Privacy Policy

Privacy Policy

Who we are?

 

Plug Me In Limited, Plug Me In (Heat) Limited and Environmental Energies Ltd, trading as Plug Me In(together “Plug Me In” or “we”, “us”, “our”, as the context requires) provide Electric Vehicle (EV) charge point, air source heat pump, solar panel and battery storage solution installation services to domestic customers and commercial organisations. Plug Me In Limited, Plug Me In (Heat) Limited and Environmental Energies Ltd are part of Calisen Group (Holdings) Limited (“Calisen”) group of companies.


With a focus on quality, Plug Me In, is large enough to manage a wide range of activities but small enough to care. We pride ourselves on our lean and flexible organisation. We adapt to the needs of our customers and use our technology to support our operational flexibility.

 

 

Your information

 

Your privacy is important to us, and we are committed to keeping your information secure and managing it in accordance with our responsibilities under applicable data protection laws.


This policy sets out the basis on which any personal data we collect from you through our website (www.plugmein.com) (“the Site”), or that you provide to us through the Site or via any other methods, will be processed by us.  Please read the following carefully to understand our policies and practices regarding your personal data and how we will treat it.


We reserve the right to change the contents of this policy at any time, by posting such changes on this Site.  It is your responsibility to familiarise yourself with the policy regularly to ensure that you are aware of any changes.

 

 

Information Collected

 

Whenever we use information, we always limit this to only the details that are needed and we ensure that it is used safely and securely. We require anyone we share information with, or who uses it on our behalf, to do so too. All our staff receive training on data protection and information security regularly.


We do not sell or trade your personal information.


There are no automated decisions made or profiling undertaken by Plug Me In.

 

We collect information when you:

 

  • purchase our services directly from us (Customers);
  • purchase our services through a third party (e.g. EV charge point manufacturer, energy supplier, car manufacturer, car leasing company etc.);
  • use our website or online services (Website Users);
  • are an employee (Employees);
  • apply for a job (Applicants);
  • work with us as a business partner (Business Partners);
  • request to receive our newsletters;
  • freely give your consent for us to share information with you about other products or services that maybe of interest to you.

 

collectively (“you”).

 

Services provided include:

 

  • Installing EV charge points in domestic and commercial properties;
  • Replacing existing EV charge points;
  • Installing air source heat pumps in domestic and commercial properties;
  • Replacing existing air source heat pumps;
  • Maintaining air source heat pumps; 
  • Installing solar panels in domestic and commercial properties;
  • Replacing existing solar panels;
  • Maintaining solar panels;
  • Installing battery storage in domestic and commercial properties;
  • Replacing battery storage;
  • Maintaining battery storage;
  • Processing of industry information;
  • Sending you our newsletters, where requested, and
  • Providing you with information about other products and services that maybe of interest to you, where you have consented.

 

 

Customers

 

1. If you purchase services directly from Plug Me In through the Site, Plug Me In is the data controller and you will be asked to provide the following personal information:

 

  • first, last name and suffix;
  • telephone number;
  • email address;
  • installation address;
  • invoice address, if different from above;
  • type(s) of service ordered;
  • your payment card details where you purchase the EV charge point outright - see below
  • electric vehicle ownership status;
  • details of the electric vehicle (to ensure the EV charge point is suitable and qualifies for any grant schemes, if applicable);
  • your payment card details where you purchase an air source heat pump;
  • details of the air source heat pump (if suitable and qualifies for any grant schemes, if applicable);
  • MPAN (for solar panels and battery storage solutions);
  • marketing consent, where freely given.

 

You may also provide us with some special category information on a voluntary basis, e.g. health conditions, if we need to be aware of this information to deliver our services to you.

 

Plug Me In will use such personal information to process your order, deliver the service ordered, to apply for any grant schemes (where applicable), to verify a landlord  (where appropriate) that you have permission to install the goods at a leased property that you do not own, to notify the Distribution Network Operator, to take payment for the services, to provide customer care services, to maintain our client relationship management systems. We may also need to conduct credit and fraud checks on business customers and certain officers of your business, such as your directors.

 

Where you have freely consented, we may also provide you with information about other products and services that we believe may be of interest to you.

 

2. If you are receiving our services through a third party then Plug Me In, is the data processor and the third party, is the data controller. You should review the privacy notices of your third party.

 

If the information we hold is as a result of a third party asking us to provide a service to you on their behalf, this relationship is governed by a contractual arrangement between the third party and Plug Me In. Therefore, most of this personal information is obtained from the third party and is processed by us in the context of providing our services to the third party. If you provide us with any information we will pass this to the third party because we are holding that information on their behalf. We need to process your personal information because the services provided have an impact on you.

 

The third party will have its own privacy notices that explain what information they collect and who they share it with. You should also review its privacy policy.

 

 

Businesses

 

If you purchase services from Plug Me In as a commercial enterprise, you will be asked to provide the following personal information about you, as a representative of a company, and about your company:

 

• first, last name and suffix,

• credentials,

• telephone number,

• email address,

• job title,

• mailing address,

• billing address and details,

• type(s) of service ordered,

• site specific details, including the MPAN (where relevant),

• name and address of company,

• name and address of relevant company officers,

• marketing consents.

 

Plug Me In will use such personal information to provide customer care services, to maintain our client relationship management systems, to detect, investigate, report and seek to prevent fraud and anti-money laundering, for example through know-your-customer checks, AML screening and other identity checks. We may also need to conduct credit and fraud checks on business customers and certain officers of your business, such as your directors. Where you have consented, we may also provide you with information about other products and services that may be of interest to you.

 

 

Third Party Service Providers that you may have contact with

 

Plug Me In uses Lowri Beck Services Limited, also part of the Calisen group, to provide some of the functions required to provide the services for example, pre-installation site surveys, call centre support, auditing and compliance.

 

Plug Me In uses a third party, Stripe Payments Europe, Ltd (“Stripe”), to securely process card and direct debit payments. This means that Plug Me In does not receive your payment card or bank account information. Plug Me In only receives the funds. Stripe may process your personal information outside of the United Kingdom and the European Economic Area. Please refer to the Stripe Privacy Policy on their website.

 


Plug Me In Limited and Plug me In (Heat) Limited use third parties, Jumptech Limited and Onroute.io Ltd, to provide secure platforms where Plug Me In can safely exchange information with Stripe, the third party (where appropriate), and yourself. These third parties may process your personal information outside of the United Kingdom and the European Economic Area. Please refer to their websites for further information Jumptech and Onroute. Environmental Energies Ltd uses Salesforce.com as their customer relationship management tool. They are based outside the European Economic Area. We have taken steps to ensure that the transfer will be compliant with data protection law and all personal data will be secure.

 

 

Website Users

 

You may visit the Site, but you cannot place an order without directly providing any information about yourself. Where we request specific information, we will always respect the personal information you send us and we will take reasonable steps to ensure your personal data is protected against unauthorised access. We will not request information unless it is necessary to do so and will ensure appropriate measures to keep information accurate, up-to-date and to prevent unauthorised disclosure.

 

If you commence direct communication via a website enquiry form, by telephone or by writing to us, your name and contact details (e.g. email address or telephone number), the nature of the enquiry and your message will also be collected and processed in order to respond to your query and to improve our services. We may use a third party email administrator to handle email enquiries.

 

You may sign up to receive our newsletter and/ or provide your consent to receive marketing information from us without placing an order with us.

 

 

Employees

 

We have an employee privacy notice that is available to all staff to inform them about how we handle their personal information which can be found on our central document management system.

 

 

Applicants

 

From time to time we recruit new employees. We may use a third-party agency, third party job boards to handle this process or directly through our website.

 

We will use the information that you provide to us through your application made through the Applicant Tracking System or as provide by agencies or, in exceptional circumstances, your Curriculum Vitae (“CV“),to assess your suitability for the role you have applied for with us.

 

There are no automated decisions made or profiling undertaken during the recruitment process. Any initial decisions made are reviewed by a member of the People Team.

 

We will invite a selection of applicants to an interview to assess in more detail the candidate(s) most suited to the role on offer, notes will be taken as part of the interview process.

 

If your application is successful, we will use a third party, currently Experian Ltd (“Experian”), to undertake background checks, including carry out a global sanction, Politically Exposed Person, an adverse media search and establishing your right to work in the United Kingdom. These checks will involve the collection of biometric data by the third party and is subject to their privacy policy. 

 

Experian also, on our behalf, seek references about you from your previous 5 years employer(s) or educational establishment(s) or relevant third parties as provided by you. If you do not provide this referee information your application will proceed no further.

 

We also use this third party to undertake basic Criminal Records check through the Disclosure and Barring Service for England and Wales and Disclosure Scotland for Scotland. These checks are necessary to meet legal obligations.

 

We may also need to carry out a driving licence check for certain roles, which we do through a third party link into the Driver and Vehicle Licensing Agency.

 

We may use the personal information you provide to make reasonable adjustments to enable an interview to take place in our workplace.

 

If you are not selected for interview for the specific role you have applied for, we may hold your CV in our HR system for up to 12 months and will consider you for other roles with us if you tell us that you are happy for us to use your personal information in this way. After this time, we will delete your personal information from our records.

 

If you decide not to accept the role offered, or if, as a result of the checks being carried out by us, the offer of employment is withdrawn, all the personal information and references received will be held in our HR Systems for up to 12 months from the date of rejection for legal purposes.

 

You will also be asked to provide equal opportunities information. This is not mandatory – if you don’t provide it, it won’t affect your application. We won’t make the information available to any staff outside our People  team, including hiring managers, in a way that can identify you. Any information you provide will be used to produce and monitor equal opportunities statistics. This information may also be shared with external equality and diversity auditors.

 

 

Business Partners

 

If you work with Plug Me In as a Business Partner or a service provider, we will collect personal information from you such as your business details or your employees or representatives first and last name, suffix, credentials, telephone number, email address, job title, mailing address, billing address and details, type(s) of services provided.

 

Most of the personal information is obtained directly from you. Some of your personal information may be obtained from other sources for instance, credit reference agencies.

 

We use this information to review / assess your suitability as a Business Partner or service provider, to comply with our legal obligations, to detect, investigate, report and seek to prevent fraud and anti-money laundering, for example through know-your-customer checks, AML screening and other identity checks and to meet our obligations under any contracts we have with you.

 

 

Legal basis for using your personal information

 

We will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis to do this. This may be because:

 

  • the processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract. For example, we collect your email address and phone number to provide you with service updates and to answer any of your queries;
  • the processing is necessary for compliance with a legal obligation to which we are subject to. For example, in order to set you up as a customer or business partner, we are obliged to carry out certain know-your-customer checks to prevent money laundering and fraudulent activities. This will involve the collection and verification of your personal information and checking your information against public sources to ensure we are dealing with reputable businesses;
  • the processing is necessary for the purposes of our legitimate interests as a commercial organisation, except where such interests are overridden by your interests or fundamental rights and freedoms. For example, we need certain personal and company information such as names and contact details of company representatives and officers, in order to assess your suitability as either a business partner or a customer, conduct due diligence on business partners and provide customers with our services;
  • the processing is necessary in order to protect the vital interests of an individual for example, an individual is admitted to the A & E department of a hospital with life-threatening injuries following a serious accident. The disclosure to the hospital of the individual’s medical history that we know about is necessary in order to protect their vital interests;
  • you have provided your freely given consent to receive information from us such as our newsletter and/ or marketing information.

 

There will be instances where the provision of your personal information will be necessary to enter into a contract with Plug Me In or to receive our services. However, unless otherwise specified, not providing your personal information will not result in legal consequences for you.

 

If you would like to find out more about the legal basis for which we process personal information, please contact us following the details below.

 

We share your personal information in the manner and for the purposes described below:

 

  • Within the Calisen group of companies. Calisen Group (Holdings) Limited is the parent company of, amongst others, Plug Me In Limited, Plug Me In (Heat) Limited, Calisen Metering Services Limited, Calisen Holdco 4 Limited and Environmental Energies Limited. Your personal data will be received by other Calisen entities where such disclosure is necessary to provide you with our services or to manage our business e.g. shared support function such as finance, the call centre, legal support, IT support etc.
  • With third parties who help manage our business and deliver services. To provide the services, including fulfilling contractual obligations to the EV charge point, air source heat pump, solar panel and battery solution suppliers, to apply for any grant scheme (where applicable), to notify the Distribution Network Operator, to perform administrative activities in connection with our services, Plug Me In engages external service providers such as fulfilment providers, legal services providers, website service providers, IT support service providers, delivery service providers, email administrators, payment card and direct debit processors (as detailed above) and customer service providers. When providing such services, the external service providers have access to and process your personal information. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will hold it securely and retain it for the period we instruct.
  • With third party regulators / enforcement bodies. To comply with legal and professional obligations, to cooperate with regulatory bodies, and to exercise, defend or protect our legal rights (or those of the EV charge point or air source heat pump manufacturers or third parties), Plug Me In may share personal information with law enforcement agencies (e.g. police), industry bodies (e.g. the Health and Safety Executive, The Department for Business Energy & Industrial Strategy) certifying bodies who ensure the quality of our services (e.g. EUSR, NICEIC, MOCOPA, MCS, NAPIT and Examining bodies), regulatory bodies / investigators (e.g. the Information Commissioner’s Office, OFGEM).  We will always respect the personal information you send us and we take reasonable steps to ensure your personal information is protected.

 

If, in the future, we sell or transfer some or all of our business or assets to a third party, we may disclose information to a potential or actual third party purchaser of our business or assets in accordance with applicable law.

 

To deliver the services, it is sometimes necessary to transfer your personal information outside of the United Kingdom to jurisdictions which have less stringent data protection laws to protect personal data.  This will typically occur when we use overseas service providers located outside the European Economic Area (EEA). These transfers are subject to special rules under data protection laws. If this happens, we will ensure that the transfer will be compliant with data protection law and all personal data will be secure. Our standard practice has been to use the ‘standard contractual clauses’ which have been formally approved by the European Commission and the relevant United Kingdom authorities for such transfers. Going forwards we will be using the Information Commissioners International Data Transfer Agreement.

 

 

How we protect and store personal information

 

Security

 

We have implemented and maintain appropriate technical and organisational security measures, policies and procedures designed to reduce the risk of accidental destruction or loss, or the unauthorised disclosure or access to such information appropriate to the nature of the information concerned.

 

Measures we take include:

 

• placing confidentiality and contractual requirements on our staff members and service providers;

• destroying or permanently anonymising personal information if it is no longer needed for the purposes for which it was collected;

• following strict security procedures in the storage, retention and disclosure of your personal information to prevent unauthorised access to it;

• using secure communication transmission software (known as “secure sockets layer” or “SSL”) that encrypts all information you input on our website before it is sent to us. SSL is an industry standard encryption protocol and this ensures that the information is reasonably protected against unauthorised interception; and

• protecting our own systems against potential attack from outside threats by using virus, software and malware protections, multi-factor authentication and conditional access giving layered protection of our VPN and communication devices.

 

Note: As the security of information depends in part on the security of the computer you use to communicate with us and the security you use to protect User IDs and passwords, please take appropriate measures to protect this information.

 

 

Storing your personal information

 

Your personal information will be retained as long as it is required for the purposes for which the data is collected e.g. as necessary to provide you with the services requested. Once our contractual relationship with you comes to an end, you may request that we remove your personal information unless statutory retention requirements apply (such as for taxation purposes) or in order to fulfil regulatory requirements.

 

We also retain your personal information if needed to establish, exercise or defend a legal claim.

 

 

Cookies

 

For further information, please view our cookie policy or e-mail dpo@calisen.com.

 

 

Legal rights available to help manage your privacy

 

We will take steps in accordance with applicable legislation to keep your personal information accurate, complete and up-to-date. Depending on the purposes of the processing, you have certain rights in relation to your personal information.


If your personal information has been collected by us as part of our provision of services to your third party, then we can only act on the instructions of the third party, and you may consider it helpful to consult your third party directly.

 

You have the following rights over your personal information:

 

  • the right to access the personal information that we hold about you,
  • to correct any incorrect information that we hold about you,
  • to object to us processing your personal information, if we are not entitled to use it anymore,
  • to have your information deleted if there is no compelling reason to continue processing it, or have its processing restricted in certain circumstances. There are however a number of exceptions to this where we are required to retain information under our contractual obligations to the third party, by law, by our regulators or to exercise or defend a legal claim,
  • to receive a copy of your information so that you can transfer it to a third party.

 

If you would like to exercise any of these rights, please contact us at the details provided below.

 

Before providing personal information to you or another person on your behalf, we may ask for proof of identity and sufficient information about your interactions with us so that we can locate and verify your personal information. Normally such requests are free of charge however, we reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.

 

We may not always be able to fully address your request, for example, where we hold your information on behalf of a third party, in which case we will advise you to contact your third party, if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.

 

You have a right to lodge a complaint with the Information Commissioner’s Office if you have concerns about how we are processing your personal information (further information, including contact details, is available at https://ico.org.uk).

 

We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.

 

Contact us:

 

The primary point of contact for all issues arising from this privacy notice is:

 

Contact: The Data Privacy Officer

Email: DPO@calisen.com

Telephone:  : 0161 220 1900

 

Postal address: Data Protection Officer, Plug Me In Limited/ Plug Me In (Heat) Limited/ Environmental Energies Ltd trading as Plug Me In, 5th Floor, 1 Marsden Street, Manchester M2 1HW.