The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union. It addresses the export of personal data outside the EU. The GDPR aims primarily to give control back to citizens and residents over their personal data.
It requires that all personal data shall be:
• Processed lawfully, fairly and in a transparent manner
• Collected for specific and legitimate purposes
• Accurate and kept up to date, and erased when not up to date
• Not stored for any longer than necessary
• Processed in a manner that ensures appropriate security against personal data
In order to undertake the services highlighted above it is necessary for Beond to process personal data belonging, but not limited, to clients, prospective clients, energy suppliers, third party providers and strategic partners. Business related data is not applicable under GDPR – which has the intention of protecting personal data.
Personal Data which we hold about you
Under GDPR, usually Beond will only ever process necessary personal data, which is limited to first name, last name, email address and both landline and mobile telephone numbers. No sensitive personal data will be collected or processed in any way.
Purposes for Storing and Processing Data
We will process personal data for the purposes of:
Lawful basis for storing and processing data
Under the EU General Data Protection Regulation (GDPR) there are six lawful basis for processing personal data. These are detailed as follows:
The information relating to the six lawful basis for processing personal data is taken from the ICO website and the GDPR regulation documentation. Further information regarding the lawful basis for processing personal data can be found at ico.org.uk.
Other than employees, Beond stores personal data for the following types of individuals or businesses:
Clients and prospective clients can also be split into the following categories:
For the purposes of the GDPR, the Information Commissioner’s Office (ICO) treats sole traders and partnerships as retail consumers and not businesses so we have a further duty of care towards these individuals.
As a result, our business has decided on the 2 lawful bases below:
The rationale for such a decision is detailed below:
Legitimate Interest Assessment
Beond has carried out a Legitimate Interest Assessment (LIA) as advised by the ICO. Based upon that assessment it is deemed that the rights and freedoms of the data subjects would not be overridden in our processing of the personal data and that in no way would a data
subject be caused harm by the data processing carried out by Beond. It is deemed that any processing of data will be limited to business matters, and therefore any risk of personal compromise is extremely unlikely. It is also deemed that direct marketing and sales is necessary
in the context of keeping our clients and prospective clients informed about our services and important energy industry market intelligence and to generate business sales.
As a result, Beond will rely on the Legitimate Interest lawful basis for storing and processing personal data on behalf of all individuals that are not sole traders or partnerships.
Per the ICO guidance, Beond can confirm:
How we Procure Personal Data
At Beond we procure data in a variety of ways, collected in line with the lawful basis of ‘Legitimate Interests’. We collect and process personal data in the following ways.
How we Ensure Data Validity
Beond ensure the validity of the personal data contained within their client management software. The team continually cleanse the data, completing a full cleanse cycle of both business and personal data at least once every 12 months. Any records found to be out of date are placed into a deletion queue which is securely purged four times in a 12 month period. Beond takes data cleansing extremely seriously as this ensures a highly compliant solution as well as a high calibre solution for all Beond’s clients.
Data Storage and Retention
The personal data held is processed and stored in the UK within a secure environment. Beond has a continual cycle of cleansing and refreshing data, all data is verified at least once in a 12 month cycle. Any invalid records are labelled invalid.
Sharing personal data with third parties
It is sometimes necessary for Beond to outsource certain services to third party providers. As a result, personal data will be passed to these third party providers by Beond. Beond will only pass personal data to a third party provider when there is an agreement in place between
Beond and that third party provider, which addresses GDPR compliance by both parties.
Request to Object
Any individual has the right to object to receiving correspondence from Beond. All emailed correspondence provided to individuals will have an “unsubscribe” link. Individuals can unsubscribe by clicking on this link or by writing to Beond at the following address:
Beond Group Ltd
Chiswick Business Park
566 Chiswick High Road
All requests will be processed within 30 days. Please note that this applies only to the processing of your personally identifiable data, not that of the business data which does not fall under the remit of GDPR.
Request for Deletion
Any individual has the right for their personal data to be deleted by Beond. If you request deletion, we will remove any data we hold about you from our client management software.
We will process your request within 30 days.
Please make your request in writing by emailing: email@example.com or by writing to: Data Compliance, Beond Group Ltd, Building 11, Chiswick Business Park, 566 Chiswick High Road, London, W4 5YS.
Request for Data Held
You may request that we send you all of the data we hold that relates to you. Please make your request in writing; By emailing: firstname.lastname@example.org or by writing to: Data Compliance, Beond Group Ltd, Building 11, Chiswick Business Park, 566 Chiswick High Road, London, W4 5YS.
We will process and respond to your request within 30 days, this service will be free of charge.
This policy was last reviewed and updated on the 5th April 2018. Policies are periodically reviewed to ensure compliance with the current compliance environment.