Privacy Notice
About this privacy notice
At NextEnergy Group, we respect your privacy and commit to protecting your personal data. This “privacy notice” explains what we do with your personal data, why we want to use it, how we protect it, and what rights you have to control our use of it.
It applies not just to use of our website, but also personal data that we process through other interactions with individuals in the course of running our organisation, such as staff of our customers, partners and suppliers. Our website and services are not intended for children and we do not knowingly collect data relating to children.
Information about the data controller
NextEnergy Group is a group of companies. The main operating companies are:
- NextEnergy Capital Ltd, registered in England with number 05975223
- NextEnergy Capital Italia Srl, registered in Italy with number 09562920968
- NextPower Development Ltd, registered in England with number 06363524
- NextEnergy Capital IM Ltd, registered in Guernsey with number 57740
- WiseEnergy International Ltd, registered in England with number 7768581
- WiseEnergy Italia Srl, registered in Italy with number 05804280823
- WiseEnergy (GREAT BRITAIN) Ltd, registered in England with number 08822067
- WiseEnergy India Ltd, registered in England with number 10975999
- NextEnergy Foundation, registered in England with number 10256445
We collect, use and are responsible for certain personal data about you. When we do so we are regulated under the General Data Protection Regulation (“GDPR”), which applies across the European Union (including the United Kingdom) and we are responsible as “data controller” of that personal information for the purposes of the law.
This privacy notice is issued on behalf of all group companies, so when we mention “NextEnergy Group”, “we”, “us” or “our” in this privacy notice, we are referring to the relevant company in the Next Energy Group responsible for processing your data.
Our registered office is 7/10 Chandos Street, London, W1G 9DQ, UK. Our mission is to actively participate in the global effort to reduce carbon emissions through the development, operation and financing of renewable energy infrastructure assets.
If you want to contact us about any of the points on this privacy notice, or just generally about how we protect your privacy, please click here.
The purpose and lawful basis for processing your personal data, how we collect it and how long we hold it for
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We use personal data from different categories of individual for several different purposes and these each have a different lawful basis. This section describes these in detail and, although it’s technical, we’re required by law to explain this to you.
If you visit any of our websites:
We use Google Analytics on our website to track visitor numbers and user activity on our site. We record your computer’s IP address so we can tell how each user and repeat visitor is using our site (your IP address is also a piece of your personal data). We do this on the basis that it is necessary for our legitimate interests in tracking website users so that we can improve our service and keep our websites relevant and useful. The IP address information will be held in accordance with Google’s standard procedures.
If you fill in a “contact us” form we will hold your name, contact details and any other text you enter for the purpose of corresponding with you. We do this on the basis that it is necessary for our legitimate interests in running our business.
If you are or work for one of our customers or partners or if you are an industry contact or working in a field relevant to our mission: we may hold your name, company, job title and contact details. We may have been provided with this data by you or your employer or in some cases we may have sourced it from publicly available sources, such as Linked In and internet searches. We need this data in order to interact with you (or your employer) for the following purposes:
1. Running and developing our business;
2. Communicating with interested people regarding industry events, news and updates.
We do this on the basis that it is necessary for our legitimate interests in running and growing our business. We will hold your details for as long as we need to interact with you for these purposes. In all cases if you would like us to update or delete your information, just send us an email (see “How to contact us” below).
If you are a supplier or an employee, worker or contractor of a supplier: we may hold your name and contact details because we have a legitimate interest in doing business with your company. Our purpose for processing your personal data is to interact with you or your employer to procure and pay for goods and services. We will hold this information for as long as we need to interact with you for these purposes. In all cases if you would like us to update or delete your information, please send us an email (see “How to contact us” below).
Whether information has to be provided by you and if so why
In some cases where we are required to collect personal data by law or under a contract with you or your employer, if you fail to provide the personal data requested we will not be able to perform the contract we have or are trying to enter into with you or your employer.
Who we share your personal data with
Data processors
We use a number of different service providers (acting as ‘data processors’) who provide IT and system administration services to enable us to operate our business and the services we provide to our users and partners. Your personal data is transferred to (and stored by) these data processors, who generally fall under the following categories:
- Website analytics service providers
- Website and data hosting service providers
- Document storage service providers
- Email, contacts and calendar service providers
- CRM service providers
- Accounting software service providers
For security reasons we do not name all our service providers in this privacy notice. The types of personal data we hold about you (and that may be transferred to our data processors) are set out above. Please contact us (see below) if you want further information on specific data processors or the types of personal data they process for us.
Other circumstances in which we may need to share personal data with third parties
We may also share your personal data with the following third parties in certain circumstances:
- We will share personal information with law enforcement or other authorities (such as tax authorities) if required by applicable law.
- We may share personal information with third parties to whom we may choose to sell, transfer, or merge parts of our organisation or our assets. Alternatively, we may seek to acquire other organisations or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
- We may share personal information with professional advisors such as lawyers, accountants or auditors in order to provide legal, accounting or auditing services.
We will not sell or rent your information to third parties and we will never share your information with third parties for marketing purposes.
International transfers of personal data, and the measures in place to safeguard it
We do not directly transfer any of your personal data outside the European Economic Area (EEA). However, some of our data processors may do so and this section explains the impact of these international transfers and how your information is protected.
Many of our data processors operate “cloud-based systems”, which means the information is held in information data centres in different locations.
All the cloud-based systems we use reserve the right to hold copies of your personal information outside the EEA. Please note that the reason companies may choose to do this is to hold back-up copies, so they can guarantee recovery.
In each case our processors and/or we employ one or more of the following means that are designed to help safeguard your privacy rights and give you remedies in the unlikely event of abuse:
- Certain processors may only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
- Providers storing data in the US, may be self-certified to the EU-US Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
Please contact us (see below) if you want further information on the specific mechanisms used by our data processors when transferring your personal data out of the EEA.
Your personal data rights
The personal data we hold about you is your data, so you have certain rights over the data under the GDPR. This section summarises your rights and how you can exercise them (generally free of charge).
You have the right to request a copy of all personal data we hold relating to you. You also have the right to require us to correct any mistakes in the personal data we hold relating to you.
Where we are processing your data based on your consent you can withdraw that consent and we must immediately stop processing your data. Please note that up to that point, we’re acting lawfully with your consent, withdrawal of consent cannot be backdated.
Where we process your data based on a “legitimate interest” (underlined in the section on “purpose and lawful basis”, above) you still have the right to object to our processing of that data if you feel it impacts on your fundamental rights and freedoms. From that point, we must stop processing your data until we have determined whether your rights override our interests.
You also have the right to object where we are processing your personal data for direct marketing purposes.
In certain situations, you have the right to require us to erase personal data where there is no good reason for us continuing to process it. However, note that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
You have the right to request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) where you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Finally, you have the right to request the transfer of your personal data to you or a third party in a structured, commonly used, machine-readable format. Note that this right only applies to automated processing of information about you, which we carry out based on your consent or where it is necessary to perform a contract with you.
For further information on each of these rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.
If you would like to exercise any of these rights, the easiest way is by dropping us an email (see “How to contact us” below). Please note:
- We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
- We try to respond to all legitimate requests quickly, but in any event within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Your rights to lodge a complaint with the Regulator
At all times, you have the right to report a concern or lodge a complaint with the Regulator. Please refer to https://ico.org.uk/concerns/, http://www.garanteprivacy.it/web/guest/home/footer/contatti, https://cnpd.public.lu/en/support/contact.html, https://dataci.gg/online-enquiry/#/complain/form. Of course, we hope that we can resolve your issue quickly and fairly.
Automated processing of your personal data
We do not undertake any automated processing of personal data, or profiling.
Note that you have a right to object to any decisions being taken through the processing of your personal data by automated means if they produce legal effects concerning you or similarly significant effects on you. We do not use your personal data in a way that makes such decisions.
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. In addition, we limit access to your personal data to those employees, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Other purposes for processing personal data
We don’t process your personal data for any other purpose than we’ve described here. We won’t sell your personal data to other companies.
As we develop our activities and services, we might add new data processes that use your personal information. Should we decide that we want to develop a new processing purpose, we will contact you to let you know what we intend to do, the lawful basis we will use, and your rights over our intended new processing. We’ll also publish information about it here.
Changes to this privacy notice
This privacy notice was last updated on 27th March 2018 and historic versions can be obtained by contacting us.
We may change this privacy notice from time to time by amending this page.
Cookies
This site along with most other major websites, uses cookies and as part of your use of the site, we may send cookies to your computer or other device. Cookies are small text files that a website transfers to the cookie file on your computer’s hard disk to provide the website operator with information about use of the website. Cookies enable users to navigate around the website and (where appropriate) enable us to tailor the content to fit the needs of visitors who have accessed the Page.
We use two types of cookie on this Page:
Session cookies, which are temporary cookies that remain in the cookie file of your computer until you close your browser (at which point they are deleted); and
Persistent or stored cookies that remain permanently on the cookie file of your computer.
Cookies cannot look into your computer and obtain information about you or your family or read any material kept on your hard drive and, unless you have logged onto an authenticated page, cookies cannot be used to identify who you are. Cookies cannot be used by anyone else who has access to the computer to find out anything about you, other than the fact that someone using the computer has visited a certain website. Cookies do not in any way compromise the security of your computer. Cookies will not be used to contact you for marketing purposes other than by means of advertisements offered within this Page.
Cookies may be used to record details of particular pages that you have visited on this Page. This is to provide us with generic usage statistics to allow us to improve our Page. We use Google Analytics, a free metrics tool, to measure a wide range of site metrics, like visits to the site. You can find out more about Google Analytics cookies here.
By accepting the Terms and this Privacy Notice you consent to the use of these cookies for these purposes.
How to manage cookies
The web browsers of most computers are initially set up to accept cookies. You can choose not to accept certain cookies by turning this feature off within your browser settings or ceasing to use this site. If you prefer, you can set your web browser to disable cookies or to inform you when a website is attempting to add a cookie. You can also delete cookies that have previously been added to your computer’s cookie file.
You can set your browser to disable persistent cookies and/or session cookies but if you disable session cookies, although if you turn off the cookie function in your browser you may not receive all the information or the full functionality on this site.
Microsoft Teams Recording & Transcription
The Group uses MS Teams as its secure video conferencing platform allowing meetings, briefings and training to take place virtually. These meetings may involve employees and external participants.
All services at the Group may need to record or transcribe MS Teams meetings.
The Group has produced internal user guidance for employees on the use of the recording and transcription features in MS Teams.
When a Microsoft Teams meeting is recorded or transcribed, we will process the personal data of the individuals who are in attendance at that meeting. This may include Employees & External participants.
Where you attend a MS Teams meeting that is recorded or transcribed, the personal data we process may include:
- Your name/ user name;
- Your photo;
- Your Email address;
- Your participation in the meeting, including video/background images/ audio/ chat.
In accordance with the user guidance, the meeting organiser/ chair will advise participants verbally before the recording commences that they are able to turn off their camera or use the chat function if they do not want their face/ voice to be included on the recording.
All services at the Group may need to record or transcribe a MS Teams meeting so that a formal record is made of the meeting, for minute taking purposes or for future use and circulation.
Recording meetings may also assist us with complying with our obligations under the Equality Act 2010 in terms of accessibility requirements and reasonable adjustments.
In accordance with the user guidance, where a MS Teams meeting will be recorded or transcribed you will be informed in the invitation to attend and the meeting organiser/ chair will inform the participants that the MS Teams meeting will be recorded or transcribed, and why, before the recording or transcription commences.
The personal data that is processed in a MS Teams recording or transcription will relate to the individuals attending the meeting through their attendance.
MS Teams recordings may be shared internally within the Group or, in some instances, externally, for example if the recording relates to an external training event.
In accordance with the user guidance, the meeting chair/organiser will inform the participants who the recording is likely to be shared with.
MS Teams transcriptions will be available to those who attended the meeting.
The legal basis for each MS Teams recording and transcription will depend on which type of meeting being recorded and the reason for the recording being made.
In the context of most MS Teams meetings, briefings and training the lawful basis will either be:
- Public Task: The processing is necessary for the Group to perform a task in the public interest or for its official functions with a basis in law or
- Legitimate Interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal data which overrides those legitimate interests.
As set out above, in accordance with the user guidance, the meeting organiser/ chair will advise participants before the recording commences that they are able to turn off their camera or use of the chat function if they do not want their face/ voice to be included on the recording.
Further information is available on the Microsoft website https://privacy.microsoft.com/en-US/privacystatement#mainnoticetoendusersmodule
Updates
This privacy notice and the corporate privacy notice are updated from time to time to take account of changes in our services, legal requirements and to make sure they are as transparent as possible, so please check back here for the current version. You can see when this privacy notice was last updated here: April 2024
How to contact us
If you have any questions, concerns or just want some more information about our privacy management, please click here.