Cookies, GDPR & Privacy

How we Use, Store and Protect our Customers personal data under GDPR privacy rules

How we protect our Customer data

Compare Energy Bills Ltd t/a Bayjon. Cost Reduction Specialists - ICO Registration Number: ZA099459


Personal Data is all information which:

Compare Energy Bills Ltd (CEB) t/a Bayjon Cost Reduction Specialists will be required, as this will allow the team to provide a range of business services locally and nationally. The services consist of the following:

  • Gas, Electric and Water
  • Business Broadband
  • Business Mobile Phones
  • Business Telecoms and Systems
  • Merchant Services
  • Energy Management
  • Renewable Technologies

All of the services require evidence of Business Ownership and evidence of current contract if it is an existing business. New businesses will require additional evidence which is part of our due diligence.

(CEB) t/a Bayjon will require the following:

  • Contact name
  • Business Address (if it is a single site company however, we will need the address and full details of all company sites should they have more than one)
  • Business contact telephone number
  • Business email address
  • Accounts Dept email address to receive E-Bills
  • Copies of most recent utility bill
  • Landlord Tenancy Agreement (new business or relocated business)
  • Mobile phone contracts
  • Telecoms Contract
  • Broadband Bill

When processing personal data all aspects of the Data Protection act must be followed.

From 25 May 2018 the EU General Data Protection Regulation 2016/679 (GDPR) will be enforceable in all EU member states (including UK). It covers most legal obligations for processing personal data in the UK.

The UK Data Protection Bill, once passed, will become the Data Protection Act (DPA) 2018. It will:

  • replace the DPA 1998 and set out how other information rights legislation (e.g. Freedom of Information Act 2000 and Environmental Information Regulations 2004) interact with the new DPA to set out how personal data must be processed in the UK where it does not fall within EU law, for example, immigration or national security matters
  • implement the EU’s Law Enforcement Directive (LED) which sets out how personal data is processed for law enforcement purposes. LED is retrospectively in force in the UK from 6 May 2018. It only applies to us where we have statutory functions for the purposes of preventing, investigating, detecting, or prosecuting criminal offences or to execute criminal penalties
  • set out the Information Commissioner’s Office’s (ICO) role, functions, and powers
  • This Policy is based on our legal obligations under the new General Data Protection Regulation – most of these are an extension of the DPA 1998, with a few enhancements.
  • Processing relates to all actions or operations taken on personal data by manual or automated means from collection to erasure or destruction and everything in between including recording, use, disclosure, and storage.

The Policy applies to:

  • All staff who handle and use our information
  • All company associates that have a contract with us

The Policy describes how we must process personal data to:

  • Comply with Data Protection Law
  • Meet our data protection standards
  • Protect the rights of our associates, suppliers, and other people we have a relationship with or may need to contact

Key responsibility CEB t/a Bayjon:

  • understand, keep up to date with, and comply with the Policy
  • complete their mandatory training and awareness tasks as outlined by the Compliance Manager

The Director will:

  • apply the Policy as a valid process for all to adhere to
  • make sure our associates comply with the Policy
  • make sure our staff and associates complete mandatory awareness sessions
  • monitor our process in compliance with this Policy


All personal data processing must comply with the data protection principles, pursuant to GDPR Article 5 (unless a data protection law exemption applies):

Personal data must:

  • Be processed lawfully, fairly and in a transparent manner (Lawful, fair, and transparent)
  • Be obtained only for specific, lawful purposes (Purpose limitation)
  • Be adequate, relevant, and limited to what is necessary (Data minimisation)
  • Be accurate and, where necessary, kept up to date (Accuracy)
  • Not be held for any longer than necessary (Storage limitation)
  • Be protected in appropriate ways (Integrity and confidentiality/Security)
  • (CEB) t/a Bayjon must demonstrate how to comply with the above principles
  • (Accountability). The policy framework is part of how (CEB) t/a Bayjon meet this principle

All personal data processing must have a lawful basis, pursuant to GDPR Article 6, for processing from one of the following:

  • the client consents to the processing of their personal data
  • the processing is necessary to enter or carry out a contract with the client. We typically rely on this lawful basis to process personal data for our clients as well as for our staff or associates
  • to comply with our (or another Controller’s) legal obligations (ISO 9001 our industry regulators and our online portal guidelines)
  • to protect the vital interests of the client
  • to meet the legitimate interests of a Controller or another third party. We must meet additional conditions where we process special areas of personal data

All personal data processing must comply with Data Subjects’ rights, pursuant to GDPR Articles 12-22 (unless a data protection law exemption applies):

Data Subjects have:

  • the right to be informed - e.g. Fair processing/privacy notices
  • the right of access - e.g. subject access requests (SARs)
  • the right to rectification - e.g. have their data corrected
  • the right to erasure – e.g. has their data been deleted/removed
  • the right to restrict processing – e.g. stop their data being used
  • the right to data portability – e.g. transfers their data easily
  • the right to object – e.g. challenge what we are doing with their data
  • rights in relation to automated decision making and profiling – As part of these rights, clients can complain to the ICO about data protection breaches and can bring court proceedings for compensation where a data protection breach has caused them damage.

All personal data processing must comply with all other data protection obligations (unless a data protection law exemption applies), including:

  • maintaining a record of our processing activities (ISO9001)
  • paying the ICO an annual data protection fee (DP Fee)
  • notifying the ICO within 72 hours of information security incidents involving personal data, unless they do not risk data subject’s rights and freedoms
  • Data protection law exemptions are applied only once they have been considered with reference to the law, ICO issued guidance, our other Information

Monitoring Compliance and Breach of Policy

(CEB) t/a Bayjon will report any breaches within 72 hours with our Investigation report, especially for the following potentials.

  • Loss of memory stick with information stored on it
  • Loss of external hard drive that is not password protected
  • Hacking external
  • Laptop stolen
  • Mobile phone stolen

This policy will be updated in accordance with the growth of the business which includes any changes the ICO recommendations.

ICO, Wycliffe House, Water Lane, Wilmslow, SK9 5AF. Tel: 0303 123 1113

Cookies. What are they?

Firstly, we're not talking about the crumbly versions we all love to dunk in our tea. The harmless, anonymous ones we use are a small file which asks permission to be placed on your smartphone, tablet or computer. This happens when your browser calls a page with a cookie on it.

Most web browsers are set up to automatically accept first party (usually low risk) cookies. Our anonymous cookies in no way give us access to your device or any personal information about you.

Implied Cookie Consent

By continuing to use, you consent to our essential use of anonymous cookies as defined within this Cookie Policy.

In order for us to provide the quality service we wish to offer you, our use of low risk cookies is essential.

How do we use them?

Compare Energy Bills will place an anonymous cookie onto your computer or smartphone device to help us ensure that as a user of the website, you get the best experience possible.

If the cookie file is accepted, a cookie is stored on your device that helps us analyse and better understand how you use the website. We only use traffic log cookies (eg: Google Analytics) to identify which pages of are being used, when and how, to improve the service we offer you. Overall, cookies help us provide you with a better service by enabling us to see which pages you and others find useful and those that are less well used, so that we might improve.

Controlling the use of Cookies

You may choose to accept or decline the use of cookies used by at any time when you see the Cookie prompt that appears at the top of our home page.

Cookies can also be accessed within the preference settings within your web browser. As the location of these settings can vary across browsers, please visit the home page of your preferred browser if you are unsure how to access these settings.

This policy will be reviewed when ICO introduces new regulations and updated accordingly.