Definitions and interpretation
Data – Collectively all information that you submit to ASH Energy via the website. This definition incorporates, where applicable, the definitions provided in the Data Protection Act 1998;
Cookies – A small text file placed on your computer by this website when you visit certain parts of the website and/or when you use certain features of the website. Details of the cookies used by this website are set out in the clause below (cookies);
ASH Energy Ltd, or us ASH Energy, a company incorporated in England and Wales with registered number 10380706 whose registered office is at Unit 16 Wilkinson Court, Wrexham Industrial Estate, Wrexham, LL13 9AE;
UK and EU Cookie Law – The Privacy and Electronic Communications (EC Directive) Regulations 2003 as amended by the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011;
User or you – Any third party that accesses the website and is not either (i) employed by ASH Energy and acting in the course of their employment or (ii) engaged as a consultant or otherwise providing services to ASH Energy and accessing the website in connection with the provision of such services; and
Website – The website that you are currently using, www.ashenergy.co.uk, and any sub-domains of this site unless expressly excluded by their own terms and conditions.
1. the singular includes the plural and vice versa;
3. a reference to a person includes firms, companies, government entities, trusts and partnerships;
4. “including” is understood to mean “including without limitation”;
5. reference to any statutory provision includes any modification or amendment of it;
4. We may collect the following data, which includes personal data, from you:
2. Contact information such as email addresses and telephone numbers;
3. IP address (automatically collected);
4. Web browser type and version (automatically collected);
5. Operating system (automatically collected);
Our use of Data
5. For purposes of the Data Protection Act 1998, ASH Energy is the “data controller”.
6. We will retain any data you submit for 12 months.
7. Unless we are obliged or permitted by law to do so, and subject to any third party disclosures specifically set out in this policy, your data will not be disclosed to third parties. This includes our affiliates and / or other companies within our group.
8. All personal data is stored securely in accordance with the principles of the Data Protection Act 1998. For more details on security see the clause below (security).
9. Any or all of the above data may be required by us from time to time in order to provide you with the best possible service and experience when using our website. Specifically, data may be used by us for the following reasons:
1. internal record keeping;
2. improvement of our products / services;
Third party websites and services
10. ASH Energy may, from time to time, employ the services of other parties for dealing with certain processes necessary for the operation of the website. The providers of such services do not have access to certain personal data provided by Users of this website.
Links to other websites
Changes of business ownership and control
13. We may also disclose data to a prospective purchaser of our business or any part of it.
14. In the above instances, we will take steps with the aim of ensuring your privacy is protected.
Controlling use of your Data
15. Wherever you are required to submit data, you will be given options to restrict our use of that data. This may include the following:
16. use of data for direct marketing purposes; and
17. sharing data with third parties.
Functionality of the Website
18. To use all features and functions available on the website, you may be required to submit certain data.
Accessing your own Data
20. You have the right to ask for a copy of any of your personal data held by ASH Energy (where such Data is held) on payment of a small fee, which will not exceed £10.
21. Data security is of great importance to ASH Energy and to protect your data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure data collected via this website.
22. If password access is required for certain parts of the website, you are responsible for keeping this password confidential.
23. We endeavour to do our best to protect your personal data. However, transmission of information over the internet is not entirely secure and is done at your own risk. We cannot ensure the security of your data transmitted to the website.
25. All cookies used by this website are used in accordance with current UK and EU Cookie Law.
26. Before the website places cookies on your computer, you will be presented with a pop-up requesting your consent to set those cookies. By giving your consent to the placing of cookies, you are enabling ASH Energy to provide a better experience and service to you. You may, if you wish, deny consent to the placing of cookies; however certain features of the website may not function fully or as intended.
27. This website may place the following Cookies:
Strictly necessary cookies – These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.
Analytical/performance cookies – They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
Functionality cookies – These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
28. You can choose to enable or disable cookies in your internet browser. By default, most internet browsers accept cookies but this can be changed. For further details, please consult the help menu in your internet browser.
29. You can choose to delete cookies at any time; however you may lose any information that enables you to access the website more quickly and efficiently including, but not limited to, personalisation settings.
30. It is recommended that you ensure that your internet browser is up-to-date and that you consult the help and guidance provided by the developer of your internet browser if you are unsure about adjusting your privacy settings.
33. Unless otherwise agreed, no delay, act or omission by a party in exercising any right or remedy will be deemed a waiver of that, or any other, right or remedy.
34. This agreement will be governed by and interpreted according to the law of England and Wales. All disputes arising under the Agreement will be subject to the exclusive jurisdiction of the English and Welsh courts.
ASH Group Ltd operate a GDPR Compliance Policy for all data that we hold, process and retain.
GDPR Compliance Statement Commitment
ASH Group LTD, Unit 16 Wilkinson Court, Clywedog Road South, Wrexham Industrial Estate, Wrexham, LL13 9AE, with the following responsibilities is committed to the principles inherent in the GDPR and particularly to the concepts of privacy by design, the right to be forgotten, consent and a risk-based approach.
In addition, we aim to ensure:
transparency with regard to the use of data
that any processing is lawful, fair, transparent and necessary for a specific purpose
that data is accurate, kept up to date and removed when no longer necessary
that data is kept safely and securely.
Our Data Protection Officer (DPO)/appointed data protection person is Jon Fray, ASH Group LTD, Unit 16 Wilkinson Court, Clywedog Road South, Wrexham Industrial Estate, Wrexham, LL13 9AE. He works with a data protection team to promote awareness of the GDPR throughout the organisation and to oversee the organisation’s commitment to best practice. He or she will inform and advise the organisation and monitor its compliance.
Our data protection policy is available on our website and a copy has been made available to all employees and to contractors and suppliers associated with this organisation. It forms part of the induction training of all new staff and follow-up sessions will be put in place if the legislation changes or further guidance is available.
Right to be forgotten
ASH Group Ltd recognises the right to erasure, also known as the right to be forgotten, laid down in the GDPR. Individuals should contact email@example.com with requests for the deletion or removal of personal data. These will be acted on provided there is no compelling reason for continued processing and that the exemptions set out in the GDPR do not apply. These exemptions include where the personal data is processed for the exercise or defence of legal claims and to comply with a legal obligation for the performance of a public interest task or exercise of official authority.
Subject access requests
ASH Group Ltd recognises that individuals have the right to access their personal data and supplementary information and will comply with the one month timeframe for responses set down in the GDPR. As a general rule, a copy of the requested information will be provided free of charge although ASH Group Ltd reserves the right to charge a “reasonable fee” when a request is manifestly unfounded or excessive, particularly if it is repetitive. If this proves necessary, the person concerned will be informed of their right to contest our decision with the supervisory authority (the Information Commissioner’s Office (ICO)). As set out in the GDPR, any fee will be notified in advance and will be based on the administrative cost of providing the information.
ASH Group Ltd will implement data protection “by design and by default”, as required by the GDPR. Safeguards will be built into products and services from the earliest stage of development and privacy-friendly default settings will be the norm. The privacy notice, which is on our website and which is provided to anyone from whom we collect data, explains our lawful basis for processing the data and gives the data retention periods. It makes clear that individuals have a right to complain to the ICO. ASH Group Ltd has conducted a privacy impact assessment (PIA) to ensure that privacy risks have been properly considered and addressed.
Data transfers outside the EU
ASH Group LTD does not transfer personal data outside the EU.
ASH Group LTD has put recognised procedures and safeguarding measures in place to secure, encrypt and maintain the integrity of any personal data that is transferred to countries outside the EU. Diligence checks are carried out to ensure that such countries have the necessary safeguards in place, provide enforceable data subject rights and offer effective legal remedies for data subjects where applicable.
The GDPR provides for special protection for children’s personal data and ASH Group Ltd will comply with the requirement to obtain parental or guardian consent for any data processing activity involving anyone under the age of 16. Systems have been introduced to verify individuals’ ages.
If a data breach occurs that is likely to result in a risk to the rights and freedoms of individuals, the people affected will be informed as soon as possible and the ICO will be notified within 72 hours.
Any questions related to GDPR or to issues concerning data protection generally should initially be addressed to the Data Protection Team via firstname.lastname@example.org.