Skip to content

Privacy

Calor Teoranta and Calor Gas Northern Ireland Limited (together “Calor”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you interact with us, including through our websites www.calorgas.ie and www.mycalorgas.com, our mobile applications, customer service channels, and other touchpoints, such as our self service gas cylinder vending stations.

This Privacy Policy is designed to provide you with clear and transparent information about your rights under applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the UK GDPR, and the Irish Data Protection Act 2018, as amended. It applies regardless of where you access our services from and supplements any other privacy notices or fair processing statements we may issue in specific circumstances.

Please read this Privacy Policy carefully to understand our practices regarding your personal data and how we will treat it. If you have any questions or concerns, you can contact our Privacy Team using the details provided in the ‘How To Contact Us’ section below.

Please also refer to the Glossary at the end of this privacy statement for definitions of key terms, access to relevant links, and important information about the entities with whom we may share your personal data.

Purpose of this Privacy Policy

This Privacy Policy aims to provide you with clear and comprehensive information on how Calor collects and processes your personal data when you interact with us, including through our websites www.calorgas.ie and www.mycalorgas.com, our mobile applications, customer service channels, and other touchpoints, such as our self-service gas cylinder vending stations. This includes any personal data you may provide when you fill out a form, contact us about our services, subscribe to communications, or enter into a contract with us.

This Privacy Policy is not intended for children, and we do not knowingly collect data relating to children.

It is important that you read this Privacy Policy together with any other privacy or fair processing notices we may provide on specific occasions when we are collecting or processing personal data about you. This Privacy Policy supplements those notices and is not intended to override them.

Data Controller

This Privacy Policy applies to:

Calor Teoranta, a company incorporated in Ireland (Company No. 15249), with its registered office at Long Mile Road, Dublin 12; and Calor Gas Northern Ireland Limited, a company incorporated in Northern Ireland (Company No. N10008192), with its registered office at Airport Road West, Sydenham, Belfast, BT3 9EE. 

Together, these entities are referred to as “Calor”, and act as the data controller of your personal data.

We collect personal data when you interact with Calor through various channels, including our websites, mobile applications, customer service teams, social media platforms, contractual arrangements, and other business touchpoints, such as our self-service gas cylinder vending stations.

We may collect, use, store, and transfer different categories of personal data, grouped as follows:

  • Identity Data: Includes your first name, last name, title, date of birth, and gender.
  • Contact Data: Includes your billing address, delivery address, email address, telephone numbers, and Eircode.
  • Account Data: Includes your Calor account number, billing and payment information, and energy usage.
  • Financial Data: Includes bank account details and payment history.
  • Transaction Data: Includes details about payments to and from you and other details of products and services you have purchased from us.
  • Technical Data: Includes IP address, browser type and version, device identifiers, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our websites.
  • Profile Data: Includes your username and password, purchases or orders made by you, your interests, preferences, feedback, and survey responses.
    Usage Data: Includes information about how you use our websites, products, and services.
  • Marketing and Communications Data: Includes your preferences in receiving marketing from us and third parties, and your communication preferences.
  • Communications Data: Includes emails, phone recordings, messages, chat transcripts and online forms.
  • Location Data: Includes GPS and telemetry data from vehicles and smart meter systems.
  • Security Data: Includes CCTV footage from our premises and dashcam footage from our LPG trucks.
  • Social Media Data: Includes public content or messages sent to us via social media platforms.
  • Vulnerability or Accessibility Data: Includes information relevant to service delivery where accessibility or vulnerability considerations apply.
  • Third-Party Data: Includes data from credit reference agencies and third-party marketing platforms (e.g. Facebook, with your consent).
  • Visual Data: (e.g. photographs or video recordings of employees), where consent has been provided for internal or external communications
  • Aggregated Data: Includes statistical or demographic data derived from your personal data, which does not directly or indirectly identify you. If we combine Aggregated Data with personal data so that it can identify you, we treat the combined data as personal data.
  • Employment Data (if applicable): For employees or contractors: HR records, payroll data, performance reviews (if the policy covers staff as well as customers).
  • Supplier/Vendor Data: data about suppliers or business partners, including business contact details, contract information, and payment records.
  • Emergency Contact Data: emergency contact details for customers or employees.
  • Consent Records: Explicit records of when/how consent was given or withdrawn (important for GDPR compliance).
  • Legal/Compliance Data: Records of regulatory requests, complaints, or disputes (e.g., correspondence with regulators, legal claims).

We may also collect personal data:

  • From fuel supply agreements or service contracts.
  • When you register an account, enter a competition, or participate in a survey.
  • From our smart meter and telemetry systems.
  • Where provided voluntarily at self-service gas cylinder vending stations for the purpose of receiving an e-receipt.

Sensitive Personal Data

We do not collect or process special categories of personal data (e.g. race, ethnicity, religious beliefs, health data, biometric data) unless strictly necessary and only with your explicit consent or where required by law.

If You Fail to Provide Personal Data

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract or provide services to you. In such cases, we will notify you at the time.

We use different methods to collect personal data from and about you, including through:

Direct interactions. You may provide us with your Identity, Contact, Account and Financial data by filling in forms, speaking with our customer service teams, or corresponding with us by post, phone, email, or otherwise. This includes personal data you provide when you:

  • apply for our products or services;
  • register for an online account or portal;
  • request a quote or service appointment;
  • enter a competition, promotion or survey;
  • contact us with a query or complaint;
  • provide feedback or respond to customer satisfaction surveys;
  • engage with us at an industry event or Calor-hosted event.
  • when you use our self-service gas cylinder vending stations and choose to provide your email address for receipt purposes.
  • interact with us via social media (e.g., direct messages, comments, tagging).
  • give, withdraw, or update consent for marketing, profiling, or data sharing.
  • request technical assistance or troubleshooting (e.g., for smart meters, online portal issues).
  • use online chat or automated support tools.

Automated technologies or interactions. As you interact with our websites, we may automatically collect Technical and Usage data about your device, browsing actions and patterns. We collect this data using cookies, telemetry systems, and other similar technologies (e.g., web beacons). Please refer to our CookiePolicy | Calor Gas for further details.

Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources, including:

  • Technical data from the following parties:
    • analytics providers such as Google Analytics;
    • advertising networks such as META, Google, TikTok, LinkedIn, display partnerships;
    • search information providers such as Google, Bing, Yahoo, DuckDuck Go based.

     

  • Contact, Account, Financial and Transaction data from providers of technical, payment and delivery services.
  • Credit reference agencies and fraud prevention services.

Delegate lists from sponsored conferences or events, where attendees have opted in to share their details with sponsors for follow-up.

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal or regulatory obligation.
  • Where you have provided your consent (e.g. for marketing communications or specific data uses).

We may also rely on other lawful bases as permitted under applicable data protection legislation, including the GDPR and the Irish Data Protection Act 2018.

Purposes for Which We Will Use Your Personal Data

We have set out a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.  You will find a full list here.

Recruitment and Careers Portal

If you apply for a role through our Careers Portal or recruitment channels, we will collect and process your personal data for the purposes of managing our recruitment activities. This includes assessing your suitability for roles, communicating with you during the selection process, and fulfilling legal or contractual obligations.

The types of personal data we may collect include:

  • Identity: such as name, title gender, date of birth and religion (only for candidates in Northern Ireland);
  • Contact details: such as email address, home address and phone number;
  • Profile information: such as employment history, education, qualifications, and any other details you provide in your CV or application materials.

We process this data on the basis of our legitimate interests in recruiting suitable candidates, compliance with legal obligations (such as verifying the right to work), and, where applicable, your consent (e.g. for retaining your data for future opportunities or processing special category data).

Your data may be shared with internal HR personnel, hiring managers, and trusted third-party service providers who support our recruitment processes, all of whom are subject to appropriate confidentiality and data protection obligations.

We retain candidate data only for as long as necessary for the recruitment process and, where consent is provided, for future opportunities. You have the right to access, rectify, or erase your personal data, and to object to or restrict its processing. For more information on your rights under the GDPR and how to exercise them, please refer to the sections titled ‘Your Rights’ and ‘How To Contact Us’.

Artificial Intelligence Use

Calor may implement Artificial Intelligence (AI) technologies to support operational efficiency, such as improving customer service, automating internal processes, or enhancing safety and logistics. Where personal data is involved, Calor complies with applicable data protection legislation and internal governance policies to ensure transparency, fairness, and accountability in AI-related processing.

Marketing

We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. We have established the following personal data control mechanisms:

Promotional offers from us

We may use your Identity, Contact, Technical, Usage and Profile data (see Section 2 above for more information) to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).

You will receive marketing communications from us if you have requested information from us or purchased services from us and, in each case, you have not opted out of receiving that marketing.

Third-party marketing

We will get your express opt-in consent before we share your personal data with any company outside of our organisation for marketing purposes.

Opting out

You can ask us or third parties to stop sending you marketing messages at any time by logging into the Website and checking or unchecking relevant boxes to adjust your marketing preferences or by following the opt-out links on any marketing message sent to you.

Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of service purchase or other transactions.

Change of Purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you would like an explanation of how processing for a new purpose is compatible with the original purpose, please contact us using the details provided in the ‘How To Contact Us’ section below.

If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

 

We may share your personal data with internal and external third parties for the purposes set out in Section 4 above. These disclosures are made in accordance with applicable data protection laws and subject to appropriate safeguards.

We require all third parties to respect the security and confidentiality of your personal data and to treat it in accordance with applicable data protection legislation, including the GDPR and the Irish Data Protection Act 2018. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Examples of third parties we may share your data with include:

  • Our parent company and affiliated entities within the SHV Energy Group;
  • Delivery, installation, and maintenance partners;
  • Credit reference agencies and financial institutions;
  • Professional advisors (e.g. legal, accounting, tax);
  • IT and data analytics service providers;
  • Emergency services, law enforcement, regulatory bodies, or courts (where legally required);
  • Customer insight and survey providers;
  • Marketing partners (where you have provided consent);
  • Recruitment service providers (for job applications);
  • Payment service providers (e.g., FIPOS, who process transactions made via our self-service gas cylinder vending stations).

Third-Party Links

Our websites may include links to third-party websites, plug-ins, or applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements.

When you leave our websites, we encourage you to read the privacy statement of every website you visit.

We also use certain third-party tools, such as LinkedIn Analytics, which may collect information about your interaction with our websites. LinkedIn Ireland Unlimited Company acts as an independent data controller for this processing. For more information, please refer to LinkedIn’s privacy documentation.

6.1 Customers based in Republic of Ireland:

In some cases, your personal data may be transferred outside the European Economic Area (EEA) to trusted service providers or affiliated entities. Whenever such transfers occur, Calor ensures that appropriate safeguards are in place to protect your personal data in accordance with the GDPR and the Irish Data Protection Act 2018.

These transfers will only take place where:

  • The European Commission has determined that the third country ensures an adequate level of data protection (an “adequacy decision”); or
    Appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, Binding Corporate Rules (BCRs), or other legally recognised mechanisms; or
  • You have explicitly consented to the proposed transfer after being informed of the possible risks; or
  • The transfer is necessary for the performance of a contract between you and Calor, or for the implementation of pre-contractual measures taken at your request; or
    The transfer is otherwise permitted under applicable data protection legislation.

Calor ensures that all such transfers are carried out in accordance with applicable data protection laws and that your data remains protected to the standard required under Irish and EU law. Where necessary, we implement supplementary technical and organisational measures to ensure the security and confidentiality of your personal data.

6.2 Customers based in Northern Ireland:

In some cases, your personal data may be transferred outside the United Kingdom to trusted service providers or affiliated entities. These transfers, known as restricted transfers under the UK General Data Protection Regulation (UK GDPR), are subject to specific legal requirements to ensure your data remains protected.

We will only make such transfers where one of the following conditions is met:

  • The destination country has been granted an adequacy regulation by the UK Government, confirming that it provides an equivalent level of data protection; or
  • We have implemented appropriate safeguards, such as the International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, or Binding Corporate Rules (BCRs); or
  • You have provided explicit consent to the transfer after being informed of the potential risks; or
  • The transfer is necessary for the performance of a contract with you or for pre-contractual steps at your request; or
    The transfer is otherwise permitted under the UK GDPR or the Data Protection Act 2018.

Before any such transfer, we conduct a Transfer Risk Assessment (TRA) to evaluate whether the rights and freedoms of data subjects are likely to be undermined in the destination country. Where necessary, we implement supplementary technical and organisational measures to ensure your data remains protected to a standard essentially equivalent to that under UK law.

We continuously monitor developments in UK data protection law, including updates under the Data (Use and Access) Act 2025, to ensure our international data transfer practices remain compliant.

Calor takes the security of your personal data seriously. We have implemented appropriate technical and organisational measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered, or disclosed.

Access to your personal data is limited to employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions and are subject to a duty of confidentiality.

We have established procedures to deal with any suspected personal data breach and will notify you and any applicable regulator where we are legally required to do so.

How long will we retain your personal data?

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, or regulatory requirements.

To determine the appropriate retention period, we consider:

  • The nature, sensitivity, and volume of the personal data;
  • The potential risk of harm from unauthorised use or disclosure;
  • The purposes for which we process the data and whether those purposes can be achieved through other means;
  • Applicable legal and regulatory obligations.

Once your personal data is no longer required, we will securely delete or anonymise it in accordance with our data retention policies.

Under applicable data protection laws, including the GDPR and the Irish Data Protection Act 2018, you have rights in relation to your personal data. When Calor acts as the data controller, we are committed to upholding these rights:

  • Request access to your personal data (commonly known as a "data subject access request") to receive a copy of the data we hold and verify its lawful processing.
  • Request correction of inaccurate or incomplete personal data. We may need to verify the accuracy of the new data you provide.
  • Request erasure of your personal data where there is no lawful reason for us to continue processing it, or where processing was unlawful. We may not always be able to comply due to specific legal obligations.
  • Object to processing where we rely on legitimate interests and your rights override those interests, or where we process your data for direct marketing.
  • Request restriction of processing in certain circumstances, such as when you contest the accuracy of the data or object to its use.
  • Request data portability to receive your personal data in a structured, commonly used, machine-readable format, or to transfer it to another controller (where applicable).
  • Withdraw consent at any time where we rely on your consent to process personal data. This will not affect the lawfulness of processing carried out before withdrawal. If you withdraw consent, we may not be able to provide certain services. If you have provided consent for the use of your image in internal or external communications, you may withdraw that consent at any time by contacting privacy@calorgas.ie. Withdrawal will not affect any use that occurred prior to the withdrawal, but we will cease further use of your image going forward.

You can read more about your rights on the website of your country’s data protection authority.

How to Contact Us

We are committed to resolving any issues relating to your data. Please contact us with any queries, feedback, or complaints:
Email: privacy@calorgas.ie
Republic of Ireland: 01 450 5000
Northern Ireland: 028 9045 5588
Post: Legal Department, Calor Teoranta, Long Mile Road, Dublin 12, D12 XP79

If you're unsatisfied, you have the right to contact:
Ireland: www.dataprotection.ie
Northern Ireland: www.ico.org.uk
No Fee Usually Required -You will not have to pay a fee to access your personal data or exercise your rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in such circumstances.

What We May Need From You
We may need to request specific information to confirm your identity and ensure your right to access your personal data (or exercise any other rights). This is a security measure to prevent unauthorised access. We may also contact you for further information to help expedite our response.

Time Limit to Respond
We aim to respond to all legitimate requests within one month. If your request is particularly complex or you have made multiple requests, we may need more time. In such cases, we will notify you and keep you updated.

Updates to This Policy
We review and update this Privacy Policy periodically. The most current version will always be available on our website. If significant changes are made, we will notify you where appropriate.
By continuing to use our services after changes are published, you agree to the updated terms.

Calor Group

Means Calor Teoranta and Calor Gas Northern Ireland Limited, and any affiliated entities within the SHV Energy Group. This includes entities that are directly or indirectly owned or controlled by SHV Energy or its subsidiaries.

Comply with a legal or regulatory obligation

Means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that Calor is subject to.

Legitimate Interests

Means the interest of Calor in conducting and managing our business to enable us to provide you with the best service and the most secure experience. We ensure that we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

Performance of a Contract

Means processing your personal data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.

Personal Data

Means any information relating to an identified or identifiable natural person (a “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Visual Data

Includes photographs or video recordings of individuals, collected with consent for use in internal or external communications.

Third Parties

Internal Third Parties
Other companies within the SHV Energy Group acting as joint controllers or processors, depending on the nature of the relationship, and who may be based in jurisdictions such as Ireland, the UK, the Netherlands, or other countries where SHV operates. These entities may provide [IT and system administration services, logistics support, and group-level reporting].

External Third Parties

  • Service providers: Including IT providers, payment processors, delivery and installation partners, customer survey platforms, and recruitment service providers.
  • Regulatory and legal authorities: To fulfil legal obligations, including responding to requests from law enforcement, tax authorities, or regulators, subject to verification of the request’s legitimacy.
  • Professional advisors: Including auditors, legal counsel, and consultants, all bound by confidentiality or non-disclosure agreements.
  • Parties involved in restructuring or sale: In the event of a merger, acquisition, or sale of all or part of Calor’s business, your personal data may be disclosed to advisers and prospective purchasers, and transferred to the new owners.
  • Other parties: We may also share your personal data with other third parties where required by law or where you have explicitly requested or consented to such sharing (e.g. mortgage providers, energy comparison platforms).
  • Prospective buyers or partners: We may share your personal data with third parties to whom we may choose to sell, transfer, or merge parts of our business or assets. If a change occurs, the new owners may use your personal data in the same way as set out in this Privacy Policy.