1. Introduction

Grow Forward Ltd (“we”, “us”, “our”) respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, store, and protect your data when you visit our website, engage our consultancy services, or communicate with us.

We are a sustainability and energy consultancy that provides advice, assessments, and project support on Net Zero strategy, energy audits, solar PV, battery storage, and temporary clean energy systems. This policy is designed to ensure transparency and to help you understand your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Scope of This Policy

This Privacy Policy applies to all visitors to our website and clients who share their personal data with us through:

• Website enquiry and contact forms
• Email correspondence
• Phone calls, virtual meetings, or consultations
• Networking events or professional introductions

We do not use cookies, advertising trackers, or third-party behavioural analytics tools.

3. Information We Collect

We only collect personal data that is necessary to respond to your enquiries or to provide our professional services. This may include:

3.1. Information You Provide Directly

When you fill out a contact form, request a consultation, or communicate with us, we may collect:

• Full name
• Company name
• Email address
• Phone number
• Job title or role (if relevant)
• Project details or message content
• Any files or documents you choose to upload
• If you become a client, we may also collect:
• Business address and billing details
• Project specifications and correspondence
• Records of communications for project delivery

We do not request or process any sensitive personal data (such as health, ethnicity, or political opinions).

3.2. Automatically Collected Information

Our website may collect limited technical information automatically to ensure security and performance, such as:

• IP address (anonymised)
• Browser type and device information
• Date and time of access
• Referring website or search term

This information is used solely for maintaining website security and performance logs.

4. How We Use Your Information

We process your personal data only where it is lawful and necessary to provide our services or respond to your requests. We may use your information for the following purposes:

Responding to Enquiries:

• To reply to your contact form submissions, emails, or phone calls.
• Providing Consultancy Services:
• To deliver energy audits, sustainability assessments, and project advice in line with your request.

Business Operations:

To manage contracts, send invoices, and maintain accurate business records.

Client Relationship Management:

To follow up on previous enquiries, schedule meetings, and share updates related to ongoing projects.

Legal and Regulatory Compliance:

To comply with financial reporting obligations or respond to lawful requests by public authorities.

We do not use your personal data for marketing, profiling, or automated decision-making.

5. Legal Basis for Processing

Under UK GDPR, Grow Forward Ltd relies on the following lawful bases for processing your personal data:

Contractual necessity – When data processing is required to provide a service or fulfil an agreement you’ve requested.

Legitimate interest – For business purposes such as responding to enquiries, maintaining client relationships, and improving services, where these interests do not override your rights.

Legal obligation – Where we must process certain data to comply with tax, accounting, or legal requirements.

Consent – When you voluntarily provide data through our website forms or agree to receive information from us.

6. Data Storage and Retention

Your personal data is stored securely on password-protected systems and cloud-based platforms used for communication and document management. We take reasonable steps to ensure your data is not lost, misused, or accessed without authorisation.

We will retain your data only for as long as necessary to fulfil the purpose for which it was collected, or to comply with legal, contractual, and audit obligations.

Typical retention periods:

General enquiries: 12–18 months

Client and project records: Up to 7 years (for legal and financial purposes)

Email correspondence: As long as necessary to maintain professional continuity

When data is no longer required, it will be securely deleted or anonymised.

7. Data Sharing and Third Parties

Grow Forward Ltd does not sell or rent personal data to third parties.

We may share limited information with trusted third-party providers where necessary to deliver our services, including:

Email and cloud hosting services (e.g., Microsoft 365, Google Workspace)

Accounting and invoicing software

Subcontracted consultants or partners (only where required for your project)

All third-party service providers are bound by confidentiality and data protection agreements that ensure compliance with UK GDPR.

We will only share your personal data:

• With your explicit consent,
• When required by law, or
• To protect our legal rights or prevent fraud.

8. International Data Transfers

We primarily store and process data within the United Kingdom. If any third-party service providers process data outside the UK or European Economic Area (EEA), we ensure that appropriate data protection safeguards are in place—such as standard contractual clauses or adequacy decisions approved by the UK Information Commissioner’s Office (ICO).

9. Data Security

We use a combination of organisational and technical measures to protect your data, including:

• Encrypted cloud storage
• Strong password protocols and multi-factor authentication
• Access controls limited to authorised personnel
• Regular security and compliance reviews

Despite these safeguards, no online system can be entirely secure. We encourage clients to avoid transmitting sensitive personal information via unencrypted email.

10. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

• Right to Access – Request a copy of the personal data we hold about you.
• Right to Rectification – Request correction of any inaccurate or incomplete data.
• Right to Erasure (“Right to be Forgotten”) – Request deletion of your data when it is no longer required.
• Right to Restrict Processing – Ask us to limit how we process your data under certain conditions.
• Right to Data Portability – Request your data in a structured, commonly used format for transfer to another organisation.
• Right to Object – Object to processing where it is based on legitimate interests.
• Right to Withdraw Consent – Withdraw consent at any time, where processing is based on consent.

To exercise any of these rights, please contact us using the details provided below.

11. Children’s Data

Our website and services are intended for business users and professionals. We do not knowingly collect or process data from individuals under 16 years of age. If you believe a minor has provided personal data to us, please contact us immediately and we will delete it.

12. Links to Other Websites

Our website may include links to third-party websites for reference, such as trade associations, partner organisations, or industry resources. Please note that we are not responsible for the content or privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or website functionality. The updated version will be posted on this page with a new “Last Updated” date. We encourage you to review this page occasionally to stay informed.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact:

Grow Forward Ltd

[Insert Address]

Email: [Insert Email Address]

Phone: [Insert Phone Number]

If you are unsatisfied with our response or believe your data rights have been infringed, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at:

www.ico.org.uk or call 0303 123 1113.

Summary

Grow Forward Ltd is committed to ensuring that your personal information is handled responsibly, securely, and transparently. We value the trust you place in us when sharing your details and will always act with integrity and accountability to protect your privacy.