Our Privacy Policy

Feb 10, 2026

PRIVACY POLICY io-gen

IO-Gen Efficiency Ltd.

Design District, 13 Soames Walk, London, SE10 0AX

info@io-gen.com | +44 7775 227723

www.io-gen.com

Introduction

This Privacy Policy explains how IO-Gen Efficiency Ltd. ("we", "us", "our", or the "Company") collects, uses, shares, and

protects personal data when you use our energy management software platform and services. We are committed to

protecting your privacy and ensuring you have a positive experience on our website and when using our services.

Please read this Privacy Policy carefully. If you have any questions about how we handle your personal data, please

contact our Data Protection Officer at jed@io-gen.com or +44 7775 227723.

Your Rights: Under UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018, you have

important rights regarding your personal data. These are explained throughout this policy.

---

1. Who We Are

Organisation Details:

Organisation Name 

IO-Gen Efficiency Ltd.

Address 

Heath Place, Ash Grove, Bognor Regis, PO22 9SL

Registration Number 

13177936

Email 

info@io-gen.com

Phone 

+44 7775 227723


Data Protection Officer:

Name Email Response Time Jed Palma

jed@io-gen.com

Within 5 business days

---

2. What Personal Data Do We Collect?

We collect different types of personal data depending on how you interact with us. Here's what we collect:

2.1 Data You Provide Directly

Account Registration:

When you create an account on our platform, we collect:

- Full name

- Email address

- Company name

- Password (encrypted)

- Job title/role

- Company size/sector

IO Gen Efficiency Ltd.

Registered No. 13177936

(England and Wales)PRIVACY POLICY io-gen

IO-Gen Efficiency Ltd.

Design District, 13 Soames Walk, London, SE10 0AX

info@io-gen.com | +44 7775 227723

www.io-gen.com

Service Usage:

To provide our energy management services, we collect:

- Organization name and address

- Energy consumption data (readings, usage patterns, meter information)

- Equipment details (meter types, sensors, smart devices)

- Billing address

- Building characteristics (square footage, type, occupants)

- Energy management goals and preferences

2.2 Data Collected Automatically

Usage Data:

When you use our platform, we automatically collect:

- IP address

- Browser type and version

- Operating system

- Referrer information

- Pages visited and time spent

- Links clicked

- Features used within the platform

- Interaction patterns and behaviours

- Login/logout times

- Account activity

Device Information:

- Device type (desktop, mobile, tablet)

- Device identifier

- Device settings

- Mobile network information (if applicable)

Cookies and Similar Technologies:

- Session identifiers

- Preference settings

- Authentication tokens

- Tracking cookies (where consent provided)

- Analytical cookies

2.3 Data from Third Parties

From Your Organization:

- Team member contact details (if you add them to your account)

- Organisation hierarchy and roles

IO Gen Efficiency Ltd.

Registered No. 13177936

(England and Wales)PRIVACY POLICY io-gen

IO-Gen Efficiency Ltd.

Design District, 13 Soames Walk, London, SE10 0AX

info@io-gen.com | +44 7775 227723

www.io-gen.com

---

3. Legal Basis for Processing

We process your personal data only where we have a legal basis to do so under UK GDPR. Here are the legal bases we

rely on:

3.1 Performance of Contract

What: Processing necessary to provide our energy management services.

Examples:

- Your business account registration details

- Energy consumption data

- Service delivery and technical support

Your Right: You cannot object to this processing as it is necessary to perform our services.

3.2 Legitimate Interests

What: Processing necessary for legitimate business purposes that don't override your rights.

Examples:

- Fraud prevention and security monitoring

- Improving and optimising our services

- Analytics to understand usage patterns

- Marketing communications (where not subject to PECR)

- Building user profiles for personalisation

- Automated decision-making for service recommendations

Your Right: You can object to this processing. We will then assess whether our interests override yours.

3.3 Compliance with Legal Obligations

What: Processing required by law.

Examples:

- Tax and accounting records

- Regulatory reporting requirements

- Legal holds for litigation

- Law enforcement requests

- Data retention for audit purposes

Your Right: You cannot object as the processing is legally mandated.

IO Gen Efficiency Ltd.

Registered No. 13177936

(England and Wales)PRIVACY POLICY io-gen

IO-Gen Efficiency Ltd.

Design District, 13 Soames Walk, London, SE10 0AX

info@io-gen.com | +44 7775 227723

www.io-gen.com

3.4 Consent

What: Processing where you have actively agreed.

Examples:

- Marketing emails and newsletters

- Optional cookies and tracking

- Optional customer surveys

- Data sharing with third parties for specific purposes

- Communications beyond service-related messages

Your Right: You can withdraw consent at any time with effect from that point forward (it doesn't undo past processing).

---

4. How We Use Your Data

We use personal data for the following purposes:

4.1 Service Delivery

- Creating and managing your account

- Providing energy management analysis and recommendations

- Generating reports and insights

- Integrating with your systems and equipment

- Technical support and maintenance

- Billing and invoicing

- Service performance monitoring

4.2 Communication

- Responding to your inquiries

- Sending service updates and notifications

- Providing technical support

- Sharing important security information

- Notifying you of changes to terms/policies

- Sending administrative messages

4.3 Marketing (Where Permitted)

- Sending promotional emails about new features

- Sharing case studies and success stories

- Inviting participation in surveys and feedback

- Product recommendations based on your usage

- Event invitations and webinar announcements

- Information about related services

IO Gen Efficiency Ltd.

Registered No. 13177936

(England and Wales)PRIVACY POLICY io-gen

IO-Gen Efficiency Ltd.

Design District, 13 Soames Walk, London, SE10 0AX

info@io-gen.com | +44 7775 227723

www.io-gen.com

4.4 Service Improvement

- Analysing usage patterns to improve functionality

- Conducting user research and surveys

- Identifying technical issues and bugs

- Understanding customer needs and preferences

- Developing new features and services

- Training our machine learning algorithms (anonymised)

4.5 Security and Compliance

- Preventing fraud and unauthorized access

- Detecting and preventing cyber attacks

- Monitoring for suspicious activities

- Enforcing our terms and policies

- Defending legal claims

- Complying with legal obligations

4.6 Legitimate Business Operations

- Personnel administration and HR functions

- Business analytics and financial reporting

- Contractual performance assessment

- Vendor and partner management

- Quality assurance and performance monitoring

---

5. Who We Share Your Data With

We only share your personal data where necessary and with appropriate safeguards. Here's who we share with:

5.1 Service Providers (Data Processors)

We share data with third-party service providers who process data on our behalf under contracts:

Cloud Infrastructure Providers:

Microsoft Azure via VanBeek

- Purpose: Hosting our platform and customer data

- Location: UK/EU data center locations

- Data Shared: All customer data (encrypted)

N3rgy Data Service

  • is used by IO-Gen Efficiency Ltd. to interface with the national smart meter systems in order to collect, store, manage and share with IO-Gen Efficiency Ltd. your Smart Meter data. This service uses the Smart Energy Code  (https://smartenergycodecompany.co.uk/)  Party credentials and Party ID of N3RGY DATA LIMITED, incorporated and registered in England and Wales with the company number 11712674 whose registered office is at Prennau House Copse Walk, Pontprennau, Cardiff, Wales, CF23 8XH.

Email and Communication Services:

- Microsoft 360 via VanBeek

- Purpose: Sending emails and notifications

- Data Shared: Contact information, communication content

IO Gen Efficiency Ltd.

Registered No. 13177936

(England and Wales)PRIVACY POLICY io-gen

IO-Gen Efficiency Ltd.

Design District, 13 Soames Walk, London, SE10 0AX

info@io-gen.com | +44 7775 227723

www.io-gen.com

Backup and Disaster Recovery:

- Microsoft Azure via VanBeek

- Purpose: Ensuring data recovery capability

- Data Shared: All customer data (encrypted)

5.2 Business Partners

We may share aggregated or anonymized data with business partners for:

- Research and development

- Product development and testing

- Industry analysis

- Market research

- Co-marketing initiatives

Personal data is not disclosed without consent, except in aggregated/anonymised form.

5.3 Legal and Regulatory Authorities

We will share personal data with authorities when required by law:

- Law enforcement (police, courts, prosecutors)

- Regulatory bodies (ICO, FCA, Ofgem if applicable)

- Tax authorities

- Public health agencies (in emergencies)

We will provide notice where legally permitted.

5.4 Business Transfers

If we undergo a merger, acquisition, or bankruptcy:

- Your personal data may be transferred as part of the transaction

- We will notify you and provide opportunity to object where feasible

- Successor organization will respect this Privacy Policy

5.5 Data Sharing NOT Without Consent

We will **NOT** share your personal data with third parties for their own purposes (e.g., for their direct marketing)

without your explicit consent. You control this through your privacy settings.

5.6 International Transfers

UK and EU Data:

- Primarily stored in UK or EU data centers

- Protected by UK GDPR

IO Gen Efficiency Ltd.

Registered No. 13177936

(England and Wales)PRIVACY POLICY io-gen

IO-Gen Efficiency Ltd.

Design District, 13 Soames Walk, London, SE10 0AX

info@io-gen.com | +44 7775 227723

www.io-gen.com

---

6. Data Retention

We retain personal data only as long as necessary for the purposes identified. Here are our retention periods:

6.1 Active Account Data

| Data Category | Retention Period | Reason |

|---|---|---|

| Account registration data | Duration of contract + 6 months | Service provision and dispute resolution |

| Energy consumption data (live) | Duration of subscription | Service provision |

| Energy consumption data (archived) | 90 days after account closure | Backup purposes |

| Billing and invoicing records | 7 years | UK tax law requirement |

| Customer support communications | 3 years | Complaint resolution and service improvement |

| System access logs | 1 year | Security audit and investigation |

| Payment records | 7 years | Tax and accounting requirements |

6.2 Inactive Accounts

- If your account is inactive for 12 months, we may send notification

- If no activity for 24 months, we may archive or delete account

- You can request deletion anytime

6.3 Marketing Data

| Data Type | Retention | Your Control |

|---|---|---|

| Email address (for marketing) | Until unsubscribe | Unsubscribe anytime |

| Subscription preferences | Until changed | Update preferences anytime |

| Engagement history | 2 years | Request deletion anytime |

6.4 Secure Deletion

When we delete data:

- Deletion performed using certified deletion tools

- Cloud provider deletion confirmed

- Backup copies deleted on schedule

- Encrypted key destruction (for encrypted data)

IO Gen Efficiency Ltd.

Registered No. 13177936

(England and Wales)PRIVACY POLICY io-gen

IO-Gen Efficiency Ltd.

Design District, 13 Soames Walk, London, SE10 0AX

info@io-gen.com | +44 7775 227723

www.io-gen.com

- Certificate of deletion retained

---

7. Your Privacy Rights

Under UK GDPR and Data Protection Act 2018, you have the following rights:

7.1 Right of Access (Subject Access Request)

What: You have the right to obtain a copy of your personal data.

How to Exercise:

1. 3. Send written request to [dpo@company.com]

2. Provide proof of identity

We will respond within 30 calendar days

What We Provide:

- Copy of all personal data we hold

- Explanation of how we use your data

- Description of our processing (purposes, recipients, retention)

- Information about automated decision-making

Cost: Free (unless request is excessive/repetitive)

7.2 Right to Rectification

What: You can correct inaccurate or incomplete information.

How to Exercise:

1. 2. 3. Log into your account and update profile information

Contact us for information we hold on your behalf

We will correct information within 30 days

What Happens:

- We update your information immediately

- We notify third parties of the correction where feasible

- You receive confirmation of correction

7.3 Right of Erasure ("Right to be Forgotten")

What: In certain circumstances, you can request deletion of your data.

When You Can Request Erasure:

- Data is no longer necessary for original purpose

IO Gen Efficiency Ltd.

Registered No. 13177936

(England and Wales)PRIVACY POLICY io-gen

IO-Gen Efficiency Ltd.

Design District, 13 Soames Walk, London, SE10 0AX

info@io-gen.com | +44 7775 227723

www.io-gen.com

- You withdraw consent (if consent was basis)

- You object to processing and we have no legitimate interest

- Data was unlawfully processed

- Deletion required by law

- Data collected when you were a child

How to Exercise:

1. Contact us at info@io-gen.com

2. 3. Specify what data to delete

We will assess and respond within 30 days

When We May Not Delete:

- Processing necessary to perform services you requested

- Processing necessary for legal obligations

- Processing necessary for legal claims or defense

- Data needs to be retained for compliance

7.4 Right to Restrict Processing

What: You can request that we limit how we use your data.

When You Can Restrict:

- Accuracy is disputed (processing restricted while verified)

- Processing is unlawful but you prefer restriction to deletion

- We no longer need data but you need it for legal claim

- You object to processing (under investigation)

How to Exercise:

1. Contact us at info@io-gen.com

2. Explain reason for restriction

3. We will mark data as restricted and cease processing (except storage)

-

7.5 Right to Data Portability

What: You can obtain your data in a portable, machine-readable format.

What's Included:

  • All personal data we hold about you

  • Data you provided directly

  • Data collected through your platform use

  • Structured, commonly used, machine-readable format (CSV, JSON, etc.)

How to Exercise:

  1. Request at info@io-gen.com

  2. Specify format preference

  3. We will provide within 7 days

  4. Data can be transmitted directly to another provider if feasible

-

7.6 Right to Object

To Marketing:

- You can object to marketing communications anytime

- Unsubscribe link in every marketing email

- Update preferences in account settings

- Objection effective immediately

To Processing for Legitimate Interests:

- You can object to processing for our legitimate interests

- We must then cease processing unless:

- We have compelling legitimate grounds that override yours

- Processing necessary for legal claims

To Profiling:

- You can object to automated profiling decisions

- Request human review of decision

- We will provide explanation of logic

7.7 Rights Related to Automated Decision-Making

What: You have protection from solely automated decisions with significant effects.

Your Rights:

- Right not to be subject to decision based solely on automated processing

- Right to explanation of logic and safeguards

- Right to human review of automated decision

- Right to express views and challenge

Our Automated Processing:

- We may use data to recommend features

- We may identify anomalies (fraud prevention)

- We generally don't make significant legal/financial decisions automatically

- When we do, human review available upon request

7.8 Right to Lodge a Complaint

If You're Concerned About Our Processing:

- Contact our Data Protection Officer: [dpo@company.com]

- We will investigate and respond within 30 days

If Unsatisfied:

You can lodge a formal complaint with the Information Commissioner's Office (ICO):

- Website: https://ico.org.uk

- Telephone: 0303 123 1113

- Email: casework@ico.org.uk

- Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

---

8. How We Protect Your Data

We implement comprehensive security measures to protect your personal data:

8.1 Technical Security

Data Encryption:

- Encryption in transit: TLS 1.2+ (minimum)

- Encryption at rest: AES-256 (industry standard)

- Encrypted backups with separate key storage

- Encryption keys managed securely and rotated regularly

System Security:

- Enterprise-grade firewalls with intrusion detection/prevention

- Web application firewalls protecting against attacks

- Regular vulnerability scanning and penetration testing

- Security patching deployed within 48 hours for critical vulnerabilities

- Network segmentation separating security zones

Access Control:

- Multi-factor authentication required for all accounts

- Role-based access control limiting access to minimum necessary

- Privileged access management for administrative accounts

- Regular access reviews and immediate removal when no longer needed

- Audit logging of all access to sensitive data

Monitoring:

- 24/7 security monitoring and threat detection

- Real-time alerting for security incidents

- Automated response to detected threats

- Regular security audits (internal and external)

- Penetration testing conducted annually

8.2 Organisational Security

Staff Training:

- Mandatory data protection training for all staff

- Annual security awareness training

- Phishing and social engineering simulations

- Training on handling personal data securely

Policies and Procedures:

- Information Security Policy covering staff conduct

- Data Protection Policy with specific GDPR requirements

- Incident Response Plan for responding to breaches

- Business Continuity Plan ensuring service availability

- Acceptable Use Policy governing data handling

Contracts and Agreements:

- Data Processing Agreements with all data processors

- Standard Contractual Clauses for international transfers

- Security clauses in all vendor contracts

- Regular security assessments of critical vendors

8.3 What You Can Do

Protect Your Account:

- Use strong, unique passwords

- Enable multi-factor authentication

- Never share login credentials

- Log out when using shared devices

- Report suspicious activity immediately

---

9. Third-Party Links and Services

9.1 External Links

Our platform contains links to third-party websites. We are not responsible for:

- Privacy practices of those websites

- Content on those websites

- Security of those websites

Recommendation: Review their privacy policies before sharing personal data.

9.2 Integrated Services

If you authorize integrations with third-party services:

- Those services access data necessary for integration

- Their privacy policies apply to their processing

- We recommend reviewing their policies

- You can revoke integration access anytime in settings

Popular Integrations:

- Energy supplier APIs

- Weather data services

- Building management systems

- IoT device integrations

9.3 Social Media

We may have social media presence (LinkedIn, YouTube, etc.):

- Their privacy policies apply to their platforms

- We don't control their data handling

- Linking to our profiles is optional

10. Data Breaches

10.1 What We Do If Breached

If we discover a personal data breach:

1. 2. 3. 4. Assessment - We assess the risk to your rights and freedoms within 24 hours

Notification - If high risk, we notify you without undue delay (maximum 4 weeks)

ICO Report - If required by law, we report to the Information Commissioner's Office within 72 hours

Communication - We provide clear information on:

  • What happened

  • What data was affected

  • Steps we took to secure data

  • What you can do to protect yourself

-

10.2 Breach Notification Content

If we notify you:

  • Nature of the breach

  • Data likely affected

  • Name and contact of Data Protection Officer

  • Recommended protective actions (e.g., change password)

  • Our incident response steps

-

10.3 Breach Register

We maintain a register of all breaches including:

  • Date of breach discovery

  • Description of incident

  • Data affected

  • Individuals affected

  • Outcome and remediation

11. International Data Transfers

11.1 Where We Store Data

Primary Storage:

  • UK-based data centres (preferred for GDPR compliance)

  • Alternative: EU data centres

Why UK/EU:

  • UK GDPR data protection standards apply directly

  • No additional safeguards legally required

  • Your data protected with full GDPR rights

-

11.2 Transfers Outside UK/EU

When We Transfer:

  • To analytics services processing globally

  • To business partners in other countries

How We Protect:

  • Standard Contractual Clauses (SCCs) in all contracts

  • Enhanced technical safeguards:

    • Encryption before transfer

    • Restricted access controls

    • Pseudonymisation where feasible

  • Regular risk assessments of legal environment

  • Monitoring of government access requests

Your Rights:

  • You have right to know about transfers

  • You can object to certain transfers

  • You can request data remain in UK/EU

-

11.3 Adequacy Decisions

Transfers to countries with adequacy decisions (no additional safeguards required):

  • Philippines

12. Policy Updates

12.1 Changes to This Policy

  • We may update this Privacy Policy:

  • When business practices change

  • When regulations change

  • When we add new features or services

  • When new tools/vendors are engaged

-

12.2 How We Notify You

Material Changes:

  • Email notification to registered address

  • Banner notification in your account

  • Minimum 30 days’ notice before effective date

  • Opportunity to review changes

Minor Changes:

  • Published on this page without notice

  • Date of last update shown at top

-

12.3 Your Choices

If you disagree with changes:

  • You can stop using our services

  • You can request data deletion

  • You have 30 days to exercise rights before changes effective

13. Contact Information

For all privacy-related inquiries:

13.1 Data Protection Officer

  • Name Jed Palma

  • Email jed@io-gen.com

  • Response Time Within 5 business days

-

13.2 Company Contact

For general inquiries:

  • Email: info@io-gen.com

  • Phone: +44 7775 227723

  • Website: www.io-gen.com

-

13.3 Information Commissioner's Office (ICO)

For complaints about our data practices:

  • Website: https://ico.org.uk

  • Telephone: 0303 123 1113

  • Email: casework@ico.org.uk

  • Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

14. Additional Information

14.1 Automated Decision-Making and Profiling

Automated Processing We Conduct:

  • Anomaly detection for fraud prevention

  • Feature recommendations based on usage patterns

  • Performance scoring

  • Energy consumption benchmarking

Your Rights:

  • Right to request human review

  • Right to explanation of automated decisions

  • Right to object to automated processing

  • Safeguards always in place for significant decisions

-

14.2 Legitimate Interests Assessment

We have conducted formal assessments of our legitimate interests balancing test for:

  • Security monitoring

  • Service analytics and improvement

  • Fraud prevention

  • Platform optimisation

Available Upon Request: Contact our Data Protection Officer for details.

-

14.3 Data Protection Impact Assessments

14.4 Processing Records

We maintain Records of Processing Activities documenting:

  • All personal data we collect

  • Purposes of processing

  • Categories of recipients

  • Retention schedules

  • Security measures

  • Data subjects' rights

Compliance Transparency: We maintain these records to demonstrate accountability.

15. Glossary of Terms

Data Controller - Organisation determining purposes and means of data processing (us)

Data Processor - Organisation processing data on behalf of controller (our vendors)

Data Subject - Individual to whom data relates (you)

Personal Data - Any information relating to identified or identifiable person

Processing - Any operation on personal data (collection, storage, use, deletion)

Lawful Basis - Legal justification for processing

Consent - Freely given, specific, informed, unambiguous agreement

Legitimate Interest - Organization's legal right to process data for business purposes

Data Breach - Unauthorized access, disclosure, or loss of personal data

GDPR - General Data Protection Regulation (UK data protection law)

ICO - Information Commissioner's Office (UK data protection regulator)

DPA - Data Protection Act 2018

DPO - Data Protection Officer

SCC - Standard Contractual Clauses (for international transfers)

PECR - Privacy and Electronic Communications Regulations (marketing rules)

Appendix A: Cookies List

| Cookie Name | Purpose | Duration | Type |

|---|---|---|---|

| session_id | Authentication | Session | Essential |

| user_pref | User preferences | 1 year | Functional |

| analytics_id | Usage analytics | 2 years | Analytics |

| csrf_token | Security | Session | Essential |

Appendix B: Data Processing Agreements

We have Data Processing Agreements in place with:

  • Van Beek Ingeniurs

  • Microsoft Azure

  • N3gy Ltd.

Copies available upon request from our Data Protection Officer.

Effective Date: February 2026

Last Updated: February 2026

Version: 1.3

End of Privacy Policy

IO Gen Efficiency Ltd.

Registered No. 13177936

(England and Wales)

Business Case: Camden, Brent & Fitzrovia's Business Climate Challenge ›