Privacy Notice


about this privacy notice

At Lux Nova Partners we respect your privacy and are committed to protecting personal data. This “privacy notice” explains what we do with personal data, why we want to use it, how we protect it, and what rights individuals have to control our use of it.

It applies not just to visitors to our website, but also personal data that we process through other interactions with individuals in the course of running our business and delivering our services, such as people working for our clients, partners and suppliers. We maintain a separate privacy notice that will apply if we engage with you as an employee or consultant. Our website and services are not intended for children and we do not knowingly collect data relating to children.


Information about us

This privacy notice is for Lux Nova Partners Ltd (referred to as "Lux Nova", "we", "us" or "our" in this notice).  We collect, use and are responsible for certain personal data. When we do so we are regulated under data protection laws and we are responsible as “data controller” of that personal information for the purposes of the law.

If you want to contact us about any of the points on this notice, or just generally about how we protect your privacy, please email us at info@luxnovapartners.com.  

Our contact address is 124 City Road, London EC1V 2NX and our company number is5510349.


what personal data do we process and why?

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We use personal data from different categories of individual for several different purposes and each with its own lawful basis. This section describes these in detail and, although it’s technical, we’re required by law to explain this to you. For different categories of people, we describe:

  • The types of personal data we process;

  • Where the data comes from;

  • Our purposes and “lawful basis” for processing;

  • How long we hold it for. 

If you work for one of our clients or partners or if you are an industry contact or working in a field relevant to our mission: we may hold your name, company, job title and contact details. We will have been provided with this data either by you or your employer or in some cases we may have sourced it from publicly available sources, such as Linked In and internet searches. We need this data in order to interact with you (or your employer) for the following purposes:

  • Operating and promoting our business;

  • Communicating with interested people regarding events, news and updates;

  • Gathering and disseminating information and sharing knowledge relevant to clean energy.

We do this on the basis that it is necessary for our legitimate interests in running and growing our business and in supporting the transition to a clean energy future. We will hold your details for as long as we need to interact with you for these purposes. In all cases if you would like us to update or delete your information, please send us an email (see “How to contact us” below).

If you are a supplier or work for a supplier:we may hold your name and contact details because we have a legitimate interest in doing business with your company. Our purpose for processing your personal data is to interact with you or your employer to procure and pay for goods and services. We will hold this information for as long as we need to interact with you for these purposes. In all cases if you would like us to update or delete your information, please send us an email (see “How to contact us” below).

As a law firm we are legally obliged (under laws to prevent money-laundering and terrorist financing) to undertake “Client Due Diligence” (CDD) checks in relation to our clients.  We may therefore ask for and retain copies of documents in relation to directors and significant shareholders of clients.  These items of personal data could include: copies of passports, utility bills, council tax bills, date of birth, homes address and reports by third-party compliance-checking agency.  We process this data for the purposes of undertaking the required checks, and on the lawful basis of complying with our legal obligations.  We retain these for as long as legally required (usually for 6 years after we last worked for the client).

If you apply for a job with us: we will hold any personal data you send to us, or that is sent to us by a third-party recruitment agencies or websites.  This likely to be your name, contact details and CV.  We will use this data for the purpose of communicating with you and assessing your suitability for jobs for which we are recruiting.  We do this on the basis that it is necessary for our legitimate interests in recruiting talented people to run our business. We will hold this information for as long as we need to interact with you for these purposes and the data of unsuccessful candidates will normally be deleted no more than 6 months after a decision is made.  For successful candidates it will be held in accordance with our staff and consultant privacy notice. In all cases if you would like us to update or delete your information, please send us an email (see “How to contact us” below).

If you have submitted an application for the Heat Networks Investment Project (HNIP) or the Green Heat Networks Fund (GHNF) or are mentioned in such an application, then we may store or have access to your name and contact details for the purposes of fulfilling our role as one of the delivery partners on HNIP.  It is necessary for our legitimate interests in delivering services on the HNIP and GHNF projects and we will only retain your data for as long as necessary for the project.


COOKIES AND SIMILAR TECHNOLOGIES

If you visit our website, we may store information relating to you using cookies or similar technologies, which we can access when you visit our site in future.  Generally, the cookies used do include information from which you can be identified as an individual.  For more information on our use of cookies and how to control them see our Cookie Policy.


SHARING YOUR PERSONAL DATA

We may share your personal data with the following third parties in certain circumstances:

  •  IT and system administration service providers acting as data processors (see below) who provide services or cloud-based software to enable us to operate our organisation.

  • Professional advisers such as lawyers, bankers, accountants or auditors in order to providelegal, finance, accounting or auditing services.

  • Law enforcement or other authorities (such as tax authorities) if required by applicable law.

 If you attend one of our events,the name and company of attendees are usually shared with speakers, third party event hosts and may be shared with other attendees. This is done to share knowledge and enable access to the venue. 

Data processors:  We use a number of different service providers (acting as ‘data processors’) who provide IT and system administration services to enable us to operate our organisation and the services we provide. Your personal data is transferred to (and stored by) these data processors, who generally fall under the following categories:

  • Website analytics;

  • Website and data hosting;

  • IT and system administration;

  • Document storage;

  • Email, contacts and calendar;

  • CRM, accounting and billing.

These ‘data processors’ only process data on our behalf.  They won’t use your personal data for their own purposes and we only permit them to use it in accordance with our instructions, our contract with them and the law.

For security reasons we do not name all our service providers in this privacy notice. Please contact us (see below) if you want further information on specific data processors or the types of personal data they process for us.


international transfers of personal data, and the measures in place to safeguard it

We do not normally directly transfer any of your personal data outside the UK or the European Economic Area (EEA) unless working on international matters and requested by you to do so. However, some of our data processors may do so and this section explains the impact of these international transfers and how your information is protected. 

Many of our data processors operate “cloud-based systems”, which means the information is held in information data centres in different locations.  Most of them reserve the right to hold copies of your personal information outside the EEA. Please note that the reason companies may choose to do this is to hold back-up copies, so they can guarantee recovery.

In each case we and our processors employ one or more of the following mechanisms that are designed to help safeguard your privacy rights:

  • Certain processors may only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK government or the European Commission. For further details, see ICO guidance.

  • Where we use certain service providers, we may use standard contractual clauses approved by the European Commission or UK ICO, which give personal data the same protection it has in Europe. For further details, see ICO guidance.

Please contact us (see below) if you want further information on the specific mechanisms used by our data processors when transferring your personal data out of the EEA.


your personal data rights

The personal data we hold about you is your data, so you have certain rights over the data under the GDPR. This section summarises your rights and how you can exercise them (generally free of charge).   

You have the right to request a copy of all personal data we hold relating to you. You also have the right to require us to correct any mistakes in the personal data we hold relating to you.

Where we are processing your data based on your consent you can withdraw that consent and we must immediately stop processing your data (unless legal restrictions prevent us). Please note that up to that point, we’re acting lawfully with your consent, withdrawal of consent cannot be backdated.

Where we process your data based on a “legitimate interest” (underlined in the section on “purpose and lawful basis”, above) you still have the right to object to our processing of that data if you feel it impacts on your fundamental rights and freedoms. From that point, we must stop processing your data until we have determined whether your rights override our interests.

You also have the right to object where we are processing your personal data for direct marketing purposes.

In certain situations, you have the right to require us to erase personal data where there is no good reason for us continuing to process it. However, note that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

You have the right to request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) where you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

Finally, you have the right to request the transfer of your personal data to you or a third party in a structured, commonly used, machine-readable format. Note that this right only applies to automated processing of information about you, if carried out based on your consent or where it is necessary to perform a contract with you.

For further information on each of these rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.

If you would like to exercise any of these rights, the easiest way is by dropping us an email (see “How to contact us” below). 


automated decision-making using personal data

You have a right to object to any decisions being taken through the processing of your personal data by automated means if they produce legal effects concerning you or similarly significant effects on you. We can confirm that we do not undertake any automated decision-making, or profiling, based on the processing of personal data.  


KEEPING YOUR PERSONAL INFORMATION SECURE

We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. In addition, we limit access to your personal data to those employees, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.


Your rights to lodge a complaint with the regulator

At all times, you have the right to report a concern or lodge a complaint with the Information Commissioner’s Office. Please refer to the ICO at https://ico.org.uk/concerns/ or by calling them on 0303 123 1113. Of course, we hope that we can resolve your issue quickly and fairly ourselves.


changes to this privacy notice

This privacy notice was last updated on 23rd January 2023.  We may change this privacy notice from time to time by amending this page.


How to contact us

If you have any questions, concerns or just want some more information about our privacy management, drop us a line at info@luxnovapartners.com.