Privacy & Cookie Policy
About us & our policy
This Privacy and Cookie Policy is provided by Passiv UK Limited (“Passiv” or “we” or “us”)
If you submit an enquiry on our web site, have bought our services directly from us, are a user of the application used to control the Passiv Smart Thermostat (“Passiv App”), or we have advised you to this effect when you signed up for your account, we process your data as a ‘controller’ for the purposes of the General Data Protection Regulation (EU) 2016/679.
However where you are not a user of the Passiv App and have been provided access to our services by another company (such as the company who sold you the in-home hub or company which installed the in-home hub, the “Seller“), we process personal data as a “processor” on behalf of the controller and the Seller will be the controller.
In both instances, this Privacy and Cookie Policy describes how we handle your information in order to provide our services and cookies used on our website, portal and applications. We take your privacy very seriously. We ask that you read this Privacy and Cookie Policy carefully as it contains important information about our processing and your rights.
How to contact us
If you need to contact us about this Privacy and Cookie Policy, use the details below:
The Data Protection Manager
Address: Benyon House, Newbury Business Park, Newbury, Berkshire, RG14 2PZ, United Kingdom
Telephone number: 01635 525050
Email: dataprotection@passivuk.com
Changes to this privacy and cookie notice
The Privacy and Cookie Policy will be provided to you when you open an account with us and the latest version can always be found on our website.
We may change this Privacy and Cookie Policy from time to time. We will alert you by posting a notice on our website when changes are made.
Current version: 2.0
Last updated: 23/09/2024
Useful words and phrases
Please familiarise yourself with the following words and phrases (used in bold) as they have particular meanings in the Data Protection Laws and are used throughout this Privacy and Cookie Policy:
Term | Definition |
---|---|
controller | This means any person who determines the purposes for which, and the manner in which, any personal data is processed. |
criminal offence data | This means any information relating to criminal convictions and offences committed or allegedly committed. |
Data Protection Laws | This means the laws which govern the handling of personal data. This includes the General Data Protection Regulation (EU) 2016/679 and any other national laws implementing that Regulation or related to data protection. |
data subject | The person to whom the personal data relates. |
personal data | This means any information from which a living individual can be identified. This will include information such as names, and telephone numbers, addresses and e-mail addresses when associated with names. It will also include expressions of opinion and indications of intentions about data subjects (and their own expressions of opinion/intentions). It will also cover information which on its own does not identify someone but which would identify them if put together with other information which we have or are likely to have in the future. |
ICO | This means the UK Information Commissioner’s Office which is responsible for implementing, overseeing and enforcing the Data Protection Laws. |
processing | This covers virtually anything anyone can do with personal data, including:
|
processor | This means any person who processes the personal data on behalf of the controller. |
special categories of data | This means any information relating to:
|
What personal data do we collect
Information provided by you
We collect the following information from you:
- Account information: When you sign up to participate in or receive a service from Passiv UK or register with PassivLiving we will ask for personal information about you, including your name and e-mail address. Different web pages may ask for different personal information. If you have technical issues and raise a support call or otherwise make enquiries about your account, we will keep that information together with the contact details you supply such as your home or mobile telephone number on record with your account.
- Access information: When you access Passiv UK’s services via a browser or application, our system automatically records certain information such as your web request, your interaction with a service, Internet Protocol Address (IP Address – a number that can uniquely identify a specific computer or other network device on the internet), browser type, browser language, the date and time of your request and one or more cookies that may uniquely identify your browser or your account.
- Location information: Passiv UK’s services relate to your home, and as such if you use those services, Passiv UK will receive information about the actual location of your home e.g. post code so that we may obtain local weather information.
- Occupancy information: our in-home hub device records your occupancy schedule, which (depending on the services you take from us) may include the times you use energy, how you use your household appliances, your lighting and heating, the energy efficiency of your home and the amount of energy generated from Solar PV installations.
- General enquiry information: If you submit a general enquiry to us, we will need to know your name and contact details in order to respond to your query. If you already have an account with us, we may link the enquiry to your account information.
We will not collect any special categories of data from you
Personal information provided by third parties
If you bought our services from a Seller, the Seller will in some cases have provided us with personal data such as Account information (set out above) so we can verify that you are entitled to access our services.
Why do we process your personal data?
We use your personal data for the following purposes listed in this section. We are allowed to do so on certain legal bases (please see section How is processing your data lawful for further detail).
Purpose | Explanation | Legal base |
---|---|---|
General enquiries |
| Legitimate interests |
Access to the portal |
| Contract |
Utilising the Passiv App |
| Contract |
In order to provide our services in accordance with the contract you have with us or the Seller |
| Contract |
Managing and improving our website, portal and apps |
| Legitimate interests |
Marketing | Where you have consented, or where you are a direct customer of ours, we may send you information about our other products and services which we think will be of interest to you. | Legitimate interests or consent |
We may use information generated through our customers’ use of our services for research and product development purposes but information used in this way is always anonymised so it does not reveal your identity or anything about you.
How is processing your personal data lawful?
Personal data
We are allowed to process your personal data for the following reasons and on the following legal bases:
Legitimate Interests
We are permitted to process your personal data if it is based on our ‘legitimate interests’ i.e. we have good, sensible, practical reasons for processing your personal data which is in the interests of Passiv UK or a third party, such as the Seller. To do so, we have considered the impact on your interests and rights, and have placed appropriate safeguards to ensure that the intrusion on your privacy is reduced as much as possible. The table below explains the personal data processed on this basis.
You can object to processing that we carry out on the grounds of legitimate interests. See the section Your Rights to find out how.
Contract
It is necessary for our performance of the contract you have agreed to enter with us or which you have entered with a third party, such as the Seller. If you do not provide your personal data to us, we will not be able to carry out our obligations under the terms of your contract.
Consent
Sometimes we want to use your personal data in a way that is entirely optional for you, such as to provide you with information relating to other products and services that you may be able to obtain from us. On these occasions, we will ask for your consent to use your information. You can withdraw this consent at any time.
Who will have access to your personal data?
Our key service providers that act as our processors who will store and process your personal data are Rackspace Limited, Amazon Web Services, Mailchimp, and Hubspot.
Like any business, we rely on a variety of providers of other services to operate. If you would like to know the names of our other service providers please contact us using the details at the start of this Privacy and Cookie Notice.
Other than as set out in this Privacy and Cookie Notice, we will only share your personal data with other companies or individuals outside Passiv UK if we have your specific consent or where required to do so to comply with law, the police or other law enforcements or regulators.
We may share ‘anonymised’ information (such as statistical data which does not refer to any individual specifically and which is not therefore classified as personal data), with other parties for example for the purposes of product enhancement.
Transfers of your personal data outside the EEA
We may use Mailchimp to send registration and other service emails to you. It may transfer your personal data outside the European Economic Area, for the purpose of delivering emails to you. MailChimp participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S Privacy Shield Framework. It is committed to subjecting all Personal Information received from European Union (EU) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles
Any transfer of your data will be carried out in accordance with the law to safeguard your privacy rights and give you remedies in the unlikely event of a security breach or to any other similar approved mechanisms. If you want to know more about how data is transferred, please contact us using the details in the section above.
How we keep your personal data secure
We strive to implement appropriate technical and organisational measures in order to protect your personal data against accidental or unlawful destruction, accidental loss or alteration, unauthorised disclosure or access and any other unlawful forms of processing. We aim to ensure that the level of security and the measures adopted to protect your personal data are appropriate for the risks presented by the nature and use of your personal data. We follow recognised industry practices for protecting our IT environment and physical facilities.
When will we delete your data?
We will hold your personal information on our systems for as long as is necessary to enable us to continue to provide the service to you.
In the case that you wish to cease receiving services from us, you should write to us at support@passivuk.com and we will mark your account for deletion.
When an account is marked for deletion, your personal data stays on the system for a period of up to one year before being deleted. We retain the data for up to one year in order to enable us to have a reasonable amount of time to deal with any queries which you may have in relation to the services which we have provided to you.
Your Rights
As a data subject, you have the following rights under the Data Protection Laws:
- the right to object to processing of your personal data;
- the right of access to personal data relating to you (known as data subject access request);
- the right to correct any mistakes in your information;
- the right to ask us to stop contacting you with direct marketing;
- the right to prevent your personal data being processed;
- the right to have your personal data ported to another controller;
- the right to withdraw your consent;
- the right to erasure; and
- rights in relation to automated decision making.
These rights are explained in more detail below. If you want to exercise any of your rights, please contact us (please see How to contact us).
We will respond to any rights that you exercise within a month of receiving your request, unless the request is particularly complex, in which case we will respond within three months.
Please be aware that there are exceptions and exemptions that apply to some of the rights which we will apply in accordance with the Data Protection Laws.
Right to object to processing of your personal data
You may object to us processing your personal data where we rely on a legitimate interest as our legal grounds for processing.
If you object to us processing your personal data we must demonstrate compelling grounds for continuing to do so. We believe we have demonstrated compelling grounds in the section headed “How is processing your personal data lawful“.
Right to access personal data relating to you
You may ask to see what personal data we hold about you and be provided with:
- a copy of the personal data;
- details of the purpose for which the personal data is being or is to be processed;
- details of the recipients or classes of recipients to whom the personal data is or may be disclosed, including if they are overseas and what protections are used for those overseas transfers;
- the period for which the personal data is held (or the criteria we use to determine how long it is held);
- any information available about the source of that data; and
- whether we carry out an automated decision-making or profiling, and where we do, information about the logic involved and the envisaged outcome or consequences of that decision or profiling.
To help us find the information easily, please provide us as much information as possible about the type of information you would like to see.
Right to correct any mistakes in your information
You can require us to correct any mistakes in your information which we hold. If you would like to do this, please let us know what information is incorrect and what it should be replaced with.
Right to restrict processing of personal data
You may request that we stop processing your personal data temporarily if:
- you do not think that your data is accurate. We will start processing again once we have checked whether or not it is accurate;
- the processing is unlawful but you do not want us to erase your data;
- we no longer need the personal data for our processing, but you need the data to establish, exercise or defend legal claims; or
- you have objected to processing because you believe that your interests should override our legitimate interests.
Right to data portability
You may ask for an electronic copy of your personal data which we hold electronically and which we process when we have entered into a contract with you. You can also ask us to provide this directly to another party.
Right to withdraw consent
You may withdraw any consent that you have given us to process your personal data at any time. This means that we will not be able to carry out any processing which required use of that personal data.
Right to erasure
You can ask us to erase your personal data where:
- you do not believe that we need your data in order to process it for the purposes set out in this Privacy Notice;
- if you had given us consent to process your data, you withdraw that consent and we cannot otherwise legally process your data;
- you object to our processing and we do not have any legitimate interests that mean we can continue to process your data; or
- your data has been processed unlawfully or has not been erased when it should have been.
Rights in relation to automated decision making
We do not make any decisions by automated means regarding your personal data.
What will happen if your rights are breached?
You may be entitled to compensation for damage caused by contravention of the Data Protection Laws.
Complaints to the regulator
It is important that you ensure you have read this Privacy and Cookie Notice – and if you do not think that we have processed your data in accordance with this notice – you should let us know as soon as possible. You may also complain to the ICO. Information about how to do this is available on his website at www.ico.org.uk.
Cookies
We use cookies and analyse the information they provide to enhance your user experience. This information is not used to develop a personal profile of you.
What is a cookie?
A cookie is a small amount of data, which often includes a unique identifier that is sent to your computer or mobile phone (referred to here as a “device”) browser from a website’s computer and is stored on your device’s hard drive. Each website can send its own cookie to your browser if your browser’s preferences allow it, but (to protect your privacy) your browser only permits a website to access the cookies it has already sent to you, not the cookies sent to you by other sites. Many sites do this whenever a user visits their website in order to track online traffic flows.
If personal data is collected, websites and apps must get consent to send cookies to your computer or mobile device unless the cookies are strictly necessary to provide services to you. You can withdraw your consent to those cookies at any time even if you have previously consented. Our website and apps only collect personal data through cookies which are strictly necessary to provide services to you.
How do we use cookies?
The table below explains what cookies we use on our website and app and why we use them.
It notes whether they are:
- Strictly necessary cookie. These cookies are essential to enable you to receive a service on a website or app such as logging in to the portal or app
- Functionality cookie. These cookies allow the website or app to remember choices you make (such as your log in details) and customised preference settings. They also enable enhanced, more personal features, e.g. a website or app may be able to provide you with local weather reports by using a cookie to remember which region you are in. Information collected by “functionality” cookies may or may not be anonymised, but they cannot track your browsing activity on other websites
- Performance cookie. These cookies collect information about how visitors use a website or app, for instance, which pages visitors go to most often and if they get error messages from web pages or screens. These cookies do not collect information that identifies a visitor. Any information collected by these cookies is anonymous. We only use such information to improve our website and app.
We also state in the table whether a cookie is a “persistent” or “session” cookie. The difference is that:
- Persistent cookies remain on your device between browsing sessions. They are activated each time you visit the website that created that particular cookie. For example, where a “persistent cookie” is used on a website to remember your log-in details, you will not need to enter those details each time you visit that website.
- Session cookies allow website operators to link the actions of a user during a browser session. A browser session starts when you open the browser window and finishes when you close the browser window. Session cookies are created temporarily. Once you close the browser, all session cookies are deleted.
Cookie | Name | Purpose | Cookie type | Persistent/Session | More Info |
---|---|---|---|---|---|
PassivLiving | Accepted Cookies | Records that the user acknowledged the cookie policy when they logged in | Strictly Necessary Cookie, Functional Cookie | Session | Stores a simple true/false value |
Registered | Records that the user has successfully logged in | Strictly Necessary Cookie, Functional Cookie | Persistent | Stores a simple true/false value | |
Username | Records the username of the currently logged in user | Strictly Necessary Cookie, Functional Cookie | Persistent if ‘stay logged in’ selected, session otherwise | Stores the current username | |
Secret | Records information required to support user’s login | Strictly Necessary Cookie, Functional Cookie | Persistent if ‘stay logged in’ selected, session otherwise | Stores a value known to the browser and server for carrying out verification of the user | |
Token | Records the current user’s authentication token | Strictly Necessary Cookie, Functional Cookie | Persistent if ‘stay logged in’ selected, session otherwise | Stores the access token for the current user | |
PassivPro | Agent Name | Records the name of the agent that the currently logged in user is associated with | Strictly Necessary Cookie, Functional Cookie | Persistent if ‘stay logged in’ selected, session otherwise | Stores the name of the business current user has logged in as |
Agent ID | Records the internal identification for the agent that the currently logged in user is associated with | Strictly Necessary Cookie, Functional Cookie | Persistent if ‘stay logged in’ selected, session otherwise | Stores our reference for the business current user has logged in as | |
Agent Country Code | Records the country code for the agent that the currently logged in user is associated with | Strictly Necessary Cookie, Functional Cookie | Persistent if ‘stay logged in’ selected, session otherwise | Stores the country code of the business current user has logged in as (e.g., GB) | |
Username | Records the username of the currently logged in user | Strictly Necessary Cookie, Functional Cookie | Persistent if ‘stay logged in’ selected, session otherwise | Stores the current username | |
Token | Records the current user’s authentication token | Strictly Necessary Cookie, Functional Cookie | Persistent if ‘stay logged in’ selected, session otherwise | Stores the access token for the current user | |
Registration | Registration Flow State | Records all the details entered as part of the registration process | Strictly Necessary Cookie, Functional Cookie | Session | Captures all the input registration data in an encoded form. Data is held until the end of the registration process when it is used to set up the user’s account and services |
PassivLiving App and Passiv App | User Details | Records the user details and authentication information to allow the user to remain logged in | Strictly Necessary Cookie, Functional Cookie | Persistent within the App while the user is logged in. Cleared on logout | Stores the current username, encrypted password, current access token, and server on your device |
User Settings | Records the user’s settings for the App | Strictly Necessary Cookie, Functional Cookie | Persistent | Stores simple true/false app preferences and onboarding status | |
passivuk.com | cookieyes_consent | Used to save if the user has hidden the cookie challenge | Performance Cookie | Persistent. Expires after 1 year | |
_ga | Used to distinguish users | Performance Cookie | Persistent. Expires after 2 years | 3rd Party. Part of Google Analytics integration | |
_gat | Used to throttle request rate | Functional Cookie | Persistent. Expires after 1 minute | 3rd Party. Part of Google Analytics integration | |
_gid | Used to distinguish users | Performance Cookie | Persistent. Expires after 24 hours | 3rd Party. Part of Google Analytics integration |