Kaluza FLEX Privacy Notice
We take privacy seriously. This notice tells you who we are, what data about you we collect and what we do with it. Please read it carefully.
Our mission at Kaluza is to drive the transition to an intelligent zero carbon energy system. We do this by enabling energy retailers and connected energy device manufacturers to power experiences that help customers to better understand their energy consumption and - where customers have the appropriate connected smart devices (like electric vehicles, home batteries and smart heating or cooling systems) - shift energy consumption to periods with lower cost and lower carbon intensity generation that are better aligned with the needs of the electricity grid.
Where we refer to “Kaluza”, “we”, “us” or “our” in this privacy notice we mean Kaluza Limited, a company registered in England and Wales, whose registered office is at 69 Notting Hill Gate, London, W11 3JS.
The responsible data controller is Kaluza Limited (12218299)
This privacy notice applies to your use of the Smart Charging Application, be that a web application or an application that can be downloaded (collectively the “App”) as installed onto your mobile telephone, tablet or other device (“Device”), that provides services relating to the charging of your connected energy devices (“Connected Energy Devices”) such as electric vehicles, home batteries, smart heating or cooling systems (the “Services”). Please also read any terms relating to the Service you are using. They provide more information about how we provide that Service, and any restrictions that may apply to the use of that Service.
We will collect personal data about you in the following ways:
We may collect various types of personal data about you when you access and/or use the Services, including:
Types of data we might collect from you | What this data covers |
Identity and Contact data Data necessary to identify and contact you |
|
Account data |
|
Profile and Consent Data |
|
Hardware Data Data relating to the Connected Energy Devices you use to access the Services |
|
Energy Data |
|
Third-Party Account Data | Information relating to accounts you hold with third parties which allows us to link the Connected Energy Device you use to access our Services with your Connected Energy Device or energy retailer accounts, such as account identifiers or references. |
Technical Data Data about the Device you use to connect to our Services |
|
Device Data Each time you use the App, it may automatically access from or store the following data to your Device |
|
Log Data Details of your use of the App |
|
The App may also use your preference settings from your Device to provide you with push notifications. You may opt out of receiving push notifications by turning them off in your Device's settings.
Purpose | Why |
To provide our Services to you, such as smart charging of your electric vehicle via our App. | We will use your data on the basis of our contract with you to provide the Service. |
To provide customer support services, including via the App. | We will use your data on the basis of our contract with you to provide the Service. |
To generate analysis and insights relating to your use of our Services which allow us to improve our Services, including data relating to your usage of specific features of the Services, such as smart charging of your electric vehicle. | We may use your data on the grounds that we have a legitimate business interest to analyse the use of our Services, to improve our business service and performance. |
To develop our products and Services, including on the basis of user research. | We may use your data on the grounds that we have a legitimate business interest to enhance and improve our products and Services, as well as to develop new products and services. |
For security and authentication purposes, including the collection and processing of Device Data and Log Data. | This data is collected automatically through various means such as log processing and device monitoring. We use your data for these purposes on the basis that we have a legitimate business interest in ensuring the confidentiality, integrity and security of our digital infrastructure that is not overridden by your interests, rights and freedoms to protect data about you. |
To comply with our legal obligations. | Where necessary, we will use your data to comply with our legal obligations. |
Where we do not base our use of data about you on one of the above legal bases, we will ask for your consent before we process the data (these cases will be clear from the context).
In some instances, we may use data about you in ways that are not described above. Where this is the case, we will provide a further notice that explains such use. You should read any supplemental notice we provide alongside this notice.
We also get your personal data from the following third-party sources:
Third party sources | Types of data |
Energy Suppliers |
|
Connected Energy Device Manufacturers |
|
We monitor your electric vehicle usage habits, including how much you charge, how fast you charge, when and where you charge. This data is used to automatically plan and apply charging schedules to your electric vehicle when you are plugged in at your home charger.
We may share data about you with:
Third-party | Description |
Our third-party suppliers, partners and subcontractors | They offer, review and/or receive services in relation to our website / app, services and/or products. They include
|
Any company that's a member of OVO group | OVO Group includes any of the companies listed at the top of this document. Plus, our businesses in the wider OVO Group such as OVO Energy, CORGI, Field Force, Kantan, and The Renewable Exchange, OVO Home Plan as well as other subsidiaries of OVO Group Limited from time to time. |
Your energy retailer/utility provider | We may share
|
Connected Energy Device partners who provide access to your Connected Energy Device | To provide enhanced services such as discounted energy or rewards for the Services delivered with your Connected Energy Devices |
Distribution system operators or electricity network operators | Who deliver the electricity network in your local area - to use the Services to support the electricity grid. |
Transmission system operators or electricity market operators | Who help balance the grid on behalf of energy generators, electricity network companies and consumers - to use the Services to support the electricity grid. |
Grid service partners, | Who provide aggregation or access services to the electricity network operators or electricity market operators - to use the Services to support the electricity grid. |
Regulatory authorities, government departments and in response to a request from law enforcement authorities or other government officials | If we have good reason to think we’ve got a duty to do it, we’ll give out your data to meet any legal obligation – where your data might be needed to meet national security or law enforcement needs, or to stop illegal activity. |
Anyone who buys our business, any other business we buy or merge with, and/or a new data controller | If we sell or merge any of our businesses or assets, or if we do any internal reorganisations, your personal data might be one of the assets that goes to the buyer and/or new data controller. This includes transferring data to a potential purchaser for due diligence purposes before the purchase takes place. |
A third party, such as police or legal representative | We would need to share your data with these third parties as part of enforcing our terms and conditions, or any other agreement. This might also happen when we’re replying to any claims, or protecting the following: our rights, or the rights of a third party, or the safety of any person. We might also do this to stop any illegal activity. |
Professional advisers | These advisers could be lawyers, bankers, auditors, and insurers who offer consultancy, banking, legal, insurance and accounting services. |
Your personal data is kept for as long as it is necessary for the purposes for which it was collected. After this period your personal data is securely destroyed or anonymised. The period will vary depending on the purposes for which the data was collected.
We (or a third party who we share personal data with) might host, store, and handle that personal data outside of the UK or the European Economic Area (EEA). If we transfer personal data to a third party outside of the UK or EEA, we will, as required by applicable law, ensure that your privacy rights are protected by appropriate safeguards, such as the standard contractual clauses for the transfer of personal data outside of the EEA as approved by the European Commission or outside of the UK as approved by the ICO. If you would like more data about these safeguards, please contact us using the details in the “Who should you contact with questions?” paragraph below.
We implement appropriate technical and organisational measures to protect personal data that we hold from unauthorised disclosure, use, alteration or destruction. Where appropriate, we use encryption and other technologies that can assist in securing the data you provide. We also require our service providers to comply with strict data privacy and security requirements.
You may have some or all of the following rights in respect of data about you that we hold:
The rights you have depend on the laws of your country. If you are in the UK or the EEA, you will have the rights set out above. If you are elsewhere, you can contact us (see the paragraph “Who should you contact with questions?”) to find out more.
Personal data may be exempt from the requests above, in certain circumstances. We could need to keep processing your personal data because of our interests, or to meet a legal obligation. If an exemption applies, we’ll tell you when we reply to your request. We might ask you to give us some data to confirm your identity before we reply.
If you have any questions, or wish to exercise any of your rights, please contact dataprotection.support@kaluza.com.
If you have a complaint or concern, please contact us in the first instance so that we can try to resolve the issue. You also have the right to contact the UK data protection authority, the Information Commissioner’s Office, with any complaints or concerns. They can be reached at: https://ico.org.uk/make-a-complaint/. If we cannot resolve your questions or concerns, you also have the right to seek a judicial remedy before a national court.