics retention settings (typically up to 12 months).

2.3 Technical and security data

• Data collected: IP address, browser information, and basic request data automatically logged by our hosting platform.
• Purpose: to keep the website secure, prevent abuse, and ensure it functions properly.
• Lawful basis: legitimate interests (Article 6(1)(f) UK GDPR) — it is in our legitimate interest to keep our website secure and functional.
• Retention: short-term server logs are typically retained for up to 30 days.

You are not under a statutory or contractual obligation to provide any of this information. However, if you choose not to provide the information requested in our contact form, we will not be able to respond to your enquiry.

3. Cookies

A cookie is a small text file stored on your device when you visit a website. We use the following categories of cookies:

• Strictly necessary cookies — required for the website to function. These do not require your consent.
• Analytics cookies — set by Webflow's built-in analytics to help us understand how the site is used. These are only set with your consent.

You can accept, reject, or withdraw consent to non-essential cookies at any time through our cookie banner or your browser settings. Disabling some cookies may affect how the website works.

4. Categories of recipients

We do not sell or rent your personal data. We share it only with the following categories of recipients, and only where necessary:

• Our website hosting and platform provider — used to host the website and process contact form submissions and analytics data.
• Our email service provider — used to receive and reply to messages sent through the contact form.
• Professional advisers — such as accountants or legal advisers, where required.
• Regulators and law enforcement — where we are legally required to disclose information.

If you would like the specific names of our current service providers in any of these categories, please contact us using the details in section 1.

5. International transfers

Some of the service providers we use are based outside the United Kingdom — in particular, our website hosting and platform provider is based in the United States.

Where personal data is transferred outside the UK, we rely on one or more of the following safeguards recognised under UK GDPR:

• Transfers to countries that benefit from a UK adequacy decision (sometimes called "adequacy regulations").
• For transfers to the United States, providers that are certified under the UK Extension to the EU-US Data Privacy Framework.
• The UK International Data Transfer Agreement (IDTA), or the EU Standard Contractual Clauses together with the UK Addendum.

You can request a copy of the safeguard relied on for any specific transfer by contacting us using the details in section 1.

6. How we protect your data

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, or misuse. These include using reputable service providers, restricting access to data, and using secure connections (HTTPS) for the website. However, no method of transmission over the internet is completely secure, and we cannot guarantee absolute security.

7. Your rights

Under UK GDPR, you have the following rights in relation to your personal data:

• Right to be informed — to be told how your data is used (this notice).
• Right of access — to ask for a copy of the data we hold about you.
• Right to rectification — to ask us to correct inaccurate or incomplete data.
• Right to erasure — to ask us to delete your data in certain circumstances.
• Right to restrict processing — to ask us to limit how we use your data in certain circumstances.
• Right to object — to object to processing based on legitimate interests, including at any time.
• Right to data portability — to receive your data in a portable format in certain circumstances.
• Right to withdraw consent — where we rely on consent (for example, for non-essential cookies), you can withdraw it at any time.

To exercise any of these rights, please contact us using the details in section 1. We will respond within one month, as required by UK GDPR. There is normally no charge for these requests.

8. Automated decision-making

We do not carry out any automated decision-making or profiling that produces legal effects on you or similarly significantly affects you.

9. Children's data

Our website is not directed at children, and we do not knowingly collect personal data from anyone under 13. If you believe a child has provided us with personal data, please contact us and we will delete it.

10. Changes to this policy

We may update this privacy policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Where changes are significant, we will take reasonable steps to bring them to your attention.

11. Complaints

If you have any concerns about how we handle your personal data, please contact us first using the details in section 1 — we will do our best to resolve the issue.

You also have the right to complain to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection:

• Website: ico.org.uk
• Helpline: 0303 123 1113
• Postal address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF