Privacy Policy
Effective date: [PLACEHOLDER: DD Month YYYY]
![Photo of [Author Name]](/author-placeholder.svg){kind=small}
Smart Battery UK ("[PLACEHOLDER: Your registered business name or trading name]") respects your privacy and is committed to protecting your personal data. This policy explains what data we collect, why we collect it, who we share it with, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Data controller
The data controller responsible for your personal data is:
- Name: [PLACEHOLDER: Your full name or business name]
- Email: [PLACEHOLDER: privacy@example.com]
- Address: [PLACEHOLDER: Business address, if applicable]
If you have questions about this policy or your data, contact us using the details above.
2. What data we collect
We collect only the data you voluntarily provide through our eligibility check form:
| Data field | Purpose |
|---|---|
| Email address | To send your eligibility results and follow-up guidance |
| Battery brand and model | To identify which VPP programmes you qualify for |
| Solar panel status | To determine programme eligibility (some require solar) |
| Smart meter status | To confirm compatibility with VPP requirements |
| Ownership status | To tailor our guidance to your stage (installed, buying, researching) |
| Interest / goal | To prioritise relevant programme options |
| Postcode (if collected) | To identify regional DNO flexibility programmes and grid constraints |
We do not collect sensitive personal data (special category data), financial information, or data about children.
3. Lawful basis for processing
We process your personal data on the following lawful bases under Article 6 of the UK GDPR:
- Consent (Article 6(1)(a)) — when you submit the eligibility check form, you explicitly consent to us processing your data for the stated purpose. You may withdraw consent at any time (see Section 8).
- Legitimate interests (Article 6(1)(f)) — we may use aggregated, anonymised data to improve our comparison content and understand market trends. This does not identify you personally.
4. How we use your data
We use your data to:
- Assess which VPP and flexibility programmes match your battery system
- Send you personalised eligibility results via email
- Share your enquiry details with relevant partners (see Section 5) so they can contact you about programmes you qualify for
- Send follow-up guidance related to your enquiry (you can unsubscribe at any time)
We will never:
- Sell your data to third parties for their own marketing
- Use your data for purposes unrelated to your enquiry without your explicit consent
- Send unsolicited marketing for unrelated products or services
5. Who we share your data with
When you submit an eligibility check, we may share your enquiry details with:
- VPP providers and aggregators — the specific programmes your system qualifies for, so they can provide you with a quote, onboarding information, or further details
- Approved installer partners — if your enquiry relates to battery installation or upgrade services
- Email service provider — [PLACEHOLDER: e.g. Mailchimp, ConvertKit, Brevo] for delivering your results and follow-up emails. Data processed under a Data Processing Agreement (DPA).
- Hosting provider — [PLACEHOLDER: e.g. Vercel, Netlify] for website delivery. No personal data is stored on hosting servers beyond standard access logs.
We only share the minimum data necessary for each partner to fulfil their role. All partners are contractually required to process your data in accordance with UK GDPR.
We do not share your data with partners you have not expressed interest in. If your system qualifies for multiple programmes, only those you choose to explore further will receive your details.
6. Data retention
| Data type | Retention period |
|---|---|
| Eligibility form submissions | [PLACEHOLDER: e.g. 24 months from submission, then deleted] |
| Email marketing records | Until you unsubscribe, then deleted within 30 days |
| Anonymised analytics data | Retained indefinitely (no personal data) |
After the retention period, personal data is permanently deleted from our systems and we instruct partners to do the same.
7. Data security
We protect your data through:
- Encryption in transit (TLS/HTTPS on all pages and form submissions)
- Encrypted storage at rest where applicable
- Access controls limiting who can view personal data
- Regular review of data processing practices
No system is 100% secure. In the unlikely event of a data breach affecting your rights, we will notify you and the ICO within 72 hours as required by law.
8. Your rights
Under the UK GDPR, you have the following rights regarding your personal data:
- Right of access — request a copy of the personal data we hold about you
- Right to rectification — request correction of inaccurate data
- Right to erasure — request deletion of your data ("right to be forgotten")
- Right to restrict processing — request that we limit how we use your data
- Right to data portability — receive your data in a structured, machine-readable format
- Right to object — object to processing based on legitimate interests
- Right to withdraw consent — withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal
To exercise any of these rights, email [PLACEHOLDER: privacy@example.com]. We will respond within one calendar month.
If you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Helpline: 0303 123 1113
9. Cookies and analytics
[PLACEHOLDER: Detail your cookie usage here. If you use analytics (e.g. Google Analytics, Plausible, Fathom), state which service, whether it uses cookies, and whether data is sent outside the UK/EEA. Example below:]
This website uses [PLACEHOLDER: e.g. Plausible Analytics], a privacy-focused analytics tool that does not use cookies and does not collect personal data. No consent banner is required for this service.
We do not use advertising cookies or tracking pixels. If this changes in future, we will update this policy and implement a consent mechanism before deploying any cookie-based tracking.
10. International transfers
[PLACEHOLDER: If any of your processors (email provider, hosting, database) store data outside the UK, state this here with the safeguard mechanism — e.g. "Data may be processed in the United States by [Provider], protected by Standard Contractual Clauses (SCCs) approved by the ICO."]
Where data is transferred outside the UK, we ensure appropriate safeguards are in place as required by Chapter V of the UK GDPR.
11. Changes to this policy
We may update this policy from time to time. Material changes will be communicated via email to existing subscribers and noted on this page with an updated effective date. Your continued use of the site after changes constitutes acceptance of the updated policy.
12. Contact
For any privacy-related questions, data requests, or concerns:
- Email: [PLACEHOLDER: privacy@example.com]
- Post: [PLACEHOLDER: Business address]