# Privacy Policy

**Last Updated: January 2026**

## 1. Introduction

Caldo Energy Limited ("Caldo," "we," "us," "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our website, services, and mobile application.

We are the data controller responsible for your personal data. This policy should be read alongside our Terms and Conditions and any other relevant agreements.

**Contact Details:**

- **Company Name:** Caldo Energy Limited

- **Registered Address:** Caldo Energy, Level One, Basecamp Liverpool 49, Jamaica Street, Liverpool, England, L1 0AH

- **Email:** info@getcaldo.com

- **Phone:** 07468480243

- **Data Protection Officer:** Founder - Nathan McCarthy

## 2. Information We Collect

### 2.1 Personal Information You Provide

- **Contact Details:** Name, address, email, phone number

- **Account Information:** Username, password, account preferences

- **Property Information:** Address, property type, heating system details, EPC ratings

- **Financial Information:** Payment details, billing information, bank account details (for direct debit)

- **Installation Details:** Site survey data, technical specifications, access requirements

- **Communications:** Correspondence, support tickets, feedback, complaints

### 2.2 Information Collected Automatically

- **System Usage Data:** Energy consumption patterns, heating schedules, temperature preferences

- **Performance Data:** Caldo Optima system efficiency metrics, battery charge cycles, optimization algorithms

- **Technical Data:** IP address, browser type, device information, operating system

- **Website Analytics:** Pages visited, time spent, navigation paths, referral sources

- **Mobile App Data:** App usage patterns, feature interactions, device permissions, crash reports

### 2.3 AI and Smart System Data

Our Caldo Optima systems use AI-driven optimization technology that collects:

- Real-time temperature and environmental data

- Energy usage patterns and consumption trends

- Battery charging and discharging cycles

- System performance and efficiency metrics

- User preference learning data

- Predictive maintenance indicators

### 2.4 Third-Party Information

We may receive information from:

- Credit reference agencies (for credit checks)

- Energy industry databases (for switching services)

- Installation partners and contractors

- Property databases and land registry information

## 3. How We Use Your Information

### 3.1 Service Delivery

- Processing orders and quotations

- Installing and configuring Caldo systems

- Providing energy supply services

- Managing customer accounts

- Delivering customer support

### 3.2 System Optimization

- AI-driven heating optimization and automation

- Battery management and energy storage optimization

- Predictive maintenance and fault detection

- Performance monitoring and system improvements

- Personalized energy-saving recommendations

### 3.3 Billing and Payments

- Processing payments and managing accounts

- Generating bills and statements

- Managing direct debits

- Credit checking and fraud prevention

### 3.4 Communication

- Responding to inquiries and support requests

- Sending service updates and notifications

- Providing installation and maintenance scheduling

- Sharing important safety or regulatory information

### 3.5 Marketing (with consent)

- Sending promotional offers and product updates

- Sharing energy-saving tips and advice

- Conducting customer surveys

- Providing personalized recommendations

### 3.6 Legal and Regulatory

- Complying with energy industry regulations

- Meeting Ofgem requirements

- Responding to legal requests

- Protecting our rights and property

- Preventing fraud and misuse

### 3.7 Business Operations

- Analyzing and improving our services

- Developing new products and features

- Training staff and improving customer service

- Managing business relationships

## 4. Legal Basis for Processing

We process your personal data under the following legal bases:

### 4.1 Contract Performance

Processing necessary to fulfill our contractual obligations for installation, energy supply, and system management.

### 4.2 Consent

Where you have given explicit consent for marketing communications, optional data collection, or specific processing activities.

### 4.3 Legitimate Interests

- Improving our products and services

- System optimization and performance enhancement

- Fraud prevention and security

- Business analytics and operational efficiency

### 4.4 Legal Obligation

Compliance with energy regulations, tax requirements, and other legal duties.

## 5. Data Sharing and Disclosure

### 5.1 Service Providers

We share data with trusted third parties who provide services on our behalf:

- Installation contractors and engineers

- Payment processors and banks

- Cloud hosting and IT infrastructure providers

- Customer relationship management (CRM) systems

- Analytics and data processing services

- Marketing and communication platforms

### 5.2 Energy Industry Parties

- Energy networks and distributors

- Industry databases and switching services

- Ofgem and regulatory bodies

- Credit reference agencies

### 5.3 Legal Requirements

We may disclose information when required by law, court order, or regulatory authority, or to protect our rights, property, or safety.

### 5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the new entity, subject to this Privacy Policy.

### 5.5 With Your Consent

We may share data with other parties when you have given explicit consent.

## 6. Data Security

### 6.1 Technical Measures

- Encryption of data in transit and at rest

- Secure authentication and access controls

- Regular security assessments and penetration testing

- Firewalls and intrusion detection systems

- Secure cloud infrastructure with UK/EU data centers

### 6.2 Organizational Measures

- Staff training on data protection

- Confidentiality agreements with employees and contractors

- Access restrictions based on role requirements

- Incident response and breach notification procedures

- Regular review of security policies

### 6.3 Smart System Security

- Encrypted communication between devices and servers

- Secure firmware updates and patch management

- Network segmentation and isolation

- Authentication protocols for mobile app access

## 7. Data Retention

### 7.1 Retention Periods

- **Customer Account Data:** Duration of relationship plus 6 years (for legal and tax purposes)

- **Energy Supply Data:** 6 years from end of supply (regulatory requirement)

- **Installation Records:** 6 years from installation (warranty and liability purposes)

- **Marketing Consent:** Until withdrawn or 3 years of inactivity

- **System Usage Data:** Aggregated data retained indefinitely; personal data 3 years

- **Financial Records:** 6 years (tax and accounting requirements)

### 7.2 Deletion

We securely delete or anonymize data when retention periods expire, unless required to keep it for legal reasons.

## 8. Your Rights

Under UK GDPR, you have the following rights:

### 8.1 Right of Access

Request a copy of personal data we hold about you.

### 8.2 Right to Rectification

Request correction of inaccurate or incomplete data.

### 8.3 Right to Erasure

Request deletion of your data (subject to legal retention requirements).

### 8.4 Right to Restrict Processing

Request limitation on how we use your data.

### 8.5 Right to Data Portability

Receive your data in a structured, machine-readable format.

### 8.6 Right to Object

Object to processing based on legitimate interests or for marketing purposes.

### 8.7 Rights Related to Automated Decision-Making

Request human review of automated decisions that significantly affect you.

### 8.8 Right to Withdraw Consent

Withdraw consent at any time for processing based on consent.

**To exercise these rights, contact us at info@getcaldo.com or Caldo Energy, Level One, Basecamp Liverpool 49, Jamaica Street, Liverpool, England, L1 0AH.**

## 9. Cookies and Tracking Technologies

### 9.1 Types of Cookies

- **Essential Cookies:** Required for website functionality and security

- **Performance Cookies:** Analyze website usage and performance

- **Functional Cookies:** Remember your preferences and settings

- **Marketing Cookies:** Track effectiveness of advertising campaigns

### 9.2 Cookie Management

You can control cookies through your browser settings. Disabling certain cookies may affect website functionality.

For detailed information, see our separate Cookie Policy.

## 10. Mobile Application

Our customer mobile app collects additional data:

- Device information and operating system

- Location data (if enabled) for weather-based optimization

- Push notification tokens

- App usage analytics and crash reports

- Camera access (for QR code scanning or support)

You can manage app permissions through your device settings.

## 11. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for their privacy practices. Please review their privacy policies before providing personal information.

## 12. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect data from children. If we become aware of such collection, we will delete the data promptly.

## 13. International Transfers

We primarily store data within the UK and EU. If we transfer data internationally, we ensure adequate protection through:

- Standard Contractual Clauses approved by regulatory authorities

- Adequacy decisions recognizing equivalent data protection

- Other approved transfer mechanisms

## 14. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. We will notify you of significant changes through:

- Website notification

- Email notification (for registered customers)

- Mobile app notification

The "Last Updated" date at the top indicates the most recent revision.

## 15. Complaints

If you have concerns about how we handle your personal data, please contact us first. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):

**ICO Contact:**

- Website: www.ico.org.uk

- Phone: 0303 123 1113

- Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

## 16. Marketing Preferences

### 16.1 Opt-In

We only send marketing communications with your consent. You can manage preferences through:

- Account settings on our website

- Mobile app preferences

- Unsubscribe links in emails

- Contacting customer service

### 16.2 Communication Channels

You can choose to receive communications via:

- Email

- SMS/Text

- Phone

- Push notifications

- Post

## 17. Smart Meter Data

If you have a smart meter, we collect detailed energy consumption data in compliance with the Smart Energy Code and Data Access and Privacy Framework. This data helps:

- Generate accurate bills

- Provide energy usage insights

- Optimize system performance

- Detect potential issues

You can request reduced data collection frequency, subject to regulatory minimums.

## 18. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or your personal data:

**Caldo Energy Limited**

Caldo Energy, Level One, Basecamp Liverpool 49, Jamaica Street, Liverpool, England, L1 0AH

Email: info@getcaldo.com

Phone: 07468480243

---

**By using our services, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and sharing of your information as described herein.**