HomeAboutPartnerTechnologySolutionsProjectsNewsInvestors
Build Together

Home

About

Partner

Our Technology

Solutions

Projects

News

Investors

Contact Details

info@eco-buildings.net

+44 (0) 207 380 0999

Office Address

160 Camden High Street, NW1 0NE

London, UK

Social

X

LinkedIn

Privacy Policy

Your privacy matters to us

We are committed to protecting your personal information and being transparent about how we collect, use, and store it. This policy explains our practices and your rights.

Name, email, phone and your enquiry via our contacting form; and

IP address/MAC address when you use the website.

We collect information about you when you register with us or place an order for products or services. We also collect information when you voluntarily complete customer surveys, provide feedback. Website usage information is collected using cookies.

We need your name and contact details in order to answer your enquiry and we process this data with your consent. We need your IP address and MAC address for security reasons, and this is a legitimate activity for a business.

To comply with any applicable laws and regulations.

We collect information about you to process your order, manage your account and, if you agree, to email you about other products and services we think may be of interest to you. In processing your order, we may send your details to, and also use information from credit reference agencies and fraud prevention agencies.

Marketing

We will not share your information for marketing purposes with companies outside of Eco Buildings Group Plc and its subsidiaries.

We would like to send you information about our products and services which may be of interest to you. If you have consented to receive marketing, you may opt out at a later date.

You have a right at any time to stop us from contacting you for marketing purposes, if you no longer wish to be contacted for marketing purposes, please email: info@eco-buildings.net

Do We Use Any Automated Decision Making?

We do not use any automated decision making.

Do We Transfer Your Personal Data Outside Of The EEA?

We do not transfer your personal data outside of the EEA.

You have rights in respect of our processing of your personal data which are:

  • To access your personal data and information about our processing of it. You also have the right to request a copy of your personal data (but we will need to remove information about other people).
  • To rectify incorrect personal data that we are processing.
  • To request that we erase your personal data if: we no longer need it; if we are processing your personal data by consent and you withdraw that consent; if we no longer have a legitimate ground to process your personal data; or we are processing your personal data unlawfully
  • To object to our processing if it is by legitimate interest.
  • To restrict our processing if it was by legitimate interest.
  • To request that your personal data be transferred from us to another company if we were processing your data under a contract or with your consent and the processing is carried out automated means.

If you want to exercise any of these rights, please contact us at info@eco-buildings.net

Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity.

For further information visit www.aboutcookies.org or www.allaboutcookies.org.

You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However in a few cases some of our website features may not function as a result.

Our website contains links to other websites. This privacy policy only applies to this website so when you link to other websites you should read their own privacy policies.

Pages on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.

This privacy policy was last updated on 5 September 2022.

Therefore, the reporting obligations only apply to personal data. It also only applies to living people.

When considering whether a personal data breach has occurred, the following three factors should be considered:

Types of Breaches

A confidentiality breach is where there is an unauthorised or accidental disclosure of, or access to personal data.

An integrity breach is where there is an unauthorised or accidental alteration of personal data. This can include hard copies being damaged by fire or flood.

And availability breach is where there is an accidental or unauthorised loss of access to, or destruction of, personal data.

Not all three abovementioned factors need to be present for it to be a data breach. Any of these factors alone can be sufficient for a personal data breach. Each case will depend on its own facts.

Reporting To ICO

When a personal data breach has occurred, you need to establish the likelihood and severity of the resulting risk to people's rights and freedoms.

Although a data breach may have occurred, not every personal data breach needs to be reported to the ICO.

Adverse effects and risks of not addressing a personal data breach in an appropriate and timely manner can result in physical, material or non-material damage to natural persons such as loss of control over their personal data or limitation of their rights, discrimination, identity theft or fraud, financial loss, unauthorised reversal of pseudonymisation, damage to reputation, loss of confidentiality of personal data protected by professional secrecy or any other significant economic or social disadvantage to the natural person concerned would be considered a likely risk.

The Company must report a notifiable breach to the ICO without undue delay and not later than 72 hours after becoming aware of it.

If it`s likely that there will be a risk, then the Company needs to notify the ICO. If a decision was made that the breach doesn`t need to be reported, then the Company needs to be able to justify such decision and it should be documented.

When deciding whether to notify the ICO the following factors should be considered:

  • severity;
  • type of breach (e.g. is the breach a disclosure or loss of data?);
  • sensitivity (e.g. is the data related to medical information?);
  • how easy is it to identify individuals from that data;
  • potential consequences;
  • any special characteristics of the individual (e.g. did the data that was compromised belong to a vulnerable individual?)

When reporting a breach to the ICO the following information must be provided:

  • a description of the nature of the personal data breach including, where possible: the categories and approximate number of individuals concerned; and the categories and approximate number of personal data records concerned.
  • the name and contact details of the data protection officer or other contact point where more information can be obtained;
  • a description of the likely consequences of the personal data breach;
  • a description of the measures taken, or proposed to be taken, to deal with the personal data breach, including where appropriate, the measures taken to mitigate any possible adverse effects.

Reporting To Individuals

If a breach is likely to result in a high risk to the rights and freedoms of individuals, the Company must inform those concerned directly and without undue delay.

A "high risk" means the threshold for informing individuals is higher than for notifying the ICO. The Company will need to assess, both, the severity of the potential or actual impact on individuals because of a breach and the likelihood of this occurring. If the impact of the breach is more severe, the risk is higher; if the likelihood of the consequences is greater, then, again, the risk is higher. In such cases, the Company will need to promptly inform those affected, particularly, if there is a need to mitigate an immediate risk of damage to them. One of the main reasons for informing individuals is to help them to take steps in protecting themselves from the effects of a breach.

In its response the Company would need to describe, in clear and plain language, the nature of the personal data breach and, at least:

  • the name and contact details of the data protection officer or other contact point where more information can be obtained;
  • a description of the likely consequences of the personal data breach; and
  • a description of the measures taken, or proposed to be taken, to deal with the personal data breach and including, where appropriate, of the measures taken to mitigate any possible adverse effects.

Record Keeping

The Company will ensure that it records all breaches, regardless of whether or not such breaches need to be reported to the ICO.

Article 33(5) of the GDPR requires the Company to document the facts relating to the breach, its effects and remedial action taken. This is part of the Company's overall obligation to comply with the accountability principle and allow to verify the Company's compliance with its notification duties under the GDPR.

As with any security incident, the Company will investigate whether of not the breach was a result of human error or systemic issue and see how a recurrence can be prevented – whether this is through better processes, further training, or other corrective steps.

Please contact us if you have any questions about our privacy policy or information we hold about you

By email: info@eco-buildings.net

By post: Eco Buildings Group Plc, 160 Camden High Street, London NW10NE

Get in touch
Cookies|Disclaimer|Privacy Policy|All rights reserved © 2025