iHelios Limited and iHelios Energy Limited (the companies). (‘we’ or ‘us’ or ‘our’) gather and process your personal information in accordance with this privacy notice and in compliance with the relevant data protection Regulation and laws. This notice provides you with the necessary information regarding your rights and our obligations, and explains how, why and when we process your personal data.
The Companies registered office is at The Old Brass Foundry, Marlborough Terrace, Hull, HU2 9AE and we are a company registered in England and Wales under company number 12010839 and 13734128. We are registered on the Information Commissioner’s Office Register; registration number ZA792770, and act as the “Data Controller” and / or “Data Processor” when processing your data. Our designated Data Protection Officer/ Appointed Person is the Office Administrator, who can be contacted at The Old Brass Foundry, Marlborough Terrace, Hull, HU2 9AE or firstname.lastname@example.org.
The Companies processes your personal information to meet our legal, statutory and contractual obligations and to provide you with our products and services. We will never collect any unnecessary personal data from you and do not process your information in any way, other than as specified in this notice.
The personal data that we collect may include:
We collect information in the below ways:
The Companies takes your privacy very seriously and will never disclose, share or sell your data without your consent, unless required to do so by law. We only retain your data for as long as is necessary and for the purpose(s) specified in this notice. Where you have consented to us providing you with promotional offers and marketing, you are free to withdraw this consent at any time. The purposes and reasons for processing your personal data
are detailed below:
You have the right to access any personal information that the Companies processes about you and to request information about:
If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and we will strive to do so as quickly as possible; unless there is a valid reason for not doing so, at which point you will be notified.
You also have the right to request erasure of your personal data or to restrict processing (where applicable) in accordance with the data protection laws; as well as to object to any direct marketing from us. Where applicable, you have the right to data portability of your information and the right to be informed about any automated decision-making we may use. If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the request; this is to ensure that your data is protected and kept secure.
We do not share or disclose any of your personal information without your consent, other than for the purposes specified in this notice or where there is a legal requirement. The Companies use third parties to provide the below services and business functions; however, all processors acting on our behalf only process your data in accordance with instructions from us and comply fully with this privacy notice, the data protection laws and any other appropriate confidentiality and security measures.
The Companies takes your privacy seriously and takes every reasonable measure and precaution to protect and secure your personal data. We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place, including SSL, TLS, restricted access, IT authentication, firewalls, anti-virus and anti-malware.
Personal data in the European Union is protected by the General Data Protection Regulation (GDPR) but some other countries may not necessarily have the same high standard of protection for your personal data. The Companies utilise some products or services (or parts of them) that may be hosted/stored in counties outside of the EU, which means that we may transfer any information which is submitted by you through the website outside the European
Economic Area (“EEA”) for the below purposes: -
The services we use that involve data being sent out of the EU are done so using a company called Mail Chimp, we use this company for marketing purposes. Therefore, when you access these services the personal information you submit may be stored on servers which are hosted in countries that are not governed by GDPR. If this is the case, we will take steps to ensure that those providers use the necessary level of protection for your information and abide by strict agreements and measures set out by the Companies to protect your data and comply with the relevant data protection laws.
You are not obligated to provide your personal information to the Companies, however as some of this information is required for the purposes fulfilling legal and/ or contractual obligations we will not be able to offer some/ all of our services without it.
As noted in the ‘How We Use Your Personal Data’ section of this notice, we occasionally process your personal information under the legitimate interests’ legal basis. Where this is the case, we have carried out a thorough Legitimate Interests’ Assessment (LIA) to ensure that we have weighed your interests and any risk posed to you against our own interests; ensuring that they are proportionate and appropriate.
We use the legitimate interests’ legal basis for processing information relating to existing customers with additional products purchased (such as warranty or service plan). We also process data using the legitimate interest’s basis when dealing with complaints. We have identified that our interests are necessary for providing the customer with the correct level of service on an ongoing basis and pose very little or no threat to the rights and freedoms of the data subject.
as is necessary and we have strict review and retention policies in place to meet these obligations. We are required under UK tax law to keep your basic personal data (name, address, contact details) for a minimum of 6 years after which time it will be destroyed. We are also required to keep details of any complaints received for a period of 3 years, or 5 years where the complaint relates to financial services. If you contact us in relation to a general enquiry, we will also keep a record of this for a period of 90 days, unless you consent to marketing. Customer records relating to marketing are retained for a period of 12 months, this is then renewed on an annual basis. For customers who have purchased additional services, such as warranty or servicing, we retain these records for a period of 6 years plus the balance of the original financial year. Some of our telephone calls are recorded for training and monitoring purposes, we retain these for a period of 12 months. Full details of our Data Retention periods are outlined in our Data retention policy. Specific queries can be dealt with in response to an email sent to email@example.com.
Where you have consented to us using your details for direct marketing, we will keep such data until you notify us otherwise and/or withdraw your consent.
The Companies only processes your personal information in compliance with this privacy notice and in accordance with the relevant data protection laws. If, however you wish to raise a complaint regarding the processing of your personal data or are unsatisfied with how we have handled your information, you have the right to lodge a complaint with the supervisory authority. Information Commissioners Office Wycliffe House, Water lane, Wilmslow, SK9 5AF
Telephone: 0303 123 1113
The Companies take your privacy seriously and will only process your personal data with your consent and in accordance with the terms stated in our Privacy Notice. We may capture your consent in person or electronically. In some instances, failure to provide consent can restrict our ability to offer you our full range of services.