1. Who We Are

Spectrum Energy Systems is a trading name of Spectrum Energy Systems Ltd. We are a professional solar PV installation company providing commercial, residential, and domestic solar panel installations, battery storage systems, EV charging, and ongoing maintenance services across Nottinghamshire and the wider UK.

Spectrum Energy Systems Ltd is the data controller for any personal data you provide to us. This means we are responsible for deciding how we hold and use personal information about you.

We are committed to protecting your privacy and ensuring your personal data is handled in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data We Collect

We collect and process personal data that is necessary to provide our solar installation and renewable energy services. We only collect data that helps us achieve legitimate business purposes and will not collect additional data without notifying you first.

Categories of Personal Data

Data Category	Examples
Identity Data	Name, title, date of birth (where relevant for finance applications)
Contact Data	Email address, postal address, telephone number(s)
Property Data	Property address, roof type/orientation, EPC rating, meter point references (MPAN), energy usage data
Financial Data	Bank account details, payment card details (for payment processing only)
Transaction Data	Details of products and services purchased, quotes provided, payment history
Technical Data	IP address, browser type, device information, website usage data
Installation Data	System specifications, generation data, warranty information, maintenance records
Communication Data	Records of correspondence, survey responses, feedback, call recordings (where notified)
Special Category Data	Health information (only where relevant, e.g., accessibility requirements for site surveys)

Special Category Data

Special category data includes information about health, disability, or other sensitive personal information. We only collect this type of data where:

• You have provided explicit consent
• It is necessary for health and safety purposes during installation
• It is necessary to ensure we can provide appropriate service (e.g., accessibility requirements)
• It is required for compliance with Consumer Duty regulations

3. How We Collect Your Data

We collect personal data through various methods during our interactions with you:

Collection Method	Description
Direct Interactions	When you complete our quote request forms, contact us by phone or email, request a site survey, or enter into a contract with us
Site Surveys	During property assessments where we gather technical information about your roof, electrical systems, and energy usage
Automated Technologies	When you visit our website, we may automatically collect technical data about your browsing actions through cookies and similar technologies
Third Parties	From DNO/grid operators, energy suppliers, credit reference agencies (for finance applications), or public sources like the Land Registry or Companies House
System Monitoring	If you have a monitoring system installed, we may receive performance data from your solar installation

4. Lawful Basis for Processing

Under Article 6 of the UK GDPR, we must have a valid lawful basis to process your personal data. We rely on the following legal bases depending on the nature of our processing:

Lawful Basis	When We Use It
Contract	Processing necessary to fulfil our contractual obligations to you, such as providing quotations, installing solar systems, processing payments, and providing warranty services
Legal Obligation	Processing required to comply with our legal obligations, including health and safety regulations, MCS certification requirements, DNO notifications (G98/G99), and tax/accounting requirements
Legitimate Interests	Processing necessary for our legitimate business interests, such as improving our services, fraud prevention, business administration, and quality assurance (where this does not override your rights)
Consent	Where you have given clear consent for us to process your data for specific purposes, such as marketing communications or optional services

5. How We Use Your Data

We use your personal data for the following purposes:

Purpose	Data Used	Lawful Basis
To provide quotations and respond to enquiries	Identity, Contact, Property	Contract / Legitimate Interests
To conduct site surveys and system design	Identity, Contact, Property, Installation	Contract
To install and commission solar PV systems	Identity, Contact, Property, Installation	Contract
To process DNO applications (G98/G99)	Identity, Contact, Property, Installation	Legal Obligation / Contract
To register your MCS installation	Identity, Contact, Property, Installation	Legal Obligation / Contract
To process payments and invoicing	Identity, Contact, Financial, Transaction	Contract
To provide warranty and maintenance services	Identity, Contact, Property, Installation	Contract
To facilitate finance applications (if applicable)	Identity, Contact, Financial	Consent / Contract
To register you for Smart Export Guarantee (SEG)	Identity, Contact, Property, Installation	Contract / Consent
To send service updates and important information	Identity, Contact	Contract / Legitimate Interests
To send marketing communications (with consent)	Identity, Contact	Consent
To improve our website and services	Technical, Communication	Legitimate Interests
To comply with legal and regulatory requirements	All relevant categories	Legal Obligation

Marketing Communications

We will only send you marketing communications where you have provided your explicit consent. You can opt out of marketing at any time by:

• Clicking the "unsubscribe" link in any marketing email
• Contacting us at sales@spectrumenergysystems.co.uk
• Calling us on 0115 773 7575

Opting out of marketing will not affect service-related communications about your installation or contract with us.

6. Who We Share Data With

We may share your personal data with the following categories of recipients where necessary:

Recipient	Purpose	Data Shared
Distribution Network Operators (DNOs)	Grid connection applications (G98/G99), export notifications	Property address, system specifications, installer details
MCS (Microgeneration Certification Scheme)	Mandatory registration of installations for compliance and warranty	Name, property address, installation details
NICEIC / Accreditation Bodies	Certification and compliance requirements	Installation records, compliance documentation
Finance Providers	Processing finance applications where you request finance	Identity, contact, financial data (with your consent)
Credit Reference Agencies	Credit checks for finance applications (with your consent)	Identity, contact, financial data
Energy Suppliers	Smart Export Guarantee (SEG) registration	Name, address, MPAN, system details
Equipment Manufacturers	Warranty registration and claims	Name, address, product serial numbers
Scaffolding / Subcontractors	Installation logistics and scheduling	Address, contact details, access requirements
Professional Advisers	Legal, accounting, and insurance services	As required for specific advice

We Will Not

• Sell your personal data to third parties
• Share your data with unrelated third parties for their marketing purposes
• Transfer your data outside the UK without appropriate safeguards

Business Transfers

If Spectrum Energy Systems is acquired or merged with another company, your personal data may be transferred to the new owners. We will notify you if this happens and explain your options.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes we collected it for, including legal, accounting, and reporting requirements. The table below shows our standard retention periods:

Data Type	Retention Period	Reason
Enquiry/Quote Data (no contract)	2 years from last contact	Business development, re-engagement
Customer Contact Details	Duration of warranty + 7 years	Warranty service, legal obligations
Installation Records & Certificates	25 years	Warranty periods (typically 25 years for panels), legal compliance
MCS Registration Data	25 years	MCS requirements, warranty support
Financial/Payment Records	7 years from transaction	HMRC requirements, accounting standards
Health & Safety Records	40 years	Legal requirements for construction/installation work
Marketing Consent Records	Until consent withdrawn + 2 years	Demonstrate consent compliance
CCTV Footage (if applicable)	30 days	Security purposes
Website Analytics	26 months	Website improvement

After the relevant retention period, we will securely delete or anonymise your personal data.

8. Data Security

We have implemented appropriate technical and organisational security measures to protect your personal data from unauthorised access, loss, destruction, or alteration. These measures include:

• Technical Security: Encryption of data in transit and at rest, secure servers, firewall protection, regular security updates
• Access Controls: Role-based access ensuring only authorised personnel can access personal data on a need-to-know basis
• Staff Training: All employees receive data protection training and are bound by confidentiality obligations
• Physical Security: Secure premises with controlled access to offices and equipment
• Third-Party Vetting: Due diligence on service providers to ensure they maintain appropriate security standards
• Incident Response: Procedures in place to detect, report, and investigate data breaches

9. Your Rights

Under the UK GDPR, you have the following rights regarding your personal data:

How to Exercise Your Rights

To exercise any of these rights, please contact us using the details in Section 15. We will respond to your request within one month. In complex cases, we may extend this by a further two months, but we will inform you if this is necessary.

We may need to verify your identity before processing your request. There is no fee for making a request, but we may charge a reasonable fee for manifestly unfounded or excessive requests.

Limitations

Some rights may be limited in certain circumstances. For example, we may need to retain certain data to comply with legal obligations (such as MCS registration requirements) even if you request erasure. We will explain any limitations when responding to your request.

10. Cookies

Our website uses cookies and similar technologies to improve your browsing experience, analyse website traffic, and personalise content.

What Are Cookies?

Cookies are small text files stored on your device when you visit a website. They help websites remember your preferences and understand how you use the site.

Types of Cookies We Use

Cookie Type	Purpose	Duration
Essential Cookies	Required for the website to function properly (e.g., security, session management)	Session
Functional Cookies	Remember your preferences and choices to enhance your experience	Up to 1 year
Analytics Cookies	Help us understand how visitors use our website (e.g., Google Analytics)	Up to 26 months
Marketing Cookies	Track your activity to deliver relevant advertising (only with consent)	Up to 1 year

Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to:

• See what cookies are stored and delete them individually
• Block third-party cookies
• Block all cookies
• Clear all cookies when you close your browser

Please note that blocking all cookies may affect the functionality of our website. For more information, visit www.aboutcookies.org.

11. International Transfers

We primarily store and process your data within the United Kingdom. Where we need to transfer data outside the UK (for example, to cloud service providers), we ensure appropriate safeguards are in place:

• Transfers to countries with UK adequacy decisions (deemed to provide adequate data protection)
• Standard Contractual Clauses approved by the UK Government
• Other legally approved transfer mechanisms

If you would like more information about international transfers of your data, please contact us.

12. Children's Data

Our services are not directed at individuals under the age of 18, and we do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child, we will take steps to delete that information as soon as possible.

If you are a parent or guardian and believe we may have collected information about a child, please contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. When we make changes:

• We will update the "Last Updated" date at the top of this policy
• For significant changes, we will notify you by email or through a notice on our website
• We encourage you to review this policy periodically

Continued use of our services after changes to this policy constitutes acceptance of those changes.

14. Complaints

If you have any concerns about how we handle your personal data, please contact us directly. We take all privacy concerns seriously and are committed to resolving any issues promptly and fairly.

When raising a concern, please provide as much detail as possible about your complaint so we can investigate thoroughly. We aim to acknowledge all complaints within 5 working days and provide a full response within 28 days.

Our commitment is to handle your complaint with care, investigate it properly, and take appropriate action to resolve the matter to your satisfaction.

15. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how we handle your personal data, please contact us:

We aim to respond to all data protection enquiries within 5 working days. For Subject Access Requests and other formal requests, we will respond within one month as required by law.