- What information is collected and why
- How your information is used
- Your rights and choices when it comes to your information.
What is ctrlio?
ctrlio provides price comparison services for mobile and broadband contracts in the UK through their own websites and through partner websites.
ctrlio also provides other price comparison sites with a product that converts their listings into dynamic marketplaces.
The ctrlio websites (ctrlio.com, mobile.ctrlio.com and broadband.ctrlio.com) are operated by ctrlio Limited, which is a fully owned subsidiary of Greydog Ventures Limited.
ctrlio believes that the best way to ensure your privacy in respect to personal information is to avoid or minimise its collection and processing in the first place. Where the use of personal information is absolutely necessary, ctrlio is the Data Controller for any personal information collected and processed through its websites. You can contact the ctrlio Data Protection Officer at the email address above. Where ctrlio provides services through a partner website, ctrlio is acting as a Data Processor and it is the responsibility of the partner to act as the Data Controller.
Information ctrlio collects
ctrlio only collects personal information that is strictly necessary to perform certain functions on their websites and as an employer.
- An email address or mobile number is required if you ask ctrlio to send you reminders. If you are setting up a reminder for someone else, you warrant that you are authorised to do so by them.
- An email address is required if you use the 'Share Deal' feature. Similarly, if you are sharing the deal with someone else, you warrant that you have their permission to use their email in this way.
- Your username and password for your online service provider account is required if you want ctrlio to analyse your mobile usage
- Your email or phone number will be recorded if you choose to contact ctrlio
- Your CV and contact information will be filed if you choose to apply for a job with ctrlio
Lawful basis for processing personal information
In the cases of ctrlio providing functionality, such as reminders, sharing deals or bill analysis, you will be clearly asked for your consent before ctrlio uses this information. Removal of consent can easily be exercised by stopping a reminder.
When you choose to contact ctrlio, ctrlio has a legitimate business interest in responding to your enquiry or managing your job application.
How ctrlio uses personal information
ctrlio only uses your personal information for the delivery of the requested functions. In some cases, ctrlio relies on third parties to deliver some of the functionality. Those third parties are bound by contractual agreements to handle your information securely and to only use that information to deliver the agreed functionality. For example:
- ctrlio will send reminders via email or text to your preferred contact information, using third parties to deliver the emails and text messages. You can stop these reminders at any time simply by selecting the appropriate controls. Once you stop these reminders, ctrlio will delete all your information from their systems. However, logs will remain within the third parties' systems to show that messages were sent.
- Similarly, ctrlio will send deal details to the email provided if you use the 'Share deal' feature. The contact email is not stored by ctrlio and therefore cannot be used for any other purpose. A third party is used to deliver the email and a record will persist in their logs that a message was sent.
- ctrlio will use your username and password to attempt to log into your online account if you ask them to analyse your recent usage. Your username and password are usually only stored for the duration of the analysis and then deleted. However, if the analysis were to fail, you will be given the option of allowing ctrlio to store your credentials for a maximum of 28 days in order to investigate why there was a problem. Your consent will be clearly requested for this purpose. ctrlio encrypts any usernames and passwords stored for greater security.
- If you contact ctrlio via email or phone, your email address or phone number will be visible to ctrlio employees who respond to your enquiry. They will only use your contact details to respond to your query and the details will not be stored. Your email and phone number will be logged by the third parties that provide email and phone services to ctrlio.
- Data that is received for recruitment purposes, will only be used for these purposes. CVs will be stored for 2 years and then deleted, unless an applicant is successful and then becomes an employee.
ctrlio does not share, transfer, sell or use your personal information in any other manner.
When you visit ctrlio's websites other information is automatically collected that is not considered personal, as it is only linked to random unique reference IDs and it is not possible to use this data to identify an individual.
- Log data on ctrlio's servers is recorded, including clicks on links, types of devices and browser versions being used. This data is used to monitor the performance of the service and to investigate any problems that might arise.
- Usage analytics information is collected to understand how visitors use the different services. This analytics information is used by ctrlio to improve their services and to enable merchants to make dynamic offers to visitors.
How ctrlio shares your personal information
ctrlio only shares your personal information with third parties that have been specifically contracted to deliver an aspect of their service, such as sending emails or text messages. These third parties are bound to keep your information safe and only use it for the agreed purpose.
Links to third party sites
ctrlio's comparison services provide links to third party sites where customers can complete their purchases. ctrlio does not control these third party sites and therefore encourages customers to read the Privacy Policies of those sites before use.
If you choose to interact with ctrlio on social media platforms, such as Facebook, Twitter and Linked In, ctrlio does not control how your personal information is managed by those third parties. ctrlio encourages customers to read the Privacy Policies of those platforms before interacting.
Under the General Data Protection Regulation (GDPR) you have the following rights to your personal information:
- Right to be informed
- Right of access
- Right to rectification
- Right to restrict processing
- Right to data portability
- Right to object
- Right to erasure
- Rights in relation to automated decision making and profiling
You can exercise these rights through the ctrlio websites, for example by stopping reminders. If you have any concerns, please contact ctrlio at email@example.com.
How ctrlio keeps your information safe
For your security, ctrlio uses appropriate technical and organisational measures to protect your information against:
- Accidental and unlawful destruction, loss and alteration
- Unauthorised disclosure or access to personal data transmitted, stored or otherwise processed.
Your information is held in the cloud, on servers within the European Economic Area under the control of ctrlio. ctrlio makes sure their service providers comply with all applicable data privacy requirements.
Compliance and cooperation with regulatory authorities
ctrlio complies with the EU General Data Protection Regulation (GDPR) adopted in 2016 and pays very close attention to the following guiding principles while processing your personal data and information:
- Lawfulness, transparency and fairness
- Purpose limitation
- Data minimisation
- Storage limitation
- Confidentiality and integrity
ctrlio is registered with the UK Information Commissioner's Office (registration number: ZA094897). If ctrlio's parent company (Greydog Ventures Limited) processes any personal data on behalf of ctrlio, there are appropriate measures in place to ensure that all the requirements of GDPR are met.
Greydog Ventures is also registered with the UK Information Commissioner's Office (registration number: ZA071699).
© ctrlio Limited. Last modified date 25 May 2018.