Privacy Notice


Privacy Policy

Key summary
About us and this notice
Useful words and phrases
What personal data do we collect?
Why do we process your personal data?
How is processing your data lawful?
Who will have access to your personal data?
When will we delete your personal data?
Your rights


Key summary

This notice describes how HydrogenOne Capital LLP and its subsidiaries (the “Group“ or “HydrogenOne”) uses personal data. It outlines HydrogenOne’s data protection obligations and your data protection rights under the regime introduced by the EU General Data Protection (Regulation 2016/679, the “General Data Protection Regulation”). The GDPR applies to “personal data” meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.

We process your personal data to enable us to provide you with information, products or services that you request from us, to make our procedures more efficient, to implement security measures and to combat fraud and other crimes, to promote and supervise the management of the Group, to advise on investments, to maintain our accounts and records, to communicate with contractors, other service providers and co- investors, and to deal with any enquiries or requests you raise.

This notice explains what data we process, why, how it is legal, and your rights and it is important you read the whole notice because this section only summarises the relevant points.


About us and this notice

This Privacy Notice is provided by HydrogenOne Capital LLP and its subsidiaries as may be from time to time, (all of us together, the “Group” or “we” or “us”) and to the extent we process your personal data directly or by a contractor doing it under our instructions, we are the data controller and responsible for processing your data.

We are based in the United Kingdom, and we comply with the data protection laws applicable in the United Kingdom and in any other country where we operate or otherwise process your data, including the European General Data Protection Regulation where applicable. 

We take your privacy very seriously. We ask that you read this Privacy Notice carefully as it contains important information about our processing and your rights.

In this Privacy Notice, there are references to various pieces of European Union legislation, for instance the European General Data Protection Regulation. Unless otherwise stated, a reference to (i) any EU directive, EU regulation, EU decision, EU tertiary legislation or provision of the EEA agreement (an “EU Matter“) which forms part of UK domestic law by application of section 3 of the European Union (Withdrawal) Act 2018 (“EUWA“) shall be read as a reference to that EU Matter as it forms part of UK domestic law and as modified by domestic law from time to time, and (ii) any EU entity shall be read as a reference to the UK institution, authority or body to which its functions were transferred, and words and expressions used in this paragraph shall have the meanings given to them respectively in EUWA.

How to contact us

If you need to contact us about this Privacy Notice, or would like this Privacy Notice in another format (for example: audio, large print, braille), please contact HydrogenOne by writing to [email protected] or by post at the following address:

Data Protection Officer
HydrogenOne Capital LLP
5 Margaret Street

Changes to this Privacy Notice
The latest version of this Privacy Notice can always be found here at

We may change this Privacy Notice from time to time. Regularly reviewing this page ensures that you are always aware of what information we collect, how we use it and under what circumstances, if any, we will share it with other parties.

Current version: September 2021


Useful words and phrases

Please familiarise yourself with the following words and phrases (used in bold) as they have particular meanings in the Data Protection Laws and are used throughout this Privacy Notice:

Term Definition
Group, we, us Means HydrogenOne Capital LLP whose registered office is at: 5 Margaret Street, London, W1W 8RG, and its subsidiaries.
controller This means any person who determines the purposes for which, and the manner in which, any personal data is processed.
criminal offence data This means any information relating to criminal convictions and offences committed or allegedly committed.
Data Protection Laws This means the Data Protection Act 2018 and any other applicable national laws related to data protection, privacy and electronic communications, applicable in the territories we operate in or in relation to your personal data, including the General Data Protection Regulation 2016/679 which applies in the EEA and the UK version of the General Data Protection Regulation 2016/679 which applies in the UK by virtue of EUWA, as amended from time to time.
data subject The individual to whom the personal data relates.
Data Protection Supervisor This means the UK Information Commissioner’s Office, or any other regulatory authority responsible for implementing, overseeing and enforcing the Data Protection Laws in the territories applicable to us.
individual This means a living natural person.
personal data, data This means any information from which an individual can be identified. This includes information such as telephone numbers, names, addresses, e-mail addresses, photographs and voice recordings. It will also include expressions of opinion and indications of intentions about data subjects (and their own expressions of opinion/intentions). It will also cover information which on its own does not identify someone, but which would identify them if put together with other information which we have or are likely to have in the future.
processing This covers virtually anything anyone can do with personal data, including:

  • obtaining, recording, retrieving, consulting or holding it;
  • – organising, adapting or altering it;
  • disclosing, disseminating or otherwise making it available; and
  • aligning, blocking, erasing or destroying it.
processor This means any contractor who processes your personal data under our specific instructions and on our behalf.
special categories of data or Sensitive Personal Information This means any information relating to:

  • racial or ethnic origin;
  • political opinions;
  • religious beliefs or beliefs of a similar nature;
  • trade union membership;
  • physical or mental health or condition;
  • sexual life;
  • criminal data; or
  • genetic data or biometric data for the purpose of uniquely identifying you.
you Current, former and prospective:

  • directors;
  • shareholders;
  • contractors and/or service providers;
  • buyers and sellers of renewable energy assets/businesses;
  • co-investors in renewable energy assets/businesses;
  • issues of any securities or debt instruments in which the Group invests;=
  • individual investors;
  • individuals employed by or connected to the above; or
  • any other individuals contacting the Group for any purposes related to our business.


What personal data do we collect?

Information we process about you
We, or our processors, collect your contact details such as name, email address, address, telephone number, bank account details, KYC (know your customer) documents such as your passport and credit history, personal identifiers, such as social security number and national insurance number, age, professional title, occupation, financial information and tax status.

How Personal Data is collected from you

Your personal data may be collected:

  • when you or an agent of yours contacts HydrogenOne in relation to business and services offered;
  • when you complete documents or forms during the course of business with HydrogenOne;
  • from Service Providers and other third parties that assist us in conducting business;
  • when you telephone HydrogenOne;
  • when you use the HydrogenOne website or online services; and
  • from publicly available sources (such as Companies House) and an identification verification database.

Sensitive Personal Information or Special Categories of Data
We do not envisage the use of your sensitive personal data as part of our business and will only request for it if it is strictly necessary in order to comply with a legal obligation or otherwise according to the law.

In case we request for this information we will inform you at the time this is requested for, if necessary we will ask for your consent, and we will protect this information with greater care.

Personal information about other individuals
If you provide us with information about other individuals you confirm that you are mandated by them and thus act under their instructions and have informed them about this Privacy Notice as appropriate.


Why do we process your personal data?

Your Data are collected to effectively and properly manage your account(s) with us. Data is stored for specific purposes and only data that is relevant to that purpose will be stored. We will use the Data for several different purposes, including those listed in this section. We are allowed to do so on certain legal bases (please see section ‘How is processing your data lawful?’ for further detail):

  • To provide you with information, products or services that you request from us (including through our website) or which we feel may interest you, where you have consented to be contacted for such purposes
  • To make our procedures more efficient, to implement security measures and to combat fraud and other crimes
  • To advise on investments
  • To enable us to promote and supervise the management of the Group
  • To maintain our accounts and records
  • To communicate with contractors, other service providers and co-investors
  • To comply with regulatory and tax requirements and other legal obligations
  • To deal with any enquiries or requests you raise

Neither us nor any of our processors make decisions about you based on automated processing of your personal data.


How is processing your data lawful?

Personal data
We are allowed to process your personal data for the following reasons and on the following legal bases:

Legitimate interests

We have a legitimate interest in sharing data about you:

  • between our group entities if necessary for internal administrative purposes; and
  • with our contractors when it is necessary for them to deliver the services we are contracting.

We do not share information about you with these third parties in a context other than where it is necessary to perform a contract or for us to run and manage our business efficiently as you expect us to do.

You can find more information related to third parties in this Privacy Notice (see “Who will have access to your personal data?”). You can object to processing that we carry out on the grounds of legitimate interests as long as it is not linked to another legal ground (for example if it is necessary to perform a contract we have in place with you). See the section headed “Your rights” to find out how.


It is necessary for our performance of the contract you have agreed to enter with us. If you do not provide your personal data to us, we will not be able to carry out our obligations under the terms of your contract.

Legal obligation

We are subject to legal obligations to process your personal data for the purposes of complying with applicable regulatory, accounting and financial rules, health and safety and to make mandatory disclosures to government bodies, tax administrators and law enforcement agencies.


Who will have access to your personal data?

HydrogenOne uses Service Providers to conduct aspects of its business, so information may be disclosed to them and their affiliates Data that you have provided in order to fulfil the purposes for which the Data is held. These Service Providers may disclose such Data to each other and to each other’s affiliates in order to achieve the same purposes.

HydrogenOne and its Service Providers may also be required to disclose your Data to governmental agencies, self-regulatory organisations, industry associations and similar bodies in order to fulfil legal and regulatory requirements. In addition, the laws of certain countries and states give people involved in lawsuits and other legal proceedings the right under certain circumstances to obtain information from HydrogenOne and its Service Providers, including your Data. HydrogenOne and its Service Providers will comply with these laws to the extent required.

HydrogenOne will not sell your Data to any third party. Wherever possible, Service Providers are required to enter into confidentiality agreements that prohibit them from selling or improperly using your Data.

Transfers of your personal data outside the territories where we operate

Where we transfer your personal information outside the United Kingdom and/or the territories where we operate, we will ensure that it is protected and transferred in a manner consistent with legal requirements applicable to the information. This can be done in a number of different ways, for instance:

  • the country to which we send the personal information may be approved according to the United Kingdom law parameters;
  • by having in place a contract based on “model contractual clauses” approved by the European Commission;
  • where the recipient is located in the US, it may belong to the EU-US Privacy Shield scheme; or
  • where the law permits us to otherwise transfer your personal information to another country.

If you would like further information about the safeguards we have in place to protect your personal information, please contact us at [email protected].

How we keep your personal data secure
We strive to implement appropriate technical and organisational measures in order to protect your personal data against accidental or unlawful destruction, accidental loss or alteration, unauthorised disclosure or access and any other unlawful forms of processing. We aim to ensure that the level of security and the measures adopted to protect your personal data are appropriate for the risks presented by the nature and use of your personal data. We follow recognised industry practices for protecting our IT environment and physical facilities and we ensure that the companies processing your data on our behalf provide an adequate level of protection to secure both your personal data and other confidential information.


When will we delete your personal data?

Our main rule is not to keep your data for longer than we need to in order to meet all the purposes we included in the section “Why do we process your personal data?“.

With this in mind, your personal data will generally be retained for the longest of the following periods:

  • for us and the processors and/or any authorised third parties to carry out the purposes for which the data was collected or as long as is set out in any relevant agreement you enter into with us;
  • in order to establish or defend legal rights or obligations or to satisfy any reporting or accounting obligations; and/or
  • any retention period that is required by data protection laws and any applicable laws or regulatory requirements.

For most of the purposes and legal obligations we have stated a retention period of six years although this might vary depending on the agreements we have in place with you, or other legal obligations. A detailed retention schedule is available upon request.


Your rights

As a data subject, in certain circumstances, you have the following rights under the Data Protection Laws:

  • the right to object to processing of your personal data;
  • the right of access to personal data relating to you (known as data subject access request);
  • the right to correct any mistakes in your information;
  • the right to ask us to stop contacting you with direct marketing;
  • the right to restrict your personal data being processed;
  • the right to have your personal data ported to another controller;
  • the right to withdraw your consent;
  • the right to erasure; and
  • rights in relation to automated decision making.

These rights are explained in more detail below. If you want to exercise any of your rights, please contact us (please see “How to contact us“).

We will respond to any rights that you exercise within a month of receiving your request, unless the request is particularly complex, in which case we will respond within three months.

Please be aware that there are exceptions and exemptions that apply to some of the rights which we will apply in accordance with the Data Protection Laws.

Right to object to processing of your personal data
You may object to us processing your personal data where we rely on a legitimate interest as our legal grounds for processing.

If you object to us processing your personal data, we must demonstrate compelling grounds for continuing to do so. We believe we have demonstrated compelling grounds in the section headed “How is processing your data lawful?“.

Right to access personal data relating to you
You may ask to see what personal data we hold about you and be provided with:

  • a copy of the personal data;
  • details of the purpose for which the personal data is being or is to be processed;
  • details of the recipients or classes of recipients to whom the personal data is or may be disclosed, including if they are overseas and what protections are used for those overseas transfers;
  • the period for which the personal data is held (or the criteria we use to determine how long it is held);
  • any information available about the source of that data; and
  • whether we carry out an automated decision-making, or profiling, and where we do information about the logic involved and the envisaged outcome or consequences of that decision or profiling.

To help us find the information easily, please provide us as much information as possible about the type of information you would like to see.

Right to correct any mistakes in your information
You can require us to correct any mistakes in your information which we hold. If you would like to do this, please let us know what information is incorrect and what it should be replaced with.

Right to restrict processing of personal data
You may request that we stop processing your personal data temporarily if:

  • you do not think that your data is accurate. We will start processing again once we have checked whether or not it is accurate;
  • the processing is unlawful but you do not want us to erase your data;
  • we no longer need the personal data for our processing, but you need the data to establish, exercise or defend legal claims; or
  • you have objected to processing because you believe that your interests should override our legitimate interests.

Right to data portability
You may ask for an electronic copy of your personal data which we hold electronically and which we process when we have entered into a contract with you. You can also ask us to provide this directly to another party.

Right to withdraw consent
You may withdraw any consent that you have given us to process your personal data at any time. This means that we will not be able to carry out any processing which required use of that personal data.

Right to erasure
You can ask us to erase your personal data where:

  • you do not believe that we need your data in order to process it for the purposes set out in this Privacy Notice;
  • if you had given us consent to process your data, you withdraw that consent and we cannot otherwise legally process your data;
  • you object to our processing and we do not have any legitimate interests that mean we can continue to process your data; or
  • your data has been processed unlawfully or has not been erased when it should have been.

Rights in relation to automated decision making
You have the right to have any decision that has been made by automated means and which has a significant effect on you reviewed by a member of staff and we will consider any objections you have to the decision that was reached.

What will happen if your rights are breached?
You may be entitled to compensation for damage caused by contravention of the Data Protection Laws.

Complaints to the regulator
It is important that you ensure you have read this Privacy Notice – and if you do not think that we have processed your data in accordance with this notice – you should let us know as soon as possible. You may also complain to the Information Commissioner’s Office, which regulates and supervises the use of personal data in the UK, via their helpline on 0303 123 1113.