The policy also explains why you receive marketing from us and your right to object to such marketing.
For the purpose of applicable data protection law, including the Data Protection Act 2018 and the General Data Protection Regulation (Regulation (EU) 2016/679) (together the “Data Protection Law”), the data controller is Utilitywise plc.
We may change this policy from time to time. Please check back frequently to see any updates of changes. This policy is effective from 1st November 2018 and will be frequently reviewed by our Data Protection Officer.
By way of summary, this policy covers:
We primarily collect personal information directly from you when, for example you:
If we contact each other by telephone, we will record and store all inbound and outbound calls to and from Utilitywise for training, audit and compliance purposes.
In order to provide the necessary service of either helping you reduce business utilities consumption and cost or help you meet regulatory compliance, the personal information we collect from you and process is:
When you call a number displayed on our website, your phone number is collected and stored. More information on this can be found within the ‘Sharing personal information with third parties’ section of this policy.
If you create an account for saved quotes or use a Utilitywise on-line platform we will collect your chosen password, as this is necessary to provide you with a secure service. We maintain a record of account activations and usage.
If you visit our sites we will keep a record of your visit. We use CCTV in and around our sites. The CCTV may collect videos of you and your car registration number.
Where you have provided authorisation we will receive the consumption data directly from a utilities provider or data collector.
If you are interested in joining the Utilitywise team we ask you to provide your contact information, including email address and CV via the website, email or post.
When you choose not to provide information, please note that we might not be able to provide the relevant service or carry out an action you have requested.
The information collected from you is used to provide you with products and services and to allow us to manage and develop our business relationship with you.
We process your personal information for the following purposes:
Under Data Protection Law, we must have a ‘legal basis for processing’ personal information. The legal basis for processing should be determined by the data controller.
Our legal basis will vary dependent on your relationship with us. However, we always operate in full compliance with Data Protection Law and will only process personal information when we have a legal basis for doing so.
One legal basis for processing personal information is that it is:
‘necessary for the purposes of legitimate interests pursued by the controller’
We consider it to be in our legitimate business interest to keep prospective customers, customers and contacts informed of our latest products and services and administer the service requested.
Given that we are a business utility consultancy, the information processed on and from the website or other on-line platforms we have provided access to allows us to offer services to help reduce businesses utilities consumption and costs. If you submit a form, call us, request a call back or engage with us this will be taken as your agreement that we and our affiliate companies have a legitimate purpose to contact you or to respond to your enquiry. We will provide you with information, products or services you have requested, or which we feel may interest you, unless you tell us otherwise.
Where appropriate to do so, we process business contact details to use for direct marketing purposes, as part of our legitimate interest. We believe this to be an appropriate lawful basis as individuals might reasonably expect to receive business-to-business marketing in this context. It is a reasonable and proportionate method of processing to achieve commercial objectives whilst having a low impact on the privacy of the individual. Anyone receiving direct marketing has the opportunity to object to receiving marketing from us. More information about why you receive marketing from us is detailed within the ‘Why you receive marketing from us’ section of this policy.
We also use legitimate interest as a basis to process personal information to:
In regards to the personal information collected and used by us, where we rely on legitimate interest to process your information you can object to its use. More information about how you can object to its use is detailed within the ‘Your rights under data protection legislation’ section of this policy.
The other legal bases we rely on are (as relevant):
For example, if you are a sole trader and decide that you want to utilise our services in sourcing a Utilities supplier, we would rely on your consent to:
Thereafter, the collection and on-going processing of your personal information will be necessary for us to perform the contract or contracts that, we have with you in accordance with the terms and conditions of service.
You should be aware that where we are relying on your consent to process personal information you are entitled under Data Protection Law to withdraw your consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. More information about how you can withdraw consent is detailed within the ‘Your rights under data protection legislation’ section of this policy.
Another example is, if you are applying for one of our vacancies, we need to process your information to assess your suitability for the role you have applied for, and the legal basis we would be relying on is that the processing is necessary to perform a contract or take steps at your request, before entering into a contract.
The collected details are used to undertake live calls and / or email marketing. Details include company name, address, telephone number, contact name, job title and email address.
We also communicate information about our products and services to existing customers and those who have opted in to receive such information.
We abide by the obligations provided for by The Privacy and Electronic Communications Regulations 2003, the Data Protection Act 2018 and General Data Protection Regulations 2016, in regards to business-to-business marketing.
Before making live calls we screen the numbers against the Telephone Preference Service (TPS), Corporate Telephone Preference Service (CTPS), or those that have previously objected to receive calls and marketing. If you are registered with one of these services, we will only contact you if we have received your consent.
We include the option to ‘Unsubscribe’ on our marketing emails. We have selected not to receive sole trader and partnership email addresses from Data HQ and therefore endeavour to only send marketing emails to sole traders and partnerships if we:
There are no such restrictions when marketing to corporate subscribers i.e. a company email address, even though it belongs to an individual. However you do have the right to object to receive marketing from us.
There are occasions where Data HQ send marketing emails on our behalf.
We respect anyone’s decision to object to marketing, information about how to do this is within the ‘The right to object to marketing’ section of this policy.
At any time, you have a right to object to the use of your information for marketing purposes.
To object, tell the member of the team who contacts you, or email us at firstname.lastname@example.org. Include your name, business name, contact details and that you object to your information being used for marketing purposes.
Your objection will be sent to our data team and/ or Data Protection Officer for action.
We will keep a record of your Company details, including your contact details and the request to ensure we no longer market products and services to you. This provides a safeguard against the mis-use of the information as we screen the ‘do not contact list’ against any marketing campaign, including business to business marketing data we receive from a third party.
The risk of deleting the record is that there could be a possibility that you are marketed again, so for due diligence purposes it is better if we update your record accordingly.
If it is just email marketing you wish not to receive, you have the option to click the ‘unsubscribe’ link at the bottom of the marketing email.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect and store.
The access to information provided is given to those employees who require the information to carry out the required services. Some examples are provided below.
If we believe you are interested in our products and services, the inbound and outbound sales team will have your information to make the initial contact. The marketing and data team will have access to your contact information, including email addresses to send marketing emails, surveys or newsletters.
Where you decide to engage us to provide you with the services and products, this will be progressed by the sales support team and then transferred to the customer care and finance teams.
During the lifetime of your contract, marketing and specific sales support agents will have access to your information within the on-line platforms you have access to, as well as information held within one of our internal Customer Relationship Management system(s). Marketing will use this information to help inform our marketing strategy.
Our customer care team will support users in setting up and using energy management software such as Utility Hub or UISmartdash. They will also, with support from relevant teams, have access to view selected customer accounts to support with queries and make changes when they have the permission to do so.
When it gets close to your contract coming to the end, a member of the renewal team will contact you. We also have a compliance, complaint and legal team who will have access to the information as and when required.
The data team manages the data for the marketing campaigns including details of those that have objected to marketing.
Our IT department have access to all internal systems where your data is held and, as such, will have access to the information only as and when IT work is required on these systems.
If you are interested in joining us, your information will be accessed by the People Operations team and those involved in the recruitment and selection process.
In accordance with our terms and conditions, we reserve the right to carry out such credit and identity checks on all our customers, as we, or a third party in our absolute discretion deem necessary. See our terms and conditions for more details.
We will not sell your data to third parties.
Should you decide to engage us to provide services or products to you, we will carry out our obligations in accordance with our terms and conditions and share information with various third parties to provide you with services or products. This includes, but not limited to, sub-contractors, agents or service providers who work for us, Utility suppliers and other business service providers (such as, broadband suppliers, insurance brokers, payment solution / service suppliers, lighting and battery storage suppliers), as well as our archiving service provider and the mailing houses so that information can be sent to you.
If you enter into a contract with a supplier, they also become a data controller for the personal information they require for the purposes of the contract. Their own privacy policies apply to how they use your personal information. You can find these privacy policies on their websites and you should check you are happy with them before you complete the transaction.
We occasionally use third parties to help us operate our business, manage the website, provide you with the relevant products and services and inform our marketing strategy. Such service providers are only allowed to process your personal information to the extent necessary for them to provide the service we have requested from them. They are not allowed to use your personal information for the benefit of their own business. In order to protect your privacy, we require that our service providers keep the personal information they process on our behalf confidential and adequately secure.
When you request a call back from us via the website, we use a system called ResponseIQ to enable us to provide this facility. It collects and stores your telephone number, and then automatically books an immediate or scheduled call back. The data stored in the system includes your telephone number, call time, date, and duration. To find out more about ResponseIQ click here.
Enquiries made via the website are processed through HubSpot and one of our customer relationship management system(s). When you complete a form or obtain a quote on our price comparison area of the website, your contact information is saved onto HubSpot for us to get in contact with you and respond to your enquiry. HubSpot is based in the United States, meaning your information is stored outside the European Economic Area (EEA). Such data transfers are protected by European Commission (EC) Model clauses, meeting both the EC and Information Commissioner’s Office requirements for providing adequate safeguards for the protection of individual’s personal information. HubSpot also participates in and has certified its compliance with the EU-U.S Privacy Shield Framework. To find out more about HubSpot click here.
We use call tracking software provided by ResponseTap, who have servers based in the EEA. ReponseTap is a system that allows us to attribute phone calls to specific marketing channels, therefore informing our marketing strategy. It does this by providing a unique call number on our website for each website user, and when you make the call a record of your number is stored and linked to other information gained from your use of the website so we can identify which website page and channel led to the call. ResponseTap collects your telephone number, traffic source, call duration, website page URL where the call originated, the date and time. If cookies are disabled, we are unable to identify the sites visited on the website. It is in our business legitimate interest to offer the relevant products and services and identify the most beneficial marketing avenues, with limited privacy impact. For more information on ResponseTap, you can view their website here.
To get documents signed electronically and transmitted securely, we use software provided by Signable. Signable are based and have their infrastructure in the UK, for more information on Signable and their privacy notice click here
We use Survey Monkey and Mail Chimp as communication channels. Both are based in the United States, meaning information is stored outside the EEA, however both participate in and have certified there compliance with the EU-U.S Privacy Shield Framework. To find out more about how your information is used by Survey Monkey click here and Mail Chimp click here.
During recruitment processes, we will contact referees to provide a reference and they may be written to before an offer of employment, unless you object to this. We would also advise you to inform your referees that you have given us their information. You will be informed if we are required to check your right to work in the United Kingdom or, for identified posts, undertake a DBS check. On these occasions, the appropriate government departments would be sent the required information to perform the checks, such as criminal checks via the Disclosure and Barring Service and relevant vetting agencies.
We may share your personal information to comply with any legal, audit or regulatory obligations, or in order to enforce or apply our terms and conditions and other agreements. This includes disclosing personal information in response to a request from law enforcement or other regulatory authorities, or sharing for fraud prevention purposes.
We may share your personal information with regulatory authorities, courts and governmental agencies to comply with legal orders, legal or regulatory requirements, government requests and other lawful requests. We may also share your personal information with our legal and other professional advisors.
We may share your personal information in the event that we sell any or all of our business or assets, or sell any companies in our group, in which case we may disclose your personal information to the buyer or to the prospective buyer(s) or such business or assets or companies in our group.
To enable us to deliver the products and services, your information may be stored and transferred to locations outside the European Economic Area (EEA) including countries that may not have the same level of protection for personal information. When we do this, we will ensure it has an appropriate level of protection in accordance with Data Protection Law, and that the transfer is lawful.
We use cloud as a service for storage for certain information and, although we have specified that the data is to be stored within the European region, technical support may be provided by countries outside of the EEA and therefore may be transferred accordingly. Such data transfers are protected by European Commission (EC) Model clauses, meeting both the EC and Information Commissioner’s Office requirements for providing adequate safeguards for the protection of individual’s personal information.
We store personal information for as long as is necessary to deliver and manage the requested service and business relationship, to comply with legal, compliance and audit obligations, resolves disputes and enforce agreements. We then securely delete the information.
Our Data Protection Officer is working with relevant teams to determine specific retention periods that will be published in the future.
We use Google Analytics to measure website performance. This is a web analytics service provided by Google, Inc. Google Analytics sets a cookie in order to evaluate use of those services and compile a report for us. We use Performance cookies across our website for internal purposes to help us to provide you with a better user experience.
Information supplied by cookies helps us to understand how our visitors use our website so that we can improve how we present our content to you.
You can find out more about cookies and how to, manage or disable them at http://www.aboutcookies.org/default.aspx
Our website may contain links to other 3rd party websites of interest.
However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information that you provide whilst visiting such sites and such sites are not governed by this privacy statement.
You should exercise caution and look at the privacy statement applicable to the website in question.
Data Protection Law gives you various rights in relation to your personal information. All the rights set out below can be exercised by contacting us using the contact details set out in ‘How you can exercise your rights’ section of this policy. Please note we can only deal with requests to exercise these rights where they relate to personal information that we process as data controller. If you send us a request which relates to personal information processed by a supplier as data controller, we will direct you to that supplier.
In regards to the information collected and used by us as data controller, where we rely on legitimate interest to process your information you can object to its use. Where the processing is based on consent, you can withdraw your consent to the use of your personal information at any time. However, in some cases we may not be able to provide your requested service (e.g. provide a quote and work with energy suppliers to help you reduce your business utilities consumption and cost) where the information processing is an integral part of the service. We will tell you if this is likely to be the case.
You have the following rights in relation to your personal information.
Access: You have the right to request access to your personal information.
Rectification: You have the right to request that we update, complete or correct personal information, if you think any information we have about you is incorrect or incomplete.
Erasure*: In some circumstances, you have the right to the erasure of your personal information where there are no longer lawful grounds for us to hold such data.
Restriction*: In some circumstances, you have the right to obtain a restriction on our use of your personal information.
Objection*: In some circumstances, you may, on grounds relating to your particular situation, have grounds to object to our processing of your personal information. This includes the right to object to automated decision- making about you including profiling that has legal or significant effect on you as an individual. We will consider any objections to our processing on the particular circumstances relating to each case.
Objection to marketing: You have the right to object to marketing, and in these circumstances we will stop using your personal information for this purpose.
Portability*: Where you have provided us with your personal information, it is processed by automated means and the legal basis for processing is either consent or for the performance of a contract, you will be entitled to a copy of that personal information in a structured, commonly used and machine readable format.
Withdrawal of consent: If we have requested your consent to use your personal information, you may withdraw your consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.
*Please be aware that not all of these rights are absolute, and are only applicable in certain circumstances, so in accordance with the law there will be occasions where a refusal notice is issued or exemption applied.
To learn more about the rights and when they apply, please see the ICO website.
You can contact our Data Protection Officer with regard to any issues related to the processing of your personal information, including exercising any of your rights or making a complaint.
We encourage people to bring to our attention any instances where they think our collection, or use, of information is unfair, misleading or inappropriate.
To object to marketing, email email@example.com. Include your name, business name, contact details and that you object to your information being used for marketing purposes.
Alternatively you can contact the Data Protection Officer via:
Data Protection Officer
3 & 4 Utilitywise House
Cobalt Business Park
Cobalt Park Way
Phone: 0191 425 4971
Please state clearly that your request concerns a data protection matter, and provide a clear description of your requirements.
Note: We may need to request additional information to verify your identity or clarify your request before we action your request.
The Information Commissioner’s Office (ICO) is the UK’s independent body set up to uphold information rights. You have a right to lodge complaints with them, including when you are dissatisfied with our response to you.
Information Commissioner’s Office