Introduction

OPTIONBOX ENERGY LIMITED (we/us/our) is dedicated to safeguarding your personal data. We acknowledge that your personal data belongs to you and that you have entrusted it to us for particular purposes. Unless mandated by law, we will handle your personal data only as outlined below or as per your instructions, and we will return it to you upon request.

The policy

This policy, along with any terms and conditions or other documents we provide to you at any point during our association with you, outlines how we will handle your personal data.

This policy shall be applicable to our agreement with you. Therefore, it is advisable that you read it thoroughly. Terms used herein shall bear the meaning(s) ascribed in the Data Protection Act 1998 (Act) and/or the General Data Protection Regulation (Regulation), as applicable.

By visiting our website at www.optionboxenergy.co.uk (our Website), or by furnishing us with your personal data, you acknowledge, agree, and consent to the practices delineated in this policy.

Any alterations we make to this policy will be published on this page. It is recommended that you check back regularly as, unless your consent is required, any modifications will become binding upon you when you continue to utilise the Website or engage with us subsequent to the date of the pertinent alteration.

Who Optionbox Energy are

For the purposes of the Act, the data controller (or data processor from time to time) will be Optionbox Energy Limited, a company registered in England & Wales with our registered office at Chartered House 5 Axis Court, Nepshaw Lane South, Gildersome, Leeds, United Kingdom, LS27 7UY.

Your personal data will be held and stored by us in our internal management information systems on servers located in the UK. All personal data is processed by UK-based staff who are regulated by our internal staff data protection and information security policies. All staff receive appropriate data protection training as part of their induction process with us.

Your consent

We do not ordinarily rely on your consent to process your personal data. We process your personal data primarily to perform our contract with, and provide our services to, you. We consider the personal data we obtain reasonable and necessary for these purposes. However, we intermittently review this and remove any inaccurate or obsolete data in accordance with our internal data retention policy.

By using our Website and/or our services, you expressly consent to the transfer of your personal data to those specifically listed third parties in this policy, for the reasons specified.

You may exercise your rights under section 9 at any time, which includes withdrawing your consent to our processing of your personal data (where we rely on your consent to process such data). However, where this withdrawal prevents us from performing our contract with you, we may not be able to provide our services to you.

What we collect

We will only collect your name, business email address, address (business or personal), phone number, and bills. This is to allow us to create your account in our internal system to monitor the progress of your order and to contact you in relation to it.

Where you are a current, potential, or former employee, worker, or other member of our staff, we may collect additional categories of your personal data for the purposes of providing you with the necessary benefits under our contract with you. In those circumstances, a separate privacy notice applies, and a copy is available on request.

If your personal data changes or becomes inaccurate at any time, you must let us know to avoid any errors or delays in our services.

How we gather your data

There are several ways in which we obtain your data:

When you provide it to us:

  • Your personal data is primarily furnished to us when you complete our new partner form or furnish us with a letter of authority to act on your behalf regarding our services.
  • Correspondence via phone or email as part of our business relationship with you results in retention of any personal data contained in that communication.

When we collect it from you:

  • Utilizing our Website leads to automatic collection of technical information about your device, including your IP address, browser type/version, and related settings.
  • We also track your usage of our Website, encompassing full URLs, clickstreams through our Website, the pages you visit, interactions with them, and your exit from the Website.

When we receive it from others: In order to provide our services to you and to verify your identity and payment capabilities, we utilise recognised third-party credit rating/reference agencies to conduct credit checks. Any information in those credit reports that identifies a natural person will be retained by us for service provision purposes.

What we utilise it for

Your personal data is primarily necessary to facilitate the provision of relevant services and support requested from us, as well as to communicate with you regarding any enquiries or requests you raise.

We also employ your personal data to send you information via email about us, our services, and any recent market updates akin to those you have already purchased or enquired about. We only do so with your explicit permission, and you can opt-out at any time. Should you opt out, we will cease contact until you request otherwise, and we will not prompt you to do so.

Technical information collected during your visit to our Website is used to:

  • Personalise and enhance its functionality and security to ensure safety.
  • Administer and monitor traffic and behaviours on our Website for analysis, testing, research, statistical, and survey purposes.
  • Ensure the most effective and efficient browsing experience, and implement necessary improvements.

Once acquired, your personal data will be retained for as long as necessary to provide relevant services, market our services (where requested), and enhance our Website. Afterward, the data will be securely deleted, and we will not contact you unless you request it.

Security

All personal data we host is stored in accordance with our internal Information Security & Data Protection Policy, on which all staff are trained. All locally held data is encrypted, and all hardware is protected using endpoint security tools.

How and why we disclose your data

The very nature of our services requires us to pass your personal data to third-party energy and utility providers to enable them to assess your usage needs and provide you with an accurate quote going forward.

As there are many providers in the United Kingdom, it is not practical to list all of these in this policy, but where a quote is provided we will notify you as to which company is processing your personal data on our behalf.

Any websites which are linked from the Website are outside of our control and not covered by this policy. If you access those websites using the links provided, the website operators may collect information from you which will be used by them in accordance with their own privacy policies (if any). These policies may differ from ours, and we cannot accept any responsibility or liability in respect of these.

Your rights

In relation to all of your personal data, you have the following rights (in addition to any rights you may have under the Act or the Regulation) to ask us:

  • not to process your personal data for marketing purposes;
  • to clarify what data we hold about you, how it was obtained, to whom it has been disclosed and for how long it will be stored;
  • to amend any inaccurate data we hold about you;
  • to delete any of your data (where you no longer think we need to hold it, or you think we have obtained or processed it without your consent at any time); and
  • to only process your personal data in limited circumstances, for limited purposes.

If you wish to exercise any of your rights at any time, please contact us on the details contained at the beginning of this policy in the first instance. We will require you to verify your identity to us before we provide any personal data, and reserve the right to ask you to specify the types of personal data to which your request relates.

Where you wish to exercise any of your rights, they may be subject to payment of a nominal administration fee (to cover our costs incurred in processing your request) and any clarification we may reasonably require in relation to your request. Such fees may be charged where we consider (acting reasonably) that your request is excessive, unfounded or repetitive.