top of page
Privacy Policy
Sense Communications & PR Limited, Trading as Indoor Air Aware, user privacy notice
Registered name: Sense Communications & PR Limited
This privacy notice tells you what to expect us to do with your personal information.
-
Contact details
-
What information we collect, use, and why
-
Lawful bases and data protection rights
-
Where we get personal information from
-
How long we keep information
-
How to complain
Contact details
Email: contact@tariffchecker.co.uk
What information we collect, use, and why
We collect or use the following information to provide and improve products and services for clients:
-
Names and contact details
-
Addresses
-
Pronoun preferences
-
Marital status
-
Usage data (including information about how you interact with and use our website, products and services)
-
Website user information
We collect or use the following personal information for research or archiving purposes:
-
Names and contact details
-
Addresses
-
Website and app user journey information
We collect or use the following personal information for dealing with queries, complaints or claims:
-
Names and contact details
-
Address
-
Account information
-
Purchase or service history
-
Photographs
-
Customer or client accounts and records
Lawful bases and data protection rights
Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website.
Which lawful basis we rely on may affect your data protection rights which are in brief set out below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website:
Your right of access - You have the right to ask us for copies of your personal information.
You can request other information such as details about where we get personal information from and who we share personal information with. There are some exemptions which means you may not receive all the information you ask for. You can read more about this right here.
Your right to rectification - You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete. You can read more about this right here.
Your right to erasure - You have the right to ask us to delete your personal information. You can read more about this right here.
Your right to restriction of processing - You have the right to ask us to limit how we can use your personal information. You can read more about this right here.
Your right to object to processing - You have the right to object to the processing of your personal data. You can read more about this right here.
Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you. You can read more about this right here.
Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent at any time. You can read more about this right here.
If you make a request, we must respond to you without undue delay and in any event within one month.
To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.
Our lawful bases for the collection and use of your data
Our lawful bases for collecting or using personal information to provide and improve products and services for clients are:
-
Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
-
Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:
-
We receive energy bills information to help low income households to identify if there are savings to be made.
-
We will also be able to identify eligibility for the government's 11 decarbonisation schemes by accessing address data from the energy bill. This will result in more energy efficient homes and protecting people from the impact of fuel poverty.
-
Our lawful bases for collecting or using personal information for research or archiving purposes:
-
Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
Our lawful bases for collecting or using personal information for dealing with queries, complaints or claims are:
-
Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
Where we get personal information from
-
Directly from you
How long we keep information
Data is categorised into different classes based on sensitivity and operational necessity.
Each category has a defined retention period:
Data Category: Personal Data (Users)
Examples: Names, emails, addresses, account login info
Retention Period: 3 years from last activity
Data Category: Financial Data
Examples: Payment details, billing records
Retention Period: 7 years (for legal compliance) - TariffChecker.co.uk does not currently use financial data so this does not apply.
Data Category: Tariff Search History
Examples: Tariff comparison details, saved searches
Retention Period: 1 year (or until user deletion)
Data Category: Marketing Data
Examples: Newsletter signups, email marketing preferences
Retention Period: Until opt-out or user deletion
Data Category: Cookies & Analytics
Examples: Website behaviour, cookie data, user sessions
Retention Period: 6 months to 1 year (based on consent)
Data Category: Support Communication
Examples: Emails, chats, or other customer service logs
Retention Period: 2 years from resolution
Data Category: Employee Data
Examples: Contracts, payroll, and performance data
Retention Period: 6 years after employment ends
Data Category: Third-party API Logs
Examples: API calls, interactions with third-party services
Retention Period: 1 year from transaction
Legal and Regulatory Compliance
This strategy complies with the following key legal frameworks:
·UK GDPR: Ensures that personal data is not stored longer than necessary and is processed lawfully.
·Data Protection Act 2018: Requires careful handling, protection, and disposal of personal data.
·Financial Regulations: Data such as financial records and contracts are retained for 7 years, in line with tax and audit requirements.
Data Retention Procedures
The following procedures guide the management of data retention:
Data Collection and Consent
·All personal data collected must be associated with user consent, specifically for marketing, cookies, and analytical purposes.
·The user is informed of the data retention policies through the Privacy Policy at the point of data collection.
Storage and Access
·Data is stored in secure servers compliant with industry standards for encryption and access control (e.g., ISO/IEC 27001).
·Access to personal data is restricted to authorised personnel only.
Retention Periods
·Data retention is managed through a combination of automated and manual processes, ensuring data is kept only for the necessary period.
·Personal data of inactive users is archived after 3 years and deleted after 5 years unless legal obligations dictate otherwise.
·Financial and contractual data is securely archived for 7 years to meet audit and regulatory requirements.
Data Minimization
·Only data necessary for operational, legal, or analytical purposes is retained.
·Regular audits are conducted to ensure that excess or obsolete data is securely deleted.
Data Disposal and Deletion
·Upon reaching the end of the retention period, data will be automatically or manually deleted.
·Data deletion is conducted using GDPR-compliant methods, ensuring it is unrecoverable (e.g., encryption-based deletion, secure shredding for paper data, DOD-compliant digital wiping).
·Users can request deletion of their personal data at any time by submitting a Data Subject Request (DSR).
How to complain
If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.
If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
Website: https://www.ico.org.uk/make-a-complaint
Last updated
7 October 2024
bottom of page