Caldera Flux Privacy Policy

Your privacy and data protection are fundamental to our commitment to transparency and trust at Caldera Flux. This policy outlines how we protect and manage your personal information in accordance with UK regulations, including the General Data Protection Regulation (GDPR).

Last updated: 14 October 2023

At Caldera Flux, we are dedicated to leading the renewable energy transformation while upholding the highest standards of data protection and privacy. This privacy policy applies to all personal data processed by Caldera Flux through our website, services, and interactions. If you have any questions regarding this policy, please do not hesitate to contact us at info@calderaflux.com.

Policy Sections:

Information We Collect and How We Use It

We collect information necessary to provide our services and communicate effectively. This may include: name, email address, phone number, company name, job title, and details regarding your interest in renewable energy solutions (e.g., project specifications, energy consumption data). Information is primarily collected via contact forms, direct email correspondence, and business meetings.
Your data is processed to: respond to inquiries, provide quotes, deliver services, manage client relationships, send relevant updates (with consent), and improve our website and service offerings. We do not engage in automated decision-making or profiling that would have significant effects on you.
Our legal bases for processing personal data under GDPR include: necessity for the performance of a contract, compliance with a legal obligation, legitimate interests (e.g., improving services, marketing with appropriate consent), and explicit consent (where required and obtained).
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. Specific retention periods vary depending on the type of data and context.

Your Rights and Data Control

Under UK data protection law and GDPR, you have significant rights regarding your personal data:

  • Right to Access: You can request a copy of the personal information we hold about you.
  • Right to Rectification: You can request that we correct any inaccurate or incomplete data we hold about you.
  • Right to Erasure (Right to be Forgotten): In certain circumstances, you can ask us to delete your personal data.
  • Right to Restriction of Processing: You can request that we restrict the processing of your personal data in certain situations.
  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
  • Right to Object: You can object to the processing of your personal data for direct marketing purposes or on grounds relating to your particular situation.
  • Right to Withdraw Consent: If we are relying on your consent to process your data, you have the right to withdraw that consent at any time.

To exercise any of these rights, please contact us at info@calderaflux.com. We may need to verify your identity to ensure the security of your data.

If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection issues (www.ico.org.uk).

Data Security and Protection Measures

Caldera Flux employs robust technical and organizational measures to ensure the security and integrity of your personal data. We are committed to protecting your information from unauthorized access, accidental loss, destruction, or damage.

  • Encryption: Data transmitted to and from our website uses SSL/TLS encryption. Sensitive data at rest is also encrypted where appropriate.
  • Access Controls: Strict access controls are in place to limit data access only to authorized personnel who require it for specific job functions.
  • Staff Training: All our staff receive regular training on data protection, security best practices, and our internal privacy policies.
  • Incident Response: We have established protocols for detecting, responding to, and reporting any potential data breaches in compliance with regulatory requirements.
  • Third-Party Processors: We carefully select and diligently vet third-party service providers who may process your data, ensuring they adhere to equivalent security and privacy standards.
  • Regular Audits: Our security measures are regularly reviewed and audited to ensure ongoing effectiveness and compliance with evolving threats and regulations.
Abstract image representing a secure digital network with interconnected data points protected by a shield icon, illustrating data security measures.
Visualizing the layers of protection we deploy to safeguard your information.