This policy and any other documents referred to within sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Under the General Data Protection Regulations (GDPR) you have a number of rights and this policy outlines them. For further information on your rights under the new data protection regulations please visit the ICO website.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
For the purpose of the GDPR, the data controller is Sandal Plc whose registered office is Claremont House, Deans Court, Bicester, Oxon OX26 6BW.
Our main contact address is Unit 5, Harold Close, The Pinnacles, Harlow, Essex, CM19 5TH.
This policy covers all users who use the PowerConnections website.
The Energenie website is operated by Sandal PLC. We are committed to protecting your privacy when you are using our online services. To protect your privacy, we apply eleven principles which you can read about below.
Applicability of policy
Principle 1 – Notice (Right to be informed)
Information you provide to us
During payment process, we ask for personal information which both identifies you and enables us to communicate with you. We will retain this information for a period of 6 years for a number of purposes such as HMRC auditing, customer support and warrantee, and complaint handling.
To help us prevent fraud, please be aware that we may make searches about you at credit reference agencies for the purpose of verifying your identity. These agencies will supply us with information, including information from the Electoral Register. The fact that we have requested an identity check is recorded by these agencies, though be assured that the searches will not be seen or used by lenders to assess your ability to obtain credit.
Please also note that we may cross reference the information you provide us with data from a specialist anti-fraud third party with a view to stopping fraudulent transactions before they occur.
PowerConnections do not disclose buyers’ information to third parties other than when order details are processed as part of the order fulfilment. In this case, the third party will not disclose any of the details to any other third party.
People who call our helpline
When you call us we collect Calling Line Identification (CLI) information. We use this information to help improve its efficiency and effectiveness. This data is stored for 7 days in the system and then replaced.
People who email us
We use Mimecast to process e-mail traffic to us. Transport Layer Security (TLS) to encrypt and protect email traffic. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.
We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.
Like many websites http://www.powerconnections.co.uk/. uses a third party service, Google Analytics, to collect anonymous standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. You can find out more about Google Analytics and how the data we collect through this service is protected here https://support.google.com/analytics/answer/6004245?hl=en
Automatic decision making
PowerConnections does not undertake any form of automatic decision making with respect to the personal identifiable data we collects.
Principle 2 – Consent and Choice
Where you have given your consent we will use the information you provide only for the following purposes:
- To send you newsletters and details of offers and promotions in which we believe you will be interested
- Occasionally, PowerConnections may share your details with carefully selected third parties for general marketing and promotional activities.
You have the right to remove your consent at any time which can be done by contacting us directly at email@example.com
Principle 3 – Access (Right of access)
You have the right to ask for a copy of your personal information free of charge (unless the request is excessive, repetitive or manifestly unfounded). Under statutory regulations we have up to 1 month to provide your information.
Principle 4 – Security
Sandal Plc uses a third party service to help maintain the security and performance of the PowerConnections website. To deliver this service the hosting server processes the IP addresses of visitors to the PowerConnections website. We have taken appropriate measures to ensure that your personal information is not unlawfully processed. PowerConnections uses industry standard practices to safeguard the confidentiality of your personal identifiable information, including firewalls and SSL. PowerConnections treats data as an asset that must be protected against loss and unauthorized access. However, no information transferred over the Internet or wireless network can be guaranteed to be completely secure. We employ many different security techniques to protect such data from unauthorised access by users inside and outside the company.
We will not transfer your personal information outside of the European Economic Area (EEA) unless required for operation and support purposes and where it is we have a specific data sharing agreement in place to ensure protection of your data.
Principle 4.1 – Cookies
The PowerConnections website does not store any cookies
Principle 5 – Minors
The PowerConnections website is not intended for business customers only and we ask that no-one under the age of 13 submits personal information to us or uses the site without supervision of a parent or guardian.
Principle 6 – Deletion of your Personal Data (Right to erasure)
The GDPR gives you the right to have the data we hold on you deleted under certain circumstances such as where:
- Your personal data is no longer necessary for the purpose which it was originally collected or processed for;
- You withdraw your consent for the processing;
- You object to the processing of your data, and there is no overriding legitimate interest to continue this processing (e.g. where
Instances where the right to erasure does not apply includes (but not limited to):
- Where we have to comply with another overriding legal obligation (e.g. for HRMC Financial audit purposes);
- for the establishment, exercise or defence of legal claims;
- Where the request for erasure is manifestly unfounded or excessive;
Principle 7 – Right to rectification of your personal Data
The GDPR gives you the right to have the personal data we hold on you, or our selected partners to which we have provided information to, to be rectified if it is inaccurate or incomplete.
Principle 8 – Right to restriction of processing
The GDPR gives you the right to ‘block’ or suppress processing of personal data. In such cases Sandal Plc will continue to store your personal data but not process it further.
Principle 9 – Rights to data portability
Should you wish to obtain and reuse your personal data which we hold we will provided it in a standard readable format (e.g. MS Office)
Principle 10 – Right to object
You have the right to object processing of your information where:
- processing is based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
- direct marketing (including profiling); and
- processing for purposes of scientific/historical research and statistics
Principle 11 – Right to Complain to a supervisory authority
Changes to this policy