Privacy Policy

1. Introduction

CIKABOU LTD ("CIKABOU", "we", "us", or "our") is committed to protecting the privacy and security of personal data processed in connection with our corporate website at https://cikabou.site/ and our related business activities in the UK electricity sector.

This Privacy Policy outlines how we collect, use, disclose, and safeguard your personal information when you visit our website, interact with our digital channels, or engage with us as a prospective or existing partner, client, supplier, candidate, or other stakeholder.

By using our website or otherwise providing personal data to us, you acknowledge that you have read and understood this Privacy Policy. Where required by law, we will obtain your explicit consent before collecting or processing personal data.

2. Definitions

For the purposes of this Privacy Policy, the following terms have the meanings set out below:

• "Personal Data" means any information that relates to an identified or identifiable individual, such as a name, email address, phone number, or online identifier.
• "Processing" means any operation performed on Personal Data, whether or not by automated means, including collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, restriction, erasure, or destruction.
• "User" means any individual who accesses or uses our website, communicates with us through digital channels, or otherwise interacts with CIKABOU LTD in a capacity where this Privacy Policy applies.
• "Controller" means the organisation that determines the purposes and means of Processing Personal Data. For the activities described in this Privacy Policy, CIKABOU LTD acts as the Controller.
• "Processor" means a third party that processes Personal Data on behalf of the Controller, according to documented instructions.
• "Applicable Data Protection Law" means all relevant privacy and data protection legislation in force from time to time, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

3. Information Collection

We collect Personal Data in a number of ways to support our corporate, trading, and partnership activities.

3.1 Information you provide to us directly

You may choose to provide Personal Data to us when you:

• Submit enquiries or requests via the contact forms on our Contact Us page.
• Request information about our services, trading capabilities, partnerships, or market expertise.
• Register interest in collaboration, supply opportunities, or other commercial engagement.
• Apply for career opportunities or submit a CV via channels referenced on our website.
• Subscribe to receive updates, insights, or other communications where made available.

The types of Personal Data you may provide include:

• Identification details (such as your name, job title, and organisation).
• Contact information (such as business email address, telephone number, and company address).
• Content of communications (such as messages submitted through web forms, emails, or recorded calls where applicable).
• Professional information (such as your role, professional background, and interests in relation to our activities).
• Recruitment information (such as CVs, cover letters, and other documentation you submit when applying for roles).

3.2 Information collected automatically

When you access our website, we may automatically collect certain technical and usage information to help us understand how the site is used, maintain security, and improve performance. This may include:

• Device and browser information (such as IP address, browser type, operating system, and device identifiers).
• Usage data (such as pages visited, time and date of visits, referral URLs, clickstream data, and interaction with on-page elements).
• Approximate location data based on your IP address, where permitted by applicable law.

This information is typically collected through cookies and similar tracking technologies, as explained in the Cookies and Tracking Technologies section.

3.3 Information from third parties

We may receive Personal Data about you from third parties where permitted by law, including:

• Business partners, intermediaries, or professional advisers involved in transactions or engagements with you or your organisation.
• Publicly available sources such as corporate registries, regulatory filings, or professional networking platforms used for due diligence or business development.
• Recruitment agencies and professional networks in relation to career opportunities.

4. How We Use Your Information

We use Personal Data only for specified, explicit, and legitimate purposes, and we will not process it in a way that is incompatible with those purposes. In particular, we process Personal Data for the following reasons:

• Service delivery and business operations: To respond to enquiries, provide information about our energy trading operations and services, manage relationships with clients, suppliers, and partners, and support the execution of contracts and commercial activities.
• Communication: To communicate with you about your requests, our services, partnership opportunities, market developments, or company news, and to manage ongoing correspondence.
• Analytics and optimisation: To monitor website performance, analyse usage trends, improve user experience, and enhance security and resilience of our digital environment.
• Compliance and risk management: To comply with legal and regulatory obligations, including those relating to energy trading, corporate governance, and record-keeping, and to maintain appropriate risk and compliance controls.
• Recruitment and talent management: To assess applications, manage recruitment processes, and retain records in accordance with our internal policies and legal requirements.
• Security and incident response: To protect our systems, networks, and data, prevent fraud and misuse, and investigate or respond to actual or suspected security incidents.

5. Legal Basis for Processing

Under Applicable Data Protection Law, we must have a lawful basis for processing Personal Data. Depending on the context, we rely on one or more of the following legal bases:

• Consent: Where you have clearly agreed to the processing of your Personal Data for a specific purpose, such as receiving certain types of communications or accepting non-essential cookies. You may withdraw your consent at any time, as described in the User Rights section.
• Contractual necessity: Where processing is necessary for the performance of a contract to which you or your organisation are a party, or to take steps at your request before entering into such a contract.
• Legal obligation: Where we must process Personal Data to comply with legal or regulatory obligations, for example obligations related to corporate, tax, financial, or energy market regulations.
• Legitimate interests: Where processing is necessary for our legitimate business interests, or those of a third party, and these interests are not overridden by your rights and freedoms. This may include maintaining and improving our website, managing and developing our business, safeguarding our infrastructure, and conducting due diligence and risk assessments.

Where we rely on legitimate interests, we implement safeguards to protect your privacy and ensure that our interests are balanced against your rights.

6. Data Retention

We retain Personal Data only for as long as necessary to fulfil the purposes for which it was collected, or to satisfy legal, regulatory, or operational requirements.

In determining appropriate retention periods, we consider:

• The nature and sensitivity of the Personal Data.
• The potential risk of harm from unauthorised use or disclosure.
• The purposes for which we process the data and whether we can achieve those purposes through other means.
• Applicable legal and regulatory retention requirements, including obligations specific to the UK energy sector and corporate record-keeping.

Examples of typical retention practices include:

• Contact and correspondence data retained for the duration of our relationship and for a reasonable period thereafter for query handling, record-keeping, and dispute resolution.
• Recruitment data retained for the duration of the recruitment process and, where appropriate, for a limited period thereafter in accordance with our talent management and legal obligations.
• Technical logs and security-related data retained for periods that support monitoring, incident detection, and response.

When Personal Data is no longer required, we will securely delete, anonymise, or otherwise dispose of it in accordance with our internal policies and recognised industry practices.

7. Data Sharing and Disclosure

We do not sell your Personal Data. We may, however, share Personal Data with selected third parties when necessary and lawful to do so. Such sharing is subject to appropriate contractual and security safeguards.

We may share Personal Data with:

• Service providers and vendors: Third parties that provide services to us, such as website hosting, IT support, analytics, communication tools, or professional advisory services. These parties act as Processors and process Personal Data only in accordance with our instructions.
• Business partners and counterparties: Where sharing is necessary to manage or perform contractual relationships, conduct due diligence, or assess and manage trading, supply, or partnership opportunities.
• Professional advisers: Including lawyers, auditors, and consultants, to obtain professional advice and manage business risks and obligations.
• Regulators and public authorities: Where we are required to disclose Personal Data in order to comply with applicable laws, regulatory requests, court orders, or to protect our rights, property, or safety, or those of others.

Whenever we share Personal Data with third parties, we take steps to ensure that:

• Only the minimum necessary information is shared for the intended purpose.
• Appropriate contractual terms and confidentiality obligations are in place.
• Recipients implement adequate technical and organisational measures to protect the data.

8. International Transfers

CIKABOU LTD is established in the United Kingdom, but certain service providers, business partners, or infrastructure components that support our operations may be located outside the UK or the European Economic Area (EEA).

Where Personal Data is transferred internationally, we will ensure that such transfers comply with Applicable Data Protection Law. This may include:

• Transferring Personal Data to countries recognised as providing an adequate level of data protection by the UK government.
• Implementing appropriate safeguards, such as UK-approved standard contractual clauses or equivalent mechanisms, to ensure that recipients protect Personal Data to a standard essentially equivalent to that required in the UK.
• Conducting risk assessments and due diligence on the legal and technical environment in receiving jurisdictions, where appropriate.

If you would like more information about the specific safeguards applied to the international transfer of your Personal Data, you may contact us using the details set out in the Contact Information section.

9. User Rights

Under Applicable Data Protection Law, you may have a number of rights in relation to the Personal Data we hold about you. Depending on the circumstances and subject to certain conditions, these may include:

• Right of access: To obtain confirmation as to whether we process your Personal Data and to request a copy of that data.
• Right to rectification: To request that inaccurate or incomplete Personal Data be corrected or updated.
• Right to erasure: To request the deletion of your Personal Data in certain circumstances, for example where the data is no longer necessary for the purposes for which it was collected, or where you have withdrawn consent and there is no other legal basis for processing.
• Right to restriction of processing: To request that we restrict the processing of your Personal Data in specific situations, such as while we verify its accuracy or consider an objection you have raised.
• Right to object: To object, on grounds relating to your particular situation, to processing based on our legitimate interests. We will no longer process your Personal Data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or where processing is required for legal claims.
• Right to data portability: To receive certain Personal Data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller where technically feasible.
• Right to withdraw consent: Where processing is based on your consent, you may withdraw that consent at any time, without affecting the lawfulness of processing carried out before withdrawal.
• Right to lodge a complaint: To raise a concern with your local supervisory authority if you believe that your data protection rights have been infringed. In the UK, this is the Information Commissioner's Office (ICO).

To exercise your rights, please contact us using the details in the Contact Information section, clearly describing your request and the Personal Data it relates to. We may need to verify your identity before responding, to protect your privacy and security.

10. Data Security

We take the security of Personal Data seriously and maintain appropriate technical and organisational measures designed to protect it from unauthorised access, disclosure, alteration, or destruction.

Our security measures may include:

• Secure hosting environments and network protections aligned with industry practice.
• Access controls and authentication mechanisms to ensure that only authorised personnel can access Personal Data.
• Encryption and secure transmission mechanisms for certain categories of data.
• Logging and monitoring to detect unusual or unauthorised activity.
• Policies, procedures, and training designed to promote responsible handling of Personal Data and information security awareness.

While we strive to protect Personal Data, no system or transmission over the internet is entirely without risk. If you have reason to believe that your interactions with us are no longer secure, please notify us promptly using the contact details below.

11. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to support core functionality, enhance user experience, and gather analytics about how the site is used.

Cookies are small text files that are placed on your device when you visit a website. They enable the site to recognise your device and store certain information about your preferences or previous actions.

We typically use the following categories of cookies:

• Strictly necessary cookies: Required for the operation of the website and to enable core features such as page navigation and access to secure areas.
• Performance and analytics cookies: Used to collect information about how visitors use our site, such as which pages are most frequently visited and how users move around the site. This helps us to improve performance and usability.
• Functionality cookies: Used to remember choices you make (such as language or region, where available) and provide more personalised features.

Where required by law, we will ask for your consent before setting non-essential cookies on your device. You can manage your cookie preferences through your browser settings or by using any tools that we make available on our website.

More detailed information about the cookies we use, including their purpose and duration, is available in our dedicated Cookie Policy.

12. Contact Information

If you have any questions about this Privacy Policy, our processing of Personal Data, or if you wish to exercise your data protection rights, you can contact us using the details below:

CIKABOU LTD
United Kingdom
SIC Code: 35140 – Trade of electricity
Email: [email protected]

For data protection matters, you may address your correspondence to the attention of our Data Protection contact. Where required, we will coordinate responses with any designated Data Protection Officer or equivalent function responsible for overseeing privacy compliance within CIKABOU LTD.

If you are dissatisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO). Further information is available at https://www.ico.org.uk/.