We take data privacy and security very seriously. This policy is intended to help you understand why we are collecting this data, how we will use it, how we will protect it, and what control you have over how we use it, protect it and dispose of it.
Since 2018, all businesses must comply with the GDPR – regulations that cover the collection, processing and security of Personal Data. Personal data is any information about you which used alone, or combined with other information, would enable someone to identify you.
By that definition, we do not collect personal data, except where we have stored consent forms. Even so, we have strict policies around how we manage data and always seek consent from householders using a process that is intended to mirror most requirements of the GDPR.
What data are we collecting?
Purrmetrix uses environmental data from buildings to help landlords and householders understand more about how well these buildings operate. This means our sensors will capture environmental data (typically temperature, humidity and CO2 measurements) and transmit it back to a web service where we visualise the data and calculate metrics of performance.
To do this, it is not necessary for us to know anything about you as a householder. We will only collect name or email details to allow us to share data and information from your house with you via our web service or phone app. We will collect a partial address for your home in some circumstances.
We will collect personal data from you in the form of your name and address on this consent form. You have rights over this data under GDPR (see section: Your rights)
Why do we need to collect this data?
As we are collecting data from your home we must be clear about why we are doing this. In this situation this data may be collected for one or more of the following reasons:
Contract Basis We need the environmental data to allow us to supply services to you/ our customers.
Consent Basis You have given us consent to hold your data and process it to provide services that should improve the performance of your home.
What do we do with the data from your house (how we process it)
The Company will only process environmental data from your house for the following purposes:
- Providing access to records and analysis of environmental data for each site; this will include the original data and some calculations we perform on it
- Testing new calculations that we believe might be better ways to measure the performance of your house
- Complying with applicable law, guidelines and regulations or in response to a lawful request from a court or regulatory body;
How we manage the environmental data
Your environmental data is held electronically as appropriate and is accessible by our customer and a limited number of Purrmetrix employees who require the information to enable them to assist in the running of the business.
Purrmetrix takes all reasonable precautions to prevent the loss, misuse or alteration of environmental data about your home. It is held on password protected computers or is accessed by password protected smart phones. Again only a limited number of authorised employees have access to this electronic information. Details of these and our other policies concerning security are available on request.
To ensure environmental data cannot be identified, the databases used for storing environmental data are kept separate from partial addresses, any location data or data that identifies our customers. This anonymous environmental data may be retained to help us develop further analyses and metrics for future customers.
Who do we pass data to?
As a general principal, the company does not share data with third parties. A limited exception may be made for certain performance metrics that are provided by our supply partners which require environmental data for their calculation. In these cases it is subject to a confidentiality agreement and the data protection rules of our suppliers.
Your rights over personal and environmental data
The GDPR gives you a number of rights over personal data and the Company will comply so far as it is able, with any requests that you make in this respect.
These rights include:
Right of access (sometimes also called a subject access request)
- You have the right to obtain confirmation from us that we are not processing your Personal Data.
- You have the right to obtain a copy of your Personal Data – this can help you check that we are not holding any identifiable data
Right of rectification
You have the right to have Personal Data rectified if it is misleading or incorrect.
Right to erasure (sometimes called the right to be forgotten)
You have the right to have your Personal Data erased if:
- it is no longer needed for the purpose for which we originally collected or processed it.
- there is no overriding legitimate interest to continue this processing.
- we have processed the Personal Data unlawfully.
- we have to comply with a legal obligation.
Right to restrict processing
You have the right to restrict the way that we use your Personal Data.
This is usually for a limited period e.g. if you have asked us to investigate the accuracy of the Personal Data that we hold, you may also request that we cease processing it. During this time, we will not process the Personal Data but will simply store it
Right to data portability
If we have a contractual relationship with you, or carry out processing by automated means, you have the right to request that we transfer your Personal Data to you or to another data controller in a structured, commonly use and machine readable format.
This enables you to use and re-use your Personal Data across a number of different IT environments in a safe and secure way.
Right to object
You have the right to request us to stop processing your Personal Data if:-
- It is used for direct marketing (the Company never uses your Personal Data for direct marketing).
- the lawful basis is legitimate interests. If there are legitimate grounds to continue processing the Personal Data which override your interests, the request will be refused.
If you wish to make a request in respect of any of these rights, you may contact us by post, e-mail, website request or by telephone or in person. We may then contact you to confirm the nature of the request and we may possibly ask you for ID to ensure that we do not disclose Personal Data to the wrong person.
We will then comply with your request within one month of receiving it or of receiving further details or ID if required. We will provide the information in whatever form you require but please note that we cannot give you remote access to our server. We will not charge a fee unless the request is manifestly unfounded or excessive or if you have previously requested and received the same information. We will not provide information about your Personal Data if the request comes from a third party (e.g. another professional or a relative) unless that third party provides evidence of its authority to make such a request on your behalf.
If you wish to lodge a complaint with a supervisory authority
If you have a complaint, we would very much hope that you would first raise it with us as we would welcome the opportunity to sort it out, however if we cannot do so or if you wish to raise the matter direct with the ICO, the contact details are set out below.
For queries about the content of this Privacy Information Notice or for further information or to make a request, please contact our Data Protection Officer, Chris Howell:
Telephone: 01223 967301
By post:1 Old Pound Yard, High Street, Great Shelford, Cambridge CB22 5EH