PRIVACY NOTICE

Environment Bank values your privacy and looking after your personal data is very important to us.  We comply with the relevant data protection legislation and your information is stored securely on our systems.  We are committed to the responsible collection, use, transfer, disclosure, and management of your personal information and to the principles of lawfulness, fairness and transparency.

This privacy notice provides you with details of how we collect and use your personal data. Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.  The personal data that we use is set out in Part 2, below. Environment Bank is both a controller and processor of data.

  1. Information about us

Environment Bank Limited is a private limited company registered in England under company number 05944540, VAT number 924075139 and having its registered office at The Catalyst, Baird Lane, York, YO10 5GA.

For more information about data protection at Environment Bank please contact Dana Foster at [email protected] or 07928 810978 or by post to the above registered address.

  1. Types of data we collect

We may collect some or all of the following personal data (this may vary according to your relationship with us):

  • Name
  • Address
  • Email address
  • Telephone number
  • Business name
  • Job title
  • Profession
  • Payment information
  • Site details
  1. How we collect your personal data

We may collect data about you by you providing the data directly to us – for example via any communication you send to us, whether that be through email, text, through the enquiry form on our website or any other communication you send to us.

We may also receive and process data from publicly available materials (such as planning websites) or from trusted third parties such as marketing and research experts. We ensure that any data we process is kept up to date and that any preferences indicated by customers are adhered to.

We will ensure that any companies from whom we receive data are compliant with the relevant data protection regulations.

  1. Our Purposes and Law Basics

Under the GDPR we must always have a lawful basis for using personal data. This may be because the data is necessary for our performance of a contract with you, or because you have consented for your personal data to be used, or because it is in our legitimate business interests to use it.  The purposes and lawful bases for which we process your personal data include the following:

Customer data – to manage, administer and provide services to you, such as: providing quotes and services to you, and payments.   Our lawful ground for this processing is ‘contract’ – to enable us to provide you with advice and services.  Environment Bank hold personal data of our potential landowners, processed with consent, and our activated offset schemes, processed with consent and held under contract.

Communications data – where it is necessary for our legitimate business interests, such as: supplying you with information, marketing and market research, improving customer services, quality assurance, training and analysis.  We process personal data so that we can communicate with you. Our lawful ground for this processing is ‘legitimate interests’ – to enable us to respond to your queries and to grow our business.  Environment Bank may also hold data of landowners/agents we have identified as potentially being interested in being an offset provider, this data is held under legitimate interest.

User data – to manage and operate our web-based services.  This includes data about how you use our website and our online services.  We process this data to operate our website and to ensure relevant information is provided to you, to ensure the security of our website, to maintain back-ups of our website and databases and to enable updating and administration of our website, online service and business. Our lawful ground for this processing is ‘legitimate interests’- to enable us to properly administer our business and website and to grow our business.

We may use customer, communications and user data to deliver relevant information to you about the scheme, including updates, offers and events.  Our lawful ground for this is ‘legitimate interests’ in order to grow our business.

We do not collect any sensitive data about you. Sensitive data relates to information about your race or ethnicity, political opinions, religious or philosophical beliefs, sex life or sexual orientation, trade union membership, or information about your health and genetic or biometric data.

Environment Bank do not control or process sensitive data, children’s data, vital interests data (eg for individual welfare), or criminal record data.

We will only use your personal data for a purpose it was collected for or a reasonably compatible purpose if necessary.  In case we need to use your details for an unrelated new purpose we will let you know and explain the legal grounds for processing.

We may process your personal data without your knowledge or consent where this is required or permitted by law.

We do not carry out automated decision making or any type of automated profiling.

  1. Marketing Communications

Our lawful ground of processing your personal data to send you marketing communications is either your consent or our legitimate interests (namely to grow our business). We may use your personal data to contact you by email, telephone and or by post with information, news and offers on our services. You will not be sent any unlawful marketing or spam. We will always work to protect your rights under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003 and you will always have the opportunity to opt out of receiving marketing emails from us at any time by contacting us by email at [email protected] or calling 01904 202990.

By downloading the calculator on our website you agree for Environment Bank to contact you in the future regarding the calculator. We will only ever contact you for this reason and your email will not be shared with any third parties. You can unsubscribe at any time by sending an email to [email protected]

We never sell your data. We will not share your personal data with any third party for their own marketing purposes unless we have first obtained your express consent.

  1. Disclosures of your Personal Data  

We may have to share your personal data with the parties set out below:

  • Other companies in our group who provide services to us
  • Service providers who provide IT and system administration services
  1. Storage and Transfer of Personal Data

We use Dropbox servers for electronic storage and their servers are based in the USA. Dropbox is secure for storage of Environment Bank business data and the personal data we hold. Dropbox servers are based in the USA and they comply with the EU-US Privacy Shield for data transfer in and out of the European Economic Area (EEA) and therefore are GDPR-compliant with respect to international transfers.  Dropbox data is encrypted and protected.

Our invoicing is done through Xero (UK) Limited.  Where personal data associated with invoicing is transferred outside of the European Economic Area, it will only be transferred to countries that have been identified as providing adequate protection for EEA data, or to a third party where there is an approved transfer mechanism in place to protect personal data – i.e. by entering into the European Commission’s Standard Contractual Clauses, or, for transfers to US-based third parties, by ensuring the entity is Privacy Shield certified.

Our web hosting and email servers are hosted by Fasthost.  They only process our data for administration (billing) and for the provision of the service and domain connection. Our website uses Google Analytics and data may be transferred by google to the United States. Google complies with the EU-US Privacy Shield Framework.

  1. Data Security

We have put in place security measures to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed without authorisation. We also allow access to your personal data only to those employees and partners who have a business need to know such data. They will only process your personal data on our instructions and they must keep it confidential.

We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach if we are legally required to.

  1. Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting and reporting requirements.

In some circumstances we may anonymise your personal data for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

  1. Your Legal Rights

Under data protection laws you have rights in relation to your personal data that include the right to request access, correction, erasure, restriction, transfer, to object to processing, to portability of data and (where the lawful ground of processing is consent) to withdraw consent. You can read more about your rights on the ICO's guide to the general data protection regulation page.


To contact us about anything to do with your personal data and data protection, including if you wish to exercise any of the rights set out above, please email us at [email protected] and we will respond to your request within one month.  There is not normally a charge for a ‘subject access request’ (a request for details of personal data) unless a request is ‘manifestly unfounded or excessive’, in which case a fee may be charged to cover our administrative costs in responding.

  1. Third-party Links

The Environment Bank website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

  1. Changes to this Privacy Notice

We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way which affects personal data protection. Any changes will be made available on our website.