Last updated 4th May 2016

The security of your data and the protection of your privacy is our highest priority.


Terms used in this Policy

  • “Data” – When we refer to “Data” within this Policy, we are referring to data which you may share with us when visiting the Onedox websites (including www.onedox.com and blog.onedox.com) or using the Onedox Service as a registered user.
  • “Personal Data” – The subset of the Data from which it may be possible to personally identify you, such as your name, address, telephone number, email address shall be referred to as “Personal Data”. Personal Data may also include usernames and passwords you provide to us, which you use to access online accounts you have with the providers of your household services such as gas, electricity, Internet etc.
  • “Partners” – Reference to Partners means companies with whom we contract in order to provide certain features of the Onedox Service, such as the ability to switch Provider.
  • “Providers” – This refers to the companies that provide household services to you such as across gas, electricity, Internet, mobile, landline, TV and car tax and MOT registration.
  • “Service” – This refers to the Service provided by Onedox to registered users via the web-based application or downloadable, native mobile applications, as applicable.
  • “Suppliers” – Reference to Suppliers means companies with whom we contract in order to provide underlying components of the Onedox Service, such as SaaS companies like Amazon Web Services, who provide us with IT hardware, network connectivity and Data storage.
  • “Usage Information” – This refers to the non-personally identifying usage information that we may collect from visitors to Onedox websites (including www.onedox.com and blog.onedox.com) and users of the Onedox Service.

The purpose of this Data Privacy Policy

The purpose of this Data Privacy Policy is to clearly explain how Onedox meets its legal obligations and follows best practice in order to:

  • process your Data;
  • ensure the security of your Data; and
  • process and keep secure all other information.

Data Protection law

We process Data in accordance with the Data Protection Act 1998. We are registered with the Information Commissioner in the United Kingdom and adhere to the eight Data Protection principles, which require that:

  • Personal data will be processed fairly and lawfully
  • Personal data will only be used for specified purposes
  • Personal data shall be adequate, relevant and not excessive
  • Personal data shall be accurate and where necessary, kept up to date
  • Personal data shall not be kept for any longer than necessary
  • Personal data shall be processed in accordance with the rights of data subjects
  • Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data
  • Personal data shall not be transferred outside the European Economic Area unless to a country that ensures an adequate level of protection for the rights and freedoms of data subjects.

When and how will we use your Data?

We may need to use certain parts of your Data so that we can:

  • personalise your visits to the Onedox site;
  • provide the Onedox Service to you, and so we can consider ways in which we can improve the Service;
  • communicate with you, such as:
    • via email with information we think may be of interest to you. You may withdraw your consent for such communication at any time.
    • so that we can provide you with customer care/assistance with using your Onedox account.

 


Under what circumstances might we share your Data?

We will never share your Data with a third party unless:

  • it is necessary in order to provide you with the Onedox Service; or
  • it is necessary to do so in the event that a third party takes ownership of Onedox, in which case they would be subject to the same obligations; or
  • we are obliged to do so by law or by a competent regulatory body with lawful justification.

Where it is necessary to share your Data we will ensure that the third party also adheres to UK Data Protection legislation.

Examples of where it is necessary to share your Data to provide the Onedox Service:

  • With Suppliers with whom we contract for data storage, such as Amazon Web Services and Google.
  • With Partners with whom we contract and who act as sub-contractors in order to fulfil certain aspects of the Onedox Service, such as automatically retrieving quotes for saving money on household bills. The Data we share with such Partners does not include any of your Personal Data. Furthermore, when you use certain features of the Service, such as switching to a new Provider, it will be necessary for you to give Personal Data to our Partners. In some cases we can help simplify this process by providing the relevant Personal Data to the Partner so that they can pre-populate the order forms (or similar) for you. However, we will ask you in advance whether you want us to do this for you.

How will we keep your Data safe?

No system can be guaranteed to be 100% secure, however we do everything we can to ensure that only you can access your data, including employing the following industry standard security practices:

  • bank-grade Transport Layer Security (TLS) encryption for secure data transfer between you and Onedox.
  • using Amazon Web Services (AWS) data centers that employ electronic surveillance, multi-factor access control and are staffed 24×7 by security guards.
  • continuous monitoring and update of the Onedox systems to keep them protected from new threats as they are discovered.

How do we protect your Onedox login details and those you provide for your household supplier accounts?

We employ extra security measures to protect your login details, such as enforcing encryption of them once you enter them into the Onedox application, and limiting access to a dedicated part of the Onedox system.


How can you help to protect your Onedox account?

The first line of defence for your Onedox account is the password that you use. The best thing you can do is choose a strong password (e.g. containing a combination of upper and lower case letters, numbers and punctuation) that is unique to Onedox. We require that your password is a minimum of 8 characters long.

You should also make sure that you sign out of the Service on shared devices once you have finished using your account.


How can you manage your Data?

We give you full control to edit and delete any data which you no longer wish to store within your Onedox account.

Within your Onedox account settings, you can also decide the frequency with which you want to receive emails from us, which we can send you when new information relating to your household accounts is available.

If you ever wanted to delete your Onedox account, we would delete all Data we store relating to you.


How can you access the Data we hold about you?

In accordance with your rights under The Data Protection Act, you can make a formal request to ask us what Data we hold about you (in addition to viewing your data within your Onedox account).

To make such a request, please email us at info@onedox.com specifying your wish to be informed what Data of yours we hold and we will process your request.

A fee of £10, in accordance with the fees allowed under The Data Protection Act and to cover the administration costs associated with processing the request, is payable in advance.

We may require additional information from you to verify your identity (such as a copy of your driving license or passport) before sharing any Data with you.

We endeavour to process any such requests within 10 working days.


Usage Information collected for visitors to Onedox websites

When someone visits www.onedox.com or blog.onedox.com we collect standard internet log information and details of visitor behaviour patterns which may include mouse clicks, mouse movements and scrolling activity. We do this to find out things such as the number of visitors to the various parts of the sites and to help us improve usability and customer experience.

We collect this information in a way which does not identify anyone personally, unless you go on to sign in to the Onedox Service. We do not make any attempt to find out the identities of those visiting our websites. We will not associate any data gathered from visiting these sites with any personally identifying information from any source.

If we do want to collect personally identifiable information, such as if you wish to register for the Onedox Service, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.

Some of this information is collected using analytics services from third parties such as Google Analytics. This information may be collected directly from your web browser but is done in a way that does not share information with the third party that could identify anyone personally. If you wish to opt-out of these third party analytics services being used when you visit the Onedox websites from your browser you can do so here.


Usage Information collected for users of the Onedox Service via the app.onedox.com site

We collect standard internet log information and details of how you use the app.onedox.com site which may include mouse clicks, mouse movements and scrolling activity. We do this to understand how you use Onedox in order to improve it for you in the future.

Some of this information is collected using analytics services from third parties such as Google Analytics. This information may be collected directly from your web browser but is done in a way that does not share information with the third party that could identify anyone personally. If you wish to opt-out of these third party analytics services being used when you visit the Onedox websites and Service from your browser you can do so here.


Usage Information collected for users of the Onedox Service via the Android / iOS app

We collect details of how you use the app, which may include touch gestures, scrolling activity and screens visited. We do this to understand how you use Onedox in order to improve it for you in the future.


Cookie Policy

 

How cookies are used by Onedox

Cookies used by Onedox

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.

The table below explains the cookies we use and why:

Cookie Description Purpose
onedox.session Onedox session identifier This cookie is used on app.onedox.com to identify you and secure your access to the Onedox Service. This cookie is not used with visitors to www.onedox.com.
onedox.referral Onedox referral tracking We use this cookie to track where where registrations for the Onedox Service come from. This is required for running the referral scheme in our Free Electricity For a Year competition.
onedox.eu-cookies-accepted Onedox cookie preference We use this cookie to track whether you have acknowledged the cookie policy by clicking the button on the bottom of the Onedox website.
onedox.analytics Onedox third party analytics preference We use this cookie when you have chosen to opt out of us using third party analytics services to collect Usage Information from a browser.
_ga, _gat, _gali Google Analytics We use these cookies to help understand how you are using the Onedox website and/or Service so that we can improve your experience in future. For more information see: Google Analytics Privacy Overview.
__lotr, _lo_bn, _lo_u, _lo_v Usage Information We use these cookies to help understand how you are using the Onedox website and/or Service so that we can improve your experience in future.
intercom-id-xfq74t0c, intercom-session-xfq74t0c Live chat for customer support We use these cookies to provide you with help and support via live chat.

How do I change my cookie settings?

Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.

For information on opting out of being tracked by Google Analytics across all websites see: Google Analytics Opt-out Browser Add-on.


Targeted Advertising

We may use cookies, web beacons, and similar technologies to collect information about your use of Onedox properties (www.onedox.com, blog.onedox.com, app.onedox.com and native mobile apps) and we may use that information to enable us to serve adverts on third parties sites that we think may be of interest to you.

You can manage your preferences for targeted advertising at www.aboutads.info/choices.