Data Protection

Data Protection Policy
ECO4 Sales and Marketing Ltd TA Clean Green Energy Ltd
(Company Number: 14868008)
Registered Office: 1 Cranmore Drive, Shirley, Solihull, England, B90 4RZ
Effective Date: June 2023
Last Reviewed: September 2025
Next Review Due: September 2026

1. Purpose

ECO4 Sales and Marketing Ltd TA Clean Green Energy Ltd (“the Company”) is committed to protecting the privacy and security of personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
This policy sets out how we collect, store, use, and protect personal data, and ensures that all employees, contractors, and stakeholders understand and comply with our data protection responsibilities.

2. Scope

This policy applies to:

• All employees and contractors of the Company
• All personal data processed by or on behalf of the Company
• All processing activities involving identifiable individuals, including customers, suppliers, and employees

3. Definitions

• Personal Data: Any information relating to an identified or identifiable individual.
• Data Subject: The individual to whom the personal data relates.
• Processing: Any operation performed on personal data (e.g., collection, storage, use, transmission).
• Data Controller: The organisation that determines the purpose and means of processing personal data.
• Data Processor: A third party that processes data on behalf of the controller.

4. Data Protection Principles

The Company adheres to the following principles, as set out in the UK GDPR:

1. Lawfulness, fairness, and transparency
2. Purpose limitation
3. Data minimisation
4. Accuracy
5. Storage limitation
6. Integrity and confidentiality
7. Accountability

5. Lawful Bases for Processing

We will only process personal data where one of the following lawful bases applies:

• Consent of the data subject
• Performance of a contract
• Legal obligation
• Vital interests
• Public task
• Legitimate interests (where applicable and balanced)

6. Types of Personal Data We Collect

Depending on the context (e.g., marketing, recruitment, B2B communications), we may collect:

• Names, job titles, company names
• Contact information (email addresses, phone numbers, addresses)
• Financial or billing information
• Employment-related data
• Marketing preferences and communication records

7. How We Use Personal Data

Personal data may be used for the following purposes:

• Marketing and sales communications
• Customer relationship management
• Contract performance and service delivery
• HR and personnel management
• Legal or regulatory compliance

8. Data Security

We implement appropriate technical and organisational measures to safeguard personal data, including:

• Encrypted storage and transmission
• Access control and authentication
• Staff training and awareness
• Regular security audits and backups

9. Data Subject Rights

Data subjects have the following rights:

• Right to be informed
• Right of access
• Right to rectification
• Right to erasure (“right to be forgotten”)
• Right to restrict processing
• Right to data portability
• Right to object
• Rights related to automated decision-making

Requests related to these rights should be sent to:
📧 accounts@eco4sales.co.uk

10. Data Retention

We retain personal data only as long as necessary for the purposes it was collected, and in accordance with legal, regulatory, or contractual obligations.
Personal data no longer needed will be securely deleted or anonymised.

11. Sharing and Transfers

We may share personal data with:

• Professional service providers (e.g., accountants, legal advisers)
• Marketing or CRM platform providers
• Regulatory bodies (if legally required)

We do not transfer data outside the UK/EEA without ensuring appropriate safeguards (e.g., adequacy decision or Standard Contractual Clauses).

12. Roles and Responsibilities

• The Director, Stephen Ram, is responsible for overseeing data protection compliance.
• All staff must understand and follow this policy.
• A designated Data Protection Lead (DPL) may be appointed to manage data protection issues.

Contact:
📧 accounts@eco4sales.co.uk
📞 0121 271 0545 (Stephen Ram)

13. Breach Reporting

Any data breaches must be reported immediately to the Director or Data Protection Lead.
The Company will investigate all breaches and, if necessary, notify the Information Commissioner’s Office (ICO) within 72 hours.

14. Training and Awareness

All employees will receive regular training on data protection responsibilities, and this policy will be reviewed and updated annually or in response to regulatory changes.

15. Policy Review

This policy will be reviewed annually or upon significant change in processing activities or regulation.

Version Control

Contact Us

If you have questions about this policy or how we handle data, please contact:
📧 accounts@eco4sales.co.uk
📞 0121 271 0545
Address: 1 Cranmore Drive, Shirley, Solihull, England, B90 4RZ