Privacy Policy

We appreciate the trust you place in us when engaging and working with us. Whether you are an existing or prospective energy supplier or customer, the security of your personal data is very important to us. The information contained in this policy is communicated and issued by ICD (“we”, “us”, “our”). In this policy, we outline how we use personal data about visitors to our websites, including customers and potential customers and about individuals that get in contact with us, our existing and potential service providers (such as energy suppliers) (referred to as ‘existing partners’ and ‘potential partners’ within this privacy policy) and those individuals whose personal data we otherwise process in the course of our business, which we will collectively refer to in this policy as “you” and “your”. It is important to read this policy, so you are aware of how and why we are using your data. If you do not agree to the following policy, you may wish to cease viewing our websites. If you contact us directly, we will be the data controller for the personal data that you provide during that correspondence and in any action taken by us (such as dealing with your request) as a result.

Data controller Company number Website data controller is responsible for ICD Energy Managers Ltd 13138824 https://icdenergymanagers.com

We may collect personal data about you. This includes the following:

• Full name.
• Job title, who you work for and business activities.
• Phone number(s).
• Personal email address and/or professional email address(s).
• Technical information, including the Internet protocol (IP) address used to connect your device to the Internet, browser type and version, browser location, browser plug-in types and versions, time zone setting, device types (including device ID), the date and time of consent and platform, network service provider. Your IP address is processed by Google Analytics and automatically reported in an anonymised form. We may also process information about your visit to our websites, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), products you viewed, searched for or purchased, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse the website.
• Lifestyle information and your personal interests.
• Email exchanges.
• Your social media handle/user-name details if you engage with us on social media.
• Any feedback that you give us.
• Any other information that you choose to give to us via our website or to our customer services team.
• Lawful basis for the processing of personal data
• We will only use your personal information when the law allows us to. Whenever we process your personal data, we are required to identify and maintain a valid “lawful basis” (i.e., a legally compliant justification) for the processing. To help you to understand what we do with data and why, we have described the various relevant lawful bases that we rely on in the table at the end of this privacy policy. Where we rely on our legitimate interests, we will always make sure that we balance these interests against your rights.

Please make sure you provide us with certain information when requested as if you don’t, we may not be able to perform the contract we have entered into with you (such as, to provide you with products or services). In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time. We will only use your personal information for the purposes for which we collected it. If we need to use your personal information for a purpose other than that for which it was collected, we will provide you, prior to that further processing, with information about the new purpose, we will explain our legal justification for doing so and we will provide you with any relevant further information. We may also issue a new privacy policy to you. Like most businesses, we may provide your personal information to third parties for processing as part of the services that those third parties carry out on our behalf as part of the day-to-day operations of our business. These trusted suppliers will process your personal information on our behalf and provide us with services such as the provision of certain HR-related functions, the provision of IT services, third party software providers, the hosting of your personal information and our accountants and professional advisers. We will always make sure that these trusted suppliers meet agreed standards for the protection of your personal information and that they will only ever be allowed to use your personal information in order to provide us with services (and not for their own purposes). We require all third parties to take appropriate technical and organisational security measures to protect your personal information and to treat it subject to a duty of confidentiality and in accordance with applicable data protection law. We may also share your personal information:

• with government authorities or professional bodies, such as HM Revenue & Customs in the United Kingdom (for tax purposes);
• with our professional advisors including tax, legal or other corporate advisors who provide professional services to us;
• with regulators, law enforcement or fraud prevention agencies, as well as our legal advisers, courts, the police and any other authorised law enforcement bodies, for the purposes of investigating any actual or suspected criminal activity or other regulatory or legal matters etc;
• in the event that we consider selling or buying any business or assets we will disclose your personal information to any prospective sellers or buyers of such business or assets;
• in the event of any insolvency situation (e.g., administration or liquidation);
• if we, or substantially all of our assets, are acquired by a third party, in which case your personal information will be one of the transferred assets;
• to protect the rights, property or safety of our employees, workers, contractors, clients, or others. This includes exchanging your personal information with other companies and organisations (including without limitation the local police or other local law enforcement agencies) for the purposes of our employee, worker, contractor and client safety, crime prevention, fraud protection and credit risk reduction; or
• if we are under a duty to disclose or share your personal information in order to comply with any legal obligation or regulatory requirements, or otherwise for the prevention or detection of fraud or crime.
• For more detailed information about who we share your personal information with, please see the table at the end of this privacy policy.

We will only retain your personal information for as long as is necessary to fulfil the purposes for which it was collected and processed, including for the purposes of satisfying any legal, tax, health and safety, reporting or accounting requirements. This means your personal data will be erased from our systems when we no longer need it. Personal information which is no longer to be retained will be securely and effectively destroyed or permanently erased from our IT systems and we will also require third parties to destroy or erase such personal information where applicable. In some circumstances we may anonymise your personal information so that it can no longer be associated with you. In this case, we may retain such information for a longer period without further notice to you. Given the international location of some of our clients and suppliers, your personal information may be transferred in and out of the UK and the European Economic Area (“EEA”) where local laws may not provide legal protection for personal data in the same way as is applicable in the UK or the EEA. Where your personal information is processed outside of the UK and EEA, we will ensure that we take the necessary steps to protect your personal information as required by data protection laws. Our websites use cookies to distinguish you from other users of our websites. This helps us to provide you with a good experience when you browse our websites and allows us to improve our websites and our services. We will not place cookies other than “strictly necessary” cookies on your device unless you have told us that you are happy for us to do so. For information on how we use cookies, please see our cookie policy. Our websites may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect and/or share data about you. We do not control third-party websites and are not responsible for their privacy statements. When you leave our websites, we encourage you to read the privacy policy of every website you visit. We are a UK-domiciled organisation whose offices are in the UK. All websites and web applications are hosted in the UK and are accessed only by our UK-based staff. We use a variety of in-house and third-party processors as storage systems for personal data. We ensure that our in-house solutions have sufficient information security protection. When using third-party processors, we will ensure that we take appropriate steps to protect your personal information as set out above. Cloud service providers are used as part of our processing environment. Unless we specifically state otherwise, all cloud service providers we use have UK processing facilities. In circumstances where our storage systems are not based in the UK, we will ensure that we take the necessary steps to protect your personal information as required by data protection laws. We have taken appropriate security controls to protect your personal data from unauthorised access, use or disclosure. In addition, we limit access to your personal information to those employees, workers, agents, contractors and other third parties who have a business need to know in order to perform their job duties and responsibilities. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality. It is important that the personal information we hold about you is accurate and up to date. Please keep us informed if your personal information changes so that our records can be updated. We cannot be held responsible for any errors in your personal information in this regard unless you have notified us of the relevant change. Under applicable data protection laws, you have several rights as a data subject. These include:

• The right to be informed.
• The right of access.
• The right to rectification.
• The right to erasure.
• The right to restrict processing.
• The right to data portability.
• The right to object.
• The right not to be subject to automated decision-making including profiling. For more information on your rights as a data subject, please refer to the ICO’s guidance on individual rights.

Should you wish to exercise any of your rights as a data subject, including exercising your right to access a copy of the information we hold on you, contact our person responsible for data protection compliance at nick.foster@icdenergymanagers.com We reserve the right to update or amend this privacy policy at any time, including where we intend to further process your personal information for a purpose other than that for which the personal information was collected or where we intend to process new types of personal information. We will issue you with a new privacy policy as soon as practicable when we make significant updates or amendments. We may also notify you about the processing of your personal information in other ways from time to time. This privacy policy was last updated on 9/12/2021. If you are unhappy about how we are using your information, then initially you should contact our person responsible for data protection compliance at nick.foster@icdenergymanagers.com. If your complaint remains unresolved you have the right to make a complaint at any time to the Information Commissioners Office, the UK supervisory authority for data protection issues. The Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF, or call: 0303 123 1113 or online at https://ico.org.uk/make-a-complaint/. If you have any questions about this privacy policy or how we handle your personal information, please contact our person responsible for data protection compliance at nick.foster@icdenergymanagers.com.