Intercarabao Limited (“Intercarabao”, “we”, “us” or “our”) is committed to protecting the privacy and security of your personal information.
1. What is the purpose of this policy?
2. Who we are
Intercarabao is the owner and operator of the website at www.carabaoenergy.co.uk. We are a private limited company registered in England and Wales under company number 09557445. Our registered office is at Aquis House, 49-51 Blagrave Street, Reading, Berkshire, RG1 1PL.
Our contact details are:
Address: Aquis House, 49-51 Blagrave Street, Reading, Berkshire, RG1 1PL.
Tel: 0118 9073052
3. How we may collect your personal information
We obtain information about you when you use our website, for example:
- If you contact us, we will keep a record of that correspondence (for example, when you report a problem with our website or request technical support); and
- Details of your visits to our website including time, traffic data, communication data, location data, your ip address and your browser type and operating system
We may also collect and aggregate information about your computer for system administration and website analytics. this is statistical data about our users’ browsing actions and patterns and does not identify any individual.
You may also give us information when you:
- Enter into any of our competitions, promotions or surveys;
- Attend an event we sponsor;
- Purchase any of our products; and / or
- When you communicate with us through one of our social media platforms including, but not limited to, facebook, instagram and twitter.
4. The kind of information we hold about you
The information we hold about you may include the following:
- Your personal details (such as your name, address and other contact details);
- Details of any contracts we have had with you in relation to the supply, or the proposed supply, of our products;
- Details of any products you have received from us;
- Financial data such as your debit or credit card number and billing address; account number and sort code;
- Photographs or any visual recording of promotional events or winners of competitions;
- Our correspondence and communications with you;
- Information about any complaints and enquiries you may have submitted to us;
- Information from any research or surveys conducted by us in which you may have participated; and
- Information from any marketing activities to which you may have responded or in which you may have participated.
We do not collect any special categories of personal data about you (such as details regarding race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). We also do not collect any information about criminal convictions and offences.
5. How we use information we hold about you
We may use the information we hold about you in the following circumstances:
- In order to enhance your experience when you access our website, including administering the website for internal operations such as troubleshooting and responding to any errors you may come across when using our website, or to ensure that content from our website is presented in the most effective manner for you and for your device;
- For purposes necessary for the performance our contract with you, such as providing you with the products you have requested, or for steps preparatory to entering into a contract with you;
- For the purposes of communicating with you so as to keep you informed of our activities, products, events and events of third parties which we think you may enjoy, such marketing communications to be provided to you via email, subject to your prior consent if this is required;
- For the purposes of disseminating post-event publicity, for example where the winner of a competition’s photograph is used in our promotional materials, subject to your prior consent if this is required;
- To provide customer care and manage any complaints or requests, to seek your thoughts and opinions on the products we provide;
- To notify you about any changes to our products; and
- To comply with our legal obligations.
we will not pass your details on to third parties for marketing purposes, full stop.
we may process your information for the purposes of our own legitimate interest, provided that those interests do not override any of your own interest, rights and freedoms which require protection of your personal data. This includes processing for marketing, business development, statistical and management purposes.
We may process your personal data for certain additional purposes with your consent, and in these limited circumstances where your consent is required for the processing of your personal data then (i) we will request such consent from you separately, and (ii) you have the right to withdraw your consent to processing for specific purposes.
Please note that we may process your personal data on more than one lawful ground depending on the specific purpose for which we are using your data.
In some circumstances we may anonymise or pseudonymise your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you.
Change of purpose
Where we need to use your personal data for another reason, other than for the purpose for which we collected it, we will only use your personal information where that reason is compatible with the original purpose.
Should it be necessary to use your personal data for a new purpose, we will notify you and communicate the legal basis which allows us to do so before starting any new processing.
6. Data retention
We will only retain your personal data for as long as is necessary to fulfil the purposes for which it is collected. for example, where you have given us information for the purposes of a competition, such data will be held in order to assist with answering queries from entrants, if any, and will not usually be retained beyond 12 months from the competition’s close.
When assessing what retention period is appropriate for your personal data, we take into consideration:
- The requirements of our business and the products we provide;
- The purposes for which we originally collected the personal data;
- The lawful grounds on which we based our processing;
- The types of personal data we have collected;
- The amount and categories of your personal data; and
- Whether the purpose of the processing could reasonably be fulfilled by other means.
7. Legal basis for use of your personal information
We will only use your personal data when the law allows us to. most commonly, we will use your personal data on one of the following lawful bases:
- Where we need to perform the contract we are about to enter into or have entered into with you;
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; or
- Where we need to comply with a legal or regulatory obligation.
8. Third Parties
Why might we share your personal information with third parties?
we will share your personal information with third parties where required by law, where it is necessary to administer our relationship with you or where we have another legitimate interest in doing so. we are not in the business of selling your personal information to third parties!
Which third party service providers process my personal information?
Where permitted by the provisions of applicable law, Intercarabao may share such information from time to time with the following third parties: any agent, contractor, supplier, vendor, or third party service providers who provides administration, logistics or other services to Intercarabao which are relevant to the products which we provide to you or who otherwise assist us in conducting our business, such as printers, storage facilities, communications software, data hosting, call centre operations, and email management services.
What about other third parties?
We may share your personal information with other third parties, for example in the context of the possible sale or restructuring of the business. we may also need to share your personal information with a regulator or to otherwise comply with the law.
9. Transferring information outside the European economic area (“EEA”)
We will not ordinarily transfer the personal information we collect about you outside of the EEA. however, if any third parties by whom your personal data is to be processed are based outside the EEA so that their processing of your personal data will involve a transfer of data outside the EEA we will ensure a similar degree of protection is afforded to it by ensuring that at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European commission.
- Where we use certain service providers, we may use specific contracts approved by the European commission which give personal data the same protection it has in Europe.
- Where the third parties are based in the us, we may either use the above contracts approved by the European commission or we may transfer data to them if they are part of the eu-us privacy shield which requires them to provide similar protection to personal data shared between Europe and the us.
Please email firstname.lastname@example.org if you want further information on the specific mechanism to be used if we are to transfer your personal data outside of the EEA.
10. Data security
We have put in place commercially reasonable and appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. they will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
On notification of a breach the controller and investigating officer will be alerted with immediate effect (within 24hours). This will include details on when the breach occurred, a description of the breach type, cause and which system(s) is affected. the controller and officer will assess the breach; if required to do so they will contact the information commissioner’s office within 72 hours of becoming aware of the breach. Individuals or organisations whose personal data has been affected by the incident, and it has been considered likely to result in a high-risk breach will be informed without undue delay. all results from logs, testing and records of any personal data breach will be kept regardless of whether notification was required.
With immediate effect all account passwords will be erased and changed and the system taken offline until it is known to be secure. All user permissions are locked out except one root level admin account. All log files will be swept to identify the ip breaching point and black-list that ip range. Log files will also allow the processor to determine what level of access the breach reached.
Evaluation post-breach will involve an assessment of infrastructure, security and methodology, all of which will be reviewed and amended where necessary to ensure that no further breaches of this nature will be possible. The front-end and back-end structure are kept separately with data transmission occurring under an encrypted method. this ensures that if a front-end breach happens then no data is at risk.
11. Rights of access, correction, erasure, and restriction
Your duty to inform us of changes
Your rights in connection with personal information
Under certain circumstances, by law you have the right to:
- Request access to your personal information. This enables you to receive details of the personal information we hold about you and to check that we are processing it correctly.
- Request correction of the personal information we hold about you .
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information . This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party.
If you wish to exercise any of the above rights, please email email@example.com.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
12. Right to withdraw consent
In those circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose (for example, in relation to any direct marketing that you have indicated you would like to receive from us), you have the right to withdraw your consent for that specific purpose at any time. To withdraw your consent, please email firstname.lastname@example.org. we shall also include an option to unsubscribe in any communication we send to you.
You have the right to make a complaint at any time to the information commissioner's office (“ICO”), the uk supervisory authority for data protection issues (www.ico.org.uk). we would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Our contact details are:
Address: Aquis House, 49-51 Blagrave Street, Reading, Berkshire, RG1 1PL.
Tel: 0118 9073052