The Energy Company Obligation scheme (ECO) is part of a range of policies enacted by the government of the United Kingdom to provide affordable warmth for people in fuel poverty and to transition to a low carbon economy. The scheme mandates large energy suppliers to provide funding to enable energy efficiency improvements to be made to domestic homes subject to certain qualifying criteria.
My Home Energy Grant is a boutique company specialising in serving the needs of the Energy Company Obligation (ECO3) market.
We are a Managing Agent for ECO3 funding and provide our installer network with a wide range of ECO3 funding for heating and insulation measures including boiler replacement and all the major types of insulation measures. We offer our installer network full delivery support and a complete compliance wrap. We also provide lead generation services through our MyHomeEnergyGrant.com website.
POLICY KEY DEFINITIONS
- “The Company”,”I”, “our”, “us”, or “we” refer to the business, My Home Energy Grant and My Home Energy Grant Limited.
- “you”, “the user” refer to the person(s) using this website.
- GDPR means General Data Protection Act
- PECR means Privacy & Electronic Communications Regulation
- ICO means Information Commissioner’s Office
- Cookies mean small files stored on a user’s computer or device
PERSONAL DATA WE COLLECT
- Contact details – telephone and email
- For identified customers, we captured and retain information and documents related to the services and products we supply.
PROCESSING AND SHARING YOUR PERSONAL DATA
Under the GDPR (General Data Protection Regulation) we control and process personal information about you electronically using the following lawful basis.
We are registered with the ICO under the Data Protection Register. Our registration number is: ZA300552.
Should you enter into a commercial relationship with us you will be required to sign our client contract which contains different terms and conditions relating to data protection. This is because there are additional data protection requirements related to ECO Obligation not required by those users simply enquiring about My Home Energy Grant and its services.
Additionally, we periodically send an electronic newsletter via email to users who have submitted their email addresses to us who have opted in to receiving communication from us. Within each newsletter we send is the ability to opt out and no longer receive communications from us. We do not share email addresses with anyone else – ever.
RETAINING YOUR PERSONAL DATA
We do not share email addresses with anyone else. Users who register with our website can unsubscribe from our newsletters at any time and be removed from our system. Users who register an interest in My Home Energy Grant and its services but do not subsequently go on to become clients will have their personal details removed from our system after one year. Clients who sign our Client Agreement will be agreeing to the additional data retention requirements it contains.
Under the GDPR your rights are as follows:
- the right to be informed
- the right of access
- the right to rectification
- the right to erasure
- the right to restrict processing
- the right to data portability
- the right to object
- the right not to be subject to automated decision-making including profiling
You also have the right to complain to the ICO if you feel there is a problem with the way we are handling your data.
CONTACT DETAILS OF DATA CONTROLLER
Suite 8, BizSpace
Tel: 01903 863250
DATA SECURITY, STORAGE AND PROTECTION
We ensure the security of any personal information we hold by using secure data storage technologies and precise procedures in how we store, access and manage that information. Our methods meet the GDPR compliance requirement.
RESPONSE TO A DATA BREACH
We place the highest priority on the security of our systems and the information they hold. We have implemented strict procedures and provided comprehensive training to ensure the integrity of our systems.
A data breach is defined as the unauthorised accessing of information held by us on our systems by a third-party without the permission us. A data breach includes but is not necessarily confined to information being downloaded externally from our systems. Unauthorised amendment or deletion of information also constitutes a data breach. The act of unauthorised viewing of information held by us is also considered to be a data breach.
A Data Breach Response Process has been implemented as part of a suite of measures related to information security. Should a data breach occur we will implement our Data Breach Response Process.
It has the following steps:
1) Investigate the nature of the breach
2) Prevent additional breaches
3) Communicate details of breach to stakeholders including customers and the Information Commissioner’s Office
4) Document details of the breach and restorative action to ensure all relevant information is captured
Our Data Breach Response Process aims to resolve all issues within 72 hours. An emphasis is placed on informing our customers as soon as possible in the event of a data breach so that they may take any actions they deem necessary.