The Snugg Privacy Notice
We’re Snugg. Our online platform helps improve your home’s energy efficiency. Here’s how we protect your data and respect your privacy.
Our role in your privacy
If you are a Snugg customer, or just visiting our website, this notice applies to you.
If you are a Snugg customer or a visitor to our website, or any website that links to this privacy notice, we (Arniston Limited, company number SC707743) act as the “data controller” of your personal data. This means we collect, use and share information about you in accordance with this Notice. Unless we are relying on your explicit consent, your continued use of our services, whether through our website, our web application or otherwise, indicates you acknowledge the use of your personal data by us and other parties as set out below.
Our registered address is The Bayes Centre, 47 Potterrow, Edinburgh, EH8 9BT. We are registered as a data controller at the UK Information Commissioner’s Office under number ZB306088. You can write to us at the address above or email us at firstname.lastname@example.org.
This Data and Privacy Notice is subject to the laws of Scotland and the exclusive jurisdiction of the Scottish Courts.
Please read this Privacy Notice carefully. Snugg services are designed for United Kingdom residents over the age of 18. If you are not eligible to use our services or do not agree with the Privacy Notice then you should stop using Snugg services and delete your account.
We collect, use and share information about you in accordance with this Notice. Read this notice carefully in conjunction with our terms of service.
By sharing your personal data with us, you confirm that you have the right to authorise us to process it on your behalf in accordance with this Notice. We may make changes to this Notice from time to time and you should regularly review this page.
The data we collect
From the first moment you interact with Snugg, we are collecting data. Sometimes you provide us with data, sometimes the data is about you and your property and collected automatically. We only process information when we have a valid legal reason for doing so.
The types of data we collect are:
- Details about you
- Data related to your property
- Details about the services we provide to you
- Other data related to you
- Data on how you use Snugg
Details about you
Your email address, property address and postcode.
We may also collect your full name, phone number and property occupation details.
If you use our grants checker, we will also collect information related to any benefits you receive, your council tax band and your household demographics and income.
If you opt in to marketing consent, we may use this information to alert you of any new grants that may become available.
Data related to your property
We use open and proprietary data sources to automatically collect information on your property where it is available. If it is not available we capture this information from you directly.
Details about the services we provide to you
We use the information captured to develop a personalised property improvement plan.
Other data related to you
Your device, browser type, IP address and operating system.
Data on how you use Snugg
Your usage times, login information and system interactions.
Sensitive personal information
We do not process sensitive personal information
Information from children
We do not knowingly collect data from children under the age of 18.
Where we collect your data:
- You browse our website
- You sign up to Snugg
- You use the Snugg website or website application
- You receive emails from us
- You chat with our Customer Support team
- You update your details or personal preferences
From information you give to us
We receive and collect data from you when you fill in forms on the website or through our application, such as when you register for an account or if you contact us through phone, email or otherwise. The information you give to us is necessary to enter into our contract with you and provide you with our services. For more information on this please read our terms of service.
From information we collect about you
From information third parties give to us
We may get information about you from our corporate partners or through other third parties such as advertising networks, search engine providers, analytics providers, and social networking sites.
If you have accessed Snugg through another service, that service may provide us with personal information to allow us to integrate our offering and your user journey.
How do we use your personal data in providing our services?
The grounds on which we process your data are:
To allow us to deliver the services we provide to you
To provide you with the services you request from us, customised to your preferences.
Your explicit consent
You may have given us permission to use your personal information for a specific purpose. You can change your mind by either unsubscribing, emailing us at email@example.com or updating your preferences.
To comply with our legal obligations
We have duties to prevent crime and cooperate with law enforcement or regulatory agencies.
To pursue a legitimate interest
To identify you and administer your account and for our internal purposes, examples of which are set out below:
Information about the services you use
We will use some of your personal data to track the services you use through our website or website application and to validate the data provided to us by our partners. This statistical and behavioural analysis assists us in improving our website and the services offered to you or other individuals in the future.
We will use your information to keep you informed (subject to your expressed preferences) by email or other electronic means such as via social and digital media about current and new products and services which may be of interest to you.
We may utilise a third-party software and storage solution to analyse the personal data that you have provided to us in order to ensure that the marketing that you receive is as relevant and beneficial to you as possible. We retain full ownership of your personal data and ensure that it is secure at all times.
If you are not happy for your personal data to be used in this way, you can manage your preferences through your account or unsubscribe at any time to remove your details from our contact list. If you have further queries with regards to your personal data, please feel free to contact us at firstname.lastname@example.org.
Third party processing
We use generic service providers, who control or process personal data on our behalf to enable the efficient technical and logistical provision of our services. These service providers supply us with cloud data storage, data security services, data access and application hosting. We may substitute a technical or logistical service provider from time to time. Such parties are generally not permitted to use your personal data for any other purposes than for what your personal data was collected, and we require them to act consistently with applicable laws and this Notice as well as to use appropriate security measures to protect your personal data.
We list below our current third-party providers:
- Amplitude (amplitude.com)
- Energy Saving Trust (energysavingtrust.org.uk)
- Amazon Web Services (aws.amazon.com)
- Google Firebase (firebase.google.com)
- Netlify (netlify.com)
Prevention of fraud and financial crime
We may carry out analysis and research using your personal data to prevent or detect fraud or other financial crime.
In the event of an interruption or cessation of our business, we need to ensure that we can implement our business continuity procedures (for example, we may need to rebuild our IT systems. This may involve the processing of your personal data, including a transfer to an alternative service provider.
Do we pass personal data to other third parties?
We may also share data with our selected home improvement partners to enable them to provide you with a service.
Except for the above, and as set out in this Notice, we will not disclose any of your personal data to any other parties without your explicit and freely given consent, unless we are legally required to do so by (for example, a court order, for the purposes of prevention of fraud or other crime, or by a competent regulator).
Transferring your personal data outside of the European Economic Area ("EEA")
Some processing of your personal data may be undertaken by nominated processors outside of the EEA. In these circumstances, the processing will only be undertaken where it is in accordance with the provisions of the United Kingdom General Data Protection Regulation to ensure an adequate level of protection for your personal data.
Privacy and Confidentiality
We will treat all your personal data as private and confidential. We comply with and are registered under the data protection laws in the United Kingdom and take all reasonable care to prevent any unauthorised access to your personal data. Other than under the terms of this Notice, we will not disclose any personal data about you. Please be aware however that under certain circumstances we may be subject to a legal obligation to disclose personal data about you, or there may be a public duty to disclose that personal data.
Should you decide to complain about the service we have provided to you, we may be obliged to forward details about your complaint, including your personal data, to the relevant ombudsman. You can be assured that they are similarly obliged to adhere to data protection legislation and to keep your personal data strictly confidential.
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law, you can complain to the Information Commissioner’s Office (ICO), as follows:
Serious breaches should be reported to the ICO using its security breach helpline on 0303 123 1113 (open Monday to Friday, 9am to 5pm). Select option 3 to speak to staff, who will record the breach and give you advice about what to do next.
If you would like to report a breach in writing you can send it by post to the office address Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
Under the terms of the UK data protection legislation, you have a number of rights.
You have the right to access information we hold about you.
Ask for a copy of the information, or some of the information, that we hold about you (rights of access and portability);
You have the right to correct any inaccuracies in the personal data we hold about you.
Ask us to correct or remove any information about you that we hold (rights to rectification and erasure);
You can object to us using your data for profiling you or making automated decisions.
Ask us to stop processing or restrict the processing of information that we hold about you (rights to restrict and object to processing, including profiling).
If you cannot do any of these things this through ‘My Account’, you may ask us to do so by writing to the Privacy Officer, by email (email@example.com) or to the correspondence address above, and we will do this free of charge. We will respond to your request within 28 days.
Changing your information and deleting your account
If you need to change any of your personal information you should log in to your account to make the necessary changes.
If you want to stop using Snugg, please email firstname.lastname@example.org using your registered email address and we will cancel your account.
How long do we keep your data for?
We have procedures in place to ensure that information is not kept for longer than is necessary. The maximum time that we envisage retaining any information is 13 months following account cancellation.
We will retain personal data about you for as long as your account is active.
After account cancellation, we will retain only that information required for so long as it is necessary to comply with our legal or regulatory obligations, to resolve any dispute or to enforce our agreements. If we do need to retain information after termination, we will ensure that your data is archived in a way that access is restricted.
Subject to our legal or regulatory obligations, if you ask us to delete any data, it is promptly deleted or otherwise rendered unusable from within our systems and we will no longer have any access to that data.
How we keep your data secure
We have physical, electronic and managerial procedures in place to safeguard and secure the information we collect.
However, please remember:
- You provide personal data at your own risk: unfortunately, no data transmission is guaranteed to be 100% secure
- You are responsible for keeping your password secret and safe!
- If you believe your privacy has been breached, please contact us immediately on email@example.com
Help us become even more transparent
This privacy notice was last updated on the 13th February 2023.