Camellia Plc Privacy Notice

Camellia plc (the “Company”) is the parent company of the Camellia Group (the “Group”, “we” and “us”). We are committed to protecting the privacy of those with whom we interact and we recognise the need to respect and protect information that is collected or disclosed to us (called “personal information”,) explained below.

This Privacy Notice is intended to tell you how we use your personal information, and we’ve tried to explain what we do in enough detail to give you the information you need at a glance, with the option of following a link if you want to find out more. If you still can’t find the information you need, you can email us at [email protected].

We only collect data that you enter into the website, for example to submit an enquiry, send an email or where you sign up to our mailing list.

If you subscribe to any of our mailing lists, we will use your information to send you the  nformation you have requested.

We use cookies which collect information about the usage and performance of our website. The information that the cookies collect is anonymous other than your IP address. We use this information to analyse usage of our website by visitors to improve its performance and to inform decisions about content, layout and operation of the website and our services or products, where applicable.

This Privacy Notice explains what data we process, why we process such data, how it is legal and your rights.

Who are we?

The Company is made up of different legal entities, details of which can be found here www.camellia.plc.uk. This Privacy Notice is issued on behalf of the Group unless otherwise stated, so when we mention “the Group”, “we”, “us” or “our” in this Privacy Notice we are referring to the relevant company in the Group responsible for processing your personal information. The Company is the controller and responsible for this website.

How to contact us

We have appointed a data protection officer (“DPO”) who is responsible for overseeing questions in relation to this Privacy Notice. If you have any questions about this Privacy Notice, including any requests to exercise your legal rights, please contact the DPO at this email address: [email protected]

1. What is Personal Data and what Personal Data does the Group collect
about you?

Personal Data” consists of any information that relates to you and/or information from which you can be identified, directly or indirectly (it does not include data where the identity has been removed). For example, information which identifies you may consist of your name, address, telephone number, photographs, location data, an online identifier (e.g. cookies identifiers and your IP address) or to one or more factors specific to your physical, physiological, genetic, mental, economic, cultural or social identity. When we combine other information (i.e. information that does not, on its own, identify you) with Personal Data, we treat the combined information as Personal Information.

We may, where applicable, collect, use, store and transfer different kinds of Personal Data about you which we have grouped together as follows:

  • Identity Data includes first name, last name, title and username or similar identifier.
  • Contact Data includes address, email address and telephone number.
  • Technical Data includes internet protocol (IP) address (IP addresses are a string of numbers assigned to a computer by an internet service provider).
  • User Behaviour / Engagement Data includes the date and time of registration, usage session dates and duration, page views, features and functions used, preferences and settings selected, and responses to surveys.
  • Marketing and Communications Data includes your preferences in receiving marketing from us and your communication preferences.

2. How is your Personal Data collected?

The Company collects information through its websites, email notification, and other Group products, applications, platforms, services and events (“Platform”). We use different methods to collect data from and about you including:

a) Personal Data you provide directly. You may give us your Identity Data or
Contact and Marketing and Communications Data by filling in forms or by
corresponding with us by email, phone or otherwise. Other examples may
include the following:

  • registering for our products on a Platform and subsequently using your account;
  • set-up preferences, and notifications/alerts connected to our Products;
  • logging into our Platform, including logging in through social media platforms;
  • participating in surveys or questionnaires;
  • completing online order forms;
  • using our products;
  • signing up to our mailing lists; or
  • otherwise interacting with us.

b) Automated technologies or interactions. As you interact with our website, and Platforms, where applicable, we may automatically collect Technical Data and User  Behaviour / Engagement Data about your equipment, browsing actions and patterns. We collect this Personal Data by using cookies and other similar technologies. Please see section 9 below for further details.

4. How do we use your information?

We will only use your Personal Data when the law allows us to. We may use the Personal Data we collect for the following purposes:

  1. Provide our products – to deliver our products, as well as to administer our systems and accounts.
  2. Surveys – to ask for your opinions or comments on our products and to conduct other surveys.
  3. Customised Content – to provide customised content and layout on our Platforms.
  4. Analysis Purposes – for assessment and analysis of our market, customers, products, and other services, and to create sales, marketing and promotional plans and programs.
  5. Service Improvement – to enhance our products and the user experience and to develop new products and services.
  6. Customer Support Services – to provide customer support services, product training and education to users.
  7. Crime Prevention - for the prevention or detection of fraud or crime.
  8. Business Purposes – for business monitoring and internal record keeping.
  9. Legal Obligations – to comply with our legal obligations.
  10. Training – for staff training and quality assurance purposes, particularly in relation to our customer support representatives.
  11. Updates – to communicate with you, including communicating with you about your account, profiles or transactions with us, giving you important information about your products or other services, sending you notices about any material changes to this Privacy Notice, and, where permitted by you and applicable laws, marketing, sending you offers and promotions for our services.

The law allows us to use the Personal Data as set out above on the basis that the processing is necessary for the performance of a contract with you, or we are acting in our “legitimate interests”. i.e. we have good, sensible, practical reasons for processing your Personal Data which is in the interests of the Company. To do so, we have considered the impact on your interests and rights, and have placed appropriate safeguards to ensure that the intrusion on your privacy is reduced as much as possible. You can object to processing that we carry out on the grounds of legitimate interests. See the section headed “Enforcing Your Rights” below to find out how.

Marketing communications

The Company may use your Personal Data to provide you with email notifications and other communications by email, post, telephone, and/or text message (SMS), on the basis that such use is necessary for the purposes of the legitimate interests pursued by us.

Combining Personal Data

We may combine the Personal Data that we collect from you (including information received from our affiliates) to the extent permitted by applicable law. For example, we may combine various different databases that contain your Personal Information to allow us to provide better support services and more personalised content (such as, marketing).

4. To whom do we disclose your data?

We will only use your Personal Data for our internal business purposes, some of which are mentioned above. We do not sell any of your Personal Data to third parties. However, we may disclose your information to the following entities:

  1. Camellia Affiliates

    We may need to transfer your Personal Data to other companies in the Group to provide the products and services you require.
  2. Service Providers

    We use third party service providers that act as our “processors” to help us to administer certain activities and services on our behalf, such as analysing usage of our products and services, email support services, tracking effectiveness of our marketing campaigns and to help us operate our systems suc as website hosting and IT support. We may share Personal Data about you with such third party service providers solely for the purpose of enabling them to perform services on our behalf and they will operate only in accordance with our instructions. Here are examples of third-party service providers we use:
    • Email Support Services – to assist us in ensuring our email service functions so as to provide you with our services; and
    • Analytics Service Providers – analytics providers are used to assist us in understanding the usage of our products and other services, to enable us to improve our services.
  3. Third parties when required by Law or to protect our services

    We will disclose your Personal Data to comply with applicable law or respond to valid legal process, including from our regulators, law enforcement or other government agencies; to protect our customers (e.g. to prevent spam or attempts to defraud users of our services); to operate and maintain the security of our services (e.g. to prevent or stop an attack on our systems or networks); or to protect the rights or property of the Company, including enforcing any terms or agreements governing the use of our services.

5. Transfers of your personal data outside the EEA

We may in certain situations need to transfer your personal data to entities which are located outside the European Economic Area, for the purpose of:

  1. sharing central systems across our Group;
  2. where our service providers are based outside the UK or EEA, to enable them to provide their services to us from those countries.

6. What do we do to keep your information secure?

We have put in place appropriate physical and technical measures to safeguard the Personal Data we collect through our Platforms. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality. However, please note that although we take appropriate steps to protect your Personal Information, no website, product, device, online application or transmission of data, computer system or wireless connection is completely secure and therefore we cannot guarantee the security of your Personal Information.

7. Data Retention – How long we will store/keep your Personal Data

The Company retains Personal Data for as long as necessary to fulfil the purposes for which your Personal Information has been collected as outlined in this Privacy Notice. When your Personal Information is no longer required for the purpose it was collected or as required by applicable law, it will be deleted and/or returned to you in accordance with applicable law. We keep your Personal Data for up to 10 years.

Accessing your Personal Data and other rights you have

The Company will collect, store and process your Personal Data in accordance with
your rights under any applicable data protection laws. You have the following rights in
relation to your Personal Data:

  1. Subject Access Request – you have the right to request details of the Personal Data which we hold about you and copies of such Personal Data.
  2. Right to Withdraw Consent (including for direct marketing) – where you have consented to our processing of your Personal Data, you have the right to withdraw such consent at any time. In the event you wish to withdraw your consent to processing, please contact us using the details provided in the ‘How to contact us’ section.
  3. Data Portability – you may, in certain circumstances, request us to port (i.e. transmit) your Personal Information directly to another organisation.
  4. Rectification – we want to ensure that the Personal Data about you that we hold is accurate and up to date. If you think that any information we have about you is incorrect or incomplete, please let us know. To the extent required by applicable laws, we will rectify or update any incorrect or inaccurate Personal Data about you.
  5. Erasure (‘right to be forgotten’) – you have the right to have your Personal Data ‘erased’ in certain specified situations.
  6. Restriction of processing – you have the right in certain specified situations to require us to stop processing your Personal Data and to only store such Personal Data.
  7. Object to processing – you may object to us processing your Personal Data where we rely on a legitimate interest as our legal grounds for processing. If you object to us processing your Personal Data we must demonstrate compelling grounds for continuing to do so.
  8. Prevent automated decision-taking – in certain circumstances, you have the right not to be subject to decision being taken solely on the basis of automated processing.

8. Cookies

The Company, as well as certain other third parties that provide content, advertising, or other functionality on our services, may use cookies and other technologies, including web beacons, action tags, pixel tags, in certain areas of our services. Cookies are small text files that can be read by a web server in the domain that put the cookie on your hard drive. Cookies are assigned to and stored in a user’s internet browser on a temporary (for the duration of the online session only) or persistent basis (cookie stays on the computer after the internet browser or device has been closed). Cookies collect and store information about a user’s preferences, product usage, content viewed, and registration information which allows for the Company to provide users an enhanced and customised experience when engaging with our products. We may use cookies to store your preferences and settings, help you with signing in, provide targeted ads, and analyse site operations.

9. Changes to this Privacy Notice

It also is important that you check back often for updates to the Privacy Notice, as we may change this Privacy Notice from time to time. The “Date last updated” legend at the bottom of this page states when the notice was last updated and any changes will become effective upon our posting of the revised Privacy Notice.

We will provide notice to you if these changes are material. We will provide this Privacy Notice by email or by posting notice of the changes on our website or through any relevant services.

Issue Number: Issue 2
Date last updated: April 2021
Author: Group General Counsel
Responsibility: Data Protection Officer

ACCREDITATIONS

BV
achilles-silver-plus
AJT-CHAS
Achilles Global Energy