CASE – Compliance Advisory Service for Energy (“CASE”, “we”, “our”, or “us”) is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, share and protect your personal information when you interact with us as a client, prospective client, partner, or website user.

CASE forms part of the City Energy Network Group. This Policy also explains how and why your data may be shared within the Group and used by Group companies.

1. Who We Are

CASE – Compliance Advisory Service for Energy provides compliance, advisory, and support services to organisations operating within the energy, retrofit, and sustainability sectors. This may include guidance on regulatory compliance, accreditation support, quality assurance, auditing support, and scheme compliance advisory.

For the purposes of UK data protection law, CASE is the data controller of your personal data.

Contact details
Email: info@caseenergy.co.uk
Address: Unit 10, Lambourne Cres, Cardiff CF14 5GP
Telephone: 029 2076 3622

If you have any questions about this Policy or how we use your data, please contact us using the details above.

2. The Personal Data We Collect

Personal data means any information about a person from which that individual can be identified.

We may collect and process the following categories of personal data:

Identity data
Name, job title, company name.

Contact data
Business or residential address, email address, telephone number.

Business and compliance data
Accreditation details, compliance records, audit findings, certification information, scheme participation details, and service history.

Technical data
IP address, device type, browser information, and website usage data.

Marketing preferences
Consent records and opt-out preferences.

Communications data
Emails, calls, meeting notes, or messages you send to us.

We do not intentionally collect special category data.

3. How We Collect Your Data

We collect personal data when:

• You request compliance or advisory services.
• You engage with us for accreditation, audit, or regulatory support.
• You enter into a contract or service agreement with us.
• You contact us via phone, email, or online forms.
• You attend meetings, training sessions, or consultations with us.
• You use our website or digital platforms.
• You opt in to receive marketing communications.

We may also receive your personal data from other members of the City Energy Network Group when you receive related services from them.

Some technical data is collected automatically through cookies and similar technologies (see Section 12).

4. How We Use Your Personal Data

We are only permitted to use your personal data where we have a lawful basis for doing so. These lawful bases are outlined in Section 5.

We may use your personal data to:

• Provide compliance and advisory services.
• Support accreditation, certification, and audit preparation.
• Manage service agreements and contracts.
• Communicate with you about services and regulatory requirements.
• Improve our services and customer experience.
• Meet legal and regulatory obligations.
• Send marketing communications where permitted.

We do not sell your personal data.

5. Legal Bases for Processing

Under UK GDPR, we rely on the following lawful bases:

Contractual Necessity

Where processing is necessary to deliver compliance or advisory services or to take steps prior to entering into a contract. This includes processing contact details, company information, and compliance documentation.

Legal and Regulatory Obligations

Where processing is required to meet legal or regulatory requirements, including accreditation standards, scheme compliance, or audit requirements.

Legitimate Interests

Where processing is necessary to operate and improve our business, provide high quality services, and communicate responsibly with clients and stakeholders.

Consent

Where we request permission to use your data, typically for marketing communications.

6. Marketing Communications & PECR Compliance

How We Send Marketing

We will only send marketing communications where:

• You have provided consent, or
• You have previously engaged with us regarding similar services and:
  • We obtained your contact details during that engagement.
  • We are marketing similar or related services.
  • You were given an opportunity to opt out when your data was collected.
  • Each communication includes a clear unsubscribe option.

Your Right to Unsubscribe

• Every marketing email contains an unsubscribe link.
• You may opt out at any time, free of charge.
• Opt-out requests are processed promptly.
• We do not send unsolicited marketing where prohibited by law.

7. Sharing Data Within the City Energy Network Group

CASE may share your personal data with other companies within the City Energy Network Group where necessary and appropriate.

Why We Share Data

• To deliver coordinated services across the Group.
• To support clients receiving multiple related services.
• To maintain accurate compliance and service records.
• To provide information about complementary services offered by Group companies.
• To improve customer support and operational efficiency.

Safeguards

• Data is shared only on a need-to-know basis.
• All Group companies comply with UK GDPR.
• Data is not shared for unrelated or excessive purposes.
• You may object to marketing from Group companies at any time.

8. Sharing Personal Data with Third Parties

We may share personal data with trusted third parties, including:

• Accreditation bodies and regulatory organisations.
• Audit and compliance partners.
• IT, CRM, and software providers.
• Professional advisers including legal, financial, and compliance specialists.

All third parties must keep your data secure and use it only for agreed purposes. They are not permitted to use your data for their own marketing or unrelated activities.

Where data is transferred outside the UK, we ensure appropriate safeguards are in place, including approved contractual protections to maintain UK GDPR standards.

9. How Long We Keep Your Data

We retain personal data only for as long as necessary, including:

• While you remain a client or business contact.
• To meet legal, accounting, accreditation, or regulatory requirements.
• To resolve disputes or enforce agreements.

Retention periods are reviewed regularly.

10. Your Rights

You have the right to:

• Access your personal data.
• Request correction of inaccurate data.
• Request erasure of data in certain circumstances.
• Restrict or object to processing in certain circumstances.
• Withdraw consent at any time.
• Request data portability in certain situations.

More information is available from the Information Commissioner’s Office at www.ico.org.uk.

11. Complaints

You have the right to complain to the Information Commissioner’s Office (ICO). However, we encourage you to contact us first so we can try to resolve your concerns.

ICO Website: www.ico.org.uk

12. Cookies & Website Data

Our website uses cookies to:

• Ensure proper website functionality.
• Improve user experience.
• Analyse website performance.

You can manage cookie preferences via your browser settings or our website cookie notice.

13. Data Security

We implement appropriate technical and organisational measures to protect personal data, including:

• Access controls and user authentication.
• Secure systems and encryption.
• Staff training and confidentiality obligations.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The latest version will always be available on our website and will apply from the published effective date.

15. Contact Us

If you have any questions about this Privacy Policy or your data rights, please contact:

CASE – Compliance Advisory Service for Energy
Email: info@case.co.uk
Address: Unit 10, Lambourne Cres, Cardiff CF14 5GP