Last updated: 04 February 2022
1.1 The website Web address for the company or business’s website: https://gaiasmartenergy.com/ is operated by GAIA Smart Energy, a company incorporated in Northern Ireland under company number NI679695. Our registered office is at 34 Divis Drive, Belfast. BT11 8AA.
1.2 We are committed to protecting your privacy and complying with our data protection
obligations under the Data Protection Act 2018 (the DPA 2018), the UK General Data
Protection Regulation 2016/679 (the UK GDPR) and any other applicable UK legislation
(together, Data Protection Law).
1.4 This policy was last updated on the date shown at the top. We may change this policy at any time by posting an updated version on the Site and will make reasonable efforts to bring any material changes to your attention. You may wish to check it before using the Site as any changes will be effective from the date that they are made.
2. CONTACT INFORMATION
2.1 If you have any concerns or would like further information about our use of data or this policy in general, you can contact our team with any queries regarding the company or business’s use of data or the policy more generally at info@GaiaSmartEnergy.com.
3. WHAT INFORMATION DO WE COLLECT?
3.1 We collect, store and use the types of personal data set out in the table at the end of this
4. HOW WILL WE USE YOUR PERSONAL DATA?
4.1 We will use your personal data for the purposes set out in the table at the end of this policy.
5. HOW DO WE SHARE YOUR PERSONAL DATA?
5.1 When we share personal data, we do so in accordance with Data Protection Law. We may share certain personal data, where necessary, with employees, contractors, consultants or advisers, to facilitate sales and for general commercial purposes.
In addition, where necessary, your personal data may be shared:
5.1.1 With group, associated or affiliated companies including Another Company, for
internal administrative purposes.
5.1.2 With parties who provide products or services to us, such as software development,
user analytics, email services, payment processing, advertising, user notification and
feedback functionality, delivery couriers, marketing companies who help us manage
our communications with you, data insight companies.
5.1.3 With government or quasi-governmental organisations, law enforcement and other
regulatory authorities or third parties when required or permitted by law, including but
not limited to in response to court orders, for the prevention and detection of crime
and to protect intellectual property and any other legal rights.
5.1.4 If the company or business is sold, transferred or integrated with another business,
with our advisers, a prospective purchaser, a prospective purchaser’s advisers or the
new owner of the company or business to facilitate the process.
5.1.5 Another company.
5.2 We may also provide third parties with aggregated but anonymised information and analytics about our customers. Before we do so we will make sure that it does not identify you.
5.3 In some cases, when we share personal data, it will involve the transfer of that personal data to countries outside the UK which have different data protection standards to those which apply in the UK.
5.4 Where we transfer personal data outside the UK we will ensure that there are adequate
safeguards to protect your privacy rights under Data Protection Law.
6. THIRD PARTY LINKS
6.1 This Site contains links to other websites over which we have no control. We are not
responsible for and do not review or endorse the privacy policies or practices of other sites
which you choose to access from this site. We encourage you to review the privacy policies
of those other sites, so you can understand how they collect, use and share your personal
7. YOUR RIGHTS
7.1 We respect your rights to privacy and will respond to requests for access or control over
information about you in accordance with Data Protection Law. We may require you to verify
your identity before we take any action.
7.2 Depending on the reason we have your personal data, you have a right to:
7.2.1 access the personal information we hold about you (commonly known as subject
7.2.2 request that we correct or complete personal information we hold about you that is
inaccurate or incomplete;
7.2.3 request that we erase your personal information in some circumstances, or object to
our processing it as detailed at paragraph 7.5;
7.2.4 restrict how we use your personal information, in certain circumstances;
7.2.5 request that we provide you with copies of your personal information in a machine readable format or transfer it across different services; and
7.2.6 where we have asked for your consent to process your data, to withdraw this consent.
7.3 These rights are limited in some situations under Data Protection Law – for example, where we can demonstrate that we are under a legal obligation to process your data.
7.4 If you wish to exercise any of these rights, please contact us at info@GaiaSmartEnergy.com .
7.5 Your right to object
You have a right to object to our processing of your personal data and ask us to stop doing
so. If we are processing your personal data for direct marketing purposes (which includes
profiling to the extent that it is related to such direct marketing) and you object to this, we will
stop processing your personal data immediately. If our processing of your personal data including any profiling activities is in the public interest or pursuant to our legitimate interests and you object to this, we will stop processing your personal data unless we have compelling reasons which override your interests, or our use of your personal data is for the establishment, exercise or defence of legal claims.
7.6 We hope that we can satisfy any queries you may have about the way we process your data. However, if you have unresolved concerns you also have the right to complain to data
protection authorities (in the UK, the Information Commissioner’s Office). You can call the ICO on 0303 123 1113 or go to their website: https://ico.org.uk/make-a-complaint/).
8. DATA RETENTION
8.1 Your personal data will only be kept for as long as necessary for our purposes. Specific
periods are set out in the table at the end of this policy.
9. DATA PROTECTION PRINCIPLES
9.1 We process your personal data in accordance with the following principles:
9.1.1 we process your personal data lawfully, fairly and in a transparent way;
9.1.2 we collect your personal data for specified, explicit and legitimate purposes; any
further processing we do is compatible with the original purposes for which for which
we collected it;
9.1.3 we only process personal data which is adequate, relevant and limited to what is
necessary to achieve the purpose for which it is processed;
9.1.4 we take reasonable steps to ensure that all personal data is accurate and kept up to
date where necessary;
9.1.5 we do not store personal data in a form which identifies you for any longer than is
necessary for the purposes of processing; and
9.1.6 we process personal data securely and in a way that protects against unauthorised or
unlawful processing, accidental loss, destruction or damage.
9.2 When we ask for your personal data we will tell you whether you are required by law or
contract to provide it, and what will happen if you do not provide the data.
9.3 Any request for consent to the processing of your personal data will be made directly to you and will include information about why we require the personal data and what will be done with it.
10. WHAT IS OUR LAWFUL BASIS FOR PROCESSING?
10.1 We will only process personal data when we have a lawful basis for doing that processing. The table at the end of this policy sets out the lawful basis we rely on for each type of data we process.
10.2 We will choose one of the lawful bases in the UK GDPR to justify how we use your personal data. These are:
10.2.1 Consent: You have given consent to the processing of your personal data for one or
more specific purposes.
10.2.2 Contract: The processing is necessary for the performance of a contract with you or
in order to take steps at your request before entering into a contract.
10.2.3 Legal obligation: We need to process your personal data to comply with a legal
10.2.4 Vital interests: The processing is necessary to protect the vital interests of you or
10.2.5 Public interest: Processing is necessary for the performance of a task carried out in
the public interest or in the exercise of some official authority.
10.2.6 Legitimate interests: Processing is necessary for the purposes of legitimate interests
pursued by us or someone else, except where such interests are overridden by your
interests or fundamental rights and freedoms requiring the protection of your personal