This website britishrenewables.com (Website) is operated by BSR Group Holdings Limited (BSR) whose registered address is at 35 and 35A The Maltings, Lower Charlton Trading Estate, Shepton Mallet, Somerset, BA4 5QE. In this document, we refer to BSR Group Holdings Limited, British Solar Renewables Pty Limited (ABN 52 621 591 580) (BSR Australia) and our related entities as “BSR Group”, “we” and/or “us”.
BSR operates this website for itself and the BSR Group.
BSR Group Holdings Limited is the controller of your personal information for the purpose of the UK and EU General Data Protection Regulation (GDPR).
If you are located in Australia, or if your personal data is handled by one of our Australian companies, then the Australian Privacy Act 1988 (Cth) (Australian Privacy Act), including the Australian Privacy Principles (APPs), may apply. In this policy, where we refer to personal data, this includes personal information under the Australian Privacy Act.
We use the Website to provide you with information about our products, services and job vacancies and to allow you to contact us if you wish to discuss your requirements with us.
We may also collect personal information from you if you submit a CV or other information to apply for a job or enquire as to whether we have any vacancies.
We may also collect personal information from you in connection with proposed development projects, where it is necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering a contract.
If you have any queries about the Website, this Privacy Notice or how we use your personal information, please contact compliance@britishrenewables.com.
1. Controller
A controller is the organisation that makes the decisions about what data is processed and is responsible for your personal data. BSR is the controller for the purposes of GDPR.
In Australia, your personal data may be collected and held by BSR Australia.
We can be contacted at:
UK
BSR Group Holdings Limited
35 and 35a The Maltings, Lower Charlton Trading Estate, Shepton Mallet, Somerset, England, BA4 5QE.
T.: 0145 822 4900
Email: compliance@britishrenewables.com
Australia
British Solar Renewables Pty Limited
Level 6, 100 Creek Street, Brisbane QLD 4000 Australia
Email: compliance@britishrenewables.com
2. The data we collect about you, how we use your personal data and our legal basis
Personal data means any information about an individual from which that person can be identified.
By law, we must have a legal basis for processing personal data. We take your privacy seriously and we will only ever collect personal data: (1) in Australia, where it is reasonably necessary to do so, or (2) in the EU or UK, where it is necessary, fair and lawful to do so.
Our legal bases for collecting and using your personal data are shown in Schedule 1.
BSR collects a range of personal data. Please refer to Schedule 1 or click on one of the links below for details on the data we collect about you, how we use your data and the legal basis for doing so for the purpose of the GDPR.
In Australia, we collect, use and disclose your personal data for the reasons, including disclosure to similar third parties, as set out for each category in Schedule 1.
Schedule 1
PART A – WEBSITE USERS
PART B – CONTACT DETAILS
PART C – LAND OWNERS
PART D – SITE VISITORS
PART E – FEEDBACK
PART F – CANDIDATES
PART G – SUPPLIERS
Please note the lists are non-exhaustive and there may be other examples where we need to share with other parties. Whenever we share your personal information, we will do so in line with our obligations to keep your information safe and secure.
We conduct an appropriate level of due diligence and put in place contractual documentation in relation to any sub-contractor to ensure that they process personal data appropriately and according to our legal and regulatory obligations.
3.International transfers
BSR Group
We share your personal data within the BSR Group and to third parties for the reasons described in this Privacy Notice. This may involve transferring your data outside the UK or the EU to our offices in Australia and vice versa.
Third Party Service Providers
All personal data is stored securely on cloud-based systems such as Microsoft 365/Azure and Amazon Web Services in the UK and Europe. Occasionally, we may use third party IT service providers who store data outside the UK and Europe.
Where data is transferred or stored outside the UK and Europe, we use specific standard contractual terms approved for use in the UK which give the transferred personal data the same protection as it has in the UK, namely the International Data Transfer Agreement. To obtain a copy of these contractual safeguards, please contact us at compliance@britishrenewables.com.
4. Data security
We are committed to keeping the personal data provided to us secure and we have implemented appropriate information security policies, rules and technical measures to protect the personal data that we have under our control from unauthorised access, improper use or disclosure, unauthorised modification and unlawful destruction or accidental loss.
All of our employees, consultants, workers and data processors (i.e. those who process your personal data on our behalf, for the purposes listed above), who have access to, and are associated with the processing of personal data, are obliged to respect the confidentiality of such personal data.
5. Retention of personal data
| Data that we process | Retention period |
| Your title, name, business address, telephone numbers and email addresses. | We retain your data for the life of the project, which could be over 40 years, if we have an agreement with you. |
| Site induction forms and records for visitors to our sites | 5 years. |
| Your image on CCTV | The footage normally overwrites itself after 60 days. We may keep it for longer, if necessary. |
| Recruitment data and CV’s | We keep all recruitment information for a period of 6 months in case of any employment tribunal or court claims. The data of the successful candidate will form the start of their HR file.
If you consent, we will keep your CV for a period of 12 months in case another position becomes available. |
| Contact information (which could include name, email addresses, telephone number and postal address) | We retain your data for as long as you are either working for a specific company or in the renewables sector. |
| Landowner information | We retain your data for the life of the project, which could be over 40 years, if we have an agreement with you.
If you aren’t interested in working with us at this time, we will delete your data on request but keep a record of the deletion. Or, if you consent, we will hold your information in case you may want to work with us at another time. |
| How to contact you – your title, name, address, telephone numbers and email addresses. | For AML purposes – 5 years after the end of a business relationship with a customer or after the date of an occasional transaction.
For sanctions list purposes – indefinitely To contact you for commercial reasons – while the company is still a client and for 6 years after. |
| Your contact with us – records of meetings, video or phone calls, emails or letters. | While the company is still a client and for 6 years after. |
| Criminal offence, fraud and sanctions data – as part of our regulatory obligations for combatting financial crime we may perform checks against fraud databases, sanctions lists (for politically exposed persons or their immediate family / close associations), or from other publicly available sources such as media outlets or social networking sites. | For AML purposes – 5 years after the end of a business relationship with a customer or after the date of an occasional transaction.
For the sanctions lists purposes – indefinitely. |
6. How to access your information and your other rights
Under the GDPR, you have the following rights in relation to the personal data we hold about you:
- Your right of access
If you ask us, we’ll confirm whether we’re processing your personal data and, if necessary, provide you with a copy of that personal data (along with certain other details). If you require additional copies, we may need to charge a reasonable fee. - Your right to rectification
If the personal data we hold about you is inaccurate or incomplete, you are entitled to request to have it rectified. If you are entitled to rectification and if we’ve shared your personal data with others, we’ll let them know about the rectification where possible. If you ask us, where possible and lawful to do so, we’ll also tell you who we’ve shared your personal data with so that you can contact them directly. - Your right to erasure
You can ask us to delete or remove your personal data in some circumstances such as where we no longer need it or if you withdraw your consent (where applicable). If you are entitled to erasure and if we’ve shared your personal data with others, we’ll let them know about the erasure where possible. If you ask us, where it is possible and lawful for us to do so, we’ll also tell you who we’ve shared your personal data with so that you can contact them directly. - Your right to restrict processing
You can ask us to ‘block’ or suppress the processing of your personal data in certain circumstances, such as where you contest the accuracy of that personal data or you object to us. If you are entitled to restriction and if we’ve shared your personal data with others, we’ll let them know about the restriction where it is possible for us to do so. If you ask us, where it is possible and lawful for us to do so, we’ll also tell you who we’ve shared your personal data with so that you can contact them directly. - Your right to data portability
You have the right, in certain circumstances, to obtain personal data you’ve provided us with (in a structured, commonly used and machine readable format) and to reuse it elsewhere or to ask us to transfer this to a third party of your choice. - Your right to object
You can ask us to stop processing your personal data, and we will do so, if we are:
– relying on our own or someone else’s legitimate interests to process your personal data, except if we can demonstrate compelling legal grounds for the processing; or
– processing your personal data for direct marketing purposes. - Your right to withdraw consent
If we rely on your consent (or explicit consent) as our legal basis for processing your personal data, you have the right to withdraw that consent at any time. - Your right to lodge a complaint with the ICO
If you have a concern about any aspect of our privacy practices, including the way we’ve handled your personal data, you can report it to the Information Commissioners Office. We would, however, appreciate the chance to deal with your concerns before you approach the Information Commissioners Office so please contact us in the first instance.
Please note that some of these rights may be limited where we have an overriding interest or legal obligation to continue to process the data or where data may be exempt from disclosure due to reasons of legal professional privilege or professional secrecy obligations.
Please refer to Schedule 2 for further details of jurisdiction-specific rights which you may have if you are located in Australia or one of our Australian group companies is handling your personal information.
7. Third-party links
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the Privacy Notice of every website you visit.
8. Changes to the Privacy Notice and your duty to inform us of changes
We keep our Privacy Notice under regular review.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us, for example a new address or email address.
SCHEDULE 1
HOW WE USE YOUR PERSONAL DATA, WHO WE MAY SHARE YOUR PERSONAL DATA WITH AND THE BASIS ON WHICH WE USE YOUR PERSONAL DATA
This Schedule provides details of data we collect about you, how we use your data and the legal basis for doing so for the purposes of the GDPR. In Australia, we collect, use and disclose your personal data for the reasons, including disclosure to similar third parties, as set out for each category in Schedule 1. We have also included additional Australia-specific requirements where relevant.
PART A – WEBSITE USERS
Personal data means any information about an individual from which that person can be identified. Personal data includes personal information for the purposes of the Australian Privacy Act.
You can contact us via our website. You will need to provide your name, email, and message and your phone number is optional.
We may also collect other personal data about you by cookies and/or other analytics data collected from your interactions with our website. Please refer to our Cookies Policy at BSR | Cookie Policy for more information.
We may use your information for the following purposes:
| Action | Legal Basis |
| We will reply to your message and keep a copy of it, if necessary (see below for those who give us feedback and landowners) | The initial legal basis is consent as you decide to give us your details. We have a legitimate interest in keeping a copy of the message and your details, if necessary. |
We may share website users’ personal data with a variety of the following categories of third parties as necessary:
| Entity | Legal Basis for Sharing |
| Third parties to whom we outsource certain services such as, without limitation, confidential waste disposal, IT systems or software providers, document and information storage providers | Legitimate interest |
PART B – CONTACT DETAILS
Personal data means any information about an individual from which that person can be identified.
For all contacts, we will have your name, email and phone number. In some cases, we may also hold address details.
We may use your information for the following purposes.
| Action | Reason | Legal Basis |
| To create or manage our business relationship with you
|
We collect and maintain personal data to enable us to have a business relationship with you | Legitimate interest |
We may share personal data with a variety of the following categories of third parties as necessary:
| Entity | Legal Basis for Sharing |
| Third parties to whom we outsource certain services such as, without limitation, confidential waste disposal, IT systems or software providers, document and information storage providers | Legitimate interest |
PART C – LAND OWNERS
Personal data means any information about an individual from which that person can be identified.
In the UK and Australia, we do searches to find landowners who may be interested in working with us. We start by obtaining the land title from the Land Registry office. From the title, we will get the name and the address of the landowner. We also do internet searches to find more information, such as an email or phone number, if there is a farm shop. If the land is owned by a company, we will check on Companies House for the name and address of the directors. We will also contact land agents.
In the UK, we use this information to contact landowners by post, initially. If we have an email, then we will use it but only after we have sent a letter.
In Australia, we use this information to initially contact landowners by post only.
If you are a landowner located in Australia and you wish to contact us via our online form, we may also collect your name, contact details, postal address, property address, and property details such as title number, current land use and size.
Once we have started negotiations with a landowner or have signed an agreement, then we will hold your details for the duration of the project.
We may use your information for the following purposes:
| Action | Reason | Legal Basis |
| We do searches in order to find the details of landowners and to contact them | We are always interested in finding new landowners for our projects | Legitimate interest |
| We keep the details of landowners and leases | We need to keep this information for the duration of the project | Contract |
| We keep the details of landowners who do not want to work with us | We need this to keep this information to ensure we do not contact those landowners again and to ensure landowners who opt out of communications do not receive further communications. | Legitimate interest |
We may share personal data with a variety of the following categories of third parties as necessary:
| Entity | Legal Basis for Sharing |
| Third parties to whom we outsource certain services such as, without limitation, confidential waste disposal, IT systems or software providers, document and information storage providers | Legitimate interest |
PART D – SITE VISITORS
Personal data means any information about an individual from which that person can be identified.
We may collect and use site visitor information for the following purposes. Additionally, in Australia, we may also collect and use sensitive information as defined under the Australian Privacy Act. This is similar to special category information under the GDPR and is offered a higher level of protection than other personal information under the Australian Privacy Act. The sensitive information we may collect and use from site visitors may include drug and alcohol testing, race and religion.
| Data that we Process | Legal Basis |
| Your title, name, business address, telephone numbers and email addresses | We have a legitimate interest in having this information. |
| Site induction forms and records for visitors to our sites | We have a legal obligation to ensure safety on our sites. |
| Your image on CCTV | We have a legitimate interest in protecting the safety and security of our sites. |
| Drug and alcohol testing | We have a legitimate interest in protecting the safety and security of our sites. Consent will also be obtained. |
Our business requirements – legitimate interests
| Action | Reason for Processing – Legitimate Interests |
| Purchasing, maintaining and claiming against our insurance policies | We need to protect our business. |
| Obtaining legal advice, establishing, defending and enforcing our legal rights and obligations in connection with, any legal proceedings or prospective proceedings | We need to understand our obligations and establish and defend our legal rights. |
We may share your information with the third parties in this chart. If you are in Australia, examples of government or regulatory authorities may include the Office of the Australian Information Commissioner (OAIC) or the Fair Work Ombudsman.
| Entity | Legal Basis for Sharing |
| Our professional advisers such as lawyers and accountants | Legitimate interest |
| Government or regulatory authorities, law enforcement, courts or tribunals | Legal obligation/ legitimate interest |
| Professional indemnity or other relevant insurers | Legitimate interest |
| Regulators/tax authorities/corporate registries | Legal obligation |
| Third parties to whom we outsource certain services such as, without limitation, confidential waste disposal, IT systems or software providers, document and information storage providers | Legitimate interest |
PART E – FEEDBACK
This Privacy Notice applies to people who provide us with feedback. It informs you how we look after your personal data and about your privacy rights.
We may use your information for the following purposes:
| Action | Reason | Legal Basis |
| We collect the name, email and or phone number and the comments given to us | We need to keep this information for the duration of the project because what individuals tell us about a project is very important | Legitimate interest |
We may share personal data with a variety of the following categories of third parties as necessary:
| Entity | Legal Basis for Sharing |
| Third parties to whom we outsource certain services such as, without limitation, confidential waste disposal, IT systems or software providers, document and information storage providers | Legitimate interest |
PART F – CANDIDATES
We collect information about our prospective employees when they apply for employment with us and we process it on an on-going basis. We will process the following data:
- Your application form containing your name, contact details, education and qualifications;
-
- A copy of each reference obtained for you;
- Documentary evidence of any qualifications;
- In order to employ you, we are required to establish your identity and your right to work in the UK. We will need a copy of your birth certificate and passport (if any) (name, date of birth, nationality, photo, passport number);
- If you require reasonable adjustments in order to attend an interview, then we will process your health data; and
- Information about you from your referees.
In Australia, we may also collect your Australian driver’s licence for identification and verification, information relating to Australian taxation or superannuation, or sensitive information such as criminal history, citizenship, and visa details.
All personal data is stored securely on cloud-based systems such as Microsoft 365/Azure and Amazon Web Services.
We ask you for personal details to assess your suitability as a candidate and to provide the best possible recruitment experience.
| Action | Legal Basis |
| Your submission of your CV or application | Consent |
| We will then process the data in your application or CV and the data collected on you during the recruitment process in order to assess your suitability for the position | Legitimate interest |
| Right to work checks | Legal obligation |
| We hold your CV and all data collected during the recruitment process for 6 months in the unlikely event of any employment tribunal claims | Legitimate interest |
| Information in order to make reasonable adjustments for you to attend an interview | Legal obligation |
| We may ask you if you would like us to hold your CV for a period of 12 months in case another position becomes available | Consent |
We may share your information with the third parties in this chart. If you are in Australia, examples of government and regulatory authorities may include the OAIC, the Fair Work Ombudsman, or the Australian Taxation Office (ATO).
| Entity | Legal Basis for Sharing |
| Our professional advisers such as lawyers and accountants | Legitimate interest |
| Government or regulatory authorities, law enforcement, courts or tribunals | Legal obligation/ legitimate interest |
| Professional indemnity or other relevant insurers | Legitimate interest |
| Regulators/tax authorities/corporate registries | Legal obligation |
| Third parties to whom we outsource certain services such as, without limitation, confidential waste disposal, IT systems or software providers, document and information storage providers | Legitimate interest |
If you aren’t interested in working with us at this time, we will delete your data on request but keep a record of the deletion. Or, if you consent, we will hold your information in case you may want to work with us at another time for a period of 12 months.
PART G – SUPPLIERS
The personal data about that we collect and process from our suppliers is shown in the table below.
In addition to the below, in Australia, if you work for one of our suppliers or you are a sole trader supplier, we may also collect details of your driver’s licence, or sensitive information such as drug and alcohol testing for safety and security purposes, race and religion.
| Data that we Process | Legal Basis |
| If you work for one of our suppliers, we will have your name, job role, business address, telephone number and email address | We have a legitimate interest in having this information |
| If you are one of our suppliers and are a sole trader or in a partnership, then we will have your name, job role, business address, telephone number and email address | We need this information in order to have a contract with you |
| We do anti-money laundering checks and use your name, job role, business address, telephone number and email address for these purposes. This is for sole traders, those in partnerships and for partners in limited liability partnerships and directors and persons with significant control in limited companies | We have a legal obligation to do AML checks |
| Your contact with us – records of meetings, video or phone calls, emails or letters | We have a legitimate interest in keeping a record of our correspondence |
| Criminal offence, fraud and sanctions data – as part of our regulatory obligations for combatting financial crime we may perform checks against fraud databases, sanctions lists (for politically exposed persons or their immediate family / close associations), or from other publicly available sources such as media outlets or social networking sites | We have a legal obligation to combat fraud and check the sanctions lists |
| Drug and alcohol testing | We have a legitimate interest in protecting the safety and security of our sites. Consent will also be obtained. |
Our business requirements – legitimate interests
| Action | Reason for Processing – Legitimate Interests |
| Purchasing, maintaining and claiming against our insurance policies | We need to protect our business. |
| Obtaining legal advice, establishing, defending and enforcing our legal rights and obligations in connection with, any legal proceedings or prospective proceedings | We need to understand our obligations and establish and defend our legal rights. |
We may share your information with the third parties in this chart. In Australia, examples of government or regulatory authorities may include the OAIC, the Fair Work Ombudsman or the ATO.
| Entity | Legal Basis for Sharing |
| Our professional advisers such as lawyers and accountants | Legitimate interest |
| Government or regulatory authorities, law enforcement, courts or tribunals | Legal obligation |
| Professional indemnity or other relevant insurers | Legitimate interest |
| Regulators/tax authorities/corporate registries | Legal obligation |
| Third parties to whom we outsource certain services such as, without limitation, confidential waste disposal, IT systems or software providers, document and information storage providers | Legitimate interest |
SCHEDULE 2
JURISDICTION-SPECIFIC REQUIREMENTS
AUSTRALIA
Where the Australian Privacy Act applies:
- You may request access to personal information. We will respond to your request within a reasonable period after the request is made, and give access if reasonable and practicable to do so. We may be entitled to refuse access (for example, if permitted by law, or where doing so would unreasonably impact on the privacy of other individuals). If so, we will provide you with reasons for refusal and any complaint mechanisms.
- If you ask us to correct personal information that we hold about you, we will take reasonable steps to ensure the information is accurate, up-to-date, complete, relevant and not misleading. We will respond to any requests for correction in accordance with the Australian Privacy Act, and within a reasonable period.
If you have a concern about our handling of your personal information under Australian law, please contact us in the first instance using the following contact details:
Phone: 1300 619 595
Email: compliance@britishrenewables.com
We will respond to your complaint in accordance with this Privacy Notice and the Australian Privacy Act. If you are not satisfied with our response, you may also contact the Office of the Australian Information Commissioner (OAIC):
Website: www.oaic.gov.au
Phone: 1300 363 992
Email: enquiries@oaic.gov.au