Version: 2.0, Last updated: 15th February 2023
At Piclo we respect your privacy and commit to protecting your personal data. This “privacy notice” explains what we do with your personal data, why we want to use it, how we protect it, and what rights you have to control our use of it.
It applies not just to use of our websites and online services, but also personal data that we process through other interactions with individuals in the course of running our business, such as potential or existing clients, industry contacts, people interested in working for or with us and our suppliers. Our websites and services are not intended for children and we do not knowingly collect data relating to children.
This privacy notice is for Open Utility Ltd, better known by our trading name which is ‘Piclo’ (and referred to as "Piclo”, "we", "us" or "our" in this privacy notice). We collect, use and are responsible for certain personal data. When we do so we are regulated under data protection laws and we are responsible as “data controller” of that personal information for the purposes of the law.
Our contact address is 35 Holland Grove, London, SW9 6ER. We are registered in England under company number 8384033. We are a software company whose mission is to help transition to a future where distributed renewables and smart systems power our businesses, homes and schools.
If you want to contact us about any of the points on this privacy notice, or just generally about how we protect your privacy, please email us at hello@piclo.energy.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We use personal data from different categories of individual for several different purposes and these each have a different ‘lawful basis’. This section describes these in detail and, although it’s technical, we’re required by law to explain this to you.
We will store and use the data you enter (usually name, contact details, message) for the purposes of responding to your enquiry and business development. We do this on the basis that it is necessary for our legitimate interests in operating and promoting our business. We store your data for as long as we need to interact with you for these purposes. If you would like us to update or delete your information, please email us (see “How to contact us” below).
We will store and use the data you enter (name, email address and message) for the purposes of responding to your support enquiry and provide a more personalised support service. We do this on the basis that it is necessary for our legitimate interests in building a better product for our customers and supporting them. We store your data for as long as we need to interact with you for these purposes. If you would like us to update or delete your information, please email us (see “How to contact us” below).
We will hold your name, company and contact details for the purposes of providing you with secure access to your online account and keeping you informed of updates relating to your account. We do this on the basis that it is necessary for our legitimate interests in operating the Piclo Flex platform for clients and to perform the relevant contracts entered with them. You, your employer or another party working with you or your employer will have provided these details through the account creation and invitation process. If you want to update your details you can log in and do so. If you no longer require your account or want to delete your data please email us (see “How to contact us” below). We will hold your information until you or we delete your account.
We may have a record of the IP address of any computer you use for API access. We record this for the purposes of security, record-keeping and audit trail. We do this on the basis that it is necessary for our legitimate interests in operating our services for customers in a secure and auditable fashion. We will hold these records for a period of up to 5 years.
We hold your email address for the purpose of sending you updates on Piclo and industry news. We process this data on the basis that we have your consent. You can withdraw your consent at any time by using the “unsubscribe” links at the bottom of each email.
We will hold your name and contact details (and any other details about you that you submit at the time of sign up) for the purposes of organising and running the webinar or event and any follow-up activities. For webinars or events organised with external partners, those partners may also receive the personal details you submit, in which case they will process them in accordance with their own privacy notice. We do this on the basis that it is necessary for our legitimate interests in providing learning opportunities for our clients and interested parties, as well as promoting our business We will hold your details for as long as needed for the purposes of organising and running the webinar or event and any follow-up activities. If you would like us to update or delete your information, please send us an email (see “How to contact us” below).
We may hold your name, company, job title and contact details. We will have been provided with this data either by you or your employer or in some cases we may have sourced it from publicly available sources, such as Linked In and internet searches. We need this data in order to interact with you (or your employer) for the purposes of performing services for clients and communicating with relevant people. We do this on the basis that it is necessary for our legitimate interests in operating and growing our business. We will hold your details for as long as we need to interact with you for these purposes. If you would like us to update or delete your information, please send us an email (see “How to contact us” below).
We may hold your name and contact details in order to interact with you or your employer to procure and pay for goods and services. We do this on the basis that it is necessary for our legitimate interests in doing business with you or your company. We will hold this information for a period up to ten years after the termination of the relevant contract for any reason occurred, without prejudice to the need to extend this retention period if it’s necessary to comply with a legal obligation or to protect our rights or legitimate interests before a competent authority. If you would like us to update or delete your information, please send us an email (see “How to contact us” below).
We will hold any personal data you send to us, or that is sent to us by third party recruitment agencies or websites. This is likely to be your name, contact details and CV. We will use this data for the purpose of communicating with you and assessing your suitability for jobs for which we are recruiting. We do this on the basis that it is necessary for our legitimate interests in recruiting talented people to operate our business. We will hold this information for as long as we need to interact with you for these purposes and the data of unsuccessful candidates will normally be deleted no more than 6 months after a decision is made. If you would like us to update or delete your information, please send us an email (see “How to contact us” below).
If you visit our websites, we may store information relating to you using cookies or similar technologies, which we can access when you visit our site in future.
Generally, the cookies used do include information from which you can be identified as an individual. For more information on our use of cookies and how to control them see our Cookie Policy.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements, taking into account applicable data protection laws, retention periods under applicable laws, limitation periods and our business needs.
The retention periods for each specific purpose are those indicated in the paragraphs above.
We may share your personal data with the following third parties in certain circumstances:
If you attend one of our webinars or events, the name and company of attendees are usually shared with the event speakers, our board and any third-party event hosts and may be shared with other attendees. This is done to share knowledge and enable access to the venue.
We reserve the right to disclose your information to a third party as part of a merger or transfer, acquisition or sale, or in the event of a bankruptcy. In such case, we will require the relevant third parties to provide comparable levels of protection as we provide with respect to the information we share.
We use a number of different service providers (acting as ‘data processors’) who provide IT and system administration services to enable us to operate our organisation and the services we provide. Your personal data is transferred to (and stored by) these data processors, who generally fall under the following categories:
These ‘data processors’ only process data on our behalf. They won’t use your personal data for their own purposes and we only permit them to use it in accordance with our instructions, our contract with them and the law.
For security reasons we do not name all our service providers in this privacy notice. Please contact us (see below) if you want further information on specific data processors or the types of personal data they process for us.
We do not directly transfer any of your personal data outside the UK or the European Economic Area (EEA). However, some of our data processors may do so and this section explains the impact of these international transfers and how your information is protected.
Many of our data processors operate “cloud-based systems”, which means the information is held in information data centres in different locations. In some cases, they may hold copies of your personal information outside the UK or EEA.
In each case our processors and/or we employ one or more of the transfer safeguard mechanisms designated by data protection legislation, which are designed to help safeguard your privacy rights and give you remedies in the unlikely event of abuse. These include:
Please contact us (see below) if you want further information on the specific mechanisms used by our data processors when transferring your personal data out of the UK or EEA.
The personal data we hold about you is your data, and you have certain rights over the data under data protection laws. This section summarises the rights you have where your personal data is protected under UK data protection legislation.
For further information on each of these rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.
If you would like to exercise any of these rights, the easiest way is by dropping us an email (see “How to contact us” below).
At all times, you have the right to report a concern or lodge a complaint with the Information Commissioner’s Office. Please refer to the ICO at https://ico.org.uk/concerns/ or by calling them on 0303 123 1113. Of course, we hope that we can resolve your issue quickly and fairly ourselves.
If you are a user from the EU, you may also have the right to lodge a complaint before the competent supervisory authority of an EU Member State.
You have a right to object to any decisions being taken through the processing of your personal data by automated means if they produce legal effects concerning you or similarly significant effects on you. We can confirm that we do not undertake any automated decision-making, or profiling, based on the processing of personal data.
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. In addition, we limit access to your personal data to those employees, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
We may change this privacy notice from time to time by amending this page. This privacy notice was last updated on 15th February 2023.
If you have any questions, concerns or just want some more information about our privacy management, drop us a line at hello@piclo.energy.