Governance

Governance and compliance pack

This document sets out the policies, procedures and commitments that govern how Edge Energy Consulting Ltd operates, handles data, and serves its clients.

Version 1.0 | April 2025 · Company Registration No: 17125035 · ICO Registration: Pending

Table of Contents

  1. Privacy Policy
  2. Terms of Business
  3. Commission Disclosure
  4. Complaints Procedure
  5. Data Protection Policy
  6. Data Retention Policy
  7. Information Security Policy

1. Privacy Policy

1.1 Introduction

Edge Energy Consulting Ltd ('we', 'us', 'our') is committed to protecting and respecting the privacy of all individuals whose personal data we process. This Privacy Policy explains how we collect, use, store and share your personal information when you engage with our services or visit our website at www.edge-energy.uk. We are registered as a data controller with the Information Commissioner's Office (ICO). This policy is reviewed annually and updated to reflect any changes in law or our business practices.

1.2 Who We Are

Edge Energy Consulting Ltd is an independent business energy and utilities consultancy providing energy procurement, water procurement, energy management reporting and sustainability advisory services to commercial and industrial clients across the United Kingdom. We act as an intermediary between our clients and energy, water and associated utility suppliers.

1.3 Data We Collect

  • Identity data (full name, job title, company name, directorship info)
  • Contact data (business address, email, telephone)
  • Financial/billing data (bank account, payment history, credit info)
  • Contract/consumption data (energy/water contracts, MPRNs, SPIDs, invoices, consumption history)
  • Communications data (calls, emails, correspondence)
  • Technical data (IP addresses, browser type, website usage via cookies)
  • Marketing preferences

1.4 How We Collect

  • Directly from you
  • From energy/water suppliers where authorised
  • From third-party data providers
  • Via website cookies/analytics

1.5 Legal Basis

  • Performance of contract
  • Legitimate interests
  • Legal obligation
  • Consent

1.6 How We Use Your Data

  • To provide services, source/compare/negotiate contracts
  • To manage accounts and issue compliance documents
  • To communicate renewals and handle queries/complaints
  • To fulfil legal obligations
  • To analyse and improve our services

1.7 Sharing

We may share your data with:

  • Energy/water suppliers
  • Regulated industry data services
  • Software/CRM providers under Data Processing Agreements (DPAs)
  • Professional advisers
  • Regulatory authorities

We do not sell personal data.

1.8 Data Retention

Personal data is retained only as long as necessary. Client contract records are retained for a minimum of 6 years after the contractual relationship ends.

1.9 Your Rights

  • Right to be informed
  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restrict processing
  • Right to data portability
  • Right to object
  • Rights related to automated decision-making

We will respond to any request within one calendar month.

1.10 Data Security

We implement appropriate technical and organisational measures to protect your data. All staff are trained in data protection.

1.11 Changes

This policy may be updated from time to time. The latest version is always available at www.edge-energy.uk.

1.12 Contact

Edge Energy Consulting Ltd
3 River Court, Richmond, TW10 6QY
info@edge-energy.uk
Company No: 17125035
ICO Registration: Pending

2. Terms of Business

2.1 About Us

Edge Energy Consulting Ltd is an independent energy and utilities consultancy. Company No: 17125035.

2.2 Our Services

  • Tendering energy and utility contracts
  • Negotiating terms on your behalf
  • Account management
  • Data analysis
  • Sustainability advisory
  • Renewal management

2.3 Your Authority

A Letter of Authority (LOA) appoints Edge Energy as your agent to contact suppliers, obtain data, request quotations and negotiate contracts on your behalf. The LOA does not transfer ownership of your account. You retain full authority over your energy supply and can withdraw the LOA at any time.

2.4 Your Obligations

  • Provide accurate information
  • Inform us of any changes to your circumstances
  • Review quotations in a timely manner
  • Notify us of any direct negotiations with suppliers
  • Ensure the LOA remains current

2.5 Our Obligations

  • Act in your best interests
  • Provide clear and accurate information
  • Disclose commission arrangements
  • Maintain confidentiality
  • Comply with all applicable laws and regulations

2.6 Remuneration

We receive commission from suppliers, which is embedded in the unit rate. Customers can request details of our commission at any stage.

2.7 Contract Acceptance

No contract will be executed without your express prior approval.

2.8 Liability

Edge Energy acts as an intermediary and is not liable for supplier performance or market fluctuations. We exercise reasonable care and skill in providing our services. We are not liable for:

  • Decisions you make based on our information
  • Supplier acts or omissions
  • Consequential loss
  • Force majeure events

2.9 Confidentiality

Both parties agree to keep all information confidential. This obligation survives termination of the agreement.

2.10 Termination

Either party may terminate with 30 days' written notice. Existing contracts remain unaffected. Commission continues for the duration of any contracts arranged.

2.11 Complaints

Please refer to our Complaints Procedure available at www.edge-energy.uk.

2.12 Governing Law

These terms are governed by the laws of England and Wales.

3. Commission Disclosure

3.1 Transparency Commitment

Edge Energy is committed to full transparency regarding how we are remunerated for our services.

3.2 How We Are Paid

We receive commission from suppliers, which is incorporated into the unit rate of your energy or water contract. We do not charge clients directly for our services.

3.3 Nature of Commission

  • An uplift on the unit rate
  • Paid by the supplier
  • Applies throughout the contract duration
  • Varies by supplier
  • Is negotiable

3.4 Indicative Ranges

  • Electricity: 0.1p - 0.8p per kWh
  • Gas: 0.1p - 0.5p per kWh
  • Water: Variable

3.5 Right to Request

You can request at any time:

  • Specific commission details for your contract
  • Pounds and pence figures
  • Net supply cost comparison

We will respond within 5 business days.

3.6 Conflicts of Interest

Potential conflicts of interest are managed by:

  • Whole-of-market comparison
  • Providing clear and accurate information
  • Never recommending a supplier solely on the basis of commission
  • Full disclosure on request

3.7 Third-Party Referrals

Any referral fees will be disclosed before an introduction is made.

3.8 Regulatory Position

Edge Energy is not authorised by the FCA or Ofgem for energy procurement. We comply with all applicable industry codes and standards.

3.9 Liability

Edge Energy acts as an intermediary and is not liable for supplier performance.

3.10 Acknowledgement

By using our services you confirm your understanding of our commission arrangements as set out in this document.

4. Complaints Procedure

4.1 Commitment

Edge Energy is committed to providing a high standard of service to all clients.

4.2 What Is a Complaint

A complaint is any expression of dissatisfaction about the service you have received from us.

4.3 How to Raise a Complaint

  • In writing: 3 River Court, Richmond, TW10 6QY
  • Email: info@edge-energy.uk
  • Telephone

4.4 Handling Process

Stage 1 — Acknowledgement: We will acknowledge your complaint within 3 business days.

Stage 2 — Investigation: We will investigate and provide a response within 15 business days, with a maximum of 8 weeks.

Stage 3 — Final Response: Our final response will include a summary of the complaint, results of the investigation, conclusions reached, any actions taken, and your escalation rights.

4.5 Escalation

If you are not satisfied with our response, you may escalate to:

  • Energy Ombudsman — www.ombudsman-services.org/energy, 0330 440 1624, P.O. Box 966, Warrington, WA4 9DF
  • ICO (for data protection issues) — www.ico.org.uk, 0303 123 1113

4.6 Record Keeping

All complaints are recorded and retained in accordance with our data retention policy.

4.7 Continuous Improvement

Complaint data is reviewed regularly to identify trends and improve the quality of our services.

5. Data Protection Policy

5.1 Purpose and Scope

This policy ensures compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. It applies to all directors, employees and contractors of Edge Energy Consulting Ltd.

5.2 Data Protection Principles

  • Lawfulness, fairness and transparency
  • Purpose limitation
  • Data minimisation
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality
  • Accountability

5.3 Lawful Basis for Processing

  • Performance of a contract
  • Legitimate interests
  • Legal obligation
  • Consent

5.4 Individual Rights

We uphold all rights granted under the UK GDPR. All requests are responded to within one calendar month.

5.5 Subject Access Requests

  • Acknowledged within 5 business days
  • Data provided within one calendar month
  • Free of charge unless manifestly unfounded or excessive

5.6 Data Security Measures

  • Access controls
  • Encryption
  • Secure passwords
  • Multi-factor authentication (MFA)
  • Regular review of security measures
  • Staff training

5.7 Data Breaches

  • Report immediately to a director
  • Assess risk to individuals
  • Report to ICO within 72 hours if there is a risk to individuals' rights and freedoms
  • Notify affected individuals if the risk is high

5.8 Third-Party Processors

A Data Processing Agreement (DPA) is required for all third-party processors. Due diligence is conducted before engagement.

5.9 International Transfers

Personal data is not transferred outside the UK without appropriate safeguards as required by UK GDPR Chapter V.

5.10 Training

All staff receive data protection training on joining and at regular intervals thereafter.

5.11 Policy Review

This policy is reviewed annually or whenever there are changes to relevant legislation.

6. Data Retention Policy

6.1 Purpose

This policy ensures compliance with the storage limitation principle under the UK GDPR.

6.2 Scope

This policy applies to all data held by Edge Energy Consulting Ltd in any format.

6.3 Retention Schedule

Data Type Retention Period
Client contracts6 years after end of contract
Commission records6 years
Financial records7 years
Letters of Authority (LOAs)6 years
Correspondence6 years
Prospect data2 years
Complaints6 years
Employee files6 years after departure
Supplier contracts6 years
Breach records3 years
Analytics data26 months
Marketing consentUntil consent withdrawn or 2 years of inactivity

6.4 Deletion

  • Permanent digital deletion of electronic records
  • Cross-cut shredding for physical documents
  • Audit trail maintained for all deletions

6.5 Exceptions

Data may be retained beyond the schedule where required by:

  • Court orders
  • Ongoing investigations
  • Specific consent from the data subject

6.6 Responsibilities

  • A director oversees compliance with this policy
  • All staff are responsible for adhering to retention periods
  • The retention schedule is reviewed annually

7. Information Security Policy

7.1 Purpose

To protect the confidentiality, integrity and availability of all information held by Edge Energy Consulting Ltd.

7.2 Objectives

  • Protect client and business data
  • Comply with all applicable laws and regulations
  • Maintain appropriate technical and organisational measures
  • Ensure business continuity
  • Promote security awareness across the organisation

7.3 Information Classification

  • Confidential — sensitive client, financial and personal data
  • Internal — business information for internal use only
  • Public — information approved for public release

7.4 Access Control

  • Access granted on a need-to-know basis
  • Unique logins for all users
  • Strong passwords with 90-day change policy
  • Multi-factor authentication (MFA) required
  • Regular review of access rights
  • Prompt revocation upon departure or role change

7.5 Device Security

  • Up-to-date operating systems and antivirus software
  • Full-disk encryption on all devices
  • Automatic screen lock after 5 minutes of inactivity
  • BYOD devices require prior approval
  • Lost or stolen devices must be reported immediately

7.6 Network Security

  • WPA2/WPA3 encryption for wireless networks
  • No use of public WiFi without a VPN
  • Firewall protection on all systems
  • Encrypted VPN for remote access

7.7 Email Security

  • No sending of unencrypted confidential data via email
  • Vigilance against phishing attempts
  • No use of personal email accounts for client data

7.8 Data Storage

  • Company-approved systems only
  • Data stored in the UK or in jurisdictions with adequate protections
  • Secure physical storage for paper records
  • Encrypted removable media

7.9 Software Security

  • Licensed and approved software only
  • Prompt application of security patches
  • Downloads from official sources only
  • Security review required for new systems

7.10 Incident Management

  • Report all security incidents immediately
  • Do not attempt to investigate independently
  • A director assesses and coordinates the response
  • All incidents are recorded and reviewed

7.11 Third-Party Security

  • Due diligence conducted on all third-party providers
  • Data Processing Agreement (DPA) required
  • Minimum necessary access granted
  • Regular review of third-party arrangements

7.12 Business Continuity

  • Regular backups of all critical data
  • Backups stored securely in a separate location
  • Periodic testing of backup restoration

7.13 Training

All staff receive security awareness training on joining and annually thereafter. Staff are encouraged to raise security concerns without fear of reprisal.

7.14 Compliance

A director is responsible for ensuring compliance with this policy. The policy is reviewed annually. Non-compliance may result in disciplinary action.