What Brownlow Utilities do?
Brownlow Utilities are a third party intermediary (TPI) supporting UK businesses with their energy and water procurement, contract negotiation, contract support, billing, carbon obligations, energy management initiatives and business energy strategy. We provide these services by working with a portfolio of UK energy and water suppliers, energy management service providers, market sector organisations and UK government.
How the law protects you
Data protection laws state that we are only able to process personal data if we have valid reasons to do so. The reasons we process your personal data include, but are not limited to, your consent, legitimate interest, performance of a contract, billing and to contact you.
What data do we collect from you?
We receive information about you when you use our website, complete forms on our website, contact us by phone, email, or meet us in person. We occasionally may purchase data from GDPR compliant companies as we believe their is a legitimate interest or legal obligation. In any case, we ensure there is the ability to provide consent in a transparent, unbundled, named way when you provide details to us at the outset. You can also withdraw consent at any time.
Telephone landline/Mobile number
Company email address
Company personnel contact details
Nature of business
How do we use your data?
Our use of your personal data will always have a lawful basis, either because it is necessary for our performance of a contract with you, because you have consented to our use of your personal data (e.g. by subscribing to emails), or because it is of legitimate interests. Specifically, we may use your data for the following purposes:
· To supply you with the services agreed in the contract and manage your account.
· To provide you with information relating to our products or services
· To provide information on related products/services which we feel may be of interest to you, where you have consented to receive such information.
· To analyse market trends with the aim of improving our services to you
· To notify you about any changes to our website, such as improvements or service/product changes, that may affect our service.
· To comply and notify you of any changes in legislation that may affect your business.
· Where we are legally required to disclose your information.
· To assist fraud protection and minimise credit risk
If you consent to us contacting you for purposes outside of account administration and provision of services, we will give you the opportunity to select how you would like us to contact you either; email, post, telephone, text. We will also request that you consent to us sharing your details with other energy/utility management companies so that they can contact you by email with details of energy products and services.
If you are an existing customer, we may contact you with information about goods and services similar to those which were the subject of a previous sale to you. If you do not want us to use your data for us or third parties you will have the opportunity to withhold your consent to this when you provide your details to us on the form on which we collect your data.
We will not, however, send you any unsolicited marketing or spam and will take all reasonable steps to ensure that we fully protect your rights and comply with our obligations under GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
You have the right to withdraw your consent to us using your personal data at any time, and to request that we delete it as mentioned below. We do not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected.
Third Party Links
You might find links to third party websites on our website. These websites should have their own privacy policies which you should check to see if they are GDPR compliant. We do not accept any responsibility or liability for their policies whatsoever as we have no control over them
We may on occasion gather information regarding your computer whilst you are on our website. This enables us to improve our services and to provide statistical information regarding the use of our website.
Such information will not identify you personally it is statistical data about our visitors and their use of our site. This statistical data does not identify any personal details whatsoever.
Similarly to the above, we may gather information about your general internet use by using a cookie file. Where used, these cookies are downloaded to your computer automatically. This cookie file is stored on the hard drive of your computer as cookies contain information that is transferred to your computer’s hard drive. They help us to improve our website and the service that we provide to you.
All computers have the ability to decline cookies. This can be done by activating the setting on your browser which enables you to decline the cookies. Please note that should you choose to decline cookies, you may be unable to access particular parts of our website.
How and where do we store your data?
We only keep your personal data for as long as we need to in order to use it as described above and/or for as long as we have your permission to keep it. Your data will only be stored in the UK.
Secure servers and encryption – Data security is very important to us, and to protect your data we have taken suitable measures to safeguard and secure data collected through our website, in emails, at meetings and in hardcopy format. Client and employee data is stored on our secure servers and accessed/processed on encrypted devices and in folders organized and password protected.
Mailchimp – We also use a 3rd Party email marketing software called Mailchimp. MailChimp’s GDPR preparation started more than a year ago and they are updating their Data Processing Agreement to meet the requirements of the GDPR. Mailchimp has optimal security measures to prevent fraudulent use of the system and its data such as
· If we lose our password, it can’t be retrieved—it must be reset.
· All login pages pass data via SSL.
· The entire MailChimp application is encrypted with SSL.
· Login pages have brute force protection.
· Logins via the MailChimp API have brute force protection.
· They perform regular security penetration tests, using different vendors. The tests involve high-level server penetration tests, in-depth testing for vulnerabilities inside the application, and social engineering drills.
Google Analytics – When someone visits www.brownlowutilities.co.uk we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.
Energy Management portal – The transmission of information via the internet is not completely secure and therefore we cannot guarantee the security of data sent to us electronically and transmission of such data is therefore entirely at your own risk. Where we have given you (or where you have chosen) a password so that you can access certain parts of our site, you are responsible for keeping this password confidential.
Emails – We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.
We will continually look to mimimise the amount and type of data we collect, process and store by undertaking regular information audits. Security features and controls will also be reviewed and updated on an ongoing basis. We will also ensure that any new processes /systems enable us to comply with an individual’s rights under GDPR.
How long will your information be stored?
We will keep your personal data for the duration of the period you are a customer of Brownlow Utilities. We shall retain your data only for as long as necessary in accordance with applicable laws.
On the closure of your account, we may keep your data for up to 7 years after you have cancelled your services with us. We may not be able to delete your data before this time due to our legal and/or accountancy obligations. We may also keep it for internal research or statistical purposes. We assure you that your personal data shall only be used for these purposes stated herein.
Emails held in Outlook or Mailchimp that haven’t been engaged, exported or moved elsewhere will be deleted 1 year from date received.
The General Data Protection Regulation gives you the right to access the information that we hold about you. As a data subject, you have the following rights under the GDPR, which this Policy and our use of personal data have been designed to uphold:
– The right to be informed about our collection and use of personal data;
– The right of access to the personal data we hold about you. You have the right to ask for a copy of any of your personal data held by us (where such data is held). Under the GDPR, no fee is payable and we will provide any and all information in response to your request free of charge. Please contact us for more details at firstname.lastname@example.org.
– The right to rectification if any personal data we hold about you is inaccurate or incomplete (please contact us using the details below in ‘Contacting US).
– The right to be forgotten – i.e. the right to ask us to delete any personal data we hold about you (we only hold your personal data for a limited time, as explained but if you would like us to delete it sooner, please contact us using the details below.
– The right to restrict (i.e. prevent) the processing of your personal data;
– The right to data portability (obtaining a copy of your personal data to re-use with another service or organisation);
– The right to object to Us using your personal data for particular purposes; and
– Rights with respect to automated decision making and profiling.
If you have any cause for complaint about our use of your personal data, please contact us using the details provided below we will do our best to solve the problem for you. If we are unable to help, you also have the right to lodge a complaint with the UK’s supervisory authority, the Information Commissioner’s Office. For further information about your rights, please contact the Information Commissioner’s Office or your local Citizens Advice Bureau.
We agree to take reasonable measures to protect your data in accordance with applicable laws and in accordance with our General Terms and Conditions: https://brownlowutilities.co.uk/tcs/
In the event of a data breach, we shall ensure that our obligations under applicable data protection laws are complied with where necessary.
West Lancashire Investment Centre
White Moss Business Park