1. Privacy Notice
Kraken develops and provides technology solutions to much of the energy and utilities supply chains to allow outstanding service and efficiency as the world transitions to a decentralised, decarbonised energy system. Our clients are companies providing services, including water, gas, electricity and internet. This Privacy Notice explains the different ways that Kraken processes personal data. This Privacy Notice does not apply to the processing of Kraken employee, contractor or candidate personal data.
Section A of this Privacy Notice explains how Kraken, as a service provider, processes personal data on behalf of its clients. Where we do this, data protection law describes us as a “data processor”, and our clients as a “data controller”. When processing our data on behalf of our clients, we must do so in accordance with their instructions. If you have questions about how your supplier processes your personal data, including through the use of Kraken’s systems, we recommend reaching out to your supplier first.
Section B of this Privacy Notice explains how we collect and process personal data when we act as a data controller in respect of our products and services, such as when you contact us through our website or mobile app, or if you are a business user of our products and services (our “services”).
This Privacy Notice was last updated on 10 June 2024.
2. Who are we?
This Privacy Notice applies to Kraken Technologies Limited (“Kraken“, ”we“, ”us", “our"), with company number 12014731 and its subsidiaries, all with registered addresses at UK House, 5th Floor, 164-182 Oxford Street, London, W1D 1NN.
We have appointed a data protection officer who oversees questions in relation to this Privacy Notice. If you do have any questions or requests, please contact us by email at dpo@kraken.tech.
3. Changes to our Privacy Notice
We keep our Privacy Notice under regular review. Any changes we make to our Privacy Notice in the future will be posted on our website, and, where appropriate, notified to you. Please check back frequently to see any updates or changes to our Privacy Notice.
Section A: Kraken as Data Processor
4. Processing personal data on behalf of our clients
We act as a data processor and in accordance with our client’s instructions with respect to all the personal data shared by our clients with us, or any personal data obtained or collected by us when providing our services to our clients.
If you are a customer of one of our clients, please also review your own supplier’s Privacy Notice for information on how your personal data is used by them.
5. Sharing client data
Kraken may share personal data with affiliates and external third parties to assist with the provision of our services (“subprocessors”). To the extent Kraken engages subprocessors, we ensure that they provide necessary levels of protection and security to our clients’ data as we remain responsible for their compliance. To the extent we share or transfer client data outside of the UK/EU to subprocessors based in other countries, we ensure that appropriate protections are in place.
6. Security
We take appropriate security measures to prevent personal data that we process on behalf of our clients from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed.
We restrict access to your personal data, so that only employees who have a need to know the information can access it. We regularly review and continually improve our technical and organisational security measures, including the use of encryption for data both at rest and in transit, following industry standards and best practices.
We are SOC 1 Type 2 and SOC 2 Type 2 certified, with regular audits of security controls and processes. Kraken’s security processes and controls are designed to meet the ISO27001 standards.
7. Retention of client personal data
Our clients determine retention periods for personal data we process on their behalf.
8. Rights
Our clients are responsible for disclosing information about rights available under data protection laws and for helping their customers exercise them. If you are a customer of one of our clients, further information and advice about these rights should be obtained from them directly.
Section B: Kraken as Data Controller
9. How do we collect your personal data?
We may collect and process the following personal data related to your use of our services:
Your name and contact information, including email address.
Company details, including your company’s name, industry, country, and your role.
Technical and usage data, including (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, device ID and other technology on the devices you use to access our services; and information about how you use and interact with our services.
Marketing data, including your preferences to receive email marketing from us.
We collect and use this personal data to provide our services to you. If you do not provide the personal data we ask for, it may delay or prevent us from providing our services.
10. How your personal data is collected
We use different methods to collect personal data from and about you including through:
Your interactions with us. We collect most of this personal data directly from you, for example by filing in online forms, contacting us, or when you enter into a contract to purchase products or services from us.
Automated technologies. We may also collect personal data via cookies as you interact with our services. Please see the “Cookies” section of this Privacy Notice to learn more.
11. How and why we use your personal data
We only collect and process data about you where we have a reason for doing so and only where that reason is permitted under data protection law. The table below explains what we use your personal data for and why. Where we have indicated that we rely on legitimate interests for the processing of your personal data, we carry out a ‘balancing’ test to ensure that our processing is necessary and that your fundamental rights of privacy are not outweighed by our legitimate interests before we proceed with such processing.
| Purpose/Use | Relevant categories of personal data | Our reasons (Legal basis) |
|---|---|---|
| To provide our services to you. | Your name, contact information, and company details. | To perform our contract with you or to take steps at your request before entering into a contract. |
| Technical and usage data. | ||
| Marketing data. | ||
| Communications with you not related to marketing, including about changes to our terms or policies, changes to the services, or dealing with your requests, complaints, and queries. | Your name, contact information, and company details. | To perform our contract with you. |
| Necessary for our legitimate interests (to process and respond to your requests and manage our relationship with you). | ||
| Marketing our services. | Your name, contact information, and company details. | Necessary for our legitimate interests (to promote our services to clients and potential clients). |
| Marketing data. | Consent. You can opt-out of email marketing at any time by using the unsubscribe links contained in any email that we send you or by contacting us using the details above. | |
| To share your personal data with members of our group and third parties that will or may take control or ownership of some or all of our business (and professional advisors acting on our or their behalf) in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency. | Your name, contact information, and company details. | To comply with our legal and regulatory obligations. |
| Marketing data. | Necessary for our legitimate interests (to protect, realise or grow the value in our business and assets). | |
| Consent. You can opt-out of email marketing at any time by using the unsubscribe links contained in any email that we send you or by contacting us using the details above. | ||
| To enforce legal rights or defend or take legal proceedings. | Your name, contact information, and company details. | To comply with our legal and regulatory obligations. |
| Necessary for our legitimate interests (to protect our business, interests, and rights). | ||
| To administer and protect our business and our services (including testing, maintenance, support and hosting of data). | Your name, contact information, and company details. | To comply with our legal and regulatory obligations. |
| Technical data. | Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud). | |
| Ensuring business policies are adhered to, e.g., policies covering security and internet use. | Your name, contact information, and company details. | Necessary for our legitimate interests (to make sure we are following our own internal procedures). |
| Technical data. | ||
| Operational reasons, such as improving efficiency. | Your name, contact information, and company details. | Necessary for our legitimate interests (to be as efficient as we can so we can deliver the best service to you). |
| Technical data. | ||
| Updating customer records | Your name, contact information, and company details. | To perform our contract with you or to take steps at your request before entering into a contract. |
| Marketing data. | Necessary for our legitimate interests (to make sure we can keep in touch with our customers). | |
| To comply with our legal and regulatory obligations. |
12. Sharing your personal data
Where we share your personal data with third parties we will do so in line with this Privacy Notice and in compliance with data protection laws. We may share personal data that we collect with:
Our group companies, where necessary for the provision of our services.
Vendors and service providers, who perform services on our behalf.
To third parties, in a merger or acquisition context.
Law enforcement agencies or regulatory bodies, where we are under a duty to disclose or share it to comply with a legal obligation.
We are based in the UK, but we may sometimes share your personal data with third parties outside of the United Kingdom (UK) or European Economic Area (EEA). Whenever we transfer your personal data outside of the UK/EEA, we will always ensure it is protected by reasonable safeguards, including (but not limited to) only transferring personal data to countries that have been deemed by the Information Commissioner or European Commission to provide an adequate level of protection, or by using specific contractual protections. You can contact dpo@kraken.tech for details.
13. Cookies
You can find out more about the specific cookies we use and manage your preferences through our cookie consent management solution on our website and app. This is presented to you when you first visit our website or app, or visit in incognito mode, but you can also change your preferences at any time by clicking on the cookie icon in the bottom left corner of the website page.
To access individual information about each cookie, click on ‘Customise’, then click on the question mark icons next to the name of the cookie provider.
14. How long do we retain your personal data for?
We will only retain your personal data for as long as necessary to fulfil the purpose(s) for which we have collected, including for the purposes of satisfying any legal, regulatory, accounting, or administrative requirements.
To determine the appropriate retention period for the personal data we hold, we consider the amount, nature and sensitivity of the personal data, the risk of harm from unauthorised use or disclosure of your personal data, the reasons why we handle your personal data, the applicable legal requirements and whether we can achieve those purposes through other means.
In some circumstances, we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical analysis, such as looking at email open rates, to improve our services or to develop new products. In these cases, we may use this information indefinitely without further notice to you.
15. Security
We have in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. These include limiting access to your personal data to those who need it and training our employees about the importance of maintaining the privacy and security of your personal data.
16. What are my rights under data protection laws?
You have various rights under data protection laws which you can exercise by contacting us. The easiest way to do this is by email to dpo@kraken.tech. We have set these out below.
Right to object
You have the right to object to us handling your personal data on the basis of our legitimate interests. If you ask us to stop handling your personal data in this way, we will stop unless we can show you that we have compelling grounds as to why we should continue to use your personal data.
You can also ask us to stop processing your personal data for marketing purposes at any time.
Right of access
You have the right to access your personal data which we are handling, and you are entitled to receive confirmation and details about whether your personal data is being processed by us.
Right to rectification
You have the right to require us to rectify any inaccurate personal data we hold about you. You also have the right to ask us to complete personal data which you think is incomplete.
Right to restriction
You can restrict our processing of your personal data in certain circumstances.
Right to data portability
This right only applies to your personal data we are handling because you consented to us using it or because there is a contract in place between us. You have the right to receive your personal data in a structured, standard machine-readable format, and the right to ask us to send your personal data to another organisation or to give it to you.
Right to erasure
You have the right to require us to erase your personal data in certain circumstances.
Right to complain
You have the right to lodge a complaint with the Information Commissioner's Office, the supervisory authority for data protection issues in the United Kingdom. We would always rather you speak to us first if you have any questions about our handling of your personal data, so we can resolve any problems as quickly as possible. If you have any queries, issues or complaints regarding the processing of your personal data, you can contact us via email at dpo@kraken.tech. However, if you are not happy with the way we have handled your data, or would like more information about your rights, you can contact the Information Commissioner’s Office at https://ico.org.uk
