Data Respect Statement
We are BillBuddy Limited ("BillBuddy", “we”, or “us”). Our company details are set out at the end of this document.
We are the Controller for the purposes of data protection laws.
As a company we are committed to protecting and respecting the privacy of your personal information. We want you to be confident that your information will be properly protected whilst in our possession.
If you have any questions about our use of your personal information, or you wish to exercise one of your rights under the GDPR, please contact us at: firstname.lastname@example.org.
- Where we need to perform the contract we are about to enter into, or have entered into, with you.
- Where it is necessary for our legitimate business interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation.
- Generally we do not rely on consent as a legal basis for processing your personal information other than in relation to sending third party direct marketing communications to you via email, social media or text message. You have the right to withdraw consent to these activities at any time by contacting us at: email@example.com.
What Personal Information Do We Collect
Information you give us. When you sign up for a BillBuddy account and use our Services, we keep the basic account information you give us, like your name, email address, telephone number and password.
We also keep other relevant information including your energy supplier, tariff details and your payment details in order for us to provide you with our Switch Service.
We may also collect other relevant information from you to provide you with our Comparison Service where you request that we do so. This may include, but is not limited to, any additional contact details we may reasonably require, details about your existing service provider, your home address, your car, licence information and driving history.
We do not collect any Special categories of Personal Information.
Information we collect. We also collect and store your Personal Information as you use the Services and each time you interact with BillBuddy, for example, when you:
We may also store information about the third party services you sign up for, including when you use our Comparison Service.
Automatic Information. We may collect information about the device you access the Services from, such as the IP address or other unique device identifiers. If you access your account from a mobile device, that mobile device may also provide us with details of your location. Most mobile devices allow you to disable this functionality.
Strictly necessary cookies: These cookies are essential in order to enable you to move around the website and use its features, such as accessing secure areas of the website and remembering which services you have signed up for. Without these cookies, Services you have asked for cannot be provided.
Performance cookies: These cookies collect information about how you use the website. These cookies don’t collect information that identifies you and are only used to improve how the website works.
Advertising cookies: These cookies are used to deliver adverts which are more relevant to you and your interests. They are also used to limit the number of times you see an advertisement, as well as help measure the effectiveness of the advertising campaign. They are placed on the website by advertisers and advertising networks, with our permission. They remember that you have visited the site and this information is shared with other organisations such as advertisers. We use analytics data and the DoubleClick cookies for advertising purposes. You may opt out of the DoubleClick cookie by visiting the Google Advertising opt-out page or you may opt out of Google Analytics by visiting the Google Analytics opt-out page. The Google Website has additional information available about their Policy for Advertising based on Interests and Location.
Personal Information regarding children: The Services are not intended for use by individuals who cannot enter a legally binding contract. Accordingly, BillBuddy does not intentionally gather any Personal Information about individuals who are under the age of eighteen (18). If you are under eighteen (18) years of age or otherwise lack the capacity to enter into a binding contract do not use our Services. If BillBuddy becomes aware that it has collected Personal Information from someone under the age of majority, such information will be deleted immediately.
- update information in your dashboard,
- communicate with us by telephone or email, and
- complete forms on our website.
How We Use Your Personal Information
We use your Personal Information for the following reasons:
- To perform our contract with you: When you sign up for our Services, we need to collect your Personal Information so that we can perform our contract with you as is set out in our Terms and Conditions. This includes sharing your Personal Information with energy suppliers and other relevant third parties. We will not be able to perform our Services if you do not provide us with your Personal Information.
- To improve our website and Services: We want to continue to improve our Services and provide you with a better and more tailored user experience on our website. We also want to hear from you if you have a complaint or any feedback about our Services. We believe it is in our legitimate business interests to process your Personal Information in this way.
- To send you information about our Services: We may want to connect with you to provide you information about related products and services that we think might interest you. We believe it is in our legitimate business interests to communicate with you in this way. Where you have opted in to direct marketing, we will process your information to provide you with information in line with your preferences. You can always opt-out from us communicating with you in this way and can withdraw your consent at any time by emailing us or by clicking to opt-out or unsubscribe at the bottom of the relevant communication.
- If our business is sold: We may need to transfer your Personal Information to a third party in the event that we look to sell our business or assets. If we do this, we will always ensure that appropriate security is in place. It is in our legitimate business interests to ensure that our business can continue.
- As part of a legal obligation: In very limited circumstances, we may need to share your Personal Information as part of a legal obligation.
Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. We are allowed to use automated decision-making in the following circumstances:
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.
We do not envisage that any decisions will be taken about you using automated means, but we will notify you in writing if this position changes.
- where we have notified you of the decision and given you 21 days to request us to reconsider the decision;
- for performing our contract with you and ensuring appropriate measures are in place to safeguard your rights;
- in limited circumstances, with your explicit written consent and where appropriate measures are in place to safeguard your rights.
How We Share Your Personal Information
When you sign up for our Switch Service, we will use the Personal Information you have provided us regarding your postcode, energy supplier and usage details to carry out searches of suppliers and tariffs that we can access on your behalf.
The energy comparison service on our website is provided by Energy Helpline who is a data controller in respect of any Personal Information you input for the purposes of us obtaining a quote on your behalf.
When we switch providers on your behalf, we or Energy Helpline will pass your Personal Information including your direct debit details to the energy providers to allow them or us to process your switch.
We use third parties to perform searches of websites in order to provide you with quotes and comparisons of products and services. The third party that we use depends on the product or service you choose to compare.
The Insurance Comparison Service on our website is provided by I-Wonder Ltd who is a data controller in respect of any Personal Information you input for the purposes of us obtaining a quote on your behalf.
The Home Comparison Service on our website is provided by Stickee Ltd who is also a data controller in respect of any Personal Information you input for the purposes of us obtaining a quote on your behalf.
We only share your Personal Information with I-Wonder, or any other party that we may use from time to time, where you have chosen to use that particular Comparison Service.
We may have to share your personal data with the parties set out below for the purposes set out above:
If you have given consent to this, you can withdraw it at any time. Please use the unsubscribe link on the email communication you receive or contact us at firstname.lastname@example.org. We require all third parties to respect the security of your Personal Information and to treat it in accordance with the law. We do not allow our third-party service providers to use your Personal Information for their own purposes and only permit them to process your Personal Information for specified purposes and in accordance with our instructions.
Compliance with Laws and Policies
- Our group companies
- Carefully selected third parties who provide a service to us to support our core operations, such as: processing our mail, communicating with customers and prospective customers on our behalf (including via social media), running promotions, providing IT systems and administrative services and the development and improvement of internal systems and processes;
- Competent authorities (statutory bodies, regulatory authorities, authorised bodies who have a role laid out by law);
- Other organisations where we are legally obligated to disclose your personal information (such as requests made in the prevention and detection of crime) or where disclosure is necessary to protect the property, rights and safety of us and our staff or to comply with any law, regulation, or governmental or judicial warrant, rule, order or subpoena;
- Other companies where we are trialling products and services which we consider may improve our offering to customers and/or our business processes; and
- Other third parties where you have given your express consent or where we reasonably believe a third party is acting on your behalf.
How We Communicate With You
If you use the site, we may email or phone you with updates or information we pertain to be of use in relation to the service we provide, we record the information you request and the details sent to you by email.
How We Protect Your Data
BillBuddy has security measures in place to protect against the loss, misuse, and alteration of your Personal Information. Personal Information provided to us is stored in secure facilities with access restricted to authorised personnel only. Although we make good faith efforts to store the Personal Information we collect in a secure operating environment that is not accessible to unauthorised users, we cannot guarantee complete security.
To provide secure direct debit processing when providing us with your direct debit details, switches made through our website are protected under the Direct Debit Guarantee. If you choose to switch online with BillBuddy, your information is sent to us using SSL (Secure Socket Layer) encryption, an industry-standard method for protecting data as it travels over the Internet, or a similar encryption technology that may become accepted as an industry standard, or a better encryption method, in the future.
Your Personal information is collected and used for the reasons set out above, and will not be stored for longer than necessary for those purposes. Generally, we store your Personal Information for no longer than the time you have an account with us, plus an additional seven years. Where you do not sign up for an account or otherwise use our services, we only store your Personal Information for a maximum of two years.
If you wish to change the types of communications you receive from us or opt out of receiving any future communications, you may do so by modifying your profile on your control panel, by emailing your request to us at email@example.com, or by clicking on the appropriate link in any BillBuddy email communication that you receive.
Correcting Your Personal Information.
You can access the Personal Information that we collect via your control panel. You can correct factual errors in your Personal Information on your control panel or by sending a request to firstname.lastname@example.org. Please provide sufficient details regarding the error. To protect your privacy and security, we take commercially reasonable steps to verify your identity before granting access or making any corrections to your Personal Information.
Your EU Data Protection Rights
Location of Personal Information and Transfers.
Some of our external third parties may have operations or suppliers based outside the European Economic Area (EEA) so their processing of your Personal Information will involve a transfer of data outside the EEA. Whenever we transfer your Personal Information out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
Please contact email@example.com if you want further information on the specific mechanism used by us when transferring your Personal Information out of the EEA.
- We will only transfer your Personal Information to countries that have been deemed to provide an adequate level of protection for Personal Information by the European Commission. For further details, see European Commission: Adequacy of the protection of Personal Information in non-EU countries.
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of Personal Information to third countries.
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
Rights of Access, Correction, Erasure and Restriction
Your rights in connection with personal information.
Under certain circumstances, by law you have the right to:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party. If you want to review, verify, correct or request erasure of your personal information, object to the processing of your Personal Information, or request that we transfer a copy of your personal information to another party, please contact firstname.lastname@example.org.
No fee usually required
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Third Party Links and Services
BillBuddy Contact Information
If you have any questions or comments, please contact us
at email@example.com or at the address listed below:
16-18 Barnes Wallis Road
Company Number: 11643242