top of page

GDPR One-Page Summary

Smart Connect GDPR One-Page Summary

Introduction
The EU General Data Protection Regulation (GDPR) and the UK GDPR are laws that regulate the processing of personal data for individuals within the European Economic Area (EEA) and the UK. These regulations apply to all businesses that collect, store, or process personal data, including Self Gen Connect Ltd (SGC), which provides the Smart Connect platform to end users and installers.

Data Roles Under GDPR
The GDPR defines three roles that determine how data is handled:

  • End Users (Data Subjects): Individuals who provide their personal data and grant consent for processing. End Users have specific rights related to their personal data.

  • Controllers (SGC & Installers): SGC acts as a data controller for its own marketing purposes and to manage its own customers’ data through the Smart Connect platform. Approved installers act as controllers when determining how to use the data collected through the platform.

  • Processors (SGC): SGC also acts as a data processor on behalf of its customers (installers), managing data that installers collect from their customers.

User Consent and Data Collection

  • Consent: End Users must provide specific, freely given, informed, and unambiguous consent before their data can be processed.

  • Proof of Tenancy: Before accessing energy consumption data, proof of tenancy is required, verified through secure processes including address validation or other secure verification methods.

  • Data Access: The Smart Connect Consent Tool enables end users to manage their consent for sharing energy data with authorised installers. End users have the right to withdraw this consent at any time.

Privacy and Security

  • Privacy Policy: SGC provides a Privacy Policy that explains how personal data is collected, processed, and stored. Installers must ensure that their privacy policies also comply with GDPR requirements.

  • Data Security: Personal data is encrypted while stored and during transfer. All information is stored securely using Google Cloud Platform (GCP).

  • Data Subject Rights: End Users can access, correct, or request deletion of their personal data through the Smart Connect platform.

No Unauthorised Export
Installers and other controllers are strictly prohibited from exporting data beyond the scope of the user agreement. If an end user withdraws consent, any related data must be promptly deleted to ensure no further access.

Data Breaches and Notification

  • 72-Hour Notification: If a data breach occurs, SGC will notify the relevant supervisory authority within 72 hours. Affected customers will be notified within 48 hours.

  • Ongoing Support: SGC will assist customers in understanding their obligations for reporting data breaches and will provide details as needed.

Data Protection Officer (DPO)
SGC has appointed a Data Protection Officer to ensure compliance with GDPR. Controllers are encouraged to appoint a DPO, even if it is not mandatory, to manage data protection practices.

Data Erasure (Right to Be Forgotten)
End Users have the right to request that their data be deleted permanently. Controllers are responsible for ensuring data is deleted promptly upon request. SGC provides tools to delete or anonymise data held within the platform.

Compliance Measures
SGC takes multiple steps to ensure GDPR compliance:

  • Training: Staff members involved in data processing undergo GDPR training.

  • Auditing and Record-Keeping: Records of data processing activities are maintained to ensure transparency.

  • External Compliance Resources: For further guidance, users can refer to resources provided by the European Union at https://gdpr.eu/ or the UK Information Commissioner’s Office (ICO) at https://ico.org.uk/.

Contact Information
For more information on GDPR compliance or to request details about data processing practices, contact our Data Protection Officer at gdpr@selfgenconnectltd.co.uk.

Summary
SGC is committed to ensuring compliance with GDPR regulations for both the EU and UK. By using the Smart Connect platform, users agree to adhere to these data protection standards, which aim to protect the privacy and rights of data subjects, ensure transparency, and provide mechanisms for data subjects to control their data.

This summary provides a concise overview of SGC's GDPR compliance, responsibilities, and data handling practices, covering all major points discussed in our previous documents. If you need further modifications or more details, just let me know!

Self Gen Connect Ltd/TA sgcSmart Office Springboard Business Innovation Centre ~Wales, Llantarnam Park, Cwmbran, Torfaen. NP44 3AW. 

​

Registered Office Beaufort House  113 Parson Street, 

Bristol BS3 5QH

Email. getsmart@sgcSmart.com

Tel. 03332225013

  • Instagram
  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • TikTok
sgcSmart website logo.gif

© 2024 by sgcSmart.

bottom of page