GDPR Policy

The General Data Protection Regulation (GDPR) came into effect on 25 May 2018 and forms part of UK data protection law alongside the Data Protection Act 2018 (UK).

We use personal data to quote, arrange, and manage business energy contracts, and communicate as part of delivering our services.

UK Business Energy Broker, as the Data Controller, is responsible for determining how and why your personal data is processed. As a sole trader, we are not required to appoint a Data Protection Officer under UK GDPR. All client information is stored electronically using secure, access-controlled systems. No paper records are kept. Some of our trusted suppliers and service partners may process or store data outside the UK. Where this occurs, we ensure that appropriate safeguards – such as UK-approved Standard Contractual Clauses (SCCs) – are in place to keep your data protected.

.
Suppliers acting as Data Processors
We use a number of trusted service providers to operate and deliver services. These providers may process personal data on our behalf and are listed below.

#1 Microsoft
#2 Google
#3 Zoho
#4 Filen
#5 Authy
#6 WordPress and Hostinger
#7 Signable
.
Suppliers acting as Data Controllers:
#8 Business energy aggregators/suppliers
.
.
#1 Microsoft
Windows 11 and Office documents containing sensitive data are password-protected and backed-up to encrypted cloud storage.
Microsoft’s GDPR statement
.
.
#2 Google
Contact information is saved in Google Contacts.
Google’s GDPR statement
.
.
#3 Zoho
Business data is saved in various Zoho applications.
Zoho’s GDPR statement
.
.
#4 Filen
All files are encrypted and backed-up using Filen.
Filen‘s Privacy Policy
.
.
#5 Authy
Additional security is provided using Two-factor Authorisation (2FA).
Twilio’s GDPR statement
.
.
#6 WordPress and Hostinger
Data is collected through the UK Business Energy Broker website via the contact page, transferring information to our Zoho Mail account. Our website is managed through WordPress and hosted by Hostinger; both of which are protected by passwords and 2FA.
WordPress’ GDPR statement
Hostinger‘s Policies
.
.
#7 Signable
We utilise Signable for clients to digitally sign documents e.g. LOAs (Letter of Authority)
Signable’s GDPR Policy

#8 Business energy aggregators/suppliers
We share information with an energy aggregator (Online Direct) to process energy contracts with various energy suppliers.
We process contracts directly with D-ENERGi.
Online Direct’s GDPR Policy
D-ENERGi’s GDPR Policy

#9 AI-Assisted Tools

UK Business Energy Broker may use secure AI-assisted tools to support internal document preparation, data analysis, and correspondence drafting as part of delivering consultancy and brokerage services.

These tools are used solely to assist with internal administrative and analytical functions. They are not used for automated decision-making or profiling in respect of clients.

Where AI-assisted tools are used:

• Personally identifiable information (PII), including names, email addresses, telephone numbers, MPANs, account numbers, meter serial numbers, and full site addresses, is redacted or anonymised wherever reasonably practicable before input.
• Data minimisation principles are applied at all times.
• Only information necessary for the provision of contracted services is processed.
• No unnecessary personal data is shared.

AI tools are used in a manner proportionate to the legitimate interests of delivering professional consultancy services and subject to appropriate technical and organisational safeguards.

UK Business Energy Broker remains the Data Controller and retains full responsibility for compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 in respect of all personal data processed.

.
.

.
.
What personal data we collect
UK Business Energy Broker considers there to be either a contractual or legitimate business interest to maintain contact with current clients, partners and suppliers. We only collect and process personal data we require to provide a specific service, which may include the following personally identifiable information: name, company name, e-mail address, telephone number and address (collectively called Contact Information). In addition, if you contact us directly, we may receive additional information, the contents of any message and/or attachments you send us, and any other information you choose to provide. The personal information you are asked to provide, and the reasons you are asked to provide it, will be made clear to you when we request your personal information.

We process personal data on the lawful bases of contractual necessity (to provide energy brokerage services) and legitimate interests (to communicate with clients, suppliers, and partners about our services).
.
How we handle your personal data
UK Business Energy Broker uses your data to provide specific services, and makes this data available only to trusted third parties relating to a specific service i.e. energy aggregators/suppliers for energy contracts.
.
How we protect your personal data
UK Business Energy Broker takes reasonable precautions, utilising encryption (#4) and two-factor authentication (#5) to protect data in our possession from loss, misuse, and unauthorised access.
.
How long we process your personal data
The personal data we process for any purposes will not be held for a longer period than we have an ongoing legitimate business need to do so. When we have no ongoing legitimate business need to process your personal information, we will either delete or, if not possible, continue to securely store your information and isolate it from any further processing until deletion is possible.
.
How we process requests for data
Any clients, suppliers, or partners who wish to receive copies of the personal data UK Business Energy Broker holds about them can request this free of charge. We aim to respond within one month. A reasonable administrative fee may only be applied where a request is manifestly unfounded, excessive, or repetitive, as permitted under UK GDPR.

YOUR RIGHTS.

Right of access: You have the right to obtain from us information concerning you and to request copies of your personal data.

Right to rectification: You have the right to request correction of inaccurate personal data, and provide information to correct mistakes.

Right to be forgotten: You have the right to request erasure of your personal data, and we are obliged to delete it without undue delay.

Right to restriction of processing: In certain situations, you have the right to obtain from us the restriction of processing.

Right to data portability: You have the right to receive your data in a structured, commonly used & machine-readable format; and to transmit your data to another controller.

Right to object: In certain situations, you have the right to object to the processing of your personal data e.g for marketing purposes.

Right to file complaints: You have the right to file complaints with the ICO regarding our processing of your personal data.

.
If you wish to make a request regarding your personal data, related to any of the rights mentioned above, please contact us.

UK Business Energy Broker
Created: 19th May 2018
Last updated: 26th February 2026