Privacy Notice
CEG P.L.C. is a company incorporated and validly existing under the laws of the Isle of Man with company number 123863C. We are committed to protecting your privacy when visiting our website or using our services.
This Privacy Notice (the ‘Notice’) explains how we use any personal information we collect about you when you use this website or when you contact us directly. The Notice sets out how we, from time to time, process the personal data of individuals who contact us or who use our website, services, applications, content and related features (collectively, the ‘Website’).
This Notice sets out our views and practices in respect of your personal data and how we will treat it. Please read this carefully. By visiting our Website, you acknowledge the processing described in this Notice.
From time to time we may make changes to this Notice by posting on our Website or otherwise. Your continued use of the Website, our services or your continued dealing with us after notification of such changes will amount to your acknowledgement of the amended Notice.
HOW TO CONTACT US
Please contact us if you have any questions about this Privacy Notice or information we hold about you by writing to us at the following address:
FAO: Data Protection Officer, CEG P.L.C., IOMA House, Hope Street, Douglas, Isle of Man, IM1 1AP. Alternatively, you can email us at [email protected]
WHAT IS PERSONAL DATA?
‘Personal data’ means any information relating to an identified or identifiable natural person, known as a ‘data subject’, who can be identified directly or indirectly; it may also include name, address, email address, phone number, IP address, location data, cookies and similar information.
We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
WHAT PERSONAL DATA TO WE PROCESS?
We may process the following personal data:
Information provided by you. You may give us information about you by, for example, filling in forms such as the contact form on our Website, subscribing to services such as email updates, making applications in respect of job postings, corresponding with us by email, phone or otherwise. This information may include your name, email address, phone number, information about your query and similar information. We may also receive a copy of your CV or a similar document in respect of a job vacancy or a speculative job enquiry.
Information about others. You may also provide to us personal data relating to third parties, such as people who you work with, or your referees. Information about third parties should only be provided if you have demonstrable permission to do so or if the information is available in the public domain.
Information about your device. With regard to each visit to our website we may automatically collect Technical Data about your equipment such as IP address, operating system, browsing actions and patterns, time zone setting, the Internet address of the website from which you linked directly to our website, URL clickstream data, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page. Generally, you are under no obligation to provide this information, but without it, we may be unable to provide you with some of our Website content and services. Please refer to the Cookie Policy for further details.
We will rely on the information provided by you as being accurate, complete and up-to-date and you agree to ensure that this will be the case.
HOW DO WE USE YOUR PERSONAL DATA?
We will only process personal data, in accordance with applicable law, for the following purposes:
- responding to your queries, requests and other communications, for example, if you apply for a job or you send us a query about our Website;
- providing the Website and related services including our Website, content and features;
- enabling suppliers and service providers to carry out certain functions on our behalf in order to provide the Website and related services, including webhosting, data storage, identity verification, technical, logistical and other functions, as applicable;
- allowing you to use features on our Website and related services, when you choose to do so;
- sending you personalised marketing communications as permitted by law or as requested by you. If you would like to unsubscribe please contact us by email at [email protected];
- ensuring the security of our business and preventing and detecting fraud;
- administering our business, troubleshooting of our Website, data analysis, quality control, testing of new features, research, statistical and survey purposes;
- developing and improving our Website and related services;
- complying with applicable law, including in response to a lawful request from a court or regulatory body.
The legal basis for our processing of personal data for the purposes described above will typically include:
- processing necessary to fulfil a legitimate interest;
- your consent which will be expressly obtained when necessary;
- processing necessary to fulfil a contract;
- any processing necessary for compliance with a legal obligation;
- any other applicable legal ground from time to time.
DISCLOSURE OF PERSONAL DATA
There are circumstances where we may wish to disclose or are compelled to disclose your personal data to third parties. These scenarios include disclosure to:
- our suppliers and service providers to facilitate the provision of the Website, related services and our client services, including IT consultants, web-hosting providers, recruitment services providers, consultants and similar third parties;
- successor or partner legal entities, on a temporary or permanent basis, for the purposes of a joint venture, collaboration, financing, sale, merger, reorganisation, change of legal form, dissolution or similar event relating to our business. In the case of a merger or sale, your personal data will be permanently transferred to a successor company;
- public authorities, such as law enforcement agencies, courts and other public bodies where we are required by law to do so; and
- other third parties where you have provided your consent.
We may transfer your personal data to a third-party in countries outside the country in which it was originally collected for further processing in accordance with the purposes set out above. In particular, your personal data may be transferred outside of the EU/EEA. Where this is the case, we will ensure those appropriate transfer mechanisms as set in the General Data Protection Regulations (‘GDPR’) are in place to ensure an adequate level of data protection.
If we transfer personal data to private organisations outside of the EU/EEA, such as our suppliers and service providers, we will, as required by applicable law, ensure that your privacy rights are adequately protected by appropriate technical, organisation, contractual or other lawful means. Where this is necessary you may contact us for a copy of such safeguards at [email protected].
RETENTION OF PERSONAL DATA
We retain personal data for as long as is necessary for the purposes listed above, including for the purposes of satisfying any legal, accounting, or reporting requirements.
We may keep an anonymised form of your personal data, which will no longer refer to you, for statistical purposes without time limits, to the extent that we have a legitimate and lawful interest in doing so.
SECURITY OF PERSONAL DATA
We will use appropriate technical and organisational information security measures to try to ensure the prevention of any unauthorised access to your personal data; however, the transmission of information via the internet is never completely secure. Whilst we will do our best to keep our own systems secure, we cannot control the entirety of the internet and cannot therefore guarantee the security of your information as it is transmitted to and from our Website.
CEG P.L.C. recommends that you install your own security measures, firewalls, software spyware and other appropriate security procedures. We are unable to provide any guarantee that information and data provided to users will be free of viruses or other conditions which may damage or interfere with data, hardware or software with which it might be used. All information sent by Challenger Energy Group P.L.C. is done so on the strict condition that the user carries out and relies upon its own procedures for ensuring that its use will not interfere with the recipient’s systems and the recipient assumes all risk of use and absolves CEG P.L.C. of all responsibility for any consequences of its use.
DATA SUBJECT RIGHTS
Depending on your country’s laws and the legal basis for collection of your data, you may have certain rights in relation to your personal data. Further information about your data privacy rights may be obtained by visiting the website of your local data privacy authority. In summary GDPR provides, as follows:
- Right to access. Data subjects may request in writing copies of their personal data. However, compliance with such requests is subject to certain limitations and exemptions and the rights of other individuals. You may also be required to submit proof of your identity when making such a request.
- Right to rectification. You may request that we rectify any inaccurate or incomplete personal data that we hold about you.
- Right to withdraw consent. You may at any time withdraw your consent to the processing of your personal data carried out by us on the basis of your previous consent. Such withdrawal will not affect the lawfulness of processing based on such previous consent.
- Right to object to processing including profiling. We will comply with valid objection requests unless we have a compelling overriding legitimate ground for the continuation of our processing or we have another lawful reason to refuse such a request. We will comply with each valid opt-out request in relation to marketing communications.
- Rights in relation to automated decisions about you. Where we make a decision about you based solely on automated processing which significantly affects you, you will have the right to contest the decision, express your point of view and obtain human intervention.
- Right to erasure. You may request that we erase your personal data. We will comply, unless there is a lawful reason for not doing so.
- Restriction of processing. You may request that we restrict our processing of your personal data in various circumstances. We will comply, unless there is a lawful reason for not doing so, such as, a legal obligation to continue processing your personal data in a certain way.
- Right to data portability. In certain circumstances, you may request that we, as a data controller, provide a copy of your personal data in a structured, commonly used and machine-readable format and have it transferred to another provider of the same or similar services. We do not consider that this right applies to our Website. However, to the extent it does, we will comply with such transfer request. Please note that a transfer to another provider does not imply erasure of the data subject’s personal data which may in some circumstances still be retained for legitimate and lawful purposes.
- Right to lodge a complaint with the supervisory authority. We suggest that you contact us about any questions or complaints in relation to how we process your personal data. However, you have the right to contact the relevant supervisory authority directly and in the Isle of Man this is the Information Commissioner on 01624 693260 or by emailing [email protected].
THIRD PARTY LINKS
You may find links to third party websites on our Website. These websites should have their own privacy policy / notice for you to review. CEG P.L.C. has no control over any third-party websites and we do not accept responsibility or liability for any third-party policies or practices on third-party websites whatsoever.