Privacy Policy

This privacy policy sets out:

what information Hafod Renewable Energy Ltd (a subsidiary of Certas Energy UK Limited and a member of the DCC plc group) (“Hafod” or “we”) collects from you and why;

how Hafod uses and protects any information that you give; and

how you can access and manage your information.

Hafod is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified, you can be assured that it will only be used in accordance with this privacy statement.

Hafod may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. 

If you have any questions about this policy or more generally about our use of your personal information, you may contact us by writing to us at Data Protection, Certas Energy UK Limited, 1st Floor Allday House, Warrington Road, Birchwood, United Kingdom, WA3 6GR, emailing us at marketing@certasenergy.co.uk data or phoning your local Certas Energy contact centre at any time.

This policy replaces all previous versions and is correct as of January 2024 . We reserve the right to change the policy at any time.

1. What we collect

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may use, store and transfer different kinds of personal data about you which we have grouped together as follows: 

  • name
  • job title
  • religion or similar beliefs
  • racial or ethnic origin
  • family, lifestyle, social circumstances
  • financial details
  • home address
  • contact information including telephone number and email address
  • other relevant personal information (e.g. date of birth)
  • electronic identifiers (e.g. IP addresses)
  • Marketing communications preferences 
  • demographic information such as postcode, preferences and interests
  • Property data and patterns of household energy usage (including household bills)
  • other information relevant to customer offers and/or surveys which will be explained at the time
  • in the case of job applicants, CVs and references relevant to the role that you are applying for
  • education and training
  • qualifications and accreditations 
  • insurance policy information 
  • any driving convictions
  • where you visit our retail sites, offices or depots, CCTV footage of you (the existence of CCTV equipment will be identified on each relevant site)


Ordinarily, Hafod will be the party collecting your information directly from you. However, there may be situations where this information is obtained by Hafod from third parties. Examples of this would include:

  • Hafod preferred third party network of installers of the products and services that we provide from time to time 
  • Third party standards organisations or government bodies (i.e. such MCS to register for government grants) 
  • other companies within Hafod’s corporate structure
  • from a third-party data profiling company, where you have given your consent for that company to pass such information on to us
  • in the case of job applicants, from a third-party recruitment agency
  • from publicly available sources (e.g. the electoral roll)

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.

Likewise, it is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

2. What we do with the information we gather

We require this information to understand your needs and provide you with a better service. In particular, we require it for the following reasons:

  • internal record keeping and account management purposes (e.g. verifying your identity and fulfilling orders you place)
  • providing you with the product or service you have requested from us
  • monitoring, recording and storing telephone or email communications for the purpose of internal training, audit and compliance checking, to improve the quality of our customer service and in order to meet any legal and regulatory requirements
  • improving our products and services, website, marketing, customer relationships and experiences
  • contacting you by email, SMS, phone or mail for the purpose of account administration and/or processing and fulfilling orders and/or taking payment for such orders
  • customising our website according to your interests and to administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
  • reviewing your job application for roles with us and potentially offering you employment as a result of that review
  • contacting you on the grounds of us having a legitimate interest to do so to periodically send promotional mails or contact you by telephone about new products, special offers or other information which we think you may find interesting using the contact details which you have provided and for market research purposes
  • where you give us your consent to do so, we may periodically send promotional emails or SMS messages about new products, special offers or other information which we think you may find interesting using the contact details which you have provided.

In order to utilise your personal information, as set out about, we may allow third parties to process your personal information on our behalf. This is likely to be the case where, for example we:

  • contract with a third party engineer, installer, scaffolder, contractor or service provider to provide our goods and services to you
  • request a third party data profiling company to establish trends and other buying/profile information

Where we share personal information for these purposes, we put in place controls to ensure that your personal information is only used for the purpose for which we’re sharing it (e.g. to install an energy transition product for you). Where we want to allow third parties to process or control your personal information for reasons other than those set out above, we will inform you of this and, if necessary, seek your consent to share such information with them.

We may also invite you to leave a review on the Trust Pilot website. To invite you to leave a review, your email address will be shared with them. Should you not wish to leave a review, you can choose not to respond to that invitation. Trust Pilot retain your email address only for the purpose of sending this invite and for no other purpose.

Where we have asked for your consent to use your personal information for a particular purpose, this consent may be withdrawn by you at any time. Similarly, where we are using your personal information to fulfil a legitimate interest of ours, you may have a right to object to your personal information being used for a particular purpose (e.g. for direct marketing). Please see the section entitled ‘Controlling your personal information’ below.

3. Account Security and Fraud Prevention

If you contact us or we contact you, we may ask for certain information from you to confirm your identity, check our records and deal with your account efficiently and correctly.

Business Customers only: To prevent fraud, to check your identity and to prevent money laundering, we will ask our credit intelligence partners and/or such other service providers as we may engage from time to time) to run certain checks on your business. These checks may involve your information being disclosed to credit reference agencies, who may keep a record of that information. Unless you have made an application for credit, your credit rating will be unaffected. In assessing any application for credit we will also share your information with our credit insurers. We will disclose details of how you conduct your account to such companies. This information may be used by other credit intelligence companies for making credit decisions about your business, you, and the people with whom you are financially associated, for fraud prevention, money laundering prevention and occasionally for tracing debtors. Information used for these purposes will include publicly available information such as corporate accounts and county court judgments.

We may perform a check on you if you are an individual associated with a Business Customer, such as a company director. We do this in order to prevent fraud, to check your identity, to prevent money laundering and for account management purposes. Information used for these purposes will include publicly available information such as the electoral roll, county court judgments, assets registered in your name on public registers, such as the Land Registry, bankruptcy orders and repossessions.

If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, you could be refused the goods or service or financing that you have requested, or employment. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this please contact us on the details below.

4. Website Information

We use programs such as Google Analytics to help us find out:

  • How many people visit our websites
  • Which pages and parts of pages are most popular
  • How long people spend in each area of the website
  • What information people are looking for
  • Engagement with enquiry forms and abandonment insights 

These insights help us understand what customers want from our website and, consequently, how we can improve the website in the future. Google Analytics uses cookies to collect non-personally identifiable information like:

  • Browser types
  • Operating systems
  • Third party sites that direct you to us
  • The time and date of a visit

5. What lawful basis we process your information on

We may only process your personal information where we have a lawful basis for processing it. What this lawful basis is will depend on the type of personal information you provide, and where we want to process personal information for a specific purpose not identified in this Privacy Policy we will notify you of this at that time.

Our lawful bases for processing your personal information are as follows:

Processing

Lawful Basis

Internal record keeping

Contract

Internal training/audit/compliance

Contract

Improving products and services

Legitimate Interests

Account Administration

Contract

Customising our website

Legitimate interests

Reviewing job applications

Contract

Direct marketing – current customers*, mail and telephone

Legitimate Interests

Direct marketing electronic marketing

Consent

Direct marketing – non-current customers, mail and telephone

Legitimate Interest

Market research

Legitimate Interests

Preventing fraud and money laundering and verifying identity review

Legitimate Interests

Trust Pilot

Legitimate Interests

In certain circumstances, we may be required to process your personal information in order to comply with a lawful obligation on us. This may be the case, for example, where a statutory or regulatory body requests such information in accordance with their legal powers. We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime. We also have a legitimate interest and, on occasion, a legal obligation to disclose personal information to regulatory bodies in certain circumstances, including where we have information about potential criminal acts or security threats, and may disclose information to authorities on this basis.

*If you proactively contact us to enquire about becoming a customer, we will treat you as a current customer for the purpose of potentially directly marketing to you on the grounds set out above.

6. Security

The security of your information is very important to us. As part of our commitment to keeping your data safe, our technical experts maintain physical, electronic and managerial procedures to keep safe the information we collect online. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. 

Only authorised employees and carefully checked agents, contractors and sub-contractors, who provide a particular data processing service for us, are permitted access to your data. These people will only be allowed access to your data for the purposes identified within this Privacy Policy, processing it on our behalf or for IT security and maintenance.

Where a third party is processing your data on our behalf, we will take steps to ensure that such third party gives us commitments that it will process your data in line with EU law. If a third party processing your data on our behalf is located in a non-EU country that does not have data protection laws equivalent to those in the EU, we will always take appropriate additional steps to ensure that your personal information is kept safe and secure by those processing your data on our behalf. This will generally involve ensuring that such third party agrees to sign up to a formal legal agreement committing such party to comply with standards equivalent to those that would apply where that party to be located within the EU. Whenever fraud prevention agencies transfer your personal data outside of the EU they impose contractual obligations on the recipients of that fata to protect your personal data to the standard required in the European Economic Area. This may also require the recipient to subscribe to “international frameworks” intended to enable secure data sharing.

7. How long we hold your information for

The time period for which we keep information varies according to what we use the information for. Unless there is a specific legal requirement for us to keep information, we will keep your information for as long as it is relevant and useful for the purpose for which it was collected.

Where we are using your personal information to send you marketing information we will generally retain that information for marketing purposes for two years from the point of your last order as we understand that you even if you do not buy from us on every occasion, frequently we see repeat purchases from customers in this time period. We will retain your account information for seven years in line with relevant tax and contract requirements. In the case of commercial customers, we may retain personal information relating to such individuals within such customers for a longer period of time depending on the order and contracting cycles of such customers (e.g. if a customer commonly enters into five year deals, we would retain such information for a short period beyond the time when we would expect such agreement to be renewed).

In the case of unsuccessful job applicants, we will generally hold your CV and supporting documentation for period of twelve months from the date of application. If you wish for us to hold your CV for longer and be considered for future roles then please just let us know.

Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.

Where you have given consent to us holding data for a particular purpose, that consent may be withdrawn by you at any time. You may withdraw your consent by contacting us by any method that you wish to communicate with us, including e-mail or telephone. Our usual contact details are set out on the first page of this Privacy Policy.

You are entitled to request that we erase your personal information at any time, for example where you cease to be an active customer of ours. Whilst we will generally seek to comply with your request, there will be circumstances where we are entitled to retain such personal information (e.g. in respect of legal claims or to ensure that any activity on your account (e.g. monies owing) may be resolved).

8. Controlling your personal information

You may choose to restrict or control the collection or use of your personal information in the following ways:

  • whenever you are asked to fill in a form on the website or elsewhere, ensure that you do not tick any box requesting permission to use your personal information for specific purposes (e.g. marketing) or, in the case of ‘opt-out’ consents relating to electronic communications, ensure that you un-tick the relevant box
  • if you have previously agreed to us using your personal information for direct marketing or other specific purposes and wish to change your mind
  • if you believe that we are holding personal information which is incorrect, out of date or incomplete and wish for that to be corrected
  • if you wish for your personal information to be erased from our systems
  • if you wish for us to transfer your personal information to a third party (e.g. another service provider), we may provide you with your personal information which held by us for you to pass to that third party (or, in certain circumstances, we may be able to transfer that personal data to such third party directly if you wish for us to do so)

9. Your rights

You have the right to:

  • know that information is being processed;
  • access information that is being processed;
  • rectification of information being processed;
  • erasure of information held on you (commonly known as the right to be forgotten)
  • restrict processing;
  • be notified about what information has been rectified, erased and restricted;
  • portability (that is, to request your data be handed over to someone else); or 
  • object to the processing of your information.

It is important to note that this is not an absolute right to review all the information that is held about you, as there are various exceptions to this right. These include:

  • where personal data is kept for the purpose of preventing, detecting or investigating offences and related matters; and
  • where the data is given by another person in confidence.

You may request that we cease to contact you for direct marketing purposes at any point. We will comply with any such request.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

You are entitled at any point to see the personal information that we hold about you. This is called a “Subject Access Request”. If you want to make a Subject Access Request, or if you want to remove a consent, request that we cease contacting you for direct marketing purposes or request erasure or transfer of your personal information, you may do so at any time by writing to us at Data Protection, 1st Floor Allday House, Warrington Road, Birchwood, United Kingdom, WA3 6GR, emailing us at marketing@certasenergy.co.uk or phoning your local Certas Energy contact centre.

We will not sell, distribute or lease your personal information to third parties for their control unless we have your permission, need to do so in order to fulfil a contractual obligation to you or are required by law to do so. Where we do seek your permission, we will name the relevant third party at the time we seek such permission from you and any such permission shall be limited to that third party. Please note that we may provide information for processing to certain third parties as outlined in the section entitled ‘What we do with the information we gather’.

If you believe that any information we are holding on you is incorrect, out of date or incomplete, please write, email or call us as soon as possible, using the details set out above. We will promptly correct any information found to be incorrect. To protect your privacy and security, we will take reasonable steps to verify your identity before granting access or making corrections.

10. Third Party Links and Cookies

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website(s). 

We cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. You should exercise caution and look at the privacy statement applicable to the website in question.

11. Cookies

Cookies are alphanumeric identifiers which enable our systems to recognise your browser in order that we can provide you with easy use of the various services available on the website.

Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. However, this may prevent you from taking full advantage of the website.

We use cookies for the following purposes:

Google Analytics: used to track amount of visits, and the time of the visit and keeps track of returning visits. No personal information is stored in the cookie. Google Analytics gathers information about website use by means of cookies. The information gathered relating to our website is used to create reports about the use of our website.

Mailchimp: used as an email marketing platform. It provides tools needed to create, send and track engaging email campaigns to customers and subscribers. 

Shopify analytics is used for providing actionable insights into customer activities, to improve our operations and strategic decisions to boost sales.

Trust Pilot used as an online review platform to assess how out customer rate our business.

If you wish to learn more about cookies go to www.aboutcookies.org. 

Google’s privacy policy is available at: https://www.google.com/policies/privacy/.