This Privacy Notice ("Notice") describes how Calisen Group (Holdings) Limited and its subsidiaries (collectively referred to as "Calisen", "we" or "us") based at 5th Floor, 1 Marsden Street, Manchester M2 1HW collects, uses and shares personal data collected in the context of our websites, business contacts, suppliers, current and prospective customers who use our products and services or users affected by our services (together referred to as "you" or "your").
This Notice also explains your ability to edit, update, correct or delete your personal data and the security procedures that we have implemented to protect personal data.
In this Notice you can find more about:
- What personal information we collect, when and why we use it
- How we share personal information within the Company Group, with our service providers, and regulators
- Direct marketing and how you can manage your marketing preferences
- How we protect and store personal information
- Legal rights available to help manage your privacy
- How you can contact us for more support
We may amend this privacy notice from time to time to keep it up to date with legal requirements and the way we operate our business and will place any updates on this webpage. Please regularly check these pages for the latest version of this notice. If we make fundamental changes to this privacy notice, we will seek to inform you by notice on our website or by email.
Third Party Websites
You might find external links to third party websites on our website. This privacy notice does not apply to your use of a third party site. You should read the privacy notice on that site.
Important information about Calisen
Calisen Group (Holdings) Limited is the parent company for Lowri Beck Holdings Limited and Calvin Capital UK Limited. The Calisen entity responsible for your personal data will be the member of Calisen that originally collects information from or about you. This will be explained in separate privacy notices when your personal data are first collected by them.
You should also be aware that this Notice describes how Calisen entities collect, use and share personal data in that entity's capacity as a controller, on its own behalf. Where a Calisen entity is processing personal data on behalf of another third party, for example, where Lowri Beck may be using address details of homeowners to be able to carry out meter readings, it will be doing so on behalf of the third-party energy supplier. You may therefore also find it helpful to review the privacy notices of particular energy supplier(s).
When we collect information
We collect information about you if you:
- purchase our services (Customers);
- work with us as a business partner (Business Partners);
- are affected by our services (Users);
- use our website or online services (Website Users);
- employees (Employees)
- job applicants (Applicants)
If you purchase services from Calisen, you may be asked to provide the following personal information about you, as a representative of a company and about your company: first and last name, suffix, credentials, telephone number, facsimile, email address, job title, mailing address, billing address and details, type(s) of service ordered, site specific details, name and address of company, name and address of relevant company officers and marketing preferences.
Calisen will use such personal information to process your order, deliver the service ordered, provide customer care services, to maintain our client relationship management systems, to detect, investigate, report and seek to prevent fraud and anti-money laundering, for example through know-your-customer checks, AML screening and other identity checks. We may also need to conduct credit and fraud checks on business customers and certain officers of your business, such as your directors.
If you work with us as a Business Partner or a service provider, we will collect personal information from you such as your business details or your employees or representatives first and last name, suffix, credentials, telephone number, facsimile, email address, job title, mailing address, billing address and details, type(s) of services provided.
Most of the personal information is obtained directly from you. Some of your personal information may be obtained from other sources for instance, credit reference agencies.
We use this information to review / assess your suitability as a Business Partner or service provider, to comply with our legal obligations, to detect investigate, report and seek to prevent fraud and anti-money laundering, for example through know-your-customer checks, AML screening and other identity checks and to meet our obligations under any contracts we have with you, we may also need to conduct credit and fraud checks on your business and certain officers of your business, such as directors.
As part of providing certain services to a Customer, parts of the Calisen Group (but not Calisen Group (Holdings) Limited) may have to process personal data about Users (as applicable depending on the specific service provided): name, address, telephone number and in certain circumstances, health information (e.g. we may receive information regarding disability status if it may be helpful to allow us to properly carry out a meter reading at a homeowner's property).
Most of this personal information is obtained from the Customer and is processed by the part of the Group providing the services to the Customers. If a User provides us with any information directly, we will pass this to the Customer because it is held on their behalf. User should review the privacy notices of their energy supplier.
If you commence direct communication via a website enquiry form, by telephone or by writing to us, you name and contact details (e.g. email address or telephone number) together with the nature of the enquiry and your message will also be collected and processed in order to respond to your query and to improve our services. We may use a third-party email administrator to handle email enquiries.
We have an employee privacy notice that is available to all staff to inform them about how we handle their personal information.
From time to time we recruit new employees. We may use a third-party agency, third party job boards to handle this process or directly through our website.
We will use the information that you provide to us through your Curriculum Vitae or the application form ("CV") to assess your suitability for the role you have applied for. If you are successful with your application, we will carry out an Office of Financial Sanctions Implementation search and we may need to carry out some additional background checks, such as seeking references and, in some circumstances, carrying out a DBS and or a CRB check. These checks are necessary to meet legal obligations.
There are no fully automated decisions made during the recruitment process.
We will invite a selection of applicants to an interview to assess in more detail the candidate(s) most suited to the role(s) on offer, notes will be taken as part of the interview process.
If you are not selected for interview for the specific role you have applied for, we will keep your CV in our HR system for a further 12 months and will consider you for other roles with us, if you tell us that you would like us to use your personal information in this way. After this time, we will delete your personal information from our records.
If you decide not to accept the role offered, or if, as a result of the checks being carried out by us, the offer of employment is withdrawn all the personal information and references received will be held in the HR Systems for up to 12 months from the date of rejection for legal purposes.
After this time, we will delete your personal information from our records.
We will also use the personal information supplied for Equal Opportunities monitoring.
Legal basis for using your personal information
We will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis to do this. This may be because:
- the processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract. For example, where you purchase our services, we will collect your payment information to process your payment. We collect your email address and phone number to provide you with service updates and to answer any of your queries;
- the processing is necessary for compliance with a legal obligation to which we are subject to. For example, in order to set you up as a business customer or business partner, we are obliged to carry out certain know-your-customer checks to prevent money laundering and fraudulent activities. This will involve the collection and verification of your personal information, checking your information against public sources in order to ensure that we are dealing with reputable businesses;
- the processing is necessary for the purposes of our legitimate interests as a commercial organisation, except where such interests are overridden by your interests or fundamental rights and freedoms. For example, we need certain personal and company information such as names and contact details of company representatives and officers, in order to assess your suitability as either a business partner or a customer, conduct due diligence on our customers and provide customers with our services;
- the processing is necessary in order to protect the vital interests of an individual for example, an individual is admitted to the A & E department of a hospital with life-threatening injuries following a serious accident. The disclosure to the hospital of the individual’s medical history that we know about is necessary in order to protect their vital interests.
- There will be instances where the provision of your personal information will be necessary to enter into a contract with Calisen or to receive our services as requested by you. However, unless otherwise specified, not providing your personal information will not result in legal consequences for you.
If you would like to find out more about the legal basis for which we process personal information, please contact us following the details below.
How you can manage your marketing preferences
To protect privacy rights and to ensure you have control over how we manage marketing with you:
- we will take steps to limit direct marketing to a reasonable and proportionate level and only send you communications which we believe may be of interest or relevance to you;
- you can ask us to stop direct marketing at any time you can ask us to stop sending email marketing, by following the "unsubscribe" link you will find on all the email marketing messages we send you.
- Alternatively you can contact us at firstname.lastname@example.org. Please specify whether you would like us to stop all forms of marketing or just a particular type (e.g. email); and
We recommend you routinely review the privacy notices and preference settings that are available to you on any social media platforms as well as your preferences within your account with us.
We share your personal information in the manner and for the purposes described below:
- Within the Calisen group of companies. Your personal data will be received by other Calisen entities where such disclosure is necessary to provide you with our services or to manage our business e.g. shared support function resourcing such as Legal and IT support.
- With third parties who help manage our business and deliver services. To provide the services, including fulfilling contractual obligations to our customers, performing administrative activities in connection with our services, Calisen engages external service providers such as fulfilment providers, legal services providers, website service providers, IT support service providers, delivery service providers, email administrators, payment processors and customer service providers. When providing such services, the external service providers may have access to and process your personal information.
- With third party regulators / enforcement bodies. To comply with legal and professional obligations, to cooperate with regulatory bodies, and to exercise, defend or protect our legal rights (or those of our Customers or third parties), Calisen may share personal information with the following groups law enforcement agencies, (e.g. police), industry bodies (e.g. Gas Safe, The Department for Business Energy & Industrial Strategy, the Information Commissioner's Office), certifying bodies who ensure the quality of our services (e.g. EUSR, MOCOPA, Examining bodies), regulatory bodies / investigators (e.g. the Health and Safety Executive).
- If, in the future, we sell or transfer some or all of our business or assets to a third party, we may disclose information to a potential or actual third-party purchaser of our business or assets in accordance with applicable law.
Please be aware we do transfer data into the European Economic Area, but we do not transfer any personal information to countries outside the European Economic Area.
We have implemented and maintain appropriate technical and organisational security measures, policies and procedures designed to reduce the risk of accidental destruction or loss, or the unauthorised disclosure or access to such information appropriate to the nature of the information concerned.
Measures we take include:
- placing confidentiality and contractual requirements on our staff members and service providers;
- destroying or permanently anonymising personal information if it is no longer needed for the purposes for which it was collected;
- following strict security procedures in the storage, retention and disclosure of your personal information to prevent unauthorised access to it;
- using secure communication transmission software (known as "secure sockets layer" or "SSL") that encrypts all information you input on our website before it is sent to us. SSL is an industry standard encryption protocol, and this ensures that the information is reasonably protected against unauthorised interception; and
- protecting our own systems against potential attack from outside threats by using virus, software and malware protections, multi-factor authentication and conditional access giving layered protection of our VPN and communication devices.
Note: As the security of information depends in part on the security of the computer you use to communicate with us and the security you use to protect User IDs and passwords, please take appropriate measures to protect this information.
Storing your personal information
Your personal information will be retained as long as it is required for the purposes for which the data is collected e.g. as necessary to provide you with the services requested. Once our contractual relationship with you comes to an end, you may request that we remove your personal information unless statutory retention requirements apply (such as for taxation purposes) or in order to fulfil regulatory requirements.
We also retain your personal information if needed to establish, exercise or defend a legal claim.
We will take steps in accordance with applicable legislation to keep your personal data accurate, complete and up-to-date. Depending on the purposes of the processing, you have certain rights in relation to your personal information.
If you are a User and your personal information has been collected by us as part of our provision of services to our Customers (i.e. your energy suppliers), then we can only act on the instructions of our Customers, and you may consider it helpful to consult your energy supplier directly.
You have the following rights over your personal information:
- to be notified about the information we hold about you and the reasons for processing;
- the right to access the personal information that we hold about you,
- to correct any incorrect information that we hold about you,
- to object to us processing your personal information, if we are not entitled to use it anymore,
- to receive a copy of your information so that you can transfer it to a third party.
If you think we are not entitled to use your information or if you believe we do not have a lawful reason to continue processing it, you have the following rights:
- To request the restriction or suppression of your personal information;
- To object to us processing your personal information;
- To have your information deleted.
There are however a number of exceptions to this where we are required to retain information under our contractual obligations to our Customer (the energy supplier), by law, required to retain data by our regulators or required to retain data to exercise or defend a legal claim.
If you would like to exercise any of these rights, please contact us at email@example.com
Before providing personal information to you or another person on your behalf, we may ask for proof of identity and sufficient information about your interactions with us so that we can locate and verify your personal information. Normally such requests are free of charge however, we reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.
We may not always be able to fully address your request, for example, where we hold your information on behalf of our Customer, in which case we will advise you to contact your energy supplier (our Customer), if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
You have a right to lodge a complaint with the Information Commissioner's Office if you have concerns about how we are processing your personal information (further information, including contact details, is available at https://ico.org.uk).
We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.
The primary point of contact for all issues arising from this privacy notice is:
Contact:The Data Protection Officer
Telephone: 0161 220 1900
Postal address: 5th Floor, 1 Marsden Street, Manchester M2 1HW