Data Protection & Privacy Policy
​
Last modified: 13th November 2023
​
Ampersand is committed to protecting your privacy, keeping your information safe and ensuring the security of your personal information. To provide you with the best products and services, your personal information will be collected, processed lawfully, stored securely and not disclosed unlawfully to any third party.
Definitions of terms
​
Personal Data: Any information relating to an identified or identifiable natural person who can be identified,directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical,psychological, genetic, mental, economic, cultural or social identity of that natural person.
​
Sensitive Personal Data: Any information revealing a person’s race, health status, criminal records, medical records, social origin, religious or philosophical beliefs, political opinion, genetic or biometric information, sexual life or family details.
​
Consent of the data subject: Freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by an oral, written or electronic statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Cookies: A small text file placed on your computer or device by our sites when you visit certain parts of our sites and/or when you use certain features of our sites.
​
Data Controller: Natural person, public or private corporate body or legal entity which, alone or jointly with others, processes personal data and determines the means of their processing.
Data Processor: Natural person, public or private corporate body or legal entity, which is authorized to process personal data on behalf of the data controller.
​
Data Subject: A natural person from whom or in respect of whom, personal data has been requested and processed.
​
User: An individual using our service. The user corresponds to the data subject.
​
Data Protection Impact Assessment (DPIA): A process designed to identify risks arising out of the processing of personal data and minimization of these risks as far and as early as possible. DPIAs are important tools for negating risk, and for demonstrating compliance, including ongoing compliance, with the DPP
law.
​
Lawful Basis: The lawful grounds for processing personal data set in the DPP law.
Third Party: is a service provider who is contracted to provide a service or product which may include the handling, managing, storing, processing, protecting, and transmitting information of and for Ampersand. This includes all subcontractors, consultants and/or representatives of the Third party.
​
Curriculum vitae or “CV”: A written account of the professional life comprising one's personal details, education, accomplishments, work experience, publications, etc.
​
Processing of personal Data: Any operation or set of operations which is performed on personal data or on sets of personal data,whether or not by automated means, such as access to, obtaining, collection, recording, structuring,
storage, adaptation or alteration, retrieval, reconstruction, concealment, consultation, use,disclosure by transmission, sharing, transfer, or otherwise making available, sale, restriction,erasure or destruction.
1. Introduction
This policy explains how Ampersand collects, uses, and protects your information.
2. Who does this Statement apply to?
This Statement applies to:
-
Our customers and/or users who are natural persons or living individuals
-
Our customers and/or users who are organizations
-
Our job applicants or prospective employees.
-
Our contractors, suppliers, partners, and service providers.
-
Our current employees (whether they are employed on a permanent, temporary, or fixed-term contract including interns, secondees and graduates).
3. Legal Basis for Data Processing
​
We process your data for the following purposes:
​
-
Legal Obligation: In some circumstances, where the processing of the personal data is necessary for the performance of an obligation conferred or imposed by law on Ampersand, we will rely on Legal Obligation as a basis to process the personal information you have provided
-
Legitimate Interest: We may process your data for our legitimate business interests, such as marketing or improvement of our services. Whenever we rely on this lawful basis to process your data, we assess our business interests to make sure they do not override your rights. Additionally, in some cases, you have the right to object to this process. See the “Data Subjects Rights” section of this policy.
-
Consent: We may rely on the consent you provide in the absence of any other legal basis. Consent will always be presented separately to you, can be withdrawn at any time and you will be given details on how to do so.
-
Contractual obligation: We rely on a contract as a legal basis to process your personal information when we need to deliver a contractual service to you or when it has become necessary to process data before entering into a contract with you.
4. What Personal Data does Ampersand collect and use?
Ampersand and its authorized third parties may collect, store, process personal data including but not limited to:
-
Name, sex, date of birth, addresses, mobile phone number, email address, bank account information, active location data, IP address, browser type, occupation and information contained in supporting documents such as National ID, CVs, cover letters, proof of identity and others.
5. Data Minimization
Ampersand adheres to the principle of data minimization, collecting only the data necessary for the intended purpose.
6. Data Accuracy
We endeavor to ensure the data we process is accurate and encourage you to update your personal data in our possession when it changes by contacting us. See the “How to contact DPO” section of this policy.
7. Purpose Limitation
Personal data is processed only for defined purposes ensuring it is not used beyond the original collection purpose.
We use the collected information for the following purposes:
-
To serve better our clients, customers, partners and staff
-
To provide and maintain our products and services
-
To process transactions and send invoices
-
To communicate with you about our products, services, and promotions
-
To improve our website and services based on user feedback
-
To comply with legal and regulatory requirements
8. Data Security
Ampersand employs strong physical and digital security measures to protect personal data from unauthorized access, disclosure, alteration, or destruction.
Our security practices and procedures are within industry standards. Further, our employees and service providers / partners are bound by Codes of Conduct and Confidentiality Policies which require them to protect the confidentiality of personal information they access.
9. Data Subject Rights
Individuals have the right to access, correct, or delete their personal information, object to processing, withdraw consent (if applicable), and lodge complaints with a supervisory authority.
-
Right to access personal information: You have the right to make a request for a copy of the personal information that Ampersand holds about you as permitted by law
-
Right to correct personal information: You have the right to correct information held about you to ensure it is accurate, relevant, complete, and not excessive
-
Right to object to use of personal information: You have the right to object to processing your personal information, in certain circumstances as permitted by law. However, in instances where the basis for processing is Legal Obligation, you may not be able exercise your right to object
-
Right to opt-out of marketing messages: Ampersand will not issue targeted marketing to you unless you consent for us to do so. If you no longer want to receive marketing messages from Ampersand, you can choose to opt out at any time using the means made available to you
-
Right to personal data portability: You have the right to request Ampersand to resend the personal data concerning you as it was provided. You also have the right to request that your personal data be transmitted to another data controller, where technically feasible, without hindrance
-
Right to restriction of processing of personal data: You have the right to restrict Ampersand from processing your personal data for a given period under the conditions provided by the Law. Note that in case the purpose of collecting and processing your information was to meet our contractual obligation to you, objection to processing may hinder us from providing our services and products to you
-
Right to erasure of personal data: You have the right to request Ampersand in writing or electronically for erasure of your personal data under the conditions provided by the Law
-
Right to designate an heir to personal data: Your personal data are not primarily subject to succession but, where you had left a will, you provide your heir with full or restricted rights relating to the processing of your personal data kept by Ampersand, if such personal data still need to be used.
-
Right to representation: You have right to be represented when:
-
You are under sixteen (16) years of age
-
You have a physical impairment and unable to represent yourself
-
You are a medically determinable mental impairment and is unable to represent yourself
-
You have any other reason, in which case you are being represented by another person
-
In all above cases you need to provide an authorization of representation in accordance with relevant Laws.
-
Right not to be subject to a decision based on automated data processing: You have the right not to be subject to a decision based solely on automated personal data processing which may produce legal consequences or significant consequences to you.
10. Data Breach Response
While Ampersand implements reasonable measures to prevent or reduce the likelihood and impact of Personal Data Breaches, this risk can’t be eliminated. If Ampersand becomes aware of or reasonably suspects a Personal Data Breach has occurred or that the integrity or confidentiality of Personal Data has been compromised, Ampersand adheres to its incident management Policies, Procedures, and supporting documents governing the handling and reporting of Personal Data Breaches.
Procedures are in place for detecting, reporting, and responding to data breaches. A clear timeline is established for notifying relevant supervisory authorities and affected individuals.
11. Disclosure and Data Transfers
Collection of Personal Information: Ampersand will obtain your consent for sharing your personal information in several ways, such as in writing, online, through “click-through” agreements; orally, including through interactive voice response; or when your consent is part of the terms and conditions which apply to our products and services.
Ampersand does not actively collect minors’ personal data in the provision of its services, but in instances where this may be collected, we shall require parent/ guardian representation and consent. Sensitive information may be collected. Measures such as access control and encryption have been implemented to protect the confidentiality of your information.
​
Internal Use: Ampersand and its employees may utilize some or all available personal information for legitimate business purposes and related activities within the parameters mentioned above.
Third Parties: We may have to share your personal information with third parties, including third-party service providers such as our asset financing partners, sub-contractors, and sister companies. We require third parties to respect the security of your data and to treat it in accordance with applicable laws.
Government and Law Enforcement Agencies: We may also share your personal information with Government agencies or other authorized Law Enforcement Agencies (LEAs) mandated under law to obtain such information for the purpose of verification of identity or for prevention, detection, investigation including but not limited to cyber incidents, the investigation and prosecution of crime, and as is required by law. We may also share information to meet our regulatory obligations.
Transfer: Ampersand may transfer your personal information or other information, or data collected, stored and processed to any other entity or third party located outside the country of service, only if necessary, for legitimate business purposes for providing services to you. This may also include sharing of aggregated information with third parties contracted to Ampersand for them to understand our environment and consequently, provide you with better services. While sharing your personal information with third parties, reasonable organizational, technical and security measures shall be taken to ensure that reasonable security practices are followed by the third party and are in line with the Data Protection Principles and Regulations.
12. Data Retention and Storage
Personal information shared with us will be retained in line with the Local Regulations on records retention and Ampersand’s internal Records Retention Policy. For our customers, data may be retained for a minimum of 10 years after termination of contract, as per national regulations.
-
We may store your information in hard copy or electronic format and keep it in storage facilities that we own and operate ourselves, or that are owned and operated by our Third parties/ service providers inside or outside the country.
-
We use a combination of technical solutions, security controls and internal processes to help us protect your information and our network from unauthorized access and disclosure.
13. Data Disposal
When we dispose of your personal information, we use reasonable procedures to erase it or render it unreadable/anonymized.
14. Cookie Policy
The following websites are operated by Ampersand:
What are cookies?
Cookies are small text files that are stored in your web browser that allows Ampersand or a third party to recognize you. Cookies can be used to collect, store, and share bits of information about your activities across websites, including Ampersand's sites.
Cookies might be used for the following purposes:
-
To enable certain functions
-
To provide analytics
-
To store your preferences
-
To enable ad delivery and behavioural advertising
Ampersand may use both session cookies and persistent cookies.
How do third parties use cookies on Ampersand sites?
Third party companies like analytics companies generally use cookies to collect user information on an anonymous basis. They may use that information to build a profile of your activities on the website.
What are your cookies options?
If you don’t like the idea of cookies or certain types of cookies, you can change your browser’s settings to delete cookies that have already been set and to not accept new cookies. To learn more about how to do this, visit the help pages of your browser.
Please note, however, that if you delete cookies or do not accept them, you might not be able to use all of the features we offer, you may not be able to store your preferences, and some of our pages might not display properly.
15. Data Protection Impact Assessments (DPIAs)
To ensure constant security of your information, Data Protection Impact Assessments (DPIAs) are conducted, especially for high-risk processing activities.
16. Employee Training and Awareness
Ampersand emphasizes employee training on data protection principles, fostering a culture of data protection awareness.
17. Third-Party Data Processors
Ampersand ensures third-party processors comply with the law requirements through contracts and due diligence procedures.
18. Monitoring and Compliance
Procedures are outlined for monitoring compliance with the policy, and responsibility for compliance is assigned.
19. How to contact the DPO
If you have any queries in any aspect of this policy or if you would want to exercise any of the rights mentioned above, please send an email to dpo@ampersand.solar. You can also visit our headquarters for assistance.
20. Changes to this policy
We have the rights to modify this Data Protection and Privacy policy when required,
When we make changes to this policy, we will revise the “last modified” date at the top of the document.
The most recent version is always on our official website (www.ampersand.solar).