GDPR Compliance
Last updated: 17 June 2026
Our Commitment to GDPR
energo-loop is committed to complying with the General Data Protection Regulation (GDPR) and protecting the privacy rights of individuals in the European Economic Area and the United Kingdom. This page outlines our compliance measures and your rights under GDPR.
Data Controller Information
energo-loop acts as the data controller for personal information collected through our website and services.
Contact details:
Email: [email protected]
Address: 42 Culinary Lane, Clerkenwell, London EC1M 5RF, United Kingdom
Lawful Basis for Processing
We process personal data only when we have a lawful basis to do so under GDPR Article 6:
- Consent: You have given clear consent for us to process your personal data for a specific purpose (such as submitting an enquiry form)
- Contract: Processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract
- Legal obligation: Processing is necessary for us to comply with the law
- Legitimate interests: Processing is necessary for our legitimate interests or the legitimate interests of a third party, provided those interests are not overridden by your rights and interests
Your Rights Under GDPR
You have the following rights regarding your personal data:
Right to Be Informed
You have the right to be informed about the collection and use of your personal data. We provide this information through our Privacy Policy and this GDPR page.
Right of Access
You have the right to request access to your personal data. This allows you to receive a copy of the personal data we hold about you and check that we are processing it lawfully.
Right to Rectification
You have the right to request correction of incomplete or inaccurate personal data we hold about you.
Right to Erasure
You have the right to request deletion of your personal data in certain circumstances, including:
- The personal data is no longer necessary for the purpose it was collected
- You withdraw consent and there is no other legal basis for processing
- You object to processing and there are no overriding legitimate grounds
- The personal data has been unlawfully processed
Right to Restrict Processing
You have the right to request restriction of processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing.
Right to Data Portability
You have the right to request transfer of your personal data to you or to a third party in a structured, commonly used, machine-readable format. This right applies when processing is based on consent or contract and is carried out by automated means.
Right to Object
You have the right to object to processing of your personal data where we are relying on legitimate interests, including profiling based on those interests. You also have the right to object to processing for direct marketing purposes.
Rights Related to Automated Decision-Making
You have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal effects or similarly significantly affect you. We do not currently use automated decision-making processes.
How to Exercise Your Rights
To exercise any of your GDPR rights, please contact us at [email protected]. Include the following information in your request:
- Your full name and contact details
- A description of the right you wish to exercise
- Any relevant details to help us locate your information
We will respond to your request within one month. If your request is complex or we receive multiple requests from you, we may extend this period by two months and will inform you of the extension and reasons for delay.
Data Security Measures
We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:
- Encryption of personal data during transmission
- Regular security assessments and updates
- Access controls and authentication procedures
- Staff training on data protection and security
- Incident response procedures
Data Breach Notification
In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.
Data Protection Impact Assessments
We conduct data protection impact assessments for processing activities that are likely to result in high risk to individuals' rights and freedoms. These assessments help us identify and minimise data protection risks.
Third-Party Processors
When we engage third-party processors to handle personal data on our behalf, we ensure they provide sufficient guarantees regarding data protection compliance. We have written contracts in place with all processors that specify their obligations and our rights.
International Data Transfers
If we transfer personal data outside the United Kingdom or European Economic Area, we ensure appropriate safeguards are in place, such as:
- Adequacy decisions by the relevant authority
- Standard contractual clauses approved by the relevant authority
- Binding corporate rules
Children's Data
We do not knowingly collect or process personal data from individuals under 16 years of age without parental consent. If you believe we have collected data from a child, please contact us immediately.
Supervisory Authority
You have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated. In the United Kingdom, the relevant authority is:
Information Commissioner's Office (ICO)
Website: ico.org.uk
Helpline: 0303 123 1113
Changes to GDPR Compliance
We regularly review our data protection practices and this GDPR compliance page. Any updates will be posted here with a revised date.
Contact Us
For questions about GDPR compliance or to exercise your rights, contact us at [email protected]