Data Controller: IPV Flexgen
Data Compliance Manager: Ed Jessamine – firstname.lastname@example.org
Who we are
IPV Flexgen is in business to deliver commercial energy projects.
The organisation collects and processes personal data for purposes relating to its projects. The organisation does not use personal data for marketing purposes unless specific permission is obtained. IPV Flexgen is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.
What information does the organisation collect?
The organisation collects and processes a range of information including;
- Name, address and contact details including email address and telephone number
- Land ownership details
- Bank account details for relevant payments to be made into
The organisation collects this information in a variety of ways including formal data requests, website contact requests, contracts and agreements.
Data is stored in a range of different places including secure cloud storage, emails and hard copy.
Why does the organisation process personal data?
The organisation needs to process data in order to advance its development projects.
Who has access to data and who will it be shared with?
Your information will be shared within the IPV Flexgen Team, with contractors providing legal, planning and other project related services and within the IPV Flexgen related group of companies.
Some third parties to whom we may disclose personal data are data controllers in their own right. You should refer to their own privacy notices and policies in respect of how they use your personal data
The organisation will not transfer your data to countries outside the European Economic Area.
How does the organisation protect data?
The organisation takes the security of your data seriously. IPV Flexgen has internal policies and controls and reasonable physical, technical and administrative security measures in place to try to ensure that your data is not lost, accidentally destroyed, altered, misused or disclosed, and is only accessed by authorised users.
Where the organisation engages third parties to process personal data on its behalf, they do so based on written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
Legal basis and purposes for processing
Whenever we process your personal data, we do so based on a lawful “condition” for processing.
In most cases, the processing of your personal data will be justified on one of the following bases, where:
- it is provided for contractual purposes and therefore necessary to give effect to that contract (for example, authority to apply for Grid Connection on your behalf);
- it is necessary for us to comply with a legal obligation (for example, disclosing SDLT tax data to a government agency);
The processing of special categories of data will be justified by a condition in paragraph and normally by one of the following special conditions:
- it is carried out subject to your explicit consent;
- it is necessary for the establishment, exercise or defence of legal claims;
- in exceptional circumstances, it is necessary to protect your vital interests and you are incapable of giving consent.
For how long does the organisation keep data?
The organisation will hold your personal data for the duration of the project plus a 6-year period.
As a data subject, you have a number of rights. You can:
- access and obtain a copy of your data on request;
- require the organisation to amend incorrect or incomplete data;
- require the organisation to delete or stop processing your data
If you would like to exercise any of these rights, you can make a written subject access request in by contacting the Data Compliance Manager, Tim Davies, email@example.com
As laws, regulations and industry standards evolve we may make changes to this Notice from time to time. We will post the changes to this document as appropriate.