Data Protection Policy

Commitment
Enerveo is committed to protecting all personal data it handles fairly, transparently and responsibly, to ensure trust
is maintained between people and our business. As an Information Commissioner’s Office (ICO) registered busi-
ness, we recognise and actively support the right for people to have control over their identity and their interaction
with others.

Objectives
• To ensure personal data is:

- Processed lawfully, fairly and in a transparent manner;

- Collected for specific, explicit and legitimate purposes;
- Adequate, relevant and limited to what is necessary;
- Accurate and, where necessary, kept up to date;
- Kept in a form which permits identification of data subjects for no longer than is necessary;
- Processed to ensure appropriate security of the personal data; and
- Processed in a manner which complies with the requirements of the Data Protection Act 2018, UK
General Data Protection Regulation 2018 (UK GDPR), ICO Registration and other related regulatory
requirements.

This will be achieved by:

• Working to our Data Protection Framework which sets out clearly how Data Protection is managed including the
types of data handled, the data retention periods established, data incident and breach management and the
processing and documenting of requests to access, rectify, erase, restrict processing, data portability and object
to in a timely manner;
• Carrying out appropriate Risk and Data Protection Impact Assessments to assess and mitigate the risks
associated with managing and sharing personal data;
• Ensuring our data records are accurate and up to date;
• Effectively communicating the Framework to our workforce and interested parties to ensure they understand
their rights and the processes, roles and responsibilities in place through regular updates;
• Ensuring appropriate security of data is in place; and
• Regularly reviewing and auditing adherence to the Data Protection Framework for legal compliance and the
continual improvement of the business.

Responsibilities
• The Executive Board to maintain this policy for the organisation, to monitor the performance and provide
adequate resource to deploy this policy.
• Functional Heads to ensure that effective resources, arrangements and management controls are in place to
deliver and comply with all organisational and legal requirements.
• Every individual in the business to comply with this policy and actively strive to safeguard the personal data that
we handle and process.

Luca Warnke Tom Wood

Chief Executive Officer Director of Commercial

PO-COR-0014 October 2021

Rev: 1.00