GDPR

GDPR Privacy / Data‑Protection Statement

  1. 1. Overview & scope
    We, Cobalt Energy Ltd (“we”, “us”), process personal data about clients, staff, prospects and website users under UK GDPR and Data Protection Act 2018. This policy describes how we collect, use, store and protect your data.
  1. 2. Lawful basis & purposes
    We process personal data only when lawful, such as:
  • Contract – to fulfil agreements (e.g. project delivery).
  • Legal obligation – financial, tax, workplace safety.
  • Legitimate interests – for service development or compliance.

We inform you if processing requires consent, which can be withdrawn at any time.

  1. 3. Data collected
    We collect:
  • contact details (name, address, email, telephone);
  • professional information (job title, organisation);
  • billing & payment data;
  • communications and marketing consent.

We do not routinely process special-category data unless explicitly provided (e.g. for safety reasons).

  1. 4. How we collect it
    Data is collected via: contractual forms, email interactions, telephone calls, website contact forms, event registrations.
  1. 5. Data sharing
    We may share data with:We collect:
  • service providers (IT, cloud, legal, accounting) under strict obligations;
  • regulatory or legal authorities, if required by law;
  • group companies, for legitimate business purposes.

We do not transfer data outside the UK/EU without appropriate safeguards.

  1. 6. Retention
    We retain personal data only as long as necessary for its purpose:We may share data with:We collect:
  • client/project data until 6 years post‑contract;
  • marketing records until opt‑out;
  • website analytics anonymised regularly.
  1. 7. Data subject rights
    You have the right to:
  • access your data;
  • rectify inaccuracies;
  • erase data where lawful;
  • restrict or object to processing;
  • data portability (for digital data);
  • withdraw consent (if applicable);
  • lodge a complaint with the ICO (www.ico.org.uk).
  1. 8. Security measures
    We implement appropriate technical and organisational measures—password protection, encryption, restricted access—to protect data. We carry out DPIAs for high‑risk processing.You have the right to:
  1. 9. Transfers outside UK/EU
    Where required, data transfers outside the UK/EU are subject to standard contractual clauses or recognised adequacy decisions.We implement appropriate technical and organisational measures—password protection, encryption, restricted access—to protect data. We carry out DPIAs for high‑risk processing.You have the right to:
  1. 10. Updates to this policy
    Our policy may be updated to reflect legal or operational changes. The current version is dated 1 July 2025. We encourage regular review, especially before sharing your personal data.
  1. 11. Contact & DPO
    Questions, concerns or requests can be directed to:
    Data Protection Officer
     Cobalt Energy Ltd
    26a West Road House

About us

Sectors

Useful Info

Contact

West Road House

Suites 5 & 6

26a West Road

Buxton

Derbyshire

SK17 6HF

+44 (0) 1298 931 997

admin@cobaltenergy.co.uk