Version: 1.2, last updated: October 2018
It applies not just to use of our websites and online services, but also personal data that we process through other interactions with individuals in the course of running our organisation, such as individuals working for our customers, partners and suppliers. Our websites and services are not intended for children and we do not knowingly collect data relating to children.
Our contact address is 35 Holland Grove, London, SW9 6ER. Our company number is 8384033. We are a software company whose mission is to help transition to a future where distributed renewables and smart systems power our businesses, homes and schools.
If you want to contact us about any of the points on this policy, or just generally about how we protect your privacy, please email us at email@example.com.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We use personal data from different categories of individual for several different purposes and these each have a different lawful basis. This section describes these in detail and, although it’s technical, we’re required by law to explain this to you.
We use Google Analytics on our website to track visitor numbers and user activity on our site. We record your computer’s IP address so we can tell how each user and repeat visitor is using our site (your IP address is also a piece of your personal data). We do this on the basis that it is necessary for our legitimate interests in tracking website users so that we can improve our service and keep our websites relevant and useful. The IP address information will be held in accordance with Google’s standard procedures.
There may be options to download documents or similar. If you choose to do so we will request and store your name, company name and contact details, for the purposes of tracking and understanding the interest in our services and enabling us to send you occasional updates on future thought leadership pieces and research we contribute to. We do this on the basis that it is necessary for our legitimate interests in tracking the efficacy of our thought leadership activities and developing our business. We will hold your details for as long as we continue producing thought leadership pieces, or until you choose to unsubscribe from an email or ask us to delete them.
There may be options to “register interest” in Piclo services. If you choose to do so we will request and store your name, company, contact details, as well as some details about your company (which are not personal data), for the purposes of letting you know more about our services in accordance with your request and helping us to understand our customers better. We do this on the basis that it is necessary for our legitimate interests in developing our business and answering customer requests. We will hold your details for as long as we continue developing and offering similar services, or until you choose to unsubscribe from an email or ask us to delete them.
We will hold your name, company, contact details and IP address. We will also hold some details about the relevant electricity meter points, including address, meter number and tariff information (this will be your ‘personal data’ if you are a residential customer, but not if you are a business customer). You will have provided these details through the account creation process (and we will have collected the IP address automatically) or we may have been provided with them by an authorised third party, such as your energy supplier. We need these details for the following purposes of operating our services. We do this on the basis that it is necessary for our legitimate interests in operating our services for customers who have chosen to receive them. We will hold your data for as long as you hold the account [and for a period of 2 years afterwards]. If you no longer require your account you can email us (see “How to contact us” below).
We hold your email address for the purpose of sending you updates on Piclo and industry news. We process this data on the basis that we have your consent. You can withdraw your consent at any time by using the “unsubscribe” links at the bottom of each email.
We may hold your name, company, job title and contact details. We may have been provided with this data by you or your employer or in some cases we may have sourced it from publicly available sources, such as Linkedin and internet searches. We need this data in order to interact with you (or your employer) for the following purposes:
We do this on the basis that it is necessary for our legitimate interests in running and growing our business. We will hold your details for as long as we need to interact with you for these purposes. In all cases if you would like us to update or delete your information, please send us an email (see “How to contact us” below).
We may hold your name and contact details because we have a legitimate interest in doing business with your company. Our purpose for processing your personal data is to interact with you or your employer to procure and pay for goods and services. We will aim to hold this information for as long as we need to interact with you.
We need to collect certain personal data from you if wish to receive the benefits of our services or updates. If you do not provide the personal data requested, you will not be able to benefit from those services or updates. In some cases where we are required to collect personal data by law or under a contract with you or your employer, if you fail to provide the personal data requested we will not be able to perform the contract we have or are trying to enter into with you or your employer.
We use a number of different service providers (acting as ‘data processors’) who provide IT and system administration services to enable us to operate our business and the services we provide to our users and partners. Your personal data is transferred to (and stored by) these data processors, who generally fall under the following categories:
We may also share your personal data with the following third parties in certain circumstances:
We will not sell or rent your information to third parties and we will never share your information with third parties for marketing purposes.
We do not directly transfer any of your personal data outside the European Economic Area (EEA). However, some of our data processors may do so and this section explains the impact of these international transfers and how your information is protected.
Many of our data processors operate “cloud-based systems”, which means the information is held in information data centres in different locations.
All the cloud-based systems we use reserve the right to hold copies of your personal information outside the EEA. Please note that the reason companies may choose to do this is to hold back-up copies, so they can guarantee recovery.
In each case our processors and/or we employ one or more of the following means that are designed to help safeguard your privacy rights and give you remedies in the unlikely event of abuse:
Please contact us (see below) if you want further information on the specific mechanisms used by our data processors when transferring your personal data out of the EEA.
The personal data we hold about you is your data, so you have certain rights over the data under the GDPR. This section summarises your rights and how you can exercise them (generally free of charge).
You have the right to request a copy of all personal data we hold relating to you. You also have the right to require us to correct any mistakes in the personal data we hold relating to you.
Where we are processing your data based on your consent you can withdraw that consent and we must immediately stop processing your data. Please note that up to that point, we’re acting lawfully with your consent, withdrawal of consent cannot be backdated.
Where we process your data based on a “legitimate interest” (underlined in the section on “purpose and lawful basis”, above) you still have the right to object to our processing of that data if you feel it impacts on your fundamental rights and freedoms. From that point, we must stop processing your data until we have determined whether your rights override our interests.
You also have the right to object where we are processing your personal data for direct marketing purposes. The easiest way to do this is to use the unsubscribe links at the bottom of all marketing emails.
In certain situations, you have the right to require us to erase personal data where there is no good reason for us continuing to process it. However, note that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
You have the right to request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; © where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) where you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Finally, you have the right to request the transfer of your personal data to you or a third party in a structured, commonly used, machine-readable format. Note that this right only applies to automated processing of information about you, which we carry out based on your consent or where it is necessary to perform a contract with you.
For further information on each of these rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.
If you would like to exercise any of these rights, the easiest way is by dropping us an email (see “How to contact us” below). Please note:
At all times, you have the right to report a concern or lodge a complaint with the Information Commissioner’s Office. Please refer to the ICO at https://ico.org.uk/concerns/ or by calling them on 0303 123 1113. Of course, we hope that we can resolve your issue quickly and fairly ourselves.
We do not undertake any automated processing of personal data, or profiling.
Note that you have a right to object to any decisions being taken through the processing of your personal data by automated means if they produce legal effects concerning you or similarly significant effects on you. We do not use your personal data in a way that makes such decisions.
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. In addition, we limit access to your personal data to those employees, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
We don’t process your personal data for any other purpose than we’ve described here. We won’t sell your personal data to other companies.
As we develop our activities and services, we might add new data processes that use your personal information. Should we decide that we want to develop a new processing purpose, we will contact you to let you know what we intend to do, the lawful basis we will use, and your rights over our intended new processing. We’ll also publish information about it here.
If you have any questions, concerns, or just want some more details about our information security policy, quality policy, or privacy management, drop us a line at firstname.lastname@example.org.