This policy relates to the privacy of your personal data at Aura Gas Limited
Under the new General Data Protection Regulation (GDPR) which governs Data Protection, we are required to give you a clear understanding of how and why we process your data, and what our position is, in this relationship
We are the Data Controller
As we set the rules and reasons for collecting data from you, we are classed as the Controller of your personal data. This means it is our responsibility to ensure that the data we collect is controlled effectively, and protected at all times. Should you have any questions about the processing of your data contact us directly using the following methods: [post] Aura Gas Limited, Aura House, New Road, Havant, Hampshire, PO9 1DE. [Email] – firstname.lastname@example.org
Why we need your personal data and what we need to do with it.
Your personal data will be managed in accordance with the new General Data Protection Regulation (GDPR) under the following principles:
1. Lawfulness, Fairness and Transparency:
- We are required to process your personal data as part of the performance of your contract with Aura Gas Limited.
2. Purpose Limitation:
- Your data will only be collected for specified, contractual and legitimate purposes meaning that as well as using the data to perform your contract, we may use it for:
- Newsletter subscriptions
- Other products/services provided by Aura Gas limited that we may offer to you unless you tell us not to do so
3. Data Minimisation:
- We will not ask for more information than we need for the purposes for which we are collecting it
4. Data Accuracy:
- We will update our records when you inform us that your details have changed
5. Storage Limitation:
- We will retain your personal data for the length of time needed to complete the initial request and for a maximum of 3 years should you terminate the request.
6. Integrity and Confidentiality:
- We have implemented processes to protect the integrity and confidentiality of your personal data
Policies and processes we have to protect your rights as the ‘Data Subject’
Under the GDPR you have a number of ‘rights’ which you can exercise at any time. Should you wish to do so, please contact email@example.com . These rights might include:
- the right to access all of the data we process on you. This will be supplied to you within 1 month from the request being received.
- the right for any inaccurate data we hold on you to be corrected. We will make your amendments without undue delay
- Where the contract has ended but consent has been obtained to process your data, you may have the right to be forgotten and your personal data to be erased without undue delay. Where we require your data (for contractual reasons), your data will be removed once the term of the contract has expired
- the right to restrict us from processing your personal data, which can be reversed by you
- the right in certain circumstances to object to automated decision making, whereby we may use your data for profiling purposes to make a decision.
Transferring personal data
Due to the nature of the business, we work with a variety of GDPR compliant businesses who act as our processors which store and process your personal data on our instructions. Below is a list of the types of processors that we share your data with:
- Website hosting companies
- Customer Relationship Management Platforms
- Marketing platforms
- Finance companies
- Information Technology companies
- Secured servers
At no time does your personal information leave the EU.
Cookies are small files saved to the user’s computers hard drive that track, save and store information about the user’s interactions and usage of the website. This allows the website, through its server to provide the users with a tailored experience within this website.
Users are advised that if they wish to deny the use and saving of cookies from this website on to their computers hard drive they should take necessary steps within their web browsers security settings to block all cookies from this website and its external serving vendors.
Other cookies may be stored to your computers hard drive by external vendors when this website uses referral programs, sponsored links or adverts. Such cookies are used for conversion and referral tracking and typically expire after 30 days, though some may take longer. No personal information is stored, saved or collected.
Privacy and Personal Data for the Aura Gas Mobile Application
- Our mobile application helps you to manage your account and subscription services with Aura Gas. Our application allows you to manage your Google Nest thermostat device, as an alternative to using the Google Home or Nest devices directly.
- In order to perform this function, we require you to login through Google API Services using your Google login. This will allow us to access limited information about your account in order to provide you with information about your Nest thermostat and heating information from your home.
- We request only the minimal amount of information that we need in order to help you have control of your Nest heating devices from our mobile application. We do not transfer your information to any other parties, and do not use any information from your Nest Thermostat to identify you personally.
- When you login, we have access to only an authentication token, which we store on our servers to allow us to support the operations of our Google Nest management services purely within our mobile application. We store this token to ensure that you do not have to log in every time you open the application.
- Our application and services are only available in the UK, and we are registered with the Information Commissioners Office, and abide by all relevant local Data Protection laws. All information is stored within the UK on our secure servers.
How you can opt out of the storage of the service
Who is requesting your data
Information We Store About You
We do not store your Google user name, password or personal information at any time. We do not store information about your home or Nest Devices on our servers. Each time that you use our mobile application in order to manage your Nest Devices, we use your stored authentication token to request the live data from the Google Nest API. This data is stored temporarily within the session storage of your mobile device for the duration the mobile application is open, and no data is transferred to our servers.
Why we are requesting your Google User Data
Talking to us about your rights or this Notice
Should you wish to speak to us about the way we process your data, or wish to exercise your rights as listed above, please contact us on firstname.lastname@example.org or 02392 252171 However if you wish to direct your questions to the ICO, you can find their details at www.ICO.org.uk