Net Zero Cornwall Ltd | www.netzeroaccreditation.com
Last updated: 7 May 2026
Data Controller: NetZero Cornwall Ltd, registered in England and Wales (Company No. 14190072)
Registered Address: Unit1, Wharf Road, Penzance, TR18 4FG, UK
Compliance Officer: Lisa Pressland
Contact Email: info@netzerocornwall.co.uk.-
Website: www.netzeroaccreditation.com
Net Zero Cornwall Ltd is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, store, and share your personal data when you visit or use our website at www.netzeroaccreditation.com (the “Site”), and tells you about your rights and how the law protects you.
Please read this Privacy Policy carefully. This policysupplements any other privacy or fair processing notices we may provide anddoes not override them. We encourage you to review this policy periodically asit may be updated from time to time.
Our Site is not intended for children under the age of 16, andwe do not knowingly collect personal data relating to children.
Please be aware that communications over the internet (such asemails) are not secure unless encrypted. We do not accept responsibility forunauthorised access to or loss of personal data beyond our reasonable control.
Our Site may contain links to third-party websites, plug-ins, and applications. We are not responsible for the privacy practices of those third parties and encourage you to read their privacy notices.
In this Privacy Policy, the following terms have the meanings set out below:
"Compliance Officer" means Lisa Pressland, who can be contacted by email at info@netzerocornwall.co.uk.
"Cookies" means a small amount of data sent from the server and stored on your device's hard drive.
"Data Protection Legislation" means the UK General Data Protection Regulation (UK GDPR) as retained in UK law by the European Union (Withdrawal) Act 2018, the Data Protection Act 2018 (DPA 2018),the Privacy and Electronic Communications Regulations 2003 (as amended), and all other applicable laws and regulations relating to the processing of personal data as amended or re-enacted from time to time.
"ICO" means the Information Commissioner’sOffice, the UK’s independent data protection authority.
"Site" means any and all websites owned oroperated by Net Zero Cornwall Ltd, including www.netzeroaccreditation.com.
"We", "us", "our" means Net Zero Cornwall Ltd, a company registered in England and Wales (Company No.14190072), Unit 1, Wharf Road, Penzance, TR18 4FG, UK.
"You", "your" means any individual,company, or other entity accessing our Site.
The terms "data controller", "dataprocessor", "personal data", "process","processing", "special category personal data" have themeanings given to them in the Data Protection Legislation.
Personal data means any information about an individual fromwhich that person can be identified. It does not include anonymised data. Wemay collect, use, store, and transfer the following categories of personal dataabout you:
• Identity Data: first name, last name, username orsimilar identifier, title, and date of birth.
• Contact Data: billing address, delivery address, emailaddress, and telephone numbers.
• Financial Data: bank account and payment card details.
• Transaction Data: details of payments to and from you,and details of products and services you have purchased.
• Technical Data: IP address, login data, browser typeand version, time zone setting and location, browser plug-in types andversions, operating system and platform.
• Usage Data: information about how you use our website,products, and services.
• Profile Data: username and password, purchases ororders made by you, your interests, preferences, feedback, and surveyresponses.
• Marketing and Communications Data: your preferences inreceiving marketing from us and your communication preferences.
We also collect, use, and share Aggregated Data (e.g.statistical or demographic data) which is not considered personal data as itcannot directly or indirectly identify you. If Aggregated Data is combined withpersonal data so that you become identifiable, we treat the combined data aspersonal data subject to this policy.
We do not knowingly collect or process special categorypersonal data (such as data about health, religion, or ethnicity) about you. Ifthis becomes necessary, we will inform you and seek your explicit consent asrequired.
Where we are legally required or contractually obliged tocollect personal data and you fail to provide it, we may be unable to performour contract with you. We will notify you of this at the relevant time.
You may provide us with your Identity, Contact, and FinancialData by filling in forms, corresponding by post, phone, or email, or otherwiseinteracting with us directly. This includes data you provide when you:
• Contact us via the Site or by email or telephone;
• Place an order for services and submit payment;
• Request a quotation for services;
• Create an account on our Site;
• Subscribe to our services or publications;
• Request marketing materials.
As you interact with our Site, we may automatically collectTechnical Data about your equipment, browsing actions, and patterns usingcookies, server logs, and similar technologies. This helps us manage andimprove our Site. Please refer to our Cookies Policy for further details.
We may receive personal data about you from the followingthird-party sources:
• Transaction Data from energy suppliers (such as BritishGas) to confirm your energy consumption and payment history.
• Identity, Contact, and Financial Data from creditreference agencies (such as Experian) when performing credit checks.
• Identity and Contact Data from lead generationproviders (such as Creditsafe).
• Identity and Contact Data from publicly availablesources within the UK, such as Companies House.
We will only use your personal data where we have a lawfulbasis to do so under the Data Protection Legislation. The lawful bases we relyon are:
• Performance of a contract: where we need to processyour data to perform our contract with you or to take steps at your requestbefore entering into a contract.
• Legal obligation: where we are required by law toprocess your data.
• Legitimate interests: where it is necessary for ourlegitimate business interests (or those of a third party), provided thoseinterests are not overridden by your rights and interests.
• Consent: where you have given us clear consent toprocess your data for a specific purpose (e.g. receiving marketing emails).
We use your personal data for the following purposes:
• To process and fulfil orders for services, includingprocessing payments.
• To create and provide quotations where you haverequested one.
• To respond to general queries raised via the Site, byemail, or by telephone.
• To send you relevant information about our serviceswhere we consider it may be of interest, in accordance with our legitimateinterests. You may opt out at any time.
• To rectify faults with our Site when you report them,in accordance with our legitimate interests.
• To analyse and improve the content and performance ofour Site, in accordance with our legitimate interests.
• To process applications for employment opportunitieswith us, in accordance with our legitimate interests as an employer.
• To comply with legal and regulatory obligations,including fraud prevention and detection.
• To perform credit referencing checks and identityverification.
• For the general administration and maintenance of ourrecords and database.
We will only use your personal data for the purposes for whichit was collected, unless we reasonably consider another use is compatible withthe original purpose. If we need to use your data for an unrelated purpose, wewill notify you and explain the legal basis for doing so.
We may use your Identity, Contact, Technical, Usage, andProfile Data to form a view on what products and services may be of interest toyou. We will only send you marketing communications where we have your consentor a legitimate interest to do so.
You can ask us to stop sending marketing messages at any timeby:
• Clicking the “unsubscribe” link in any marketing email;
• Updating your preferences in your account; or
• Contacting us directly at info@netzerocornwall.co.uk.
Where you opt out of marketing, this will not affect personaldata provided in connection with a purchase or service transaction.
We will obtain your express opt-in consent before sharing yourpersonal data with any third party outside Net Zero Cornwall Ltd for their ownmarketing purposes.
We may share your personal data with the following categoriesof third parties, only where necessary and lawful:
• Our employees and contractors who need to process yourdata to carry out their role.
• Service providers and suppliers engaged by us toperform services you have ordered, including information and quotationservices, credit agencies, and data sources.
• Financial service providers used to process payments and perform security checks.
• Marketing companies used to produce and distribute ourmarketing communications.
• Professional advisers (lawyers, accountants, auditors) as necessary.
• Regulators, government bodies, or law enforcementagencies where required by law or to protect rights, property, or safety.
• Fraud prevention and credit risk organisations, where we are required to share information for these purposes.
• A prospective buyer or seller in the event of abusiness sale or acquisition, where disclosure is necessary to allow thetransaction to proceed.
We require all third parties to respect the security of yourpersonal data and to treat it in accordance with the law. We do not permit ourthird-party service providers to use your personal data for their own purposes;they may only process your data for specified purposes and in accordance withour instructions.
Some of our third-party service providers are based outsidethe United Kingdom. Where we transfer personal data to countries outside theUK, we ensure an equivalent level of protection is applied by using one or moreof the following safeguards:
• Transferring only to countries that the UK Governmenthas determined provide an adequate level of data protection (known as “adequacyregulations” under UK GDPR).
• Using standard contractual clauses (SCCs) approved oradopted under UK GDPR (the UK’s International Data Transfer Agreement (IDTA) oraddendum to EU SCCs), which provide personal data with equivalent protection tothat in the UK.
• Where we use providers based in the United States or other countries, we will ensure appropriate safeguards are in place as required under UK GDPR Article 46.
Please note: following the UK’s departure from the European Union, transfers of personal data are now governed by UK GDPR and the DPA 2018,not by EU GDPR or the EU–US Privacy Shield framework (which has been replaced by the EU–US Data Privacy Framework, applicable to EU transfers). We keep our international transfer mechanisms under review and update them as required by UK law.
The software package we use to manage our client database maybe hosted by a provider whose servers are located outside the UK. We ensure appropriate safeguards are in place for any such transfers.
We will only retain your personal data for as long asnecessary to fulfil the purposes for which it was collected, includingsatisfying any legal, accounting, or reporting requirements.
In determining the appropriate retention period, we consider:the amount, nature, and sensitivity of the personal data; the potential risk ofharm from unauthorised use or disclosure; the purposes for which we process it;and the applicable legal requirements.
As a minimum, we are required by law to keep basic information about our customers (including Contact, Identity, Financial, and Transaction Data) for six years after they cease being customers, for tax and accounting purposes.
We may anonymise your personal data for research orstatistical purposes, in which case we may use this information indefinitelywithout further notice to you.
Full details of our retention periods are available in ourRetention Policy. Please contact our Compliance Officer to request a copy.
Under UK GDPR and the Data Protection Act 2018, you have thefollowing rights in relation to your personal data:
• Right of access (Subject Access Request): to receive acopy of the personal data we hold about you and to verify that we areprocessing it lawfully.
• Right to rectification: to have any inaccurate orincomplete personal data corrected.
• Right to erasure (“right to be forgotten”): to ask usto delete your personal data where there is no good reason for us to continueprocessing it, subject to certain legal exceptions.
• Right to object: to object to processing of yourpersonal data where we rely on legitimate interests, or where we are using itfor direct marketing purposes.
• Right to restrict processing: to ask us to suspendprocessing of your personal data in certain circumstances (e.g. while accuracyis contested, or where processing is unlawful but you do not want erasure).
• Right to data portability: to receive your personal data in a structured, commonly used, machine-readable format and to have it transferred to another controller, where technically feasible. This applies where processing is based on consent or contract.
• Right to withdraw consent: where processing is based onyour consent, to withdraw that consent at any time. Withdrawal will not affectthe lawfulness of processing carried out before withdrawal.
• Rights related to automated decision-making: not to besubject to a decision based solely on automated processing (includingprofiling) that produces legal or significant effects on you, unless anexemption applies.
To exercise any of these rights, please submit a written request to our Compliance Officer at info@netzerocornwall.co.uk or by post to Unit 1, Wharf Road, Penzance, TR18 4FG.
You will not usually be charged a fee to exercise your rights. However, we may charge a reasonable fee if a request is clearly unfounded, repetitive, or excessive. We will endeavour to respond to all legitimate requests within one calendar month. Where requests are complex or numerous, we may extend this period by up to two further months and will notify you accordingly.
We may need to verify your identity before processing yourrequest. We may also ask for further information to help us respondefficiently.
Our Site uses cookies to enhance your user experience and helpus understand how the Site is used. A cookie is a small file sent from ourserver and stored on your device.
When you first visit the Site, you will be asked to provideyour consent for the use of non-essential cookies. You may declinenon-essential cookies, though this may affect your ability to use certainfeatures of the Site.
You can manage your cookie preferences at any time throughyour browser settings or our cookie management tool. For further details,please refer to our Cookies Policy.
We are committed to protecting your personal data. We haveimplemented appropriate technical and organisational measures to preventunauthorised access, misuse, alteration, unlawful or accidental destruction, oraccidental loss of your personal data.
All personal data is stored on secure servers. Financial Datais encrypted in transit and at rest. All employees and contractors with accessto personal data are contractually obliged to treat it confidentially.
We have procedures in place to detect, investigate, andrespond to suspected personal data breaches. Where we are legally required todo so, we will notify you and the ICO of any breach.
This Privacy Policy applies only to personal data we collectand process via our Site and in the course of our business activities. It doesnot apply to personal data you provide directly to third parties, including oursuppliers or other parties whose services are promoted or available via ourSite. Those third parties will have their own privacy notices, which weencourage you to read.
We may update this Privacy Policy from time to time to reflectchanges in law, our business practices, or data processing activities. Anychanges will be posted on this page with an updated “Last updated” date. Wherechanges are material, we will take reasonable steps to bring them to yourattention. Please check this page periodically.
If you have any questions, concerns, or requests in relation to this Privacy Policy or our use of your personal data, please contact our Compliance Officer:
Name: Lisa Pressland, Compliance Officer
Email: info@netzerocornwall.co.uk
Post: Net ZeroCornwall Ltd, Unit 1, Wharf Road, Penzance, TR18 4FG, UK
Website: www.netzeroaccreditation.com
You have the right to make a complaint at any time to theInformation Commissioner’s Office (ICO), the UK supervisory authority for dataprotection matters:
ICO Website: www.ico.org.uk
ICO Helpline: 0303123 1113
ICO Post: InformationCommissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
We would appreciate the opportunity to address your concernsbefore you approach the ICO. Please contact us in the first instance so that wecan try to resolve the matter for you.
