Last updated [June 2026]
This Privacy Notice will be reviewed on a regular basis or when a change in legislation and/or practices dictates and any changes will be notified to you by posting an updated version on our websites and/or by contacting you via email.
We recommend that you regularly check for changes and review this policy when visiting our website(s).
This Privacy Notice aims to explain the types of personal data we may collect about you when you interact with us and use our website, LASER Energy, including any data you may provide when you purchase products, goods and services or sign up to our newsletters.
It also explains how we will store and handle your data and keep it safe.
When you are using the LASER Energy website, Commercial Services Kent Ltd (company registration No: 05858177 (England and Wales)) is the data controller.
We understand that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of all our customers and their employees and other people with whom we interact in the course of undertaking our services. This Privacy Notice offers both our customers and their employees with meaningful and accessible guidance on our approach to handling personal data.
LASER Energy is a trading style of Commercial Services Kent Ltd, company registration No: 05858177 (registered in England and Wales), and part of Commercial Services Group (CSG).
CSG is the umbrella for all its trading brands, with its ultimate parent organisation being Kent County Council. It provides the support, dependability, and security to allow all brands to thrive independently. CSG are committed to providing an excellent customer and user experience underpinned by social value and a committed and empowered workforce.
LASER Energy collects, uses and processes personal information about you. When we do we are regulated under the UK Data Protection Act 2018 (DPA 2018), the UK General Data Protection Regulation (UK GDPR) and the Data (Use and Access) Act 2025.
If you have any questions, suggestions or complaints about the processing of your personal information please contact our Data Protection Officer (DPO) via email at DPO@csltd.org.uk, or in writing by using the address below;
Data Protection Officer
Commercial Services Group
1 Abbey Wood Road
Kings Hill
West Malling
ME19 4YT
We offer a number of solutions and services including:
• Energy procurement services, including compliant frameworks for electricity, gas and water, with fixed and flexible purchasing options for public sector organisations.
• Energy management services, including invoice validation, supplier query management, budget and forecast reporting, and energy consumption analysis.
• Net zero consultancy services, including carbon reduction planning, net zero roadmaps, decarbonisation surveys, and compliance support.
• Renewable and low-carbon solutions, including support for solar PV, power purchase agreements, and access to vetted suppliers and installers through compliant frameworks.
In providing these goods and services to our customers, it will be necessary for LASER Energy to gather, obtain, record and hold your personal information.
The section below summarises the information we collect, use, and retain for our services, how and why we do so, how we use it and with whom it may be shared.
We seek to ensure that our information collection and processing is always proportionate. We will notify you of any changes to information we collect or to the purposes for which we collect and process it.
The table below summarises the information we collect, use and retain for our services, how and why we do so, how we use it and with whom it may be shared.
We seek to ensure that our information collection and processing is always proportionate. We will notify you of any changes to information we collect or to the purposes for which we collect and process it.
| The information collected | How the information is collected | Why the information is collected | How the information is use and may be shared |
|---|---|---|---|
| Personal and business contact information, such as name, job title, organisation name, work email address, work telephone number, postal address and site address, as well as details relating to your enquiry, contract, supply points or services requested. | Directly from you, from your organisation, through enquiries, tender responses, contract documentation, onboarding forms, service requests, website forms, meetings, emails and telephone calls. | To respond to enquiries, assess service requirements, enter into and manage contracts, provide energy procurement and energy management services, and maintain customer relationships. Legitimate interests may also apply where we need to communicate service updates, manage account queries, improve our services, and maintain accurate business records. | We use this information to set up and manage your account, deliver contracted services, communicate with you about your portfolio or enquiry, and administer billing and reporting. Information may be shared, where necessary, with energy suppliers, distribution network operators, metering agents, data collectors, data aggregators, software and platform providers, and other delivery partners involved in providing services to your organisation. |
| Customer account and onboarding information, such as key contact details, organisation details, billing information, contract information, supply point details (including MPAN/MPRN where relevant), site addresses and service preferences. | Directly from you or your organisation during enquiries, tendering, onboarding, contract setup and account registration processes. | To enter into and perform a contract, register your organisation as a customer, set up services, and ensure the correct delivery and administration of those services. | We use this information to create and manage your customer record, set up your services, and coordinate delivery across relevant internal teams and approved service partners. Information may be shared, where necessary, with energy suppliers, metering and data service providers, and other service delivery partners to support account setup and ongoing service provision. |
| Financial and billing information, such as bank account details, billing contact details, purchase order information, invoice addresses, VAT details, and payment records. | Directly from you or your organisation as part of contract setup, invoicing, payment processing, or financial administration. | To administer payments, manage invoicing and credit control, maintain accounting records, and comply with legal, regulatory and audit obligations. This processing may be necessary for the performance of a contract, compliance with legal obligations, and our legitimate interests in managing our business and financial controls. | We use this information to issue invoices, process payments, reconcile accounts, manage debt recovery where necessary, and maintain financial records. Information may be shared, where necessary, with banking providers, finance system providers, auditors, professional advisers, debt recovery providers, and HM Revenue & Customs or other regulatory bodies where required by law. |
| Property, supply and usage information, such as site addresses, meter identifiers (for example MPAN, MPRN or meter serial numbers), supplier account references, consumption data, billing data, and details of existing or proposed energy assets and installations. | From you, your organisation, energy suppliers, metering agents, data collectors, data aggregators, publicly available records, and third parties acting on your behalf. | To provide energy procurement, bureau, billing support, consumption analysis, net zero consultancy, renewable energy support, and other related services. | We use this information to analyse consumption, support procurement activity, validate invoices, resolve supplier queries, develop decarbonisation recommendations, and manage renewable or low-carbon projects. Information may be shared, where necessary, with energy suppliers, network operators, metering and data service providers, consultants, installers, surveyors, and funding or delivery partners involved in the relevant service. |
We may obtain other personal data from third parties with whom we liaise in providing a service to our Customers (e.g. energy suppliers, metering agents, data collectors, data aggregators, distribution network operators, consultants, installers, surveyors, and framework or delivery partners), or by a representative acting on your behalf (e.g. your employer, school, academy trust, local authority, consultant, broker, contractor, or other authorised representative). Other than stated above, we may share personal information with law enforcement, our regulators or other authorities if required by applicable law.
As there is a statutory and contractual basis for collecting your personal data if you do not provide some or all of the details specified in the ‘The personal information we collect and use’ section, we may be unable to enter into a contract with your organisation.
We will not keep your information for longer than is necessary, for either:
• the purpose of administering your individual record;
• or as is necessary in providing a service to our customer;
• or as required by law.
Upon expiry, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.
For certain data sets, we have the following specific retention periods:
For example:
Customer contracts, onboarding records and account administration data: retained for the duration of the contract and for 6 years after the end of the financial year in which the contract ends, unless a longer retention period is required for legal, audit or dispute resolution purposes.
Invoices, payment records and financial documentation: retained for the current financial year plus 6 further years to comply with financial reporting, tax and audit requirements.
Complaints, claims and dispute records: retained for 6 years from closure of the complaint, claim or dispute, unless longer retention is required due to legal proceedings or regulatory requirements.
Energy consumption, billing validation and portfolio management records: retained for as long as required to deliver the contracted service and normally for up to 6 years after the end of the customer relationship, unless a longer period is needed for audit, investigation or evidential purposes.
Net zero, solar PV or decarbonisation project assessment records: retained for up to 6 years after completion of the project or closure of the opportunity, unless a longer period is needed for funding assurance, audit, or contractual reasons.
We may share your personal data with the following organisations:
• Energy suppliers, for the purpose of arranging, managing or supporting energy supply contracts and associated services.
• Metering agents, data collectors, data aggregators and network operators, where required to support supply administration, meter information, consumption data and industry processes.
• Surveyors, consultants, installers and framework delivery partners, where required to deliver net zero consultancy, renewable energy or decarbonisation services.
• IT system providers, software providers and document management providers, where required to host, process or support the secure administration of our services.
• Professional advisers, auditors, insurers and regulators, where required for legal, regulatory, governance or audit purposes.
We may also share your personal information with trusted third parties that are under contract with us and where it is necessary to administer our working relationship with you or where we have another legitimate interest in doing so (providing this is not overridden by your interests).
Our trusted third parties may include service providers who supply us with processing services or functions, including our contracted IT suppliers, access to data and systems is only granted where authorised and specifically required in line with our contracts with them.
Management information may be shared within Commercial Services Group, under a Data Sharing Agreement held by its operating company Global Commercial Services Group Ltd, a company registered in England and Wales (Reg No. 11735631). This Agreement reflects the requirements of the UK GDPR, DPA2018 and DUAA2025.
We may also need to share some of the categories of personal information with other parties where a transfer of the business takes place. Usually, information will be anonymised or pseudonymised, but this may not always be possible. The recipient of the information will be bound by confidentiality obligations and legally binding data sharing agreements.
Information may be retained at our offices and those of our service providers, representatives and agents as described above.
Some of the personal information you provide to us may be transferred to countries outside of the UK, or the EU/EEA. Where this occurs, we will make restricted transfer under UK “adequacy regulations” to protect individuals rights and freedoms for their personal data.
Where the UK has no “adequacy regulations” then the restricted transfer will be subject to appropriate safeguards whereby standard contractual clauses have been entered into with the organisation receiving the data.
Under the UK GDPR you have a number of rights which allow you to:
• Your right of access – You have the right to ask us for copies of your personal data, however there are some exemptions which means you may not receive all the information you ask for.
• Your right to rectification – You have the right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
• Your right to erasure – You have the right to ask us to erase your personal data in certain circumstances.
• Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal data in certain circumstances.
• Your right to object to processing – You have the right to object to the processing of your personal data in certain circumstances.
• Your right to data portability – You have the right to ask that we transfer the personal data you gave us to another organisation, or to you, in certain circumstances.
• Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent.
If you make a request, we have one calendar month to respond to you. If a request is deemed to be complex or a number of requests have been received from an individual, the response time may be extended by up to 2 months.
We will always seek to comply with your request however we may be required to hold or use your information to comply with legal duties.
You can also withdraw your consent and opt-out from direct marketing by using the unsubscribe link at the bottom of our marketing emails.
Suppression lists will be maintained to screen against direct marketing information being sent to people who have already exercised their right to object to direct marketing. These lists will be held for compliance purposes only, and this does not affect your rights to be erased.
Please note: your request may delay or prevent us delivering a service to you.
For further information about your rights, including the circumstances in which they apply, see the guidance from the UK Information Commissioners Office (ICO) on individuals’ rights under the UK General Data Protection Regulation https://ico.org.uk/
If you would like to exercise a right or make a complaint about how your personal data is handled by LASER Energy, please contact our DPO via email at dpo@csltd.org.uk or write to Data Protection Officer, Commercial Services Group, 1 Abbey Wood Road, Kings Hill, West Malling, ME19 4YT.
We have appropriate security measures in place to prevent personal information from being accidentally lost, used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and the ICO as regulator of any suspected data security breach where we are legally required to do so.
If you have any questions, suggestions or complaints about the processing of your personal information, or you wish to exercise any of your rights please contact our Data Protection Officer (DPO) via email at DPO@csltd.org.uk or in writing by using the address below;
Data Protection Officer
Commercial Services Group
1 Abbey Wood Road
Kings Hill
West Malling
ME19 4YT.
The UK General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk or telephone 0303 123 1113.
We reserve the right to update this Privacy Notice at any time, and we will provide you with a new Privacy Notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.