This Privacy Notice ("Notice") describes how Calisen Group Holdings Limited and its subsidiaries (collectively referred to as "Calisen", "we" or "us") based at 5th Floor, 1 Marsden Street, Manchester M2 1HW collects, uses and shares personal data collected in the context of our websites, business contacts, suppliers, current and prospective customers who use our products and services or users affected by our services (together referred to as "you" or "your").
This Notice also explains your ability to edit, update, correct or delete your personal data and the security procedures that we have implemented to protect personal data.
In this Notice you can find more about:
- What personal information we collect, when and why we use it
- How we share personal information within the Company Group, with our service providers, and regulators
- Direct marketing and how you can manage your marketing preferences
- How we protect and store personal information
- Legal rights available to help manage your privacy
- How you can contact us for more support
We may amend this privacy notice from time to time to keep it up to date with legal requirements and the way we operate our business, and will place any updates on this webpage. Please regularly check these pages for the latest version of this notice. If we make fundamental changes to this privacy notice, we will seek to inform you by notice on our website or by email.
Third Party Websites
You might find external links to third party websites on our website. This privacy notice does not apply to your use of a third party site.
Important information about Calisen
Calisen Group Holdings Limited is the parent company for Lowri Beck Holdings Limited and Calvin Capital UK Limited. The Calisen entity responsible for your personal data will be the member of Calisen that originally collects information from or about you. This will be explained in separate privacy notices made available when your personal data are first collected by that Calisen entity.
You should also be aware that this Notice describes how Calisen entities collect, use and share personal data in that entity's capacity as a controller, on its own behalf. Where a Calisen entity is processing personal data on behalf of another third party, for example, where Lowri Beck may be using address details of homeowners to be able to carry out meter readings, it will be doing so on behalf of the third party energy supplier. You may therefore also find it helpful to review the privacy notices of particular energy supplier(s).
When we collect information
We collect information about you if you:
- purchase our services (Customers);
- work with us as a business partner (Business Partners);
- are affected by our services (Users);
- use our website or online services (Website Users);
If you purchase services from Calisen, you may be asked to provide the following personal information about you, as a representative of a company and about your company: first and last name, suffix, credentials, work phone number, personal phone number, facsimile, email address, job title, mailing address, billing address and details, type(s) of service ordered, site specific details, name and address of company, name and address of relevant company officers, marketing preferences.
Calisen will use such personal information to process your order, deliver the service ordered, provide customer care services, provide you with Calisen updates and/or newsletters, to maintain our client relationship management systems, to detect, investigate, report and seek to prevent fraud and anti-money laundering, for example through know-your-customer checks, AML screening and other identity checks. We may also need to conduct credit and fraud checks on business customers and certain officers of your business, such as your directors.
If you work with us as a Business Partner or a service provider, we will collect personal information from you such as your business details or your employees or representatives first and last name, suffix, credentials, work phone number, personal phone number, facsimile, email address, job title, mailing address, billing address and details, type(s) of services provided.
Most of the personal information is obtained directly from you. Some of your personal information may be obtained from other sources for instance, credit reference agencies.
We use this information to review / assess your suitability as a Business Partner or service provider, to comply with our legal obligations, to detect investigate, report and seek to prevent fraud and anti-money laundering, for example through know-your-customer checks, AML screening and other identity checks and t meet our obligations under any contracts we have with you, we may also need to conduct credit and fraud checks on your business and certain officers of your business, such as directors.
As part of providing certain services to a Customer, Calisen may have to process personal data about you (as applicable depending on the specific service provided): name, address, telephone number and in certain circumstances, health information (e.g. we may receive information regarding disability status if it may be helpful to allow us to properly carry out a meter reading at a homeowner's property).
Most of this personal information is obtained from our Customer and is processed by us in the context of providing our services to our Customers. We need to process your personal information because the services provided have an impact on you.
Website and online services Users
Where you use our website, we will collect certain metadata that results from the use of our website, such as referral page, date and type of access, type of web browser, IP address, geographical location as determined by your IP address, operating system and interface, language and version of browser software, session information (such as download errors and page response time). This information enables you to have access to our website and we use the metadata to improve the quality of our website by analysing the usage behaviour of our users.
If you commence direct communication via a website enquiry form, by telephone or by writing to us, you name and contact details (e.g. email address or telephone number), the nature of the enquiry and your message will also be collected and processed in order to respond to your query and to improve our services.
How we use personal information to keep you up to date with our products and services. We may use personal information to let you know about our products and services that we believe will be of interest to you. We may contact you by email, post, or telephone or through other communication channels that we think you may find helpful. In all cases, we will respect your preferences for how you would like us to manage marketing activity with you.
How you can manage your marketing preferences
To protect privacy rights and to ensure you have control over how we manage marketing with you:
- we will take steps to limit direct marketing to a reasonable and proportionate level and only send you communications which we believe may be of interest or relevance to you;
- you can ask us to stop direct marketing at any time you can ask us to stop sending email marketing, by following the "unsubscribe" link you will find on all the email marketing messages we send you.
- Alternatively you can contact us at email@example.com. Please specify whether you would like us to stop all forms of marketing or just a particular type (e.g. email); and
We recommend you routinely review the privacy notices and preference settings that are available to you on any social media platforms as well as your preferences within your account with us.
Legal basis for using your personal information
We will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis to do this. This may be because:
- the processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract. For example, where you purchase our services we will collect your payment information to process your payment. We collect your email address and phone number to provide you with service updates and to answer any of your queries, we will also collect your username and password to allow you have access to the incident reporting system;
- the processing is necessary for compliance with a legal obligation to which we are subject to. For example, in order to set you up as a business customer or business partner, we are obliged to carry out certain know-your-customer checks to prevent money laundering and fraudulent activities. This will involve the collection and verification of your personal information, checking your information against public sources in order to ensure that we are dealing with reputable businesses;
- you have provided your consent to using your personal information, for example if you have agreed to receive marketing communications from us;
- the processing is necessary for the purposes of our legitimate interests as a commercial organisation, except where such interests are overridden by your interests or fundamental rights and freedoms. For example, we need certain personal and company information such as names and contact details of company representatives and officers, in order to assess your suitability as either a business partner or a customer, conduct due diligence on our customers and provide customers with our services.
Your personal information is not required by us to fulfill a statutory obligation. However, there will be instances where the provision of your personal information will be necessary to enter into a contract with Calisen or to receive our services as requested by you. In such situations, not providing your personal information may be likely to result in disadvantages for you, e.g. you may not be able to use the full functionalities of our website/ systems or receive the services requested by you.
However, unless otherwise specified, not providing your personal information will not result in legal consequences for you.
If you would like to find out more about the legal basis for which we process personal information, please contact us following the details below.
We share your personal information in the manner and for the purposes described below:
- With other Calisen entities in our group. Your personal data will be received by other Calisen entities where such disclosure is necessary to provide you with our services or to manage our business.
- With third parties who help manage our business and deliver services. To provide the services, including fulfilling contractual obligations to our customers, performing administrative activities in connection with our services, Calisen engages external service providers such as fulfillment providers, legal services providers, website service providers, marketing service providers, IT support service providers, delivery service providers, email administrators, payment processors and customer service providers. When providing such services, the external service providers have access to and process your personal information.
- With third party regulators / enforcement bodies. To comply with legal and professional obligations, to cooperate with regulatory bodies, and to exercise, defend or protect our legal rights (or those of our Customers or third parties), Calisen may share personal information with law enforcement agencies, (e.g. police), industry bodies (e.g. the Health and Safety Executive, Gas Safe, The Department for Business Energy & Industrial Strategy, the Information Commissioner's Office), certifying bodies who ensure the quality of our services (e.g. EUSR, MOCOPA, Examining bodies), regulatory bodies / investigators.
- If, in the future, we sell or transfer some or all of our business or assets to a third party, we may disclose information to a potential or actual third party purchaser of our business or assets in accordance with applicable law.
Please be aware we do not transfer any personal information to countries outside the EU.
We have implemented and maintain appropriate technical and organisational security measures, policies and procedures designed to reduce the risk of accidental destruction or loss, or the unauthorised disclosure or access to such information appropriate to the nature of the information concerned.
Measures we take include:
- placing confidentiality and contractual requirements on our staff members and service providers;
- destroying or permanently anonymising personal information if it is no longer needed for the purposes for which it was collected;
- following strict security procedures in the storage, retention and disclosure of your personal information to prevent unauthorised access to it;
- using secure communication transmission software (known as "secure sockets layer" or "SSL") that encrypts all information you input on our website before it is sent to us. SSL is an industry standard encryption protocol and this ensures that the information is reasonably protected against unauthorised interception; and
- protecting our own systems against potential attack from outside threats by using virus, software and malware protections, giving layered protection of our VPN and communication devices.
Note: As the security of information depends in part on the security of the computer you use to communicate with us and the security you use to protect User IDs and passwords, please take appropriate measures to protect this information.
Storing your personal information
Your personal information will be retained as long as it is required for the purposes for which the data is collected e.g. as necessary to provide you with the services requested. Once our contractual relationship with you comes to an end, you may request that we remove your personal information unless statutory retention requirements apply (such as for taxation purposes) or in order to fulfil regulatory requirements.
We also retain your personal information if needed to establish, exercise or defend a legal claim.
We will take steps in accordance with applicable legislation to keep your personal data accurate, complete and up-to-date.
Depending on the purposes of the processing, you have certain rights in relation to your personal information.
If you are a User and your personal information has been collected by us as part of our provision of services to our Customers (i.e. your energy suppliers), then we can only act on the instructions of our Customers, and you may consider it helpful to consult your energy supplier directly.
You can object to the use of your personal information, which has our legitimate interests as its legal basis including for the purpose of marketing, without incurring any costs other than transmission costs.
Click on the links below to learn more about each right you may have:
- To access personal information
- To rectify / erase personal information
- To restrict the processing of your personal information
- To transfer your personal information
- To object to the processing of personal information
- To object to how we use your personal information for direct marketing purposes
- To obtain a copy of personal information safeguards used for transfers outside your jurisdiction
- To lodge a complaint with your local supervisory authority
If you wish to access any of the above mentioned rights, we may ask you for additional information to confirm your identity and for security purposes, in particular before disclosing personal information to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.
You can exercise your rights by contacting us using the details below.
Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request promptly or inform you if we require further information in order to fulfil your request.
We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
Right to access personal information
You have a right to obtain confirmation from us as to whether or not personal information concerning you is being processed, and to request that we provide you with a copy of your personal information that we hold. You have the right to be informed of; (a) the source of your personal information; (b) the purposes, legal basis and methods of processing; (c) the data controller’s identity; and (d) the entities or categories of entities to whom your personal information may be transferred.
Right to rectify personal information
You have a right to request that we rectify inaccurate personal information and that we complete incomplete personal information. We may seek to verify the accuracy of the personal information before rectifying it. We will inform relevant third parties to whom we have transferred your personal information about the rectification and completion if we are legally obliged to do so.
Right to erase personal information
You can also request that we erase your personal information in limited circumstances where:
- it is no longer needed for the purposes for which it was collected; or
- you have withdrawn your consent (where the data processing was based on consent); or
- following a successful right to object (see right to object); or
- it has been processed unlawfully; or
- to comply with a legal obligation to which the Company is subject.
We are not required to comply with your request to erase personal information if the processing of your personal information is necessary:
- for compliance with a legal obligation; or
- for the establishment, exercise or defence of legal claims
Right to restrict the processing of your personal information
You can ask us to restrict your personal information. In this case, the respective data will be marked and only processed for certain purposes. This right can be exercised only where:
- its accuracy is contested, to allow us to verify its accuracy; or
- the processing is unlawful, but you do not want it erased; or
- it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
- you have exercised the right to object, and verification of overriding grounds is pending.
We can continue to use your personal information following a request for restriction, where:
- we have your consent; or
- to establish, exercise or defend legal claims; or
- to protect the rights of another natural or legal person.
Right to data portability
You can ask us to provide your personal information to you in a structured, commonly used, machine readable format, or you can ask to have it transferred directly to another data controller, but in each case only where:
- the processing is based on your consent or on the performance of a contract with you; and
- the processing is carried out by automated means.
Right to object to the processing of your personal information
You can object to any processing of your personal information which has our legitimate interests as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests.
If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.
The right to object does not exist, in particular, if the processing of your personal information is necessary to take steps prior to entering into a contract or to perform a contract already entered into.
Right to object to how we use your personal information for direct marketing purposes
You can request that we change the manner in which we contact you for marketing purposes.
You can request that we not transfer your personal information to unaffiliated third parties for the purposes of direct marketing or any other purposes.
Right to withdraw consent
If you have given us your consent for the processing of your personal information, you have the right to withdraw your consent at any time. Note that this will not affect the lawfulness of any processing of your personal information that we have carried out based on the consent before its withdrawal.
Right to obtain a copy of personal information safeguards used for transfers outside your jurisdiction
You can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside of the European Union.
We may redact data transfer agreements to protect commercial terms.
Right to lodge a complaint with your local supervisory authority
You have a right to lodge a complaint with your local supervisory authority if you have concerns about how we are processing your personal information.
We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.
To exercise your rights, please contact us using the contact information below. Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request promptly or inform you if we require further information in order to fulfil your request.
We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
The primary point of contact for all issues arising from this privacy notice is:
Contact: The Company Secretary
Telephone: 0161 220 1900
Postal address: 5th Floor, 1 Marsden Street, Manchester M2 1HW
If you have any questions, concerns or complaints regarding our compliance with this privacy notice, the information we hold about you or if you wish to exercise your rights, we encourage you to first contact using the details above. We will investigate and attempt to resolve complaints and disputes and make every reasonable effort to honour your wish to exercise your rights as quickly as possible and in any event, within the timescales provided by data protection laws.
To contact your data protection supervisory authority
You have a right to lodge a complaint with your local data protection supervisory authority (i.e. your place of habitual residence, place or work or place of alleged infringement), which in the UK is the Information Commissioner's Office at any time. We ask that you please attempt to resolve any issues with us before your local supervisory authority.