DUCKDUCK LIMITED – USER PRIVACY POLICY

Duckduck Ltd, trading as GridDuck (“GridDuck” / "we" / "our" / "us"), is committed to protecting and respecting your personal data.  In this privacy policy, “you” and “your” means the end user of our hardware and software.

This privacy policy applies to personal data we collect when you register and use our hardware and software for monitoring energy consumption by your household devices.  

This policy (together with our Website Privacy Policy) set out the basis on which any personal data that we collect from you, or that you provide to us, when using our products or services to which this policy applies and otherwise interacting with us will be processed.

GridDuck is the data controller in respect of your personal data. This means that we are responsible for deciding how we hold and use personal data about you.

Please read the following carefully to understand how we collect and treat your personal data.

  1. WHAT INFORMATION WE COLLECT AND HOW WE WILL USE IT
  1. We collect personal data so that we can operate effectively and provide you with the best possible service. The information we collect depends on the context of your interactions with our products and services. It also depends on the choices you make, for example the functions you use and your privacy settings. You may choose not to provide certain information but if you do, and that information is necessary to provide a particular feature, then you may not be able to use that feature. We will only use your personal data where we have a valid lawful basis to do so.

  2. The table below summarises what information we collect about you, explains how we intend to use it and what our legal basis is for using it.

What information we will collect about you

How we collect information about you

Why we are processing information about you

What our legal basis is for processing information about you

Contact details: name, email address and address

Provided by your supplier or your provider of technical solutions

These details may also be collected from you when you sign up for an account with us or contact our customer services team

To provide you with login details to the platform and onboard you as a user

To communicate with you regarding information, products and services that you request from us

To deliver hardware to you and provide our services

To help us to ensure users are genuine and to prevent fraud

To enable us to pursue our legitimate interests to:

  • deliver hardware that you have requested;
  • access our services; and
  • communicate with you

 

Username, password, security information, account preferences and account number

Collected from you when you sign up for an account with us

To onboard you as a user

To perform essential business operations

To help us to ensure users are genuine, protect our security and to prevent fraud

To enable us to pursue our legitimate interests to:

  • deliver services that you have requested;
  • improve our services;
  • maintain the security of our computer systems; and
  • protect our rights

Consumption data and metering information

Device and usage data including device identifiers

Automatically collected in our server logs when you interact with our software interface, platform and products, but only accessible by us if you grant us access

To provide and improve our services and user experience

To calculate consumption, perform data analysis and reporting services

To perform our contract with you

To enable us to pursue our legitimate interests to:

  • improve our services and better understand how our customers use them; and
  • perform statistical analysis, research and reporting

Feedback

Other information you provide when you contact us (e.g. for customer support), such as your contact details, details of your communications with us and/or your metering information

Collected from you when you contact us

To provide customer support, including dealing with enquiries, correspondence and complaints

To answer any concerns or issues

To monitor customer communications for quality and training purposes

To enable us to pursue our legitimate interests to:

  • resolve complaints we receive; and
  • improve our services

  1. More about the information we collect and why

We have a duty to process personal data fairly, lawfully and in a manner that you would expect given the nature of our relationship with you. Where we have a legal basis to use your personal data without consent (as set out in the table above), this policy fulfils that duty by giving you appropriate notice and explanation of the way in which your personal data will be used. Where consent is required for our use of your personal data we will ask you to positively opt-in.  

If you have any questions or require any further information regarding our use of your personal data please contact us at privacy@gridduck.com.

  1. CHANGE OF PURPOSE
  1. We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

  1. SHARING YOUR INFORMATION
  1. You acknowledge that, with your consent, we may share your personal data with other companies within our group to support us in the performance of our business activities.

  2. We may also share your personal data with other organisations, for example in the context of the possible sale or restructuring of the business. We may also need to share your personal data with a regulator or otherwise to comply with the law.

  3. Why else we might share your personal data. We may also share your personal data with other organisations where it is necessary in order to provide you with our service or where we have another legitimate interest in doing so that is not overridden by your interests and fundamental rights. For example, to protect our customers or to operate and maintain the security or our computer systems.  

  4. Who else may process my personal data. The following service providers and sub-contractors may process personal data about you for the following purposes:

  1. We require all service providers and other companies that we share personal information with to take appropriate and stringent security measures to protect your personal data in line with our policies. We do not allow such service providers or companies to use your personal data for their own purposes and only permit them to process your personal data for specified purposes in accordance with our instructions.

  1. STORING YOUR INFORMATION
  1. The personal data that we hold about you will only be processed and stored within the European Economic Area.

  2. We will only retain your personal data for as long as is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting obligations.  For example, we may need to retain some of your personal data for 6 years after you have made a purchase from us for legal reasons.

  3. Unless we inform you otherwise (or you request that we erase your personal data) we will retain your personal data for as long as you continue to use our services and if you do not use our services for 6 years then we will delete all your information. In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you.

  1. children’s information

We do not knowingly collect information from children under the age of 13. If you become aware that your child or any child under your care has provided us with information without your consent please contact us at privacy@gridduck.com.

  1. KEEPING YOUR INFORMATION SECURE
  1. All information that you provide to us is stored on secure servers. We have put in place appropriate measures to protect the security of your information.  

  2. The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of the information transmitted to our site and you acknowledge that any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access or inadvertent disclosure.

  3. You are responsible for keeping confidential any passwords that you have to access our services. Please do not share your password(s) with anyone else. If you lose control of your password you may lose control over your personal data. If your password has been compromised for any reason please let us know immediately by contacting us at: privacy@gridduck.com.  

  4. We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

  5. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

  1. Your Rights
  1. You have the right under data protection laws to access information held about you, subject to certain conditions, and to request its rectification or deletion.

  2. If you would like to access, update or amend the information which we hold about you or would like us to stop using your personal data please contact privacy@gridduck.com.

  3. By law you have the right to:

  1. You should be aware that if you ask us to stop processing your personal data in a certain way or erase your personal data, and this type of processing or data is needed to facilitate your use of the services you may not be able to use the services as you did before. This does not include your right to object to direct marketing, which can be exercised at any time without restriction.

  2. If you want to exercise any of the above rights, please contact us at privacy@gridduck.com.

  3. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is manifestly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

  4. We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data are not disclosed to any person who has no right to receive it.

  1. OTHER WEBSITES
  1. Our website contains links to other website. This privacy policy only applies to this website so when you link to other websites you should read their own privacy policies.

  1. CHANGES TO THIS PRIVACY POLICY
  1. We keep our privacy policy under regular review and will inform you of any updates. This privacy policy was last updated October 2018.

  1. HOW TO CONTACT US AND COMPLAINTS
  1. We are Duckduck Ltd (trading as GridDuck) incorporated in England and Wales with company number 9545657, whose registered office is at Flat 23, 1 Hyde Park Square, London, United Kingdom W2 2JZ.

  2. If you have any questions about this privacy policy or how we handle your personal data please contact us at privacy@gridduck.com.

  3. If for any reason you are not happy with the way that we have handled your personal data, please contact us at privacy@gridduck.com. If you are still not happy, you have the right to make a make a complaint to the Information Commissioner’s Office see: https://ico.org.uk/global/contact-us/.

3803620/106029496