1. Introduction

We are committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, and disclose personal data about you, and your rights in relation to that data, in accordance with the General Data Protection Regulation (GDPR).


2. Data Controller and Contact Information

This site is operated by EPINDEX Ltd on behalf of Deutsche Telekom AG for the processing of certain data.

If you have any questions or concerns you should contact the processor EPINDEX Ltd at Support@epiconsulting.co.uk. EPINDEX Ltd. is a company based in the United Kingdom subject to UK law, with its registered seat located at Bickford House, Shurdington, Cheltenham, UK company registration number 06873479.

Deutsche Telekom AG is the data controller responsible for your personal data, whose data privacy policies can be found below:

Deutsche Telekom Governance Data Privacy


3. Processor(s) and Subprocessor(s)

The following processors and subprocessors will process data for the purpose of the Green Future Awards 2024

  1. Processor: EPINDEX Ltd. who will act as processor for the purpose of providing services related to the hosting and administration of the project.


4. Categories of Personal Data

We may collect and process the following categories of personal data:

  1. Names, surnames and business titles
  2. Contact details such as telephone numbers and physical or electronic addresses

We may obtain such information directly from you, via your employer/principal or public sources.


5. Purpose for Processing Personal Data

The processing may consist of:

Coordination of events and registrations related to the project, including:

  1. Scheduling meetings and organizing virtual or other meetings and seminars or other events related to the activities
  2. Customer support
  3. Conducting user surveys
  4. Record keeping


6. Lawfulness of processing

For the purpose of the data processing we may rely on the following legal bases:

  1. Permission of the data subject, where relevant. If you have given permission you may revoke it at any time without affecting the lawfulness of processing based on consent before its withdrawal
  2. Necessity for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data


7. Recipients of Personal Data

We may share your personal data with the following recipients:

  1. Our Processor(s) and Subprocessor(s)


8. Retention Periods for Personal Data

We will retain your personal data for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Unless there are compelling reasons to do so we will no longer retain your personal data when we are made aware that you are no longer acting as a representative for an entity involved with the project.


9. Rights of Data Subjects

You have the following rights in relation to your personal data, subject to certain conditions:

  1. Right of access – you have the right to request access to the personal data we retain on you
  2. Right to rectification – you have the right to request that we correct or complete any inaccurate information
  3. Right to erasure or restriction of processing – you have the right to request that we erase or restrict your personal data
  4. Right to object – you have the right to object to our processing of personal data
  5. Right to Lodge a complaint – if you believe we have not complied with the GDPR in the processing of your data you have the right to lodge a complaint with a competent Supervisory Authority.


10. Transfer of Personal Data to Third Countries

We may transfer your personal data to third countries outside of the European Economic Area (EEA) that may not inherently provide an adequate level of data protection. We put appropriate safeguards in place to protect your personal data, such as standard contractual clauses approved by the European Commission.

EPINDEX Ltd. will process the data it receives in the United Kingdom, which is subject to an adequacy decision from the European Commission. The UK is registered for this purpose with the UK Information Commissioner, https://ico.org.uk/ 

Where data is processed outside the above territories, protection has been put in place based on the European Commission’s standard contractual clauses.


11. Security Measures

We will implement appropriate technical and organizational measures to ensure a level of security appropriate to the risks involved in processing your personal data. Examples of such measures include firewalls, virus protection, registration tokens and password controls.


12. Automated Decision-Making and Profiling

We do not engage in automated decision-making or profiling that has legal or significant effects on you.


13. No obligation to provide personal data

You are under no obligation to provide us with personal data. However in such a case we may be unable to provide our services to your employer or principal.


14. Changes to the Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes to this Privacy Policy by posting a notice on our website or by other means.