Data Protection Policy for Ecoeus Ltd trading as “My Compare Buddy”
1. Introduction
My Compare Buddy (“the Company”) is committed to ensuring the protection of personal data processed in connection with its services. As the data controller, we determine the purposes and means of processing personal data referred to us by our introducers. All customer data we process originates from referrals provided by our introducers, and we process such data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.”
2. Scope
This policy applies to all personal data collected and processed by My Compare Buddy. While we act as the data controller for customer data processed under our services, the initial collection of customer data is conducted by our introducers, who refer this data to us for the purposes of delivering our services. My Compare Buddy is responsible for determining how the referred data is further processed and protected and is used for the purposes of:
• Utility switching services
• Broadband quoting / comparison services
• Boiler replacement comparison services
3. Roles and Responsibilities
• Introducer (or Referrer): Acts as the initial data collector and referrer, collecting customer data information and referring it to My Compare Buddy for further processing.
• My Compare Buddy: Acts as the data controller, determining the purposes and means of processing personal data.
• Customers: Are data subjects who have the right to control their personal information.
• Third-Party Service Providers: Are external companies engaged by My Compare Buddy to assist with service fulfilment under strict data protection agreements.
4. Data Collection and Usage
My Compare Buddy collects personal data through two main sources: directly from individuals and via referrals from introducers.
When customers engage with our services directly, we collect their personal information through our website, customer interactions, and other communication channels. Additionally, we receive customer data from introducing companies that have obtained the necessary consent or lawful basis for sharing this information with us.
Once we receive personal data, whether collected directly or referred by an introducer, we act as the data controller and assume responsibility for its lawful processing, secure storage, and appropriate use to deliver our services. Customers will be informed at the point of data collection or referral that their information is being processed by My Compare Buddy. We ensure that all data processing activities comply with applicable data protection laws, including the UK GDPR and the Data Protection Act 2018.
To improve our offerings and provide customers with relevant products or services, we may process personal data to inform customers about related products or services that align with their needs. This may include additional comparison services, financial products, insurance options, or other utilities-related services that could provide cost savings or benefits.
Any further use of personal data for new product offerings will be conducted in compliance with data protection laws, ensuring that customers have the option to opt out of such communications at any time.”*
5. Personal Data Processed
The types of personal data collected and processed include, but not limited to:
• Full names
• Contact details (address, phone number, email)
• Property details (e.g., property details, energy consumption, broadband availability, heating system information)
• Service preferences
• Products selected
6. Lawful Basis for Processing
My Compare Buddy processes personal data under the lawful basis of consent and legitimate interest, ensuring that individuals are informed of their rights and the processing purposes.
Where My Compare Buddy contacts customers for renewal options or related products, we will process personal data under either legitimate interest or consent, as appropriate. Customers will be provided with clear opt-out options in all marketing communications.
7. Data Processing Activities
My Compare Buddy shall:
• Process personal data only for the specified purposes of utility switching, broadband quoting, boiler replacement comparisons and related products or services that align with their needs. This may include additional comparison services, financial products, insurance options, or other utilities-related services that could provide cost savings or benefits.
• Ensure appropriate security measures are in place to protect personal data from unauthorised access, loss, or breach.
• Maintain accurate records of data processing activities.
• Report aggregated data and insights back to the introducer.
• Share necessary personal data with approved third-party service providers under data processing agreements.
• Re-contact customers in the future when their selected products, such as utility contracts, are nearing expiry to offer them new product options that may better suit their needs and / or save money. Customers will be given the opportunity to opt out of any future communications regarding product renewals or related services at any time.
8. Data Retention
Where personal data is processed for marketing purposes, we will retain it for a period of 2 years, after which it will be reviewed for continued relevance when it will be securely deleted or anonymised. Customers can request deletion or opt out of marketing communications at any time.
9. Data Sharing and Disclosure
Personal data may be shared with third-party service providers for the purpose of service fulfilment, under strict data processing agreements ensuring compliance with UK GDPR. Customers will be informed of all data sharing practices at the point of data collection. My Compare Buddy ensure compliance with UK GDPR legislation.
10 Mutual Data Disclosure by Parties
For the purposes of service provision, My Compare Buddy, its introducers, and relevant third parties may each act as a Data Discloser, meaning they may share Shared Personal Data with one another where such disclosure is necessary to fulfil contractual obligations, improve service delivery, or offer related products that may benefit the customer.
Each party acting as a Data Discloser shall ensure that:
• The disclosure of Shared Personal Data is lawful and aligns with the disclosing party’s privacy policy and data protection obligations.
• Customers are informed that their data may be shared between parties involved in service delivery.
• Only relevant and necessary data is disclosed to the receiving party.
• Appropriate safeguards (such as encryption and secure transfer methods) are implemented to protect the data.
• The receiving party assumes responsibility for processing the data as a data controller, ensuring compliance with UK GDPR.
• Shared Personal Data is not further disclosed to additional parties unless legally permitted and in line with the purposes originally communicated to the data subject.
• Any party receiving Shared Personal Data shall process it solely for the agreed purposes and ensure that data subjects’ rights, including the right to access, rectification, and objection, are upheld.
11. Data Subject Rights
Customers can exercise their rights, including access, rectification, erasure, and objection to processing, by contacting My Compare Buddy directly.
11.1 Data Subject Rights (Referred Customers)
Customers referred to My Compare Buddy from Introducers also retain their rights under the UK GDPR, including the right to access, rectify, or erase their personal data.
Where a referred customer exercises their rights regarding data initially collected by an introducer, My Compare Buddy will cooperate with the introducer to ensure a timely and compliant response. If the request concerns processing carried out by My Compare Buddy, we will handle the request directly.
12. Security Measures
My Compare Buddy implements appropriate technical and organisational measures, including:
• Encryption of personal data in transit and stored.
• Access controls and authentication protocols.
• Regular security audits and staff training.
• Vetting and monitoring of third-party service providers to ensure compliance with security standards.
13. Data Breach Management
In the event of a data breach, My Compare Buddy will notify affected individuals and relevant authorities, including the ICO, within the required timeframe.
In the event of any data breach, My Compare Buddy will promptly notify the introducer and take immediate steps to mitigate the impact, investigate the incident, and report full details to relevant authorities if required. Introducers and Third-party service providers are also required to notify My Compare Buddy of any breaches that may affect the data we process.
Where a data breach impacts personal data referred by an introducer, My Compare Buddy shall notify the introducer without undue delay to ensure appropriate customer communication and risk mitigation.
14. Compliance and Review
This policy will be reviewed annually or when any significant changes occur to ensure ongoing compliance with data protection legislation, this includes updates related to third-party service providers.
15. Contact Information
For any data protection enquiries, please contact: The Data Protection Officer at My Compare Buddy – Please email datacontrol@mycomparebuddy.com.