Get Started

Privacy Policy

Introduction

RI & OR Consultancy Limited, trading as Rinor Energy (“we”, “us”, or “our”), is committed to protecting and respecting your privacy.

This Privacy Policy explains how we collect, use, and safeguard your personal data when you visit our website www.rinor.co.uk (the "Website"), interact with us, or use our business energy consultancy and brokerage services.

We process personal data in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Ofgem Third Party Intermediary (TPI) Code of Practice.


About Us & Our Role

  • Company Name: RI & OR CONSULTANCY LIMITED
  • Registered Address: Canvas, 21 Walkley Lane, Heckmondwike, WF16 0NA
  • Company Number: 12168475

For the purpose of data protection law, we act as a Data Controller for the personal data we collect from you. In certain circumstances, such as when handling information provided by our energy supplier partners, we may act as a Data Processor.


The Data We Collect

We may collect, use, and store the following types of personal and business data:

  • Identity & Contact Data: Including contact names, job titles, business email addresses, and telephone numbers.
  • Business Data: Including company name, address, registration details, and VAT numbers.
  • Energy Supply Data: Including Meter Point Administration Numbers (MPAN), Meter Point Reference Numbers (MPRN), supply point data, and historical energy usage.
  • Contractual Data: Details about your current and previous energy contracts, including start/end dates.
  • Financial Data: Credit information (for business eligibility checks) and billing information where relevant.
  • Technical Data: Including your Internet Protocol (IP) address, browser type, and information about how you use our Website.
  • Marketing Data: Your preferences for receiving marketing communications from us.

How We Collect Your Data

We collect data through various methods, including when you:

  • Complete a contact or quotation form on our Website.
  • Communicate with us by phone, email, or in person.
  • Engage us to provide our energy brokerage and consultancy services.
  • Subscribe to our newsletters or other marketing materials.

We may also receive limited data from third parties, such as our partner energy suppliers, credit reference agencies, or publicly available sources like Companies House.


How and Why We Use Your Data (Lawful Basis)

We will only use your personal data when the law allows us to. Below, we explain the ways we use your data and the legal basis we rely on for each activity.

  • To provide our services: We process your contact, business, and energy data to secure energy quotations, arrange contracts with suppliers, and manage your account.
  • Lawful Basis: Performance of a Contract with you.
  • To manage our relationship with you: This includes sending service communications and responding to your enquiries.
  • Lawful Basis: Our Legitimate Interests (to provide excellent customer service and manage our business).
  • For marketing purposes: To send you updates on the energy market, our services, and relevant offers that may benefit your business.
  • Lawful Basis: Your Consent. You can withdraw consent at any time
  • To comply with legal and regulatory obligations: We may need to process and retain certain data to comply with regulations from Ofgem or for financial audits.
  • Lawful Basis: Legal Obligation.
  • To improve our website and services: We analyse technical data to improve our Website's functionality and user experience.
  • Lawful Basis: Our Legitimate Interests (to develop our business and services).

Who We Share Your Data With

We do not sell or rent your personal data. We may share your data with the following trusted third parties only when necessary:

  • Partner Energy Suppliers: To obtain quotations and finalise your energy contracts.
  • IT and System Administration Providers: Who provide our CRM, cloud hosting, and email systems.
  • Regulatory Bodies: Such as Ofgem or the Information Commissioner’s Office (ICO), if required by law.
  • Professional Advisers: ncluding lawyers, bankers, auditors, and insurers

All third-party processors are contractually required to respect the security of your data and to treat it in accordance with the law.


International Data Transfers

Some of our external third-party providers (such as cloud software providers) may be based outside the UK. If we transfer your data outside of the UK, we will ensure a similar degree of protection is afforded to it by implementing at least one of the following safeguards:

  • The transfer is to a country that has been deemed to provide an adequate level of protection for personal data by the UK.
  • We use specific contracts approved for use in the UK which give personal data the same protection it has in the UK (such as the UK's International Data Transfer Agreement).

Please contact us if you want further information on the specific mechanism used when transferring your personal data out of the UK.


Data Security

We have implemented appropriate technical and organisational security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way. These measures include data encryption, access controls, and staff confidentiality training.


Data Retention

We will only retain your personal data for as long as is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

  • Customer and Contract Data: Retained for up to six years after the end of our business relationship.
  • Enquiry or Marketing Data: Retained for up to two years or until you withdraw your consent.

Once data is no longer required, it will be securely deleted or anonymised.


Your Data Protection Rights

Under data protection law, you have the following rights:

  • Right of Access: To request a copy of the personal data we hold about you.
  • Right to Rectification: To request correction of inaccurate personal data.
  • Right to Erasure: To request that we delete your personal data.
  • Right to Restrict Processing: To request that we suspend the processing of your data.
  • Right to Data Portability: To request the transfer of your data to another party.
  • Right to Object: To object to our processing of your data (e.g., for direct marketing).

To exercise any of these rights, please email us at privacy@rinor.co.uk.


Cookies

Our Website uses cookies to enhance user experience and analyse site traffic. You can manage or disable cookies through your browser settings. For full details, please see our Cookie Policy.


Marketing Communications

You will only receive marketing emails from us if you have opted in to receive them. You can ask us to stop sending you marketing messages at any time by clicking the "unsubscribe" link in any marketing email or by contacting us directly.


Automated Decision-Making

We do not use automated decision-making or profiling in our business processes.


How to Make a Complaint:

If you have any concerns about how we handle your data, please contact our Data Protection Contact first so we can try to resolve the issue:

If you are not satisfied with our response, you have the right to make a complaint to the Information Commissioner’s Office (ICO), the UK's supervisory authority for data protection issues (www.ico.org.uk).


Changes to This Privacy Policy

We keep this Privacy Policy under regular review. Any updates will be posted on this page.


Contact Us

For any questions about this policy, please contact us at contactus@rinor.co.uk.