Where we need to perform the contract we are about to enter into, or have entered into, with you.
Where it is necessary for our legitimate business interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Where we need to comply with a legal or regulatory obligation.
Generally we do not rely on consent as a legal basis for processing your personal information other than in relation to sending third party direct marketing communications to you via email, social media or text message. You have the right to withdraw consent to these activities at any time by contacting us at: [email protected]
If you have any questions about our use of your personal information, or you wish to exercise one of your rights under the GDPR, please contact us at: [email protected]
What Personal Information Do We Collect
Information you give us. When you sign up for a BillBuddy account and use our Services, we keep the basic account information you give us, like your name, email address, telephone number and password.We also keep other relevant information including your energy supplier, tariff details and your payment details in order for us to provide you with our Switch Service.We may also collect other relevant information from you to provide you with our Comparison Service where you request that we do so. This may include, but is not limited to, any additional contact details we may reasonably require, details about your existing service provider, your home address, your car, licence information and driving history.We do not collect any Special categories of Personal Information.Information we collect. We also collect and store your Personal Information as you use the Services and each time you interact with BillBuddy, for example, when you:
update information in your dashboard,
communicate with us by telephone or email, and
complete forms on our website.
How We Use Your Personal Information
We use your Personal Information for the following reasons:
To perform our contract with you: When you sign up for our Services, we need to collect your Personal Information so that we can perform our contract with you as is set out in our Terms and Conditions. This includes sharing your Personal Information with energy suppliers and other relevant third parties. We will not be able to perform our Services if you do not provide us with your Personal Information.
To improve our website and Services: We want to continue to improve our Services and provide you with a better and more tailored user experience on our website. We also want to hear from you if you have a complaint or any feedback about our Services. We believe it is in our legitimate business interests to process your Personal Information in this way.
To send you information about our Services: We may want to connect with you to provide you information about related products and services that we think might interest you. We believe it is in our legitimate business interests to communicate with you in this way. Where you have opted in to direct marketing, we will process your information to provide you with information in line with your preferences. You can always opt-out from us communicating with you in this way and can withdraw your consent at any time by emailing us or by clicking to opt-out or unsubscribe at the bottom of the relevant communication.
If our business is sold: We may need to transfer your Personal Information to a third party in the event that we look to sell our business or assets. If we do this, we will always ensure that appropriate security is in place. It is in our legitimate business interests to ensure that our business can continue.
As part of a legal obligation: In very limited circumstances, we may need to share your Personal Information as part of a legal obligation.
Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. We are allowed to use automated decision-making in the following circumstances:
where we have notified you of the decision and given you 21 days to request us to reconsider the decision;
for performing our contract with you and ensuring appropriate measures are in place to safeguard your rights;
in limited circumstances, with your explicit written consent and where appropriate measures are in place to safeguard your rights.
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.We do not envisage that any decisions will be taken about you using automated means, but we will notify you in writing if this position changes.
How We Share Your Personal Information
Our group companies
Carefully selected third parties who provide a service to us to support our core operations, such as: processing our mail, communicating with customers and prospective customers on our behalf (including via social media), running promotions, providing IT systems and administrative services and the development and improvement of internal systems and processes;
Competent authorities (statutory bodies, regulatory authorities, authorised bodies who have a role laid out by law);
Other organisations where we are legally obligated to disclose your personal information (such as requests made in the prevention and detection of crime) or where disclosure is necessary to protect the property, rights and safety of us and our staff or to comply with any law, regulation, or governmental or judicial warrant, rule, order or subpoena;
Other companies where we are trialling products and services which we consider may improve our offering to customers and/or our business processes; and
Other third parties where you have given your express consent or where we reasonably believe a third party is acting on your behalf.
How We Communicate With You
How We Protect Your Data
GeneralBillBuddy has security measures in place to protect against the loss, misuse, and alteration of your Personal Information. Personal Information provided to us is stored in secure facilities with access restricted to authorised personnel only. Although we make good faith efforts to store the Personal Information we collect in a secure operating environment that is not accessible to unauthorised users, we cannot guarantee complete security.Secure Payments.To provide secure direct debit processing when providing us with your direct debit details, switches made through our website are protected under the Direct Debit Guarantee. If you choose to switch online with BillBuddy, your information is sent to us using SSL (Secure Socket Layer) encryption, an industry-standard method for protecting data as it travels over the Internet, or a similar encryption technology that may become accepted as an industry standard, or a better encryption method, in the future.StorageYour Personal information is collected and used for the reasons set out above, and will not be stored for longer than necessary for those purposes. Generally, we store your Personal Information for no longer than the time you have an account with us, plus an additional seven years. Where you do not sign up for an account or otherwise use our services, we only store your Personal Information for a maximum of two years.
Email CommunicationsIf you wish to change the types of communications you receive from us or opt out of receiving any future communications, you may do so by modifying your profile on your control panel, by emailing your request to us at [email protected], or by clicking on the appropriate link in any BillBuddy email communication that you receive.Correcting Your Personal Information.You can access the Personal Information that we collect via your control panel. You can correct factual errors in your Personal Information on your control panel or by sending a request to [email protected] Please provide sufficient details regarding the error. To protect your privacy and security, we take commercially reasonable steps to verify your identity before granting access or making any corrections to your Personal Information.
Your EU Data Protection Rights
Location of Personal Information and Transfers.Some of our external third parties may have operations or suppliers based outside the European Economic Area (EEA) so their processing of your Personal Information will involve a transfer of data outside the EEA. Whenever we transfer your Personal Information out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
We will only transfer your Personal Information to countries that have been deemed to provide an adequate level of protection for Personal Information by the European Commission. For further details, see European Commission: Adequacy of the protection of Personal Information in non-EU countries.
Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of Personal Information to third countries.
Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
Please contact [email protected] if you want further information on the specific mechanism used by us when transferring your Personal Information out of the EEA.
Rights of Access, Correction, Erasure and Restriction
Your rights in connection with personal information.Under certain circumstances, by law you have the right to:
Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
Request the transfer of your personal information to another party. If you want to review, verify, correct or request erasure of your personal information, object to the processing of your Personal Information, or request that we transfer a copy of your personal information to another party, please contact [email protected]
No fee usually required
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Third Party Links and Services
BillBuddy Contact Information
If you have any questions or comments, please contact us
at [email protected] or at the address listed below:BillBuddy Limited
16-18 Barnes Wallis Road Segensworth Portsmouth Hampshire PO15 5TT United KingdomCompany Number: 11643242For the specific terms and conditions of our partner Amazon gift voucher program, please click here.