STB2 Limited (referred to in this policy as “Split the Bills”, “we”, “us” or “our”)
Company Registration Number: 13017311
Address:
6th Floor,
1 New Era Square,
Highfield,
Sheffield S2 4RB
We have a Data Protection Officer, who can be contacted in the following ways should you have any questions or feedback about the way your data is handled:
Email: Privacy@splitthebills.co.uk
We are committed to protecting and respecting your privacy.
This policy (together with our terms of use and any other documents referred to in it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. We may update this policy from time to time in order to reflect changes in the law and/or our privacy practices, but we’ll notify you of any significant changes. Our website will always show the most up to date version. This policy was last updated on 10th September 2024.
We will collect, receive, use, store and transfer different kinds of personal data about you which we have grouped together in the table below.
Category of personal data | Description |
Identity data | First Name, Last Name, Position in Organisation |
Contact data | Telephone Number, Email Address, Postal Address |
Message data | Feedback, Questions, Any data that is contained within a message body or a subject from an individual. |
Financial data | Bank you use, card number, account number |
Technical data | IP address, Login information, Browser type, Cookie, Operating system, Site visit data, Products viewed |
Marketing Preferences | Opt-in and Opt-out status, Communication preferences, Email interactions |
Property Interests | Property details and requirements, Search locations, University you attend |
Usage Information | Energy Meter readings (including smart meter readings), Energy billing information, cookies deployed on websites |
Medical Information | Any medical information that you provide as part of priority service provision |
We will collect your personal data in the following ways:
Data such as your name and contact details may be provided to us by a landlord or letting agent or by individuals moving in or out of a property that you are occupying.
We may receive meter readings and other usage data from organisations such as your energy suppliers, water and broadband suppliers (referred to as Principal Providers in the terms and conditions which govern your utility management services contract with us), meter operators or other third parties involved in the supply of your utilities.
Third parties may track and assess relevant user sentiment across social media and provide us with observations and analysis based on any information you make publicly available. We use this information to help us review and improve our products and services.
With your express consent, we may from time to time instruct third parties to collect energy consumption data from the Data and Communications Company (DCC) and share this with us to provide us with insights and analysis about trends and energy usage and allow us to compare this with other customers’ usage.
We are only allowed to use your personal data if we have a legal basis to do so, and we are required to inform you of what that legal basis is. We have set out in the table below: the purposes for processing your data, the categories of personal data affected, and the legal basis on which we rely on when we process your personal data.
In some circumstances we can use your personal data if it is in our legitimate interest to do so, provided that we have told you what that legitimate interest is. A legitimate interest is when we have a business or commercial reason to use your information which, when balanced against your rights, is justifiable. If we are relying on our legitimate interests, we have set that out in the table below.
Purposes for processing | Categories of personal data | Legal basis for processing | Legitimate Interests (if applicable) |
To provide our services to you |
|
| N/A |
To manage payments and verify charges raised by utility providers. |
|
| N/A |
To manage incoming general enquiries or complaints. |
|
| To ensure that enquiries and complaints are managed. |
To gather feedback and improve our advertising and services |
|
| To ensure that stakeholder opinions are considered and to improve our business practices. |
To administer and manage the website. |
|
| To ensure that the website is secure and is fit for purpose. |
To manage our relationship with you, including notifying you about changes to our terms or privacy notices. |
|
| To keep our records up to date. |
To manage and audit our business operations. |
|
| To ensure that our business is performing well and is effective. |
To track trends in and analyse your energy usage and compare it with other customers’ usage. |
|
| To improve our business model and improve and tailor our products and services. |
To help us forecast energy supply and demand. |
|
| To ensure that our business is effective and performing well, to help us develop our products and services and improve our business model. |
To carry out internal reporting, modelling and analysis. |
|
| To understand our stakeholders better and improve our business and the products and services we offer. |
To carry out checks to prevent fraud and money laundering and to confirm your identity. |
|
| To prevent malpractice and validate identity so that we are dealing with the correct person. |
To provide you with relevant marketing information. |
|
| To keep you up to date with products and services we provide |
To manage job applications. |
|
| N/A |
To improve our staff member training and development. |
|
| To improve our staff member training and development |
To share new tenant details of a property with our energy providers when an existing agreement ends to support with energy contract handover. |
|
| |
To provide priority energy services to those that require it. |
|
|
Where you provide us with special category personal data such as medical information, we will ensure we meet a valid lawful basis from Article 9 of the UK GDPR. Currently, we use medical information to provide priority service requirements to those who tell us they need it with their explicit permission.
If you fail to provide certain personal data when requested, we may not be able to perform the contract we entered into with you and we may be prevented from complying with our legal obligations.
In order to meet our business requirements, provide our products and services, and meet our legal obligations, we share your personal data internally between group companies and with third parties in the following circumstances:
We may also disclose your personal data to a third party in the event that we sell or buy any business or assets, in which case we may disclose your data to the prospective buyer or seller of such business or assets.
If we or substantially all of our assets are acquired by a third party, personal data held by it about its customers will be one of the transferred assets
Before we share your personal data with a third party, we will ensure that there is an appropriate Data Processing or Data Sharing Agreement in place to protect the sharing of data.
We’ll never make your personal data available to anyone externally for them to use for their own marketing purposes without your prior consent.
Your data is stored on our management systems. In some circumstances, it is possible that our management systems may store your data outside of the United Kingdom.
Where this occurs, we will endeavour to ensure that the territory in which the data will be stored has been determined by the UK Government to offer an adequate level of data protection within its domestic legislative regime, or that appropriate contracts are in place to ensure that the data is stored in a manner which is compliant with the UK GDPR.
Where we share your data outside of the UK and EEA to a country that hasn’t been deemed adequate, we will ensure an appropriate safeguard is used in line with UK GDPR. The below table describes the circumstances and safeguard used when your data is transferred outside of the EEA.
Purpose of processing | Nature of the data | Name of the third party | Location | Legal safeguard in place |
Maintenance of our relationship with customers and prospects | • Identity details • Contact details • Marketing preferences • Property interests | Salesforce Inc | USA | International Data Transfer Agreement |
We will keep your personal data for as long as necessary to allow us to carry out our business functions. This includes satisfying any legal, accounting, or reporting requirements. When we assess how long to retain your personal data, we will consider the following:
We will regularly review the retention of your personal data held within our care in line with our requirements to ensure that we are not keeping your personal data for longer than is necessary.
We have put in place measures to protect the security of your information. Details of these measures are available upon request.
Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
The transmission of information via the internet is not completely secure. We cannot guarantee the security of your data transmitted online and transmission is made at your own risk. If you communicate with us by email then you assume the risks of such communications being intercepted, not received or delivered or are received by individuals other than the intended recipient.
Everyone in the scope of the UK GDPR has rights relating to the collection and use of their personal data. The rights that apply to your personal data are listed below:
Please note that each request will be reviewed on a case-by-case basis and where we have a lawful reason to retain the data or where exceptions exist within our retention policy, then it may not be erased.
We will respond to any request within one calendar month of the request being received. If you want to exercise any of your rights listed above, please contact us by email or in writing.
Please note that where you ask us to erase, correct, object to process or seek to restrict our processing of data we may refuse your request where we have a legal obligation, contractual or other legitimate business interest to refuse your request. If we refuse your request, then we will notify you of this refusal and you will have the right to appeal.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. We are allowed to use automated decision-making in the following circumstances:
If we make an automated decision on the basis of any particularly sensitive personal information, we must have either your explicit written consent or it must be justified in the public interest, and we must also put in place appropriate measures to safeguard your rights.
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.
We will continually review and update this privacy notice to reflect changes in our services and feedback from service users, as well as to comply with the changes in the law. Any changes we may make to our privacy policy in the future will be posted on this page. Please check back frequently to see any updates or changes to our privacy policy.
If you feel that we have not upheld your rights, we ask that you contact us by emailing the Data Protection Officer.
If you are not satisfied with our response or believe that we are not processing your personal data in accordance with the law, you have the right to lodge a complaint with the Information Commissioners Office (ICO) by using the details below. We would be grateful for the opportunity to manage your concerns directly before you approach the ICO so please contact us in the first instance.
Address: Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113
Website: https://ico.org.uk/make-a-complaint/
1) WHAT ARE COOKIES?
Cookies, Pixels, and similar technologies are small text files that are placed on your device by websites or mobile applications that you visit. Cookies and Pixels assist with the functionality and personalisation of our website platforms.
There are different types of cookies, some come directly from Split the Bills while others come from third parties which place cookies on our website platforms.
If a cookie is a session cookie, then it will be active for the period of the session or until you close your browser. If a cookie is a persistent cookie, then it will remain on your computer but will expire on a specific date or after a set period.
2) HOW DO WE USE COOKIES?
We use cookies to enhance your browsing experience by:
3) WHAT COOKIES DO WE USE?
Necessary Cookies
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. Necessary cookies do not store any personal data that can identify you.
Functional Cookies
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies, then some or all of these services may not function properly.
Targeting Cookies
These cookies may be set throughout site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They work by uniquely identifying your browser and internet device. If you do not allow these cookies, you will still see adverts on other sites, but these adverts won’t be personalised.
4) THIRD PARTY COOKIES
Third party cookies and similar technologies are created by companies to provide various services which we use to enhance our site and our understanding of our site visitors. We use Google Analytics – a free, powerful analytics tool used to determine where your visitors are coming from and what content they are looking at. No personal information is collected by Google Analytics. We also use a Leadfeeder script to help us understand the organisations that visit our website.
You can find more information about the individual cookies and technologies we use and the purposes for which we use them below:
Domain | Purpose |
Mailchimp | Monitors website page user interaction from email campaigns so more tailored content and better experiences can be delivered. |
Monitors website page interaction for the purposes of tailored re-targeting Facebook ads. | |
Google Analytics | Tracks how users interact with our website to help us improve user experience and monitor performance. |
LeadFeeder | Leadfeeder tracks the companies visiting our website, how they found us and what they’re interested in. |
5) FORCE24 COOKIES
Our organisation utilises Force24’s marketing automation platform.
Force24 cookies are first party cookies and are enabled at the point of cookie acceptance on this website. The cookies are named below:
They allow us to understand our audience engagement thus allowing better optimisation of marketing activity.
f24_autoId – This is a temporary identifier on a local machine or phone browser that helps us track anonymous information to be later married up with f24_personid. If this is left anonymous it will be deleted after 6 months . Non-essential, first party, 10 years, persistent.
f24_personId – This is an ID generated per individual contact in the Force24 system to be able to track behaviour and form submissions into the Force24 system from outside sources per user. This is used for personalisation and ability to segment decisions for further communications. Non-essential, first party, 10 years, persistent.
The information stored by Force24 cookies remains anonymous until:
The Force24 cookies will remain on a device for 10 years unless they are deleted.
We also use similar technologies including tracking pixels and link tracking to monitor your viewing activities
Device & browser type and open statistics
All emails have a tracking pixel (a tiny invisible image) with a query string in the URL. Within the URL we have user details to identify who opened an email for statistical purposes.
Link Tracking
All links within emails and SMS messages sent from the Force24 platform contain a unique tracking reference, this reference help us identify who clicked an email for statistical purposes.
6) HOW DO I CHANGE MY COOKIE SETTINGS?
Most website browsers allow individuals to control most of the cookies through their browser settings.
Find out how to manage cookies on popular browsers:
To find information relating to other browsers, visit the browser’s developer website.
To find out more about cookies, including how to see what cookies have been set, visit www.aboutcookies.org or www.allaboutcookies.org.
7) CHANGES TO THIS NOTICE
We will keep this Cookie Notice under annual review to ensure that if we introduce a new cookie or there is a change to the purpose of a Cookie already in use, we inform you through this Cookie Notice.