• what information Certas Energy UK Limited and each of its group companies (“Certas Energy”) collects from you and why;
• how Certas Energy uses and protects any information that you give; and
• how you can access and manage your information.
Certas Energy is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified, you can be assured that it will only be used in accordance with this privacy statement.
Certas Energy may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from 13th September 2022.
If you have any questions about this policy or more generally about our use of your personal information, you may contact us by writing to us at
Data Protection, Certas Energy UK Ltd, 1st Floor Allday House, Warrington Road, Birchwood, WA3 6GR or by emailing us at firstname.lastname@example.org.
This policy replaces all previous versions and is correct as of 13th September 2022. We reserve the right to change the policy at any time.
We may collect the following information:
- job title
- contact information including email address
- other relevant personal information (e.g. date of birth)
- electronic identifiers (e.g. IP addresses)
- demographic information such as postcode, preferences and interests
- other information relevant to customer offers and/or surveys
- where you visit our retail sites, offices or depots, CCTV footage of you (the existence of CCTV equipment will be identified on each relevant site)
Ordinarily we will be the party collecting your information directly from you. However, there may be situations where this information is obtained by us from third parties. Examples of this would include:
- from a third party data profiling company, where you have given your consent for that company to pass such information on to us
- from publicly available sources (e.g. the electoral roll)
We require this information to understand your needs and provide you with a better service. In particular, we require it for the following reasons:
- internal record keeping and account management purposes (e.g. verifying your identity and fulfilling orders you place)
- providing you with the product or service you have requested from us
- monitoring, recording and storing telephone or email communications for the purpose of internal training, audit and compliance checking, to improve the quality of our customer service and in order to meet any legal and regulatory requirements
- improving our products and services
- contacting you by email, SMS, phone or mail for the purpose of account administration and/or processing and fulfilling orders and/or taking payment for such orders
- customising our website according to your interests
- reviewing your job application for roles with us and potentially offering you employment as a result of that review
- contacting you on the grounds of us having a legitimate interest to do so to periodically send promotional mails or contact you by telephone about new products, special offers or other information which we think you may find interesting using the contact details which you have provided and for market research purposes
- where you give us your consent to do so, we may
- periodically send promotional emails or SMS messages about new products, special offers or other information which we think you may find interesting using the contact details which you have provided
In order to utilise your personal information, as set out about, we may allow third parties to process your personal information on our behalf. This is likely to be the case where, for example we:
- contract with a third party engineer or haulage company to provide our services to you
- request a third party data profiling company to establish trends and other buying/profile information
Where we share personal information for these purposes, we put in place controls to ensure that your personal information is only used for the purpose for which we’re sharing it. Where we want to allow third parties to process or control your personal information for reasons other than those set out above, we will inform you of this and, if necessary, seek your consent to share such information with them.
Where we have asked for your consent to use your personal information for a particular purpose, this consent may be withdrawn by you at any time. Similarly, where we are using your personal information to fulfil a legitimate interest of ours, you may have a right to object to your personal information being used for a particular purpose (e.g. for direct marketing). Please see the section entitled ‘Controlling your personal information’ below.
If you contact us or we contact you, we may ask for certain information from you to confirm your identity, check our records and deal with your account efficiently and correctly.
Business Customers only: To prevent fraud, to check your identity and to prevent money laundering, we will ask our credit intelligence partners, including Graydon UK Ltd (and/or such other service providers as we may engage from time to time) to run certain checks on your business. These checks may involve your information being disclosed to credit reference agencies, who may keep a record of that information. Unless you have made an application for credit, your credit rating will be unaffected. In assessing any application for credit we will also share your information with our credit insurers. We will disclose details of how you conduct your account to such companies. This information may be used by other credit intelligence companies for making credit decisions about your business, you, and the people with whom you are financially associated, for fraud prevention, money laundering prevention and occasionally for tracing debtors. Information used for these purposes will include publicly available information such as corporate accounts and county court judgments.
We may perform a check on you if you are an individual associated with a Business Customer, such as a company director. We do this in order to prevent fraud, to check your identity, to prevent money laundering and for account management purposes. Information used for these purposes will include publicly available information such as the electoral roll, county court judgments, assets registered in your name on public registers, such as the Land Registry, bankruptcy orders and repossessions.
If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, you could be refused the goods or service or financing that you have requested. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this please contact us on the details below.
We use programs such as Google Analytics to help us find out:
- How many people visit our websites
- Which pages and parts of pages are most popular
- How long people spend in each area of the website
- What information people are looking for
- Browser types
- Operating systems
- Third party sites that direct you to us
- The time and date of a visit
Our lawful bases for processing your personal information are as follows:
Internal record keeping
Improving products and services
Customising our website
Direct marketing – current customers*, mail and telephone
Direct marketing electronic marketing
Direct marketing – non-current customers, mail and telephone
Preventing fraud and money laundering and verifying identity review
In certain circumstances, we may be required to process your personal information in order to comply with a lawful obligation on us. This may be the case, for example, where a statutory or regulatory body requests such information in accordance with their legal powers. We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime. We also have a legitimate interest and, on occasion, a legal obligation to disclose personal information to regulatory bodies in certain circumstances, including where we have information about potential criminal acts or security threats, and may disclose information to authorities on this basis.
*If you proactively contact us to enquire about becoming a customer, we will treat you as a current customer for the purpose of potentially directly marketing to you on the grounds set out above.
The security of your information is very important to us. As part of our commitment to keeping your data safe, our technical experts maintain physical, electronic and managerial procedures to keep safe the information we collect online.
Where a third party is processing your data on our behalf, we will take steps to ensure that such third party gives us commitments that it will process your data in line with EU law. If a third party processing your data on our behalf is located in a non-EU country that does not have data protection laws equivalent to those in the EU, we will always take appropriate additional steps to ensure that your personal information is kept safe and secure by those processing your data on our behalf. This will generally involve ensuring that such third party agrees to sign up to a formal legal agreement committing such party to comply with standards equivalent to those that would apply where that party to be located within the EU. Whenever fraud prevention agencies transfer your personal data outside of the EU they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the European Economic Area. This may also require the recipient to subscribe to “international frameworks” intended to enable secure data sharing.
Sometimes, you might wish to disclose sensitive information to us, for example if you need a priority delivery because you are receiving medical treatment. We will only use sensitive data for the specific reason you disclosed it to us and we will take extra care to keep it secure. From time to time, we will check with you that we may continue to use that sensitive data for the specified purpose.
The time period for which we keep information varies according to what we use the information for. Unless there is a specific legal requirement for us to keep information, we will keep your information for as long as it is relevant and useful for the purpose for which it was collected.
Where we are using your personal information to send you marketing information we will generally retain that information for marketing purposes for two years from the point of your last order as we understand that you even if you do not buy from us on every occasion, frequently we see repeat purchases from customers in this time period. We will retain your account information for seven years in line with relevant tax and contract requirements. In the case of commercial customers, we may retain personal information relating to such individuals within such customers for a longer period of time depending on the order and contracting cycles of such customers (e.g. if a customer commonly enters into five year deals, we would retain such information for a short period beyond the time when we would expect such agreement to be renewed).
Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.
You are entitled to request that we erase your personal information at any time, for example where you cease to be an active customer of ours. Whilst we will generally seek to comply with your request, there will be circumstances where we are entitled to retain such personal information (e.g. in respect of legal claims or to ensure that any activity on your account (e.g. monies owing) may be resolved).
You may choose to restrict or control the collection or use of your personal information in the following ways:
- whenever you are asked to fill in a form on the website or elsewhere, ensure that you do not tick any box requesting permission to use your personal information for specific purposes (e.g. marketing) or, in the case of ‘opt-out’ consents relating to electronic communications, ensure that you un-tick the relevant box
- if you have previously agreed to us using your personal information for direct marketing or other specific purposes and wish to change your mind
- if you believe that we are holding personal information which is incorrect, out of date or incomplete and wish for that to be corrected
- if you wish for your personal information to be erased from our systems
- if you wish for us to transfer your personal information to a third party (e.g. another service provider), we may provide you with your personal information which held by us for you to pass to that third party (or, in certain circumstances, we may be able to transfer that personal data to such third party directly if you wish for us to do so)
You have the right to:
• know that information is being processed
• access information that is being processed
• rectification of information being processed
• erasure of information held on you (commonly known as the right to be forgotten)
• restrict processing
• be notified about what information has been rectified, erased and restricted
• portability (that is, to request your data be handed over to someone else)
• object to the processing of your information
It is important to note that this is not an absolute right to review all the information that is held about you, as there are various exceptions to this right. These include:
(a) where personal data is kept for the purpose of preventing, detecting or investigating offences and related matters; and
(b) where the data is given by another person in confidence.
You may request that we cease to contact you for direct marketing purposes at any point. We will comply with any such request.
You are entitled at any point to see the personal information that we hold about you. This is called a Subject Access Request. If you want to make a Subject Access Request, or if you want to remove a consent, request that we cease contacting you for direct marketing purposes or request erasure or transfer of your personal information, you may do so at any time by writing to us at Data Protection, Certas Energy UK Ltd, 1st Floor Allday House, Warrington Road, Birchwood, WA3 6GR or by emailing us at email@example.com.
We will not sell, distribute or lease your personal information to third parties for their control unless we have your permission, need to do so in order to fulfil a contractual obligation to you or are required by law to do so. Where we do seek your permission, we will name the relevant third party at the time we seek such permission from you and any such permission shall be limited to that third party. Please note that we may provide information for processing to certain third parties as outlined in the section entitled ‘What we do with the information we gather’.
If you believe that any information we are holding on you is incorrect, out of date or incomplete, please write, email or call us as soon as possible, using the details set out above. We will promptly correct any information found to be incorrect. To protect your privacy and security, we will take reasonable steps to verify your identity before granting access or making corrections.
Links to other websites Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website (s). Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question. Cookies
Cookies are alphanumeric identifiers which enable our systems to recognise your browser in order that we can provide you with easy use of the various services available on the website. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences. We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system. Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. However, this may prevent you from taking full advantage of the website. The table below explains the cookies we use and why.
|Cookie Name||Cookie ID||Cookie Description||Additional info|
|Google Analytics||_utma _utmb _utmc _utmz||These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. This cookie is essential for the website to operate efficiently.||Click here for an overview of privacy at Google|