Privacy Policy

    Last Updated: 24 March 2026

    E&C Group BV ("Company", "we", "us", or "our") is the data controller responsible for the processing of your personal information when you interact with our websites, services, and related activities. Our registered office is located at Spinnerijkaai 43, 8500 Kortrijk, BELGIUM.

    We are committed to protecting your privacy. This privacy policy explains how we collect, use, disclose, and safeguard your personal information.

    1.    Information we collect

    • Personal information you provide to us, such as your name, email address, business contact details, phone number, financial information (e.g., payment details), and any other data you choose to give us.

    • Data acquired through the acquisition of Apala Group, which is now known as Apala by E&C. For Apala customer contracts that we are continuing to service, the legal basis is ‘performance of a contract’. For Apala contact and service history data where no direct contract is being continued, our legitimate interests in maintaining customer relationships and improving our services provide the lawful basis for processing, subject to the necessary balancing test. We will notify the affected Apala data subjects within one month, as required by GDPR Article 14.
    HubSpot as data processor

    We use HubSpot as our customer relationship management (CRM) platform and to host our eecc.energy website. When you interact with our website or contact us, HubSpot processes the following information on our behalf as a data processor:

    • Contact information you provide through forms (name, email, company, phone, etc.)

    • Website behaviour and analytics (pages visited, time on site, click tracking)

    • Email engagement data (opens, clicks, replies)

    • Communication history with our company

    • IP address and device information

    HubSpot processes this data to provide and improve our services, respond to your inquiries, send marketing communications (if you've opted in), and manage our customer relationships. HubSpot's privacy practices are outlined in their Privacy Policy, available at HubSpot Privacy Policy.

    2.    How we use your information

    • To provide and improve our services (based on our legitimate business interests)

    • To communicate with you, including sending marketing and promotional messages (with your consent)

    • To fulfil and manage your requests, orders, and service contracts (necessary for the performance of our contract)

    • To protect our services, prevent fraud, and comply with legal obligations (necessary for compliance with a legal obligation)

    • For other legitimate business purposes, such as data analysis to enhance the user experience (our legitimate interests include improving our services and operations, subject to the necessary balancing test to ensure data subject rights are not overridden)

    3.    Information sharing and disclosure

    • With service providers who assist us in operating our business, such as IT service providers, marketing agencies, and customer support teams. These service providers act as data processors under a Data Processing Agreement with E&C Group BV.

    • In connection with the Apala Group acquisition (necessary for our legitimate business interests)

    • To comply with legal requirements, court orders, or to protect our rights (necessary for compliance with a legal obligation)

    4.    International data transfers

    • As an international company, we may transfer personal data between our offices and servers located in different countries, including the United States and Australia.

    • To protect data during these international transfers, we use Standard Contractual Clauses approved by the European Commission, as well as additional technical and organizational measures such as encryption and access controls.

    • EU/EEA residents have the right to request information about these international data transfer safeguards and to object to the transfers.

    5.    Cookies and tracking technologies

    • We use cookies and similar technologies to collect information about how you use our websites, such as pages visited, time on site, and clicks.

    • You can manage your cookie preferences and opt-out of non-essential cookies through the cookie consent banner on our websites.

    • We also use web beacons, local storage, and other technologies for similar purposes.

    • If any of this involves cookie-based advertising or sharing data with ad platforms, we will ensure it is covered by your consent through our cookie management platform.

    6.    Data retention and deletion

    • We retain your personal information for as long as necessary to fulfil the purposes outlined in this policy, or as required by law:

      • Contact information: 7 years

      • Financial data: 7 years

      • Service history: 10 years

    • You can request access to, correction of, or deletion of your personal data by contacting us at the email provided below.

    7.    Your privacy rights

    • EU/EEA residents have specific rights under the GDPR, such as the right to access, correct, erase, restrict, port, and object to the processing of their personal data. You also have the right to withdraw your consent where processing is based on consent.

    • California residents have certain privacy rights, such as the right to know what personal information is collected, the right to opt-out of the sale or sharing of personal information, and the right to delete their personal information.

    • Residents of other jurisdictions where we operate may also have specific privacy rights, which we will respect.

    • You can exercise your privacy rights by contacting us at the email provided below. If you believe we are unlawfully processing your personal information, you have the right to lodge a complaint with your local data protection supervisory authority.

    8.    Data security

    • We implement a range of technical and organizational measures to protect your personal information from unauthorized access, disclosure, and misuse, including encryption, access controls, and regular security assessments.

    • However, no security measures are perfect, and we cannot guarantee the absolute security of your data.

    9.    Automated decision-making and profiling

    • We do not engage in any automated decision-making or profiling activities that produce legal effects or similarly significantly affect you.

    10.    Changes to this policy

    • We may update this privacy policy from time to time. The updated version will be indicated by an updated "Last Updated" date and will be effective 30 days after publication.

    • We will notify you of material changes to this policy, either by prominent posting on our website or by direct communication.

    11.    Contact us

    • If you have any questions or concerns about this privacy policy or our data practices, please contact our Data Protection Officer:

      • Name: Siobhán FitzGerald

      • Email: dpo@eecc.energy

      • Address: E&C Consultants Hispania S.L., Carrer de Pizarro 1, 6º 22, 46004, Valencia, SPAIN