DUCKDUCK LIMITED – USER PRIVACY POLICY

Duckduck Ltd, trading as GridDuck (“GridDuck” / "we" / "our" / "us"), is committed to protecting and respecting your personal data.  In this privacy policy, “you” and “your” means the end user of our hardware and software.

This privacy policy applies to personal data we collect when you register and use our hardware and software for monitoring energy consumption by your household devices.  

This policy (together with our Website Privacy Policy) set out the basis on which any personal data that we collect from you, or that you provide to us, when using our products or services to which this policy applies and otherwise interacting with us will be processed.

GridDuck is the data controller in respect of your personal data. This means that we are responsible for deciding how we hold and use personal data about you.

Please read the following carefully to understand how we collect and treat your personal data.

1. WHAT INFORMATION WE COLLECT AND HOW WE WILL USE IT

1. We collect personal data so that we can operate effectively and provide you with the best possible service. The information we collect depends on the context of your interactions with our products and services. It also depends on the choices you make, for example the functions you use and your privacy settings. You may choose not to provide certain information but if you do, and that information is necessary to provide a particular feature, then you may not be able to use that feature. We will only use your personal data where we have a valid lawful basis to do so.

2. The table below summarises what information we collect about you, explains how we intend to use it and what our legal basis is for using it.

3. More about the information we collect and why

We have a duty to process personal data fairly, lawfully and in a manner that you would expect given the nature of our relationship with you. Where we have a legal basis to use your personal data without consent (as set out in the table above), this policy fulfils that duty by giving you appropriate notice and explanation of the way in which your personal data will be used. Where consent is required for our use of your personal data we will ask you to positively opt-in.  

If you have any questions or require any further information regarding our use of your personal data please contact us at privacy@gridduck.com.

2. CHANGE OF PURPOSE

1. We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

3. SHARING YOUR INFORMATION

1. You acknowledge that, with your consent, we may share your personal data with other companies within our group to support us in the performance of our business activities.

2. We may also share your personal data with other organisations, for example in the context of the possible sale or restructuring of the business. We may also need to share your personal data with a regulator or otherwise to comply with the law.

3. Why else we might share your personal data. We may also share your personal data with other organisations where it is necessary in order to provide you with our service or where we have another legitimate interest in doing so that is not overridden by your interests and fundamental rights. For example, to protect our customers or to operate and maintain the security or our computer systems.  

4. Who else may process my personal data. The following service providers and sub-contractors may process personal data about you for the following purposes:

• Contact details and feedback may be shared with customer support services and logistic services to deliver hardware to you
• Postcode, consumption data and meter information may be shared with government organisations, energy consultants, demand response aggregators or utility companies to analyse the data and assist in saving energy in the future
• You may decide to share consumption data and meter information with energy consultants, demand response aggregators or utility companies, providers of data analytics, technical solutions, maintenance and repair services, or other organisations to analyse the data, assist in saving energy in the future or for your own purposes

1. We require all service providers and other companies that we share personal information with to take appropriate and stringent security measures to protect your personal data in line with our policies. We do not allow such service providers or companies to use your personal data for their own purposes and only permit them to process your personal data for specified purposes in accordance with our instructions.

4. STORING YOUR INFORMATION

1. The personal data that we hold about you will only be processed and stored within the European Economic Area.

2. We will only retain your personal data for as long as is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting obligations.  For example, we may need to retain some of your personal data for 6 years after you have made a purchase from us for legal reasons.

3. Unless we inform you otherwise (or you request that we erase your personal data) we will retain your personal data for as long as you continue to use our services and if you do not use our services for 6 years then we will delete all your information. In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you.

5. children’s information

We do not knowingly collect information from children under the age of 13. If you become aware that your child or any child under your care has provided us with information without your consent please contact us at privacy@gridduck.com.

6. KEEPING YOUR INFORMATION SECURE

1. All information that you provide to us is stored on secure servers. We have put in place appropriate measures to protect the security of your information.  

2. The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of the information transmitted to our site and you acknowledge that any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access or inadvertent disclosure.

3. You are responsible for keeping confidential any passwords that you have to access our services. Please do not share your password(s) with anyone else. If you lose control of your password you may lose control over your personal data. If your password has been compromised for any reason please let us know immediately by contacting us at: privacy@gridduck.com.  

4. We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

5. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

7. Your Rights

1. You have the right under data protection laws to access information held about you, subject to certain conditions, and to request its rectification or deletion.

2. If you would like to access, update or amend the information which we hold about you or would like us to stop using your personal data please contact privacy@gridduck.com.

3. By law you have the right to:

• Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. This right is subject to a number of exemptions which allow information to be withheld in certain circumstances. For example, subject access rights are excluded where compliance would involve disclosing: information relating: to another individual; data which consists of information which is subject to legal professional privilege; negotiations or confidential references.
• Request correction or erasure of your personal data (unless we have the legal right to retain it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
• Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.
• Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
• Request the transfer of your personal data to another party.
• Change your data processing preferences at any time. If you have changed your mind you can contact us by email at privacy@gridduck.com.

1. You should be aware that if you ask us to stop processing your personal data in a certain way or erase your personal data, and this type of processing or data is needed to facilitate your use of the services you may not be able to use the services as you did before. This does not include your right to object to direct marketing, which can be exercised at any time without restriction.

2. If you want to exercise any of the above rights, please contact us at privacy@gridduck.com.

3. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is manifestly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

4. We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data are not disclosed to any person who has no right to receive it.

8. OTHER WEBSITES

1. Our website contains links to other website. This privacy policy only applies to this website so when you link to other websites you should read their own privacy policies.

9. CHANGES TO THIS PRIVACY POLICY

1. We keep our privacy policy under regular review and will inform you of any updates. This privacy policy was last updated October 2018.

10. HOW TO CONTACT US AND COMPLAINTS

1. We are Duckduck Ltd (trading as GridDuck) incorporated in England and Wales with company number 9545657, whose registered office is at Flat 23, 1 Hyde Park Square, London, United Kingdom W2 2JZ.

2. If you have any questions about this privacy policy or how we handle your personal data please contact us at privacy@gridduck.com.

3. If for any reason you are not happy with the way that we have handled your personal data, please contact us at privacy@gridduck.com. If you are still not happy, you have the right to make a make a complaint to the Information Commissioner’s Office see: https://ico.org.uk/global/contact-us/.