Privacy Policy

At Meet George, we value your privacy and are committed to protecting your personal information. This Privacy Policy outlines how we collect, use, and safeguard your data when you use our website and service.

1. Introduction

Welcome to Meet George Limited (“Meet George”, “we”, “us”, “our”). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website (www.meetgeorge.co.uk) and use our AI-powered home energy switching platform (the “Service”).

Meet George Limited is registered in England and Wales under company number 15747538, with a registered office at 18 Albert Road, Bournemouth, Dorset, United Kingdom, BH1 1BZ.

2. Data We Collect

We collect and process personal data to provide and improve our service. The types of data we collect include:

• User-provided data: Name, email address, home address, energy usage details, meter numbers (MPAN/MPRN), and uploaded energy bills.
• Switching data: Date of birth, bank account details, sort code, and chosen energy tariff when users initiate a switch.
• Automated data: IP address, cookies, browser type, and usage analytics when you interact with our website and AI-agent.
• Marketing data: Email addresses provided for competitions, newsletters, and updates.

The types of data collected may evolve over time. We encourage users to check this Privacy Policy regularly for updates.

3. Legal Basis for Processing

Under UK GDPR, we process personal data based on the following legal grounds:

• Performance of a Contract: When users engage with our service to switch energy providers.
• Legitimate Interests: To improve our AI systems, respond to complaints, and maintain security.
• Consent: For marketing communications and non-essential cookies (users may withdraw consent at any time).
• Legal Obligations: Compliance with UK regulations related to consumer rights, fraud prevention, and tax record-keeping.

4. International Data Transfers

We process personal data using secure cloud infrastructure located in Germany. The UK has deemed Germany an adequate jurisdiction under UK GDPR, ensuring that your data remains protected at the same level required under UK law. Where necessary, we have implemented Standard Contractual Clauses (SCCs) with our third-party providers to maintain the highest level of data protection.

5. Data Processing Agreements (DPAs)

We work with third-party service providers to process personal data, such as cloud hosting, AI infrastructure, and email providers. We have Data Processing Agreements (DPAs) in place with these providers to ensure that they comply with UK GDPR standards when handling your data.

6. Retention Periods

We retain personal data only as long as necessary:

• Energy switching records: Retained for six years to comply with legal obligations under the Limitation Act 1980 (for handling disputes).
• Marketing data: Retained unless the user opts out. Users can unsubscribe at any time.
• AI agent chat logs: Retained for 12 months, after which they are automatically purged.

If a user requests data deletion, we will permanently delete all applicable data within 30 days, except where legal obligations require retention.

7. Data Security Measures

We implement the following security protections to safeguard your personal data:

• AES-256 encryption for data storage.
• TLS 1.3+ encryption for data transmission.
• Role-Based Access Control (RBAC) to ensure only authorised personnel access personal data.
• Multi-Factor Authentication (MFA) for administrative access.
• Regular security audits to monitor vulnerabilities and ensure compliance.

8. Sharing Your Data

We share personal data only when necessary:

• With energy suppliers to complete tariff switches.
• With third-party email marketing providers for newsletter communications (only if the user has opted in).
• With regulatory authorities, if required by law.

A current list of third-party processors is available upon request.

9. User Rights and Deletion Requests

Users have the following rights under UK GDPR:

• The right to access, rectify, or delete their data.
• The right to restrict processing or object to data processing.
• The right to data portability.
• The right to withdraw consent for marketing communications at any time.

Right to Object to Processing

Users have the right to object to the processing of their personal data when processing is based on legitimate interests.

• If a user objects to processing for marketing purposes, we will immediately stop processing their data for this purpose.
• If a user objects to processing based on legitimate interests, we will review the request and stop processing unless we can demonstrate compelling legitimate grounds to continue processing.
• Users can exercise this right by contacting privacy@meetgeorge.co.uk.

10. Complaints

If you have privacy concerns, contact us at privacy@meetgeorge.co.uk.

If you are not satisfied with our response, you have the right to file a complaint with the UK Information Commissioner’s Office (ICO):

• Website: www.ico.org.uk
• Phone: 0303 123 1113
• Email: casework@ico.org.uk

11. Cookies and Tracking

We use cookies and tracking technologies for analytics and service improvements. See our Cookie Policy for details.

12. Updates to This Privacy Policy

Meet George reserves the right to update this Privacy Policy. Users will be notified via email or a prominent website notice if material changes occur. Continued use of the service implies acceptance of the latest version.