Hanley Energy is committed to respecting your privacy rights. This privacy notice lets you know what happens to any personal data that you give to us, or any that we may collect from or about you. It applies to all products and services, and instances where we collect your personal data.

Use the links below to find out more about how we use your personal information:

1. Who are we and how do you contact us and our Data Protection Coordinator?
2. What kinds of personal information about you do we process?
3. What is the source of your personal information?
4. What do we use your personal data for?
5. What are the legal grounds for our processing of your personal information (including when we share it with others)?
6. When do we share your personal information?
7. How and when can you withdraw your consent?
8. Is your personal information transferred outside the EEA?
9. What should you do if your personal information changes?
10. For how long is your personal information retained by us?
11. What are your rights under data protection laws?
12. How can I contact you if I have any questions or concerns?

1. Who are we and how do you contact us and our Data Protection Coordinator?

We are Hanley Energy Limited, Unit 7 & 8, Block 4, City North Business Park, Stamullen, Co Meath, Ireland, K32 RX53, 474751. We are a data controller of your personal data. This privacy notice applies to personal information processed by or on behalf of the Nordmore Holdings Ltd (NHM) Group of companies which means Hanley Energy Ireland, Hanley Energy Sweden, and Hanley Energy SA PTY (South Africa). Hanley Energy Ireland owns Hanley Energy LLC (USA), Hanley Energy GmbH (Germany), Hanley Energy PTY (Australia).

Changes to this privacy notice: We may change this privacy notice from time to time by updating this page in order to reflect changes in the law and/or our privacy practices. We encourage you to check this privacy notice for changes whenever you visit our website.

Hanley Energy and our Data Protection Coordinator

Given our size, we do not require a Data Protection Officer but we have a dedicated Data Protection Coordinator. You can contact the Data Protection Coordinator using the details below or by writing to the above address, marking it for the attention of the DPC or going to Contact Us.


2. What kinds of personal information about you do we process?

Personal information that we’ll process in connection with all of our products and services, if relevant, includes:

• Personal and contact details, such as title, full name, contact details and contact details history
• Occupational details, such as industry category, occupation and job title
• Products and services you avail of with us, details of your visits, as well as services you are interested in
• CCTV images from our offices.


3. What is the source of your personal information?

We collect personal information you give us, information about your use of our products and services or our website and information provided by third parties.


4. What do we use your personal data for?

We use your personal data for the following purposes:

• Managing and maintaining the product or service you have with us
• Updating your records
• Managing any aspect of the product or service
• To perform and/or test the performance of, our products, services and internal processes
• To improve the operation of our business and that of our business partners
• For management and auditing of our business operations including accounting
• To monitor and to keep records of our communications with you and our staff (see below)
• For research and analysis and developing statistics
• To develop new products and services and to review and improve current products and services
• To comply with legal and regulatory obligations, requirements and guidance
• To provide insight and analysis of our users and followers both for ourselves and for the benefit of business partners either as part of providing products or services, helping us improve products or services, or to assess or improve the operating of our businesses


5. What are the legal grounds for our processing of your personal information (including when we share it with others)?

We rely on the following legal bases to use your personal data:

1. Where it is needed under contract to provide you with our products or services, such as:
a) Providing a product or service, including consider whether or not to offer you the product/event, the price, the payment methods available and the conditions to attach
b) Managing products and services you hold with us
c) Updating your records, and ensuring we can contact you and doing this for payment (where appropriate)

2. Where it is in our legitimate interests to do so, such as:
a) Updating your records to enable us to contact you
b) To perform and/or test the performance of, our products, services and internal processes
c) To follow guidance and recommended best practice of government and regulatory bodies
d) To carry out monitoring and to keep records of our communications with you and our staff
e) For research and analysis and developing statistics
f) Subject to the appropriate controls, to provide insight and analysis of our product/service users to business partners either as part of providing services, helping us improve products or services, or to assess or to improve the operating of our businesses
g) Where we need to share your personal information with people or organisations in order to run our business or comply with any legal and/or regulatory obligations

3. To comply with our legal obligations

4. With your consent or explicit consent for some direct marketing communications


6. When do we share your personal information with other organisations?

We may share information with the following third parties for the purposes listed above:

• Governmental and regulatory bodies such as Revenue, the Data Protection Commissioner’s Office, etc
• Other organisations and businesses who provide services to us such as back up and server hosting providers, IT software and maintenance providers, document storage providers and suppliers of other back office functions
• Other IT service professionals who provide services to us


7. How and when can you withdraw your consent?

Where we’re relying upon your consent to process personal data, you can withdraw this at any time by contacting us using the Contact Us section on the website.


8. Is your personal information transferred outside the EEA?

We’re based in the Republic of Ireland and the vast majority of all data processing happens within the EEA but sometimes your personal information may be transferred outside the European Economic Area. If we do so we’ll make sure that suitable safeguards are in place, for example by using approved contractual agreements, unless certain exceptions apply.


9. What should you do if your personal information changes?

You should tell us so that we can update our records using the details in the Contact Us section of our website. We’ll then update your records if we can.


10. For how long is your personal information retained by us?

Unless we explain otherwise to you, we’ll hold your personal information based on the following criteria:

• For as long as we have reasonable business needs, such as managing our relationship with you and managing our operations
• For as long as we provide goods and/or services to you and then for as long as someone could bring a claim against us; and/or
• Retention periods in line with legal and regulatory requirements or guidance.


11. What are your rights under data protection laws?

Here is a list of the rights that all individuals have under data protection laws. They don’t apply in all circumstances. If you wish to use any of them, we’ll explain at that time if they are engaged or not.

• The right to be informed about the processing of your personal information
• The right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed
• The right to object to processing of your personal information
• The right to restrict processing of your personal information
• The right to have your personal information erased (the “right to be forgotten”)
• The right to request access to your personal information and to obtain information about how we process it
• The right to move, copy or transfer your personal information (“data portability”)
• Rights in relation to automated decision making which has a legal effect or otherwise significantly affects you
You have the right to complain to the Data Protection Commissioner’s Office which enforces data protection laws: https://www.dataprotection.ie/docs/Raise-a-Concern/1716.htm. You can contact us using the details below.

You have the right to object to certain purposes for processing, in particular to data processed for direct marketing purposes and to data processed for certain reasons based on our legitimate interests. You can contact us by going to the Contact Us section of our website to exercise these rights.


12. How can I contact you if I have any questions or concerns?

If you have any questions about this privacy notice, or if you wish to exercise your rights or contact the DPC, you can contact us by going to the Contact Us section of our website. Alternatively, you can write to Hanley Energy Limited, Unit 7 & 8, Block 4, City North Business Park, Stamullen, Co Meath, Ireland, K32 RX53, marking it for the attention of the DPC.