privacy
Privacy and Cookies Policy
Last Updated: 30th January 2020
ICO Registration Number: 00013084580
1. Introduction
Urban Electric Networks Limited are committed to safeguarding the privacy of our website visitors, app users and service users. By using our website, app or service and agreeing to this policy, you consent to our use of cookies in accordance with the terms of this policy. You can specify whether you would like to receive direct marketing communication from us and can withdraw your consent and unsubscribe by clicking the ‘unsubscribe’ link in the footer of the emails we send. Please do not supply any other person’s data to us unless we prompt you to do so.
2. How we use your data
We process several types of personal data, in order to administer our business and services and/or fulfil our contract with you. The different categories of data we process; the reasons why we process; and our legal basis are detailed below:
| Type of Data | Purpose | Type of Data/Source | Lawful basis for processing |
|---|---|---|---|
| Website and services Usage Data | To enable us to improve our website, app and services to better fit your needs. | IP address; geographical location; browser type and version; operating system, referral source, length of visit, page views and website navigation paths, the timing, frequency and pattern of your service use gathered from our analytics tracking systems which track the behaviour of customers on the mobile app and website in order to determine the success of features and layouts so that improvements can be made; energy usage data (an energy measurement collected from Urban Electric charge points and/or feeder pillars) | 1. Our legitimate interests to improve our website, products and services. 2. In the case of processing your Energy Usage Data, your consent. |
| Account and Services Data | To enable us to operate a secure website and app and provide the services you expect and want from us based on our contract with you or your employer. Also to maintain backups of databases and to communicate with you. | Name, address, email, telephone number, username, password, signature, vehicle registration number, VIN number (ID number of your vehicle found on the chassis), MPAN number (serial number for every Urban Electric meter), IP address, MAC address (the device ID which you use to access our website, app or services); Energy Usage Data and account number. We get this information from you, or your employer may provide data too if they have an account with us, namely your business address; email; telephone; driving licence details; job title and employers name. If you use the app the data may include your mobile device ID, account name and password. Whilst we do share Services Data with our business partners, which may include example Service usage profiles, this is always anonymised, aggregated data which means that it never discloses details about an identifiable individual. It discloses only patterns of use rather than anything about particular users. | 1. Our legitimate interests to properly and securely administer our products and services. 2. Performance of a contract with you or your employer. 3. In the case of processing your Energy Usage Data, your consent. 4. Our legitimate interests to build strong partnerships with our business customers. |
| Publication data | To enable us to publish information that you post on our website or app. | Information that you post on our website, app or through our services. | 1. Your consent (by posting the information, you know that it will be published). 2. Our legitimate interests in using customer feedback to promote our products and services. |
| Enquiry data | To offer, market and sell relevant services to you. | Any data you provide in your enquiry. | 1. Your consent – if you get in touch with us, you consent to us using the details you provide to respond. |
| Transaction data | To allow us to process your purchases and keep proper records. | Your contact details, your card details and the transaction details. | 1. Performance of a contract with you. 2. Our legitimate interests in ensuring our financial transactions with customers are managed efficiently. |
| Notification Data | To send the emails or newsletters that you’ve subscribed to. | Your contact details. | 1. Your consent. You will either have expressly agreed to receive the emails from us; or not opted out of being contacted during the online purchase journey of one of our products. 2. Our legitimate business interests – if you are a corporate customer, it’s in our business interests to be able to market and promote our products to you. |
| Correspondence Data | To communicate with you and to keep proper records. | The communication content and metadata associated (if communication is via our website contact form). | 1. Our legitimate interests |
We may also process and disclose any of your data identified in this policy to protect the legal rights of you, us and any other individual. This is because we have legitimate business interests to:
- establish, exercise or defend legal claims, in court or an out-of-court procedure.
- obtain or maintain insurance cover, manage risk or obtaining professional advice, in order to properly protect our business against risk.
- comply with any legal obligation to which we are subject, or in order to protect the vital interests of you or any other person.
3. Providing your personal data to others
We may disclose personal data, on a “need to know” basis to:
- Our insurers and professional advisors.
- Our payment services provider Stripe Payments Europe Ltd to enable them to process your payments. Data is limited to transaction data and is used to process or refund payment and to deal with complaints and queries. You can find more information here: https://stripe.com/gb/privacy
- Our IT service providers from whom we license technology. This enables us to carry out essential business operations.
- Any organisations or government departments who may offer funding or grants to you in respect of the services we provide.
- Any local authorities where we operate charging services
- Affiliates or partners from whom you’ve consented to receive marketing.
- Energy tariff switching providers, if you have selected this functionality and agreed to your Energy Usage Data being shared.
Please note that on the termination of any relationship between you and us, personal data relating to you may be retained by or, as the case may be, transferred to one or more of the organisations listed above, their successors and assigns if that’s necessary for us to comply with contractual, legal or financial obligations.
4. International transfers of your personal data
We have offices and facilities in the United Kingdom subject to the EU’s high standards of data protection and the hosting facilities for our website and app are situated with the EU. Some of our IT service providers are situated in the United States of America. Transfers to the USA will be protected by appropriate safeguards, either:
- Standard data protection clauses adopted by the European Commission; or
- Self-certification of compliance with the Privacy Shield programme designed by the EU and US government to demonstrate a company’s compliance with EU data protection standards.
To see copies of the standard data protection clauses adopted by the EC, you can click here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en. You acknowledge that personal data you provide us for publication through our website, app or services may be available via the internet around the world. We cannot prevent the use (or misuse) of this personal data by others.
5. Retaining and deleting personal data
Personal data will not be kept by us for longer than is necessary to meet the purpose stated. We will however need to retain your personal data where such retention is necessary for compliance with a legal obligation, or in order to protect the vital interests of you or any other person.
6. Security of personal data
We will take appropriate precautions to keep your personal data safe and prevent the loss, misuse or alteration of that data. For example,
- We will store all your personal data on secure servers, personal computers and mobile devices in secure record-keeping systems. All emails we send are encrypted.
- We do not store any of your credit card information. All financial transaction data including cardholder details are stored by our payment processor.
You acknowledge that the transmission of unencrypted (or inadequately encrypted) data over the internet is inherently insecure and we cannot guarantee the security of data sent over the internet. If you have a password to log into your account on our website or app, you should ensure that it is not easy to guess (by a person or computer programme). You are responsible for keeping the password confidential and we will not ask you for it (except when you log on to the website or app).
7. Amendments
We may update this policy from time to time by publishing a new version on our website. The last publication date will be referenced at the beginning of the Privacy Policy. You should check this page occasionally to ensure you are happy with any changes to this policy. We may notify you of material changes to the policy by email.
8. Your rights
This is a summary of your rights under data protection law. Some of these rights are very complex so we have just summarised them. You may obtain guidance from the ICO for a more detailed explanation.
| Your Rights | What are they? | What will we do? |
|---|---|---|
| Access | To know whether or not we process your personal data and have access to that data. | Providing the rights of others are not affected, we will supply you a copy of your personal data free of charge. Additional copies may be subject to a reasonable fee. |
| Rectification | You have the right to have any inaccurate data personal data about you rectified and have any incomplete personal data about you completed. | When you communicate with us, we will check the data we have stored and rectify any errors when proof is provided. |
| Erasure | You have the right to erasure of your personal data when: ● Personal data is no longer necessary in relation to the purpose for which it was originally collected. ● You withdraw consent to consent- based processing ● You object to the processing under applicable law ● The processing is for direct marketing purposes The personal data has been unlawfully processed. | We will erase the data as requested on validation of the claim, however data cannot be erased if processing is necessary for exercising the freedom of expression; for compliance; for legal obligation or to establish, exercise or defence against legal claims. |
| Restrict Processing | You have the right to restrict processing of your personal data in the same circumstances as described under ‘right to erasure’ where you oppose erasure or have objected to processing and the decision is pending. | Where processing is restricted, we will continue to store your personal data, but will only process it for legal claims, for the protection of another person’s rights or for reasons of public interest. |
| Object to Processing | 1. You have the right to object to processing of your personal data for direct marketing purposes 2. You can also object if the processing of your personal data is for reason of public interest, or for the legitimate interests pursued by us or a third party, or if we exercise any official authority vested in us | 1. If you make an objection we will cease to process your data. 2. If you object, we will cease to process your personal data unless we can demonstrate compelling reasons for that processing, which would include establishing, exercising or defending legal claims. |
| Data Portability | You have the right to receive your data if we have processed it under your consent or as part of performing the contract with you (if carried out by automated means). | We will provide your data to you in a commonly used and machine-readable format. This right does not apply if it adversely affects the right of others. |
| Complain | You have the legal right to lodge a complaint to a supervisory authority responsible for your data protection. | We will be bound by the decision of the supervisory authority. |
| Withdraw Consent | You can withdraw consent at any time from processing of publication and notification data. | Email us via the website to exercise any of your rights in relation to personal data. Please note that we will attempt to reply within 14 days but during busy periods, it may take up to 30 days. |
9. Personal data of children
Our website, app and services are targeted at people over the age of 18. If we have reason to believe we are holding data of anyone under that age in our databases, we will delete that personal data.
10. Updating information
Please let us know if the personal information that we hold about you needs to be corrected or updated.
11. Cookies
A cookie is a file containing an identifier (a string of letter and numbers) sent by a web server to a web browser and stored by the browser. This identifier is then sent back to the server each time the browser requests a page.
Cookies can either be ‘persistent’ when a cookie is stored by the browser until its set expiry date (or when deleted by the user) or ‘session’ when the cookie expires at the end of the session when the web browser is closed.
Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
12. Cookies that we use
We use cookies for the following reasons:
| Reason | Purpose | Type of cookie |
|---|---|---|
| Authentication | To identify you when you visit the website and as you navigate round. | Session ID |
| Status | To determine if you are logged into our website. | Session (expiry date and time) |
| Personalisation | To store information about your preferences and to personalise our website for you. | Locale |
| Security | As part of the security measures to protect user accounts and our website, including preventing fraudulent use of login credentials. | Session (expiry date and time) Session ID and XSRF tokens |
| Advertising | As a way to display advertisements that will be relevant to you. | See privacy links below |
| Analysis | To help analyse the use and performance of our website and services. | See privacy links below |
13. Cookies used by our service providers
Our service providers use cookies and those cookies may be stored on your computer when you visit our website. We use analytics cookies to analyse the use of our website. The information gathered relating to our website is used to create reports about the use of our website. The privacy policies of our analytics providers are available through the following URLs:
Twitter: https://twitter.com/en/privacy
We also use third party cookies to optimise and measure the effectiveness of our online advertising campaigns. For example we can track which adverts on certain sites lead to potential customers visiting our website. We can target our online adverts to those web users who have previously visited our website or our followers on social media. To do this we use cookies from Google Adwords; Twitter advertising; and LinkedIn. The privacy policies are detailed above, and in addition:
Google’s advertising privacy policy: https://www.google.com/policies/technologies/ads/
LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.
14. Managing cookies
We ask you to consent to our cookies when you navigate to our website. Most browsers allow you to refuse to accept cookies and to delete cookies but blocking all cookies will have a negative impact upon the usability of many websites (including ours). The methods to do so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via the following links:
15. Our details
This website is owned and operated by Urban Electric Networks Limited. We are registered in England and Wales under registration number 10830248, and our registered office is 20-22 Wenlock Road London N1 7GU. You can contact us by telephone or email on the contact number published on our website from time to time.
16. Data protection registration
We are registered as a data controller with the UK Information Commissioner’s Office as our lead supervisory authority. Our data protection number is 00013084580.