Data Protection Policy

Last updated: 8 December 2025

Data Protection Policy

Last updated: 8 December 2025

1. Purpose of this Policy

Beam My Bills (“we”, “us”, “our”) is committed to protecting the privacy, confidentiality and security of all personal data we process.

This Data Protection Policy explains:

  • What personal data we process

  • Our legal basis for processing it

  • How we protect data

  • How long we keep data

  • Your rights under UK GDPR

  • How to contact us

This policy applies to all customers, website users, partners, and enquiries.

2. Our Data Protection Principles

We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We follow the six core principles of lawful processing:

  1. Lawfulness, fairness, transparency
    We process data legally, fairly, and openly.

  2. Purpose limitation
    Data is collected only for clear, legitimate purposes.

  3. Data minimisation
    We collect only the data necessary to deliver our services.

  4. Accuracy
    We keep data accurate and up to date.

  5. Storage limitation
    We keep data only as long as required for the stated purpose or legal requirements.

  6. Integrity and confidentiality
    We protect all personal data with secure, appropriate technical and organisational measures.

3. What Personal Data We Process

Depending on how you use our services, we may process:

3.1 Personal identification data

  • Name

  • Email address

  • Phone number

3.2 Billing and service-related information

Only when voluntarily provided:

  • Energy, water, telecom or broadband bills

  • Meter or tariff information

  • Supplier account details

3.3 Technical data

  • IP address

  • Device and browser information

  • Website usage data (via cookies)

We do not process banking information, card details or financial credentials.

4. Legal Basis for Processing

We process personal data under the following lawful bases:

4.1 Consent

When you submit a bill, request a comparison, or opt in to receive marketing.

You may withdraw consent at any time.

4.2 Contractual necessity

We may need certain data to provide a comparison, process a switch, or fulfil a service you have requested.

4.3 Legitimate interests

To run and improve our business operations, ensure service quality, prevent fraud, or understand how our website is used.

4.4 Legal obligation

To comply with regulatory requirements, disputes, or ADR investigations.

5. How We Protect Your Data

We take appropriate technical and organisational measures to protect your personal data from:

  • Loss

  • Unauthorised access

  • Misuse

  • Disclosure

  • Alteration

  • Destruction

Our security measures include:

  • Secure cloud storage via Google Workspace (G-Suite)

  • Role-based access controls

  • Encrypted data transmission

  • Password-protected internal systems

  • Firewalls, anti-malware and monitoring

  • Staff training on data protection

Only authorised team members may access personal data, and only where required for their role.

6. Data Sharing

We may share personal data with:

  • Your chosen supplier (to complete a switch or comparison)

  • Trusted service partners (hosting, analytics, CRM, email delivery)

  • ADR schemes (if required for dispute resolution)

  • Regulatory bodies (if legally required)

We do not sell personal data.

All third parties must apply GDPR-compliant safeguards and confidentiality agreements.

7. Data Retention

We keep personal data only for as long as necessary to:

  • Provide our services

  • Resolve disputes or complaints

  • Comply with legal or regulatory requirements

Retention periods depend on the type of data.
When data is no longer required, it is securely deleted or anonymised.

If you wish to know the retention period for a specific category of data, contact us using the details below.

8. International Transfers

Our primary data storage is in the UK or EEA.
If data is transferred outside these regions (for example, via Google Workspace hosting), we ensure the recipient country has adequate safeguards such as Standard Contractual Clauses (SCCs).

We only work with providers who meet the required GDPR standards.

9. Your Data Protection Rights

Under UK GDPR, you have the following rights:

  • Right of access – Request copies of your personal data

  • Right to rectification – Ask us to correct inaccurate or incomplete data

  • Right to erasure – Request deletion of your data under certain conditions

  • Right to restrict processing – Limit how your data is used

  • Right to object – Object to processing based on legitimate interests or marketing

  • Right to data portability – Request transfer of your data to another organisation

  • Right to withdraw consent – At any time, where consent is the legal basis

We aim to respond to all requests within one month.

To exercise these rights, contact:
Email: support@beammybills.co.uk
Address: Beams Consulting Ltd
167-169 Great Portland Street, London, England, W1W 5PF

10. Data Breach Procedure

In the unlikely event of a data breach:

  • We will assess the severity and scope immediately

  • We will notify affected individuals where there is a risk to their rights or freedoms

  • We will notify the Information Commissioner’s Office (ICO) within 72 hours if legally required

  • We will document the incident and improvements made

11. Staff Responsibilities

All Beam My Bills team members who handle personal data must:

  • Follow GDPR principles

  • Use only authorised systems

  • Keep information confidential

  • Report potential breaches immediately

  • Apply secure practices when accessing or sharing information

We provide training and guidance to ensure compliance.

12. Links to Other Policies

This Data Protection Policy should be read alongside:

  • Privacy Policy

  • Cookie Policy

  • Complaints Policy

  • Terms & Conditions

Together, these documents explain how we protect and manage your data.

13. Updates to This Policy

We review this Data Protection Policy regularly.
Any changes will be posted on this page with a revised “Last updated” date.

14. Contact Us

If you have questions about this policy or how we process personal data, please contact us:

Email: support@beammybills.co.uk
Address: Beams Consulting Ltd
167-169 Great Portland Street, London, England, W1W 5PF

15. Contacting the ICO

If you believe we have not handled your data correctly, you can contact the Information Commissioner’s Office (ICO):

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Website: https://www.ico.org.uk
Phone: 0303 123 1113

1. Purpose of this Policy

Beam My Bills (“we”, “us”, “our”) is committed to protecting the privacy, confidentiality and security of all personal data we process.

This Data Protection Policy explains:

  • What personal data we process

  • Our legal basis for processing it

  • How we protect data

  • How long we keep data

  • Your rights under UK GDPR

  • How to contact us

This policy applies to all customers, website users, partners, and enquiries.

2. Our Data Protection Principles

We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We follow the six core principles of lawful processing:

  1. Lawfulness, fairness, transparency
    We process data legally, fairly, and openly.

  2. Purpose limitation
    Data is collected only for clear, legitimate purposes.

  3. Data minimisation
    We collect only the data necessary to deliver our services.

  4. Accuracy
    We keep data accurate and up to date.

  5. Storage limitation
    We keep data only as long as required for the stated purpose or legal requirements.

  6. Integrity and confidentiality
    We protect all personal data with secure, appropriate technical and organisational measures.

3. What Personal Data We Process

Depending on how you use our services, we may process:

3.1 Personal identification data

  • Name

  • Email address

  • Phone number

3.2 Billing and service-related information

Only when voluntarily provided:

  • Energy, water, telecom or broadband bills

  • Meter or tariff information

  • Supplier account details

3.3 Technical data

  • IP address

  • Device and browser information

  • Website usage data (via cookies)

We do not process banking information, card details or financial credentials.

4. Legal Basis for Processing

We process personal data under the following lawful bases:

4.1 Consent

When you submit a bill, request a comparison, or opt in to receive marketing.

You may withdraw consent at any time.

4.2 Contractual necessity

We may need certain data to provide a comparison, process a switch, or fulfil a service you have requested.

4.3 Legitimate interests

To run and improve our business operations, ensure service quality, prevent fraud, or understand how our website is used.

4.4 Legal obligation

To comply with regulatory requirements, disputes, or ADR investigations.

5. How We Protect Your Data

We take appropriate technical and organisational measures to protect your personal data from:

  • Loss

  • Unauthorised access

  • Misuse

  • Disclosure

  • Alteration

  • Destruction

Our security measures include:

  • Secure cloud storage via Google Workspace (G-Suite)

  • Role-based access controls

  • Encrypted data transmission

  • Password-protected internal systems

  • Firewalls, anti-malware and monitoring

  • Staff training on data protection

Only authorised team members may access personal data, and only where required for their role.

6. Data Sharing

We may share personal data with:

  • Your chosen supplier (to complete a switch or comparison)

  • Trusted service partners (hosting, analytics, CRM, email delivery)

  • ADR schemes (if required for dispute resolution)

  • Regulatory bodies (if legally required)

We do not sell personal data.

All third parties must apply GDPR-compliant safeguards and confidentiality agreements.

7. Data Retention

We keep personal data only for as long as necessary to:

  • Provide our services

  • Resolve disputes or complaints

  • Comply with legal or regulatory requirements

Retention periods depend on the type of data.
When data is no longer required, it is securely deleted or anonymised.

If you wish to know the retention period for a specific category of data, contact us using the details below.

8. International Transfers

Our primary data storage is in the UK or EEA.
If data is transferred outside these regions (for example, via Google Workspace hosting), we ensure the recipient country has adequate safeguards such as Standard Contractual Clauses (SCCs).

We only work with providers who meet the required GDPR standards.

9. Your Data Protection Rights

Under UK GDPR, you have the following rights:

  • Right of access – Request copies of your personal data

  • Right to rectification – Ask us to correct inaccurate or incomplete data

  • Right to erasure – Request deletion of your data under certain conditions

  • Right to restrict processing – Limit how your data is used

  • Right to object – Object to processing based on legitimate interests or marketing

  • Right to data portability – Request transfer of your data to another organisation

  • Right to withdraw consent – At any time, where consent is the legal basis

We aim to respond to all requests within one month.

To exercise these rights, contact:
Email: support@beammybills.co.uk
Address: Beams Consulting Ltd
167-169 Great Portland Street, London, England, W1W 5PF

10. Data Breach Procedure

In the unlikely event of a data breach:

  • We will assess the severity and scope immediately

  • We will notify affected individuals where there is a risk to their rights or freedoms

  • We will notify the Information Commissioner’s Office (ICO) within 72 hours if legally required

  • We will document the incident and improvements made

11. Staff Responsibilities

All Beam My Bills team members who handle personal data must:

  • Follow GDPR principles

  • Use only authorised systems

  • Keep information confidential

  • Report potential breaches immediately

  • Apply secure practices when accessing or sharing information

We provide training and guidance to ensure compliance.

12. Links to Other Policies

This Data Protection Policy should be read alongside:

  • Privacy Policy

  • Cookie Policy

  • Complaints Policy

  • Terms & Conditions

Together, these documents explain how we protect and manage your data.

13. Updates to This Policy

We review this Data Protection Policy regularly.
Any changes will be posted on this page with a revised “Last updated” date.

14. Contact Us

If you have questions about this policy or how we process personal data, please contact us:

Email: support@beammybills.co.uk
Address: Beams Consulting Ltd
167-169 Great Portland Street, London, England, W1W 5PF

15. Contacting the ICO

If you believe we have not handled your data correctly, you can contact the Information Commissioner’s Office (ICO):

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Website: https://www.ico.org.uk
Phone: 0303 123 1113