edge energy – governance & compliance pack

1. Privacy Policy

1.1 Introduction

Edge Energy Consulting Ltd ('we', 'us', 'our') is committed to protecting and respecting the privacy of all individuals whose personal data we process. This Privacy Policy explains how we collect, use, store and share your personal information when you engage with our services or visit our website at www.edge-energy.uk. We are registered as a data controller with the Information Commissioner's Office (ICO). This policy is reviewed annually and updated to reflect any changes in law or our business practices.

1.2 Who We Are

Edge Energy Consulting Ltd is an independent business energy and utilities consultancy providing energy procurement, water procurement, energy management reporting and sustainability advisory services to commercial and industrial clients across the United Kingdom. We act as an intermediary between our clients and energy, water and associated utility suppliers.

1.3 Data We Collect

Identity data (full name, job title, company name, directorship info)
Contact data (business address, email, telephone)
Financial/billing data (bank account, payment history, credit info)
Contract/consumption data (energy/water contracts, MPRNs, SPIDs, invoices, consumption history)
Communications data (calls, emails, correspondence)
Technical data (IP addresses, browser type, website usage via cookies)
Marketing preferences

1.4 How We Collect

Directly from you
From energy/water suppliers where authorised
From third-party data providers
Via website cookies/analytics

1.5 Legal Basis

Performance of contract
Legitimate interests
Legal obligation
Consent

1.6 How We Use Your Data

To provide services, source/compare/negotiate contracts
To manage accounts and issue compliance documents
To communicate renewals and handle queries/complaints
To fulfil legal obligations
To analyse and improve our services

1.7 Sharing

We may share your data with:

Energy/water suppliers
Regulated industry data services
Software/CRM providers under Data Processing Agreements (DPAs)
Professional advisers
Regulatory authorities

We do not sell personal data.

1.8 Data Retention

Personal data is retained only as long as necessary. Client contract records are retained for a minimum of 6 years after the contractual relationship ends.

1.9 Your Rights

Right to be informed
Right of access
Right to rectification
Right to erasure
Right to restrict processing
Right to data portability
Right to object
Rights related to automated decision-making

We will respond to any request within one calendar month.

1.10 Data Security

We implement appropriate technical and organisational measures to protect your data. All staff are trained in data protection.

1.11 Changes

This policy may be updated from time to time. The latest version is always available at www.edge-energy.uk.

1.12 Contact

Edge Energy Consulting Ltd
3 River Court, Richmond, TW10 6QY
info@edge-energy.uk
Company No: 17125035
ICO Registration: Pending

2. Terms of Business

2.1 About Us

Edge Energy Consulting Ltd is an independent energy and utilities consultancy. Company No: 17125035.

2.2 Our Services

Tendering energy and utility contracts
Negotiating terms on your behalf
Account management
Data analysis
Sustainability advisory
Renewal management

2.3 Your Authority

A Letter of Authority (LOA) appoints Edge Energy as your agent to contact suppliers, obtain data, request quotations and negotiate contracts on your behalf. The LOA does not transfer ownership of your account. You retain full authority over your energy supply and can withdraw the LOA at any time.

2.4 Your Obligations

Provide accurate information
Inform us of any changes to your circumstances
Review quotations in a timely manner
Notify us of any direct negotiations with suppliers
Ensure the LOA remains current

2.5 Our Obligations

Act in your best interests
Provide clear and accurate information
Disclose commission arrangements
Maintain confidentiality
Comply with all applicable laws and regulations

2.6 Remuneration

We receive commission from suppliers, which is embedded in the unit rate. Customers can request details of our commission at any stage.

2.7 Contract Acceptance

No contract will be executed without your express prior approval.

2.8 Liability

Edge Energy acts as an intermediary and is not liable for supplier performance or market fluctuations. We exercise reasonable care and skill in providing our services. We are not liable for:

Decisions you make based on our information
Supplier acts or omissions
Consequential loss
Force majeure events

2.9 Confidentiality

Both parties agree to keep all information confidential. This obligation survives termination of the agreement.

2.10 Termination

Either party may terminate with 30 days' written notice. Existing contracts remain unaffected. Commission continues for the duration of any contracts arranged.

2.11 Complaints

Please refer to our Complaints Procedure available at www.edge-energy.uk.

2.12 Governing Law

These terms are governed by the laws of England and Wales.

3. Commission Disclosure

3.1 Transparency Commitment

Edge Energy is committed to full transparency regarding how we are remunerated for our services.

3.2 How We Are Paid

We receive commission from suppliers, which is incorporated into the unit rate of your energy or water contract. We do not charge clients directly for our services.

3.3 Nature of Commission

An uplift on the unit rate
Paid by the supplier
Applies throughout the contract duration
Varies by supplier
Is negotiable

3.4 Indicative Ranges

Electricity: 0.1p - 0.8p per kWh
Gas: 0.1p - 0.5p per kWh
Water: Variable

3.5 Right to Request

You can request at any time:

Specific commission details for your contract
Pounds and pence figures
Net supply cost comparison

We will respond within 5 business days.

3.6 Conflicts of Interest

Potential conflicts of interest are managed by:

Whole-of-market comparison
Providing clear and accurate information
Never recommending a supplier solely on the basis of commission
Full disclosure on request

3.7 Third-Party Referrals

Any referral fees will be disclosed before an introduction is made.

3.8 Regulatory Position

Edge Energy is not authorised by the FCA or Ofgem for energy procurement. We comply with all applicable industry codes and standards.

3.9 Liability

Edge Energy acts as an intermediary and is not liable for supplier performance.

3.10 Acknowledgement

By using our services you confirm your understanding of our commission arrangements as set out in this document.

4. Complaints Procedure

4.1 Commitment

Edge Energy is committed to providing a high standard of service to all clients.

4.2 What Is a Complaint

A complaint is any expression of dissatisfaction about the service you have received from us.

4.3 How to Raise a Complaint

In writing: 3 River Court, Richmond, TW10 6QY
Email: info@edge-energy.uk
Telephone

4.4 Handling Process

Stage 1 — Acknowledgement: We will acknowledge your complaint within 3 business days.

Stage 2 — Investigation: We will investigate and provide a response within 15 business days, with a maximum of 8 weeks.

Stage 3 — Final Response: Our final response will include a summary of the complaint, results of the investigation, conclusions reached, any actions taken, and your escalation rights.

4.5 Escalation

If you are not satisfied with our response, you may escalate to:

Energy Ombudsman — www.ombudsman-services.org/energy, 0330 440 1624, P.O. Box 966, Warrington, WA4 9DF
ICO (for data protection issues) — www.ico.org.uk, 0303 123 1113

4.6 Record Keeping

All complaints are recorded and retained in accordance with our data retention policy.

4.7 Continuous Improvement

Complaint data is reviewed regularly to identify trends and improve the quality of our services.

5. Data Protection Policy

5.1 Purpose and Scope

This policy ensures compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. It applies to all directors, employees and contractors of Edge Energy Consulting Ltd.

5.2 Data Protection Principles

Lawfulness, fairness and transparency
Purpose limitation
Data minimisation
Accuracy
Storage limitation
Integrity and confidentiality
Accountability

5.3 Lawful Basis for Processing

Performance of a contract
Legitimate interests
Legal obligation
Consent

5.4 Individual Rights

We uphold all rights granted under the UK GDPR. All requests are responded to within one calendar month.

5.5 Subject Access Requests

Acknowledged within 5 business days
Data provided within one calendar month
Free of charge unless manifestly unfounded or excessive

5.6 Data Security Measures

Access controls
Encryption
Secure passwords
Multi-factor authentication (MFA)
Regular review of security measures
Staff training

5.7 Data Breaches

Report immediately to a director
Assess risk to individuals
Report to ICO within 72 hours if there is a risk to individuals' rights and freedoms
Notify affected individuals if the risk is high

5.8 Third-Party Processors

A Data Processing Agreement (DPA) is required for all third-party processors. Due diligence is conducted before engagement.

5.9 International Transfers

Personal data is not transferred outside the UK without appropriate safeguards as required by UK GDPR Chapter V.

5.10 Training

All staff receive data protection training on joining and at regular intervals thereafter.

5.11 Policy Review

This policy is reviewed annually or whenever there are changes to relevant legislation.

6. Data Retention Policy

6.1 Purpose

This policy ensures compliance with the storage limitation principle under the UK GDPR.

6.2 Scope

This policy applies to all data held by Edge Energy Consulting Ltd in any format.

6.3 Retention Schedule

Data Type	Retention Period
Client contracts	6 years after end of contract
Commission records	6 years
Financial records	7 years
Letters of Authority (LOAs)	6 years
Correspondence	6 years
Prospect data	2 years
Complaints	6 years
Employee files	6 years after departure
Supplier contracts	6 years
Breach records	3 years
Analytics data	26 months
Marketing consent	Until consent withdrawn or 2 years of inactivity

6.4 Deletion

Permanent digital deletion of electronic records
Cross-cut shredding for physical documents
Audit trail maintained for all deletions

6.5 Exceptions

Data may be retained beyond the schedule where required by:

Court orders
Ongoing investigations
Specific consent from the data subject

6.6 Responsibilities

A director oversees compliance with this policy
All staff are responsible for adhering to retention periods
The retention schedule is reviewed annually

7. Information Security Policy

7.1 Purpose

To protect the confidentiality, integrity and availability of all information held by Edge Energy Consulting Ltd.

7.2 Objectives

Protect client and business data
Comply with all applicable laws and regulations
Maintain appropriate technical and organisational measures
Ensure business continuity
Promote security awareness across the organisation

7.3 Information Classification

Confidential — sensitive client, financial and personal data
Internal — business information for internal use only
Public — information approved for public release

7.4 Access Control

Access granted on a need-to-know basis
Unique logins for all users
Strong passwords with 90-day change policy
Multi-factor authentication (MFA) required
Regular review of access rights
Prompt revocation upon departure or role change

7.5 Device Security

Up-to-date operating systems and antivirus software
Full-disk encryption on all devices
Automatic screen lock after 5 minutes of inactivity
BYOD devices require prior approval
Lost or stolen devices must be reported immediately

7.6 Network Security

WPA2/WPA3 encryption for wireless networks
No use of public WiFi without a VPN
Firewall protection on all systems
Encrypted VPN for remote access

7.7 Email Security

No sending of unencrypted confidential data via email
Vigilance against phishing attempts
No use of personal email accounts for client data

7.8 Data Storage

Company-approved systems only
Data stored in the UK or in jurisdictions with adequate protections
Secure physical storage for paper records
Encrypted removable media

7.9 Software Security

Licensed and approved software only
Prompt application of security patches
Downloads from official sources only
Security review required for new systems

7.10 Incident Management

Report all security incidents immediately
Do not attempt to investigate independently
A director assesses and coordinates the response
All incidents are recorded and reviewed

7.11 Third-Party Security

Due diligence conducted on all third-party providers
Data Processing Agreement (DPA) required
Minimum necessary access granted
Regular review of third-party arrangements

7.12 Business Continuity

Regular backups of all critical data
Backups stored securely in a separate location
Periodic testing of backup restoration

7.13 Training

All staff receive security awareness training on joining and annually thereafter. Staff are encouraged to raise security concerns without fear of reprisal.

7.14 Compliance

A director is responsible for ensuring compliance with this policy. The policy is reviewed annually. Non-compliance may result in disciplinary action.

governance & compliance pack

Table of Contents