The policy also explains why you receive marketing from us and your right to object to such marketing.For the purpose of applicable data protection law, including the Data Protection Act 2018 and the General Data Protection Regulation (Regulation (EU) 2016/679) (together the “Data Protection Law”), the data controller is Earth Hub Limited. We may change this policy from time to time. Please check back frequently to see any updates of changes. This policy is effective from 7th June 2022.
By way of summary, this policy covers:
• What personal information we collect;
• Why we use your personal information;
• The legal basis for processing;
• Why you receive marketing;
• The right to object to marketing;
• How we use your personal information;
• Sharing personal information with third parties;
• Transferring your information overseas;
• How long we may keep your information;
• Links to other websites;
• Your rights under data protection legislation;
• How to exercise your rights.
WHAT WE COLLECT
We primarily collect personal information directly from you when you:
• Give us your information by contacting us by mail, phone and email;
• Submit a website form;
• Register to attend an event or webinar;
• Subscribe for marketing or our newsletters;
• Download or upload material;
• Create an account on one of our on-line platforms;
• Enter into a contract for the supply of products and services;
• Request our services;
• Respond to a survey or participate in a case study;
• Report problems with our service;
• or Apply for a job.
If we contact each other by telephone, we will record and store all inbound and outbound calls to and from Earth Hub Limited for training, audit and compliance purposes.
• In order to provide the services of helping you buy, manage and control your energy and comply with legislation, the personal information we collect from you and process is:
• Your name and job title;
• Your contact information including telephone number and email address;
• Demographic information such as postcode, preferences and interests; and
• Other information relevant to customer surveys, case studies and/or offers.
• Meter reference numbers, utilities consumption, cost, usage and contract end dates;
• Date of birth;
• Previous residential addresses;
• Financial information, including bank account details (only when you are looking into entering into the contract).
Where you have provided authorisation we will receive consumption data directly from a utilities provider or data collector as well as obtain details from the Electricity Central Online Enquiry Service (ECOES).
If you are interested in one of our vacancies, we ask you to provide your contact information, including email address and CV via the website, email, or post.
When you choose not to provide information, please note that we might not be able to provide the relevant service or carry out an action you have requested.
WHY WE USE YOUR PERSONAL INFORMATION
The information collected is used to provide you with products and services and to allow us to manage and develop our business relationship with you.
We process your personal information for the following purposes:
• To understand your business needs and provide you with better service;
• To provide you with recommendations tailored to your business;
• To develop, enhance and customise the website according to your interests;
• To provide you with a response to your enquiry, including a request for a call back;
• To carry out your instructions, e.g. to provide you with the quote you have requested;
• To facilitate events and webinars;
• To carry out our obligations from any contracts entered into between you and us (Earth Hub Limited • Terms and Conditions);
• To obtain quotes from suppliers and for them to assess whether to enter into a contract with you;
• To terminate your existing contract;
• For suppliers to provide the products and service to you;
• To verify the identity of users for providing access to online platforms;
• To provide secure access to account information and updates via Energy Intelligence Portal or other online platforms;
• To deliver a secure suite of digital energy management services that can be used to track and manage usage and spend;
• To provide market intelligence and insight into market changes and their effect on available prices and to show organisations how to better manage energy consumption to minimise costs;
• To review, analyse and evaluate your use (or decision not to use) our products and services in order to develop and improve the quality of our offering and strengthen our relationship with you and our other existing and potential customers;
• For the ongoing administration of any service we provide you and to carry out any ongoing obligations we owe to you;
• To communicate with you to provide you with information about the products and services we supply to you;
• Notify you about changes to our products and services;
• To allow us to improve the products and services we offer to you and to notify you of any changes to products and services;
• To offer new products and services to you which are relevant and appropriate, and only to the extent that would be reasonably expected;
• In accordance with any marketing preferences you have indicated;
• To measure or understand the effectiveness of advertising we serve to you, and to deliver relevant advertising to you (with your consent where relevant);
• For internal recording keeping to assess and maintain compliance and to meet our audit and legal obligations;
• To administer our legitimate internal management analysis, audit, forecasts and business planning and transactions;
• To establish, defend or exercise our legal rights;
• To comply with our legal, regulatory and internal governance obligations;
• To ensure our records are accurate and up to date;
• To prevent or detect crime, for quality, training and security purposes;
• Market research and analysis and developing statistics; and
• To progress your interest in a job vacancy.
THE LEGAL BASIS FOR PROCESSING
Under Data Protection Law, we must have a ‘legal basis for processing’ personal information. The legal basis for processing should be determined by the data controller.
Our legal basis will vary dependent on your relationship with us. However, we always operate in full compliance with Data Protection Law and will only process personal information when we have a legal basis for doing so. One legal basis for processing personal information is that it is:
‘Necessary for the purposes of legitimate interests pursued by the controller’
We consider it to be in our legitimate business interest to keep prospective customers, customers and contacts informed of our latest products and services and administer the service requested.
The information processed on and from the website or other online platforms, we have provided access to allow us to provide the service of creating bespoke, integrated solutions so you can manage and control all elements of your energy bill or help you meet regulatory compliance. If you submit a form, call us, request a callback or engage with us this will be taken as your agreement that we and our affiliate companies have a legitimate purpose to contact you or to respond to your enquiry. We will provide you with information, products or services you have requested, or which we feel may interest you, unless you tell us otherwise. Where appropriate to do so, we process business contact details to use for direct marketing purposes, as part of our legitimate interest. We believe this to be an appropriate lawful basis as individuals might reasonably expect to receive business-to-business marketing in this context. It is a reasonable and proportionate method of processing to achieve commercial objectives whilst having a low impact on the privacy of the individual. Anyone receiving direct marketing has the opportunity to object to receiving marketing from us. More information about why you receive marketing from us is detailed within the ‘Why you receive marketing from us’ section of this policy.
We also use legitimate interest as a basis to process personal information to:
• Allow you to participate in any interactive features of the website or online platform;
• Undertake data analytics to learn more about how you and others interact with the website and our online platforms and our advertisements;
• Carry out your instructions;Implement product and service improvements;
• Undertake market research and seek your feedback on services offered;
• Ensure security and business continuity; and
• Detect and prevent misuse or abuse of the website or online platforms or our services.
In regards to the personal information collected and used by us, where we rely on legitimate interest to process your information you can object to its use. More information about how you can object to its use is detailed within the ‘Your rights under data protection legislation’ section of this policy.
The other legal bases we rely on are (as relevant):
• Where our use of your personal information is necessary for us to perform the contract or contracts that, we have with you, such as the contract between us consisting of the terms and conditions of service.
• Where we believe it is necessary to use your information to comply with our legal obligations.
• Your consent may also be a lawful reason for processing your personal information, in certain cases. This means your freely given, specific, informed and unambiguous consent which may be collected from you.
For example, if you are a sole trader and decide that you want to utilise our services in sourcing a Utilities supplier, we would rely on your consent to:
• Make initial contact with suppliers on your behalf (including your existing supplier); and
• Obtain utilities consumption data.
Thereafter, the collection and ongoing processing of your personal information will be necessary for us to perform the contract or contracts that, we have with you in accordance with the terms and conditions of service. We would also rely on your consent if you wished to register for one of our webinars or the use of your image in a marketing publication. You should be aware that where we are relying on your consent to process personal information you are entitled under Data Protection Law to withdraw your consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. More information about how you can withdraw consent is detailed within the ‘Your rights under data protection legislation’ section of this policy.
If you are applying for one of our vacancies, we need to process your information to assess your suitability for the role you have applied for, and the legal basis we would be relying on is that the processing is necessary to perform a contract or take steps at your request, before entering into a contract.
WHY YOU RECEIVE MARKETING FROM US
We retain business contact details that have been collected over time from individuals or other business partners. The collected details are used to undertake calls and/or email marketing. Details include company name, address, telephone number, contact name, job title and email address. We also communicate information about our products and services to existing customers, those who have requested such information or downloaded information from our website and those who have opted in to receive such information. We abide by the obligations provided for by The Privacy and Electronic Communications Regulations 2003, the Data Protection Act 2018 and General Data Protection Regulations 2016, in regards to business-to-business marketing.
We include the option to ‘Unsubscribe’ on our marketing emails. We only send marketing emails to sole traders and partnerships if we:
• Have consent to such communication; or
• Obtained your contact details in the course of a sale or during negotiations for the sale of similar products or services to you, you gave us your details, and were given the opportunity to opt-out of marketing emails at the time and in future marketing communications.
There are no such restrictions when marketing to a work email address i.e. a company email address, even though it may include an individual employee’s name. However, on these occasions, you do have the right to object to receiving marketing from us. We respect anyone’s decision to object to marketing, information about how to do this is within the ‘The right to object to marketing’ section of this policy.
THE RIGHT TO OBJECT TO MARKETING
At any time, you have a right to object to the use of your information for marketing purposes. To object, tell the member of the team who contacts you, or email us. Include your name, business name, contact details and that you object to your information being used for marketing purposes. Your objection will be sent to our team for action. We will keep a record of your Company details, including your contact details and the request to ensure we no longer market products and services to you. This provides a safeguard against the misuse of the information as we screen the ‘do not contact list’ against any marketing campaign, including business to business marketing data we receive from a third party. The risk of deleting the record is that there could be a possibility that you are marketed again, so for due diligence purposes, it is better if we update your record accordingly. If it is just email marketing you wish not to receive, you have the option to click the ‘Unsubscribe’ link at the bottom of marketing emails.
HOW WE USE YOUR PERSONAL INFORMATION
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect and store. If you choose to work with us, you may be provided with a welcome pack that will introduce who is working on your account. The access to information provided is given to those employees who require the information to carry out the required services. Some examples are provided below.
If we believe you are interested in our products and services, the sales team will have your information to make the initial contact. The marketing team will have access to your contact information, including email addresses to send marketing emails, surveys or newsletters. Where you decide to engage us to provide you with the services and products, this will be progressed by the sales team and then transferred to the onboarding, service delivery and finance teams.
During the lifetime of your contract, marketing and specific service delivery team members will have access to your information within the online platforms you have access to, as well as information held within one of our internal Customer Relationship Management system(s) and internal networks. Marketing will use this information to help inform our marketing strategy.
Our coordination and technical support team will support users in setting up and using energy management software. They will also, with support from relevant teams, have access to view selected customer accounts to support with queries and make changes when they have permission to do so.
When it gets close to your contract coming to the end, a member of the account management and sales team will contact you. Our IT department has access to all internal systems where your data is held and, as such, will have access to the information only as and when IT work is required on these systems. If you are interested in joining us, your information will be accessed by the HR team and those involved in the recruitment and selection process. In accordance with our terms and conditions, we reserve the right to carry out such credit and identity checks on all our customers, as we, or a third party in our absolute discretion deem necessary. See our terms and conditions for more details.
SHARING PERSONAL INFORMATION WITH THIRD PARTIES
We will not sell your data to third parties.
Should you decide to engage us to provide services or products to you, we will carry out our obligations in accordance with our terms and conditions and share and receive information with various third parties to provide you with services or products. This includes, but not limited to, sub-contractors, agents or service providers who work for us, utility suppliers and other business service providers, as well as our archiving service provider and the mailing houses so that information can be sent to you. Where we provide information to our sub-contractors, agents or service providers we will share with them the point of contact name, job title and working hours. This is to ensure the relevant product or service can be delivered in accordance with both parties contractual obligations. If you consent to take part in a case study, your information will be used in online and offline marketing material, therefore shared on social media and with those who obtain a copy of the material.
If you enter into a contract with a supplier, they also become a data controller for the personal information they require for the purposes of the contract. Their own privacy policies apply to how they use your personal information. You can find these privacy policies on their websites and you should check you are happy with them before you complete the transaction. We occasionally use third parties to help us operate our business, manage the website, provide you with the relevant products and services and inform our marketing strategy. Such service providers are only allowed to process your personal information to the extent necessary for them to provide the service we have requested from them. They are not allowed to use your personal information for the benefit of their own business. In order to protect your privacy, we require that our service providers keep the personal information they process on our behalf confidential and adequately secure.
During recruitment processes, we will contact referees to provide a reference and they may be written to before an offer of employment, unless you object to this. We would advise you to inform your referees that you have given us their information. You will be informed if we are required to check your right to work in the United Kingdom or, for identified posts, undertake a DBS check. On these occasions, the appropriate government departments would be sent the required information to perform the checks, such as criminal checks via the Disclosure and Barring Service and relevant vetting agencies.
We may share your personal information to comply with any legal, audit or regulatory obligations, or in order to enforce or apply our terms and conditions and other agreements. This includes disclosing personal information in response to a request from law enforcement or other regulatory authorities or sharing for fraud prevention purposes.
We may share your personal information with regulatory authorities, courts and governmental agencies to comply with legal orders, legal or regulatory requirements, government requests and other lawful requests. We may also share your personal information with our legal and other professional advisors.
We may share your personal information in the event that we sell any or all of our business or assets, or sell any companies in our group, in which case we may disclose your personal information to the buyer or to the prospective buyer(s) or such business or assets or companies in our group.
TRANSFERRING YOUR INFORMATION OVERSEAS
To enable us to deliver the products and services, your information may be stored and transferred to locations outside the European Economic Area (EEA) including countries that may not have the same level of protection for personal information. When we do this, we will ensure it has an appropriate level of protection in accordance with Data Protection Law, and that the transfer is lawful.We use cloud as a service for storage for certain information and, although we have specified that the data is to be stored within the European region, technical support may be provided by countries outside of the EEA and therefore may be transferred accordingly. Such data transfers are protected by European Commission (EC) Model clauses, meeting both the EC and Information Commissioner’s Office requirements for providing adequate safeguards for the protection of individual’s personal information.
HOW LONG WE MAY KEEP YOUR PERSONAL INFORMATION
We store personal information for as long as is necessary to deliver and manage the requested service and business relationship, to comply with legal, compliance and audit obligations, resolves disputes and enforce agreements. We then securely delete the information.Our team is working to determine specific retention periods that will be published in the future.
You can find out more about cookies and how to, manage or disable them at allaboutcookies.org
LINKS TO OTHER WEBSITES
Our website may contain links to other third party websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information that you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Your rights under data protection legislation
Data Protection Law gives you various rights in relation to your personal information. All the rights set out below can be exercised by contacting us using the contact details set out in ‘How you can exercise your rights’ section of this policy. Please note we can only deal with requests to exercise these rights where they relate to personal information that we process as data controller. If you send us a request which relates to personal information processed by a supplier as data controller, we will direct you to that supplier.
In regards to the information collected and used by us as data controller, where we rely on a legitimate interest to process your information you can object to its use. Where the processing is based on consent, you can withdraw your consent to the use of your personal information at any time. However, in some cases, we may not be able to provide your requested service (e.g. provide a quote and work with energy suppliers in relation to energy savings) where the information processing is an integral part of the service. We will tell you if this is likely to be the case.
You have the following rights in relation to your personal information.
Access: You have the right to request access to your personal information.
Rectification: You have the right to request that we update, complete or correct personal information, if you think any information we have about you is incorrect or incomplete.
Erasure*: In some circumstances, you have the right to the erasure of your personal information where there are no longer lawful grounds for us to hold such data.
Restriction*: In some circumstances, you have the right to obtain a restriction on our use of your personal information.
Objection*: In some circumstances, you may, on grounds relating to your particular situation, have grounds to object to our processing of your personal information. This includes the right to object to automated decision-making about you including profiling that has a legal or significant effect on you as an individual. We will consider any objections to our processing on the particular circumstances relating to each case.
Objection to marketing: You have the right to object to marketing, and in these circumstances, we will stop using your personal information for this purpose.
Portability*: Where you have provided us with your personal information, it is processed by automated means and the legal basis for processing is either consent or for the performance of a contract, you will be entitled to a copy of that personal information in a structured, commonly used and machine-readable format.
Withdrawal of consent: If we have requested your consent to use your personal information, you may withdraw your consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.
*Please be aware that not all of these rights are absolute, and are only applicable in certain circumstances, so in accordance with the law there will be occasions where a refusal notice is issued or exemption applied.
To learn more about the rights and when they apply, please see the ICO website.
HOW YOU CAN EXERCISE YOUR RIGHTS
You can contact our Data Protection Officer with regard to any issues related to the processing of your personal information, including exercising any of your rights or making a complaint. More information about how to contact our Data Protection Officer is within ‘Contact details for our Data Protection Officer’ section of this Policy.
We encourage people to bring to our attention any instances where they think our collection, or use, of information is unfair, misleading or inappropriate.
To object to marketing, email us. Include your name, business name, contact details and that you object to your information being used for marketing purposes.
CONTACT DETAILS FOR OUR DATA PROTECTION OFFICER
You can exercise your rights by sending an email to firstname.lastname@example.org
Please state clearly that your request concerns a data protection matter, and provide a clear description of your requirements.Note: We may need to request additional information to verify your identity or clarify your request before we action your request.
THE SUPERVISORY AUTHORITY
The Information Commissioner’s Office (ICO) is the UK’s independent body set up to uphold information rights. You have a right to lodge complaints with them, including when you are dissatisfied with our response to you.
To find out more about them, visit https://ico.org.uk/about-the-ico/who-we-are/.
To contact them, either visit their website, dial 0303 123 1113 or write to them at:
Information Commissioner’s Office