Privacy Policy

Constellation Privacy Policy

Last updated May 9, 2024

We have updated our Privacy Policy and associated notices. The update contains important information about our collection and use of your personal information, as well as your legal rights and our UK and EU Supplementary Privacy Notice. For questions, please contact WebAgent@constellation.com.

This Privacy Policy ("Notice") explains how Constellation Energy Corporation ("Constellation") and its subsidiaries and affiliated companies, including but not limited to Constellation Energy Generation, LLC, Constellation Home Products & Services, LLC, Constellation NewEnergy, Inc., Constellation NewEnergy-Gas Division, LLC, and their respective subsidiaries (hereinafter referred to collectively as “Constellation” or “Constellation companies,” “us,” “we,” or “our”) collects, uses, and shares your personal information when you request and obtain our energy services, use our websites or applications, or otherwise interact with us (the "Services"). This Notice also explains your privacy rights and how you can exercise them.

We may change this Notice at any time by posting a revised version on our website. Any changes will be immediately effective upon the posting of the updated Notice. Please regularly check this Notice for any such updates.

For more information as to our use of cookies and other tracking technologies, please see our Cookie Policy.

This Notice applies to customers and visitors to websites and applications that facilitate the offering of such Services. If you have applied for employment with Constellation, please see our Job Candidate Privac y Notice.

Our UK and EU Supplementary Privacy Notice ("UK/EU Privacy Notice”), which forms part of this Notice, sets out information on how we process personal data when acting as a data controller within the scope of EU and UK data protection laws. Please review the UK/EU Privacy Notice for where you are located in the UK or EU to understand how we process your personal data and the rights that you have, which may be different than as described elsewhere in this Notice. If you are located in the EU or UK and there is conflict between the UK/EU Privacy Notice and the rest of this Notice, the UK/EU Privacy Notice takes precedence.

This Notice explains:

A. The Information We Collect
B. How Constellation Uses Your Information
C. How Constellation Shares Information
D. Personal Information Choices
E. How We Protect Your Information
F. Special Information For Connecticut Residents
G. Special Information For California Residents
H. Children's Privacy
I. Contact Us
J. Biometric Information Policy
K. EU and UK Supplementary Privacy Notice

A. Personal Information We Collect
This section describes our practices when you interact with Constellation in connection with one of the energy services we offer to individuals, or otherwise access Constellation websites or applications.

Personal Information You Give Constellation.
Depending on how you interact with our Services, we will collect the following information from you:

Contact Information: This includes individual name, email address, mailing address, telephone number, office location, business name, physical address, email address, and telephone number.
Account Information: This includes username and password, name, physical address, email address, and marketing preferences.
Energy Usage Information: This includes information about your usage of our energy services, including meter data and information on your home or business's energy services (such as size or heating source).
Transactional Information: This includes payment information, such as your credit card or debit card information, and payment history.
Identification Information: This includes information you provide to verify your identity and to participate in a credit check, including your date of birth and Social Security number.
Customer Service Interactions: This includes information you provide when you engage with Constellation's customer service, including through recorded telephone calls, chats, surveys, and email correspondence.
Physical Location Information: This includes, for certain Services, your physical address.
Biometric Information: This includes fingerprints, and hand geometry scans of persons who visit certain locations of ours. For more information on our biometric information practices, please see our Biometric Information Policy below.

Personal Information Constellation Learns From You.
When you interact with our Services, certain information about you is automatically collected via our use of cookies and other tracking technologies, such as the following:

Online Usage Information about your interaction with our Services, such as which pages you access, frequency of access, what you click on, search terms, date and length of visits, and referring website addresses.
Device Information including the IP address and other details of a device that you use to connect with our Services, such as device type and unique device identifier, hardware model, operating system, browser, mobile network information, mobile carrier, and the device's telephone number.
Online Location Information where you choose to provide us with access to information about your device’s location, including information on nearby devices and Wi-Fi access points and your approximate or precise geolocation obtained from your mobile device.

To learn more about how we use cookies and to manage your cookie settings, please see our Cookie Policy.

Personal Information Obtained From Third Parties.

We may also obtain information about you from third parties, such as identity verification services and credit bureaus. In some markets, if you apply for our Services, we will obtain consumer reports from consumer reporting agencies related to you at the time of the collection in connection with the use of any Services we may offer you or that you may obtain from us. Additionally, Constellation may purchase your personal information from a third party to supplement the personal information you have provided to us, such as information about your interests, demographics, and marketing inferences. We may also obtain business contact information from the business entity you represent.

B. How Constellation Uses Your Personal Information
We may use your personal information for any the following purposes:

Provide our Services: To establish and provide service, maintain your account, manage your payments and transaction history, security and identity verification, build and manage business opportunities, and fulfill contract requirements.
Improve our Services and grow Constellation: To understand our customer base, conduct market research and statistical analysis, develop new products, and improve the Services.
Respond to your inquiries: To provide support and respond to your questions, inquiries, and other requests.
Send communications and marketing: To provide account updates or other communications regarding your account or to inform you of any changes to our Services. We may also use your personal information to send you information, recommendations, and promotions we feel may be of interest to you.
Offer, maintain, and improve online Services: To monitor the performance of the Services, improve the Services, ensure the security of the Services, and personalize your experience.
Comply with legal and regulatory obligations: To comply with our legal and regulatory requirements or in connection with inquiries from regulators, law enforcement agencies, or parties involved in litigation.

We may also use your personal information to establish, protect, or exercise our legal rights; as required to enforce contracts; to defend against legal claims or demands; detect, investigate, prevent, or take action against illegal activities, fraud, or situations involving potential threats to the rights, property, or personal safety of any person.

C. How Constellation Shares Information
We may share personal information as follows:

With vendors that perform business functions on our behalf, such as processing transactions, marketing, professional services, measurement and analytics services, energy efficiency services, maintenance and hosting of our Services, and IT.
With recipients for business purposes as necessary to offer and improve our Services, such as credit bureaus and utility companies.
With affiliates and other entities in our corporate family so these entities can share information on products and services that may be of interest to you.
With advertising and measurement vendors who assist us in serving advertisements regarding the Services. These third parties use tracking technologies on the Services to collect or receive information from the Services and elsewhere on the internet and use that information to provide measurement services and targeted ads. Third parties may allow other companies to access information about you so that they may market other products you may be interested in.

When required by law and when we are legally required to do so, such as in response to or in compliance with court or regulatory agency orders (including law enforcement if applicable), legal proceedings, or legal processes; to exercise our legal rights; to defend against legal claims or demands; or to comply with the requirements of any applicable law.
To prevent harm or if we believe it is necessary in order to detect, investigate, prevent, or take action against illegal activities, fraud, or situations involving potential threats to the rights, property, or personal safety of any person.
As part of a business transaction with another entity or its affiliates or service providers in connection with a contemplated or actual merger, acquisition, consolidation, change of control, or sale of all or a portion of our assets or if we undergo bankruptcy or liquidation.

D. Personal Information Choices

Access or correct your personal information: You can access your contact information and other information about your service history via your Constellation account (if applicable) at any time to correct or view certain information of yours in our possession and associated with your account.
Notification and marketing preferences: You may change your notification preferences at any time by logging into your Constellation account (if applicable) and adjusting your preferences. If you no longer wish to receive marketing communications from us, you can contact us or log into your account (if applicable) and adjust your preferences. You can also click the unsubscribe link at the bottom of applicable emails.

Universal Opt-Out Mechanisms: If you are using a browser setting or plug-in that sends an opt-out preference signal to each website you visit, such as the Global Privacy Control ("GPC") signal, we will treat that as a valid request to opt out. To download and use a browser supporting the GPC browser signal, click here: https://g lobalprivac y control.or g /or g s. If you choose to use the GPC signal, you will need to turn it on for each supported browser or browser extension you use. Please note, however, that our Services are not currently configured to respond to “Do Not Track” signals.

SMS preferences: You can opt out of receiving SMS messages by responding to any of our text messages with any of the following replies: STOP, END, CANCEL, UNSUBSCRIBE, or QUIT. Alternatively, you can change your notification preference by contacting us or logging into your account (if applicable) and adjusting your preferences.

E. How We Protect Your Personal Information
The security of your personal information is important to us. We implement and maintain commercially reasonable safeguards to protect and limit access to personal information that we collect and store. However, no security measure or modality of data transmission over the Internet is 100% secure. Although we strive to use commercially acceptable means to safeguard your personal information, we cannot guarantee absolute security of the networks, systems, devices, and databases we operate or that are operated on our behalf.

F. Special Information for Connecticut Residents
The Connecticut Data Privacy Act ("CTDPA") provides Connecticut residents with the right to receive certain disclosures regarding the personal data we process about them. For purposes of this Section, personal data means any information that is linked or reasonably linkable to an identified or identifiable individual. Personal data does not include de-identified data or publicly available information as the CTDPA defines those terms.

For information about the categories of personal data we process, the purposes for our processing, the categories of personal data that we share with third parties, and the categories of third parties with whom we share personal data, please see Sections A through C, above, and Section G, below.

If you are a Connecticut resident, the CTDPA provides you the following rights with respect to your personal data:

The right to confirm whether or not we are processing your personal data and to access such personal data;
The right to obtain a copy of your personal data that we collected from and/or about you in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the information to another controller without hindrance, where the processing is carried out by automated means;
The right to delete personal data that we collected from and/or about you, subject to certain exceptions;
The right to correct inaccurate personal data that we maintain about you, subject to certain exceptions;
The right, if applicable, to opt out of the processing of your personal data for purposes of (1) targeted advertising, (2) the "sale" of your personal data (as that term is defined by the CTDPA), or (3) profiling in furtherance of solely automated decisions that produce legal or similarly significant effects concerning you;
If we obtain your consent to process sensitive personal data, the right to withdraw your consent; and
The right not to receive discriminatory treatment by us for the exercise of privacy rights the CTDPA confers.

We do not sell personal data in the conventional sense. However, like many companies, we use cookies and other tracking technologies to display advertisements about our Services to you on nonaffiliated websites, applications, and online services. This is “targeted advertising” under the CTDPA. When we engage in those activities, we sell personal data (i.e., information from cookies) to third-party advertisers and analytics companies. We do not use personal data for profiling in furtherance of solely automated decisions that produce legal or similarly significant effects concerning individuals.

To exercise your rights, please submit a request through our interactive webform available here or by calling us at 844-636-1244 . If legally required, we will comply with your request upon verification of your identity and, to the extent applicable, the identity of the individual on whose behalf you are making such request. To do so, we will ask you to verify data points based on information we have in our records. If you are submitting a request on behalf of another individual, please use the same contact methods described above. If we refuse to take action regarding your request, you may appeal our decision by replying to our denial or emailing us at WebAgent@constellation.com. If you would like to opt out of targeted advertising, you may alter your cookie preferences here.

G. Special Information for California Residents
If you are a California resident, you have the right under the California Consumer Privacy Act (“CCPA") to receive notice of the categories of personal information we collect, the purposes for which those categories of personal information will be used, and how we determine the length of time for which the personal information is maintained. You are also entitled to receive notice regarding your rights under the CCPA.

Collection, Use, and Retention – Business Customers and Prospective Business Customers

We collect personal information subject to the CCPA where we interact with representatives or agents of our business customers or other business contacts who are located in California or when residents of California visit our websites.

California law requires us to provide information regarding the criteria we use to determine the length of time for which we retain personal information.

We utilize the following criteria to determine the length of time for which we retain information:

The business purposes for which the information is used, and the length of time for which the information is required to achieve those purposes;

Whether we are required to retain the information type in order to comply with legal obligations or contractual commitments, to defend against potential legal claims, or as otherwise necessary to investigate theft or other activities potentially in violation of Constellation’s policies and procedures applicable to you or against the law, to ensure a secure online environment, or to protect health and safety;

The privacy impact of ongoing retention on the consumer; and the manner in which information is maintained and flows through our systems, and how best to manage the lifecycle of information in light of the volume and complexity of the systems in our infrastructure.

Individual pieces of personal information such as those listed above may exist in different systems that are used for different business or legal purposes. A different maximum retention period may apply to each use case of the information. Certain individual pieces of information may also be stored in combination with other individual pieces of information, and the maximum retention period may be determined by the purpose for which that information set is used.

The following chart describes our practices with regard to the collection, use, and retention of personal information. We use categories to describe the information we process that are listed in the CCPA. Certain personal information may fall into multiple categories. Some of the categories include very different types of information. As a result, how we use and how long we keep the information within each category will vary.

The examples of personal information listed below are illustrative and do not represent a complete description of the information we process.

Category	Required Information
Identifiers	Name, email address, phone number, business or other contact address Source: Directly from you or from the business entity you represent Purpose of collection and use: The purposes listed in Section B above Retention considerations: The amount of time we retain your identifiers will depend on your relationship with the business you represent
Internet or other similar network activity	Device ID, browsing history, search history, and information regarding your interaction with our website, application, or advertisement Source: Automatically generated when you use our websites or applications Purpose of collection and use: All purposes listed in Section B above Retention considerations: Internet or other network activity information is typically deleted at regular intervals when the information is no longer necessary for the purposes for which it is collected
Commercial information	Products or services purchased, obtained, or considered Source: Directly from you or from the business entity you represent Purpose of collection and use: The purposes listed in Section B above Retention considerations: The law requires us to maintain purchase records for a period of time, which varies by state

Constellation does not collect the following categories listed in the CCPA for current and prospective business customers: protected classifications, biometric information, geolocation data, education information, inferences, or sensory data.

Sale and Sharing
The CCPA also requires us to list the categories of third parties to whom we “sell” or “share” personal information. Under the CCPA, a business “sells” personal information when it discloses personal information to a company for monetary or other benefit. We are required to list entities to whom we disclose information to conduct activities on our behalf, as described in Section C above. These entities are restricted from using personal information for any purpose that is not related to our engagement.

Category	Required Information
Identifiers	Unique personal identifier, online identifier, internet protocol address, or other similar identifiers Categories of parties with whom personal information is sold: Advertising networks; Data analytics providers Categories of parties with whom personal information is shared: Service providers
Internet or other similar network activity	Information regarding your interaction with an internet website, application, or advertisement Categories of parties with whom personal information is sold: Advertising networks; Data analytics providers Categories of parties with whom personal information is shared: Service providers

Rights
As a California resident, you have the right to request access to personal information collected about you and information regarding the source of that personal information, the purposes for which we collect it, and the third parties and service providers with whom we share it. You also have the right to request we correct inaccurate information, and to request in certain circumstances that we delete personal information that we have collected directly from you. You have the right to be free from discrimination based on your exercise of your CCPA rights.

You may submit a request to exercise your rights to access, correct, or delete your personal information through one of two means:

By completing the form available here
By calling us at 1-844-636-3749

We may have a reason under the law why we do not have to comply with your request, or why we may comply with it in a more limited way than you anticipated. If we do, we will explain that to you in our response. Upon submission of your request, we will contact you (via the email address provided in your request) with instructions on how to verify the request, after which we will check our records for matching information, and aim to complete requests as soon as reasonably practicable and consistent with any applicable laws. You may authorize another individual or a business registered with the California Secretary of State, called an authorized agent, to make requests on your behalf through these means.

If you are a California resident, you also have the right to direct us to stop selling or sharing your personal information to third parties. You may submit a request to opt out of sales or sharing by visiting our Your Privacy Choices page. If you have enabled privacy controls on your browser (such as a plugin), we will also treat that as a valid request to opt-out. Please see the “Universal Opt-Out Mechanisms” portion of Section D above for more information.

The CCPA also grants you the right to request that we limit use of sensitive personal information to certain purposes allowed by law. However, we do not use sensitive personal information in any way for which you would be afforded this right.

H. Children’s Privacy
We do not knowingly collect information from children under 13 years of age, nor will we knowingly allow children under 13 years of age to use certain features of our website. If we become aware that a child under 13 years of age has provided us with personal information, we take immediate steps to delete such personal information.

I. Contact Us

For questions or concerns about this Notice, please contact WebAgent@constellation.com and we will use reasonable efforts to address those questions and concerns..

J. Biometric Information Policy
The Illinois Biometric Information Privacy Act (BIPA) regulates the collection, use, and retention of a person's biometric identifiers or information (biometric data). It requires collectors of this information to, among other things, establish a retention schedule and guidelines for permanently destroying biometric data when the initial purpose for collecting or obtaining such biometric data has been satisfied or within 3 years of the individual's last interaction with the private entity, whichever occurs first.

Constellation Energy Generation, LLC (Constellation Generation) is the largest operator of commercial nuclear power plants in the United States. As part of its extensive efforts to ensure the security of these facilities and to comply with federal government regulations, Constellation Generation collects biometric data in the form of fingerprints and hand geometry scans from persons who apply for and persons who are granted unescorted access to one or more of its nuclear power plants or to Safeguards Information. The collection of fingerprints for these purposes is required by Section 149 of the Atomic Energy Act of 1954, as amended, and the regulations of the United States Nuclear Regulatory Commission (NRC) at 10 CFR §§ 73.55, 73.56, and 73.57. Upon collection, Constellation Generation transmits these fingerprint files electronically to the NRC to provide to the Federal Bureau of Investigation for the purpose of conducting criminal history records checks. The results of the criminal history records checks are provided to and used by Constellation Generation as part of its determination of the trustworthiness and reliability to hold unescorted access or have access to Safeguards Information.

Fingerprint files collected by Constellation Generation are securely stored and transmitted by Constellation Generation to Government entities using a reasonable standard of care within the nuclear industry. Constellation Generation periodically destroys the fingerprint files it collects once the initial purpose of collection has been satisfied, not to exceed three years. After the fingerprint files are transmitted to the Government entities, Constellation Generation retains a secure copy of the electronic file for a period of time in case the data becomes corrupted in transmission. The electronic files are periodically deleted based on the date the electronic file was created, but within a three-year period.

Constellation Generation collects hand geometry scans of persons granted unescorted access for the purpose of verifying the identity of persons who have already been granted unescorted access prior to each entry into the protected area of its nuclear power plants. For Constellation Generation’s Illinois-based nuclear plants, hand geometry data is stored in a secure system and is evaluated, typically every thirty days. All hand geometry data for persons who no longer require unescorted access to the facility is deleted as part of that evaluation.

Constellation Generation does not sell, lease, trade, disclose, redisclose, disseminate, or profit from a person’s biometric data.

Additional information regarding the NRC's requirement for access authorization and physical protection of nuclear power plants can be found on the NRC's website at www.nrc.gov.

K. UK and EU Supplementary Privacy Notice
This UK/EU Privacy Notice is issued on behalf of Constellation Energy Corporation (“Constellation”) and its subsidiaries and affiliated companies, including but not limited to Constellation Energy Generation, LLC, Constellation Home Products & Services, LLC, Constellation NewEnergy, Inc., Constellation NewEnergy-Gas Division, LLC, and their respective subsidiaries (hereinafter referred to collectively as “Constellation” or “Constellation companies,” “us,” “we,” or “our”). When we mention these terms in this UK/EU Privacy Notice, we are referring to the relevant company out of those listed above that is responsible for processing your personal information.

Constellation Energy Generation, LLC is the controller that is responsible for the website(s).

If you have any questions about this UK/EU Privacy Notice, please contact us using the information set out in the Contact Us section below.

Use of Personal Information:
Under UK and EU data protection laws, we are required to have a lawful basis for processing personal information. In particular, at least one of the following lawful bases must apply in each case:

Consent: where you have expressly agreed to us processing your personal information.
Performance of a contract: where it is necessary for us to process your personal information in order to perform a contract with you or to take steps at your request before entering into a contract with you.
Legal obligations: where it is necessary for us to process your personal information for compliance with a relevant legal obligation that we are subject to.
Vital interest: where it is necessary for us to process your personal information to protect your vital interests, or the vital interests of someone else.
Public task: where it is necessary for us process your personal information to perform a task in the public interest and the task has a clear basis in law.
Legitimate interests: where it is necessary for our legitimate interests (or those of a third party) to process your personal information, as long as your interests and fundamental rights do not override those interests.

The table below sets out the purposes for which we process your personal information, and the relevant lawful base or bases that apply in each case.

Purpose and Lawful Basis:

Purpose	Type of Data (please see Section A above for details of the information that falls within each category)	Lawful Basis for Processing
To provide our Services: To establish and provide service, build and manage business opportunities, and fulfill contract requirements.	Contact Information; Identification Information; Physical Location Information; Online Usage Information; Device Information; Online Location Information.	Performance of a contract, or if this falls outside of the scope of a contract that we have, or will enter into with you, where this is necessary for our legitimate interests in: entering into and complying with the terms of a contract that we have in place with a customer or user; protecting and developing our business and reputation; and/or protecting the security and integrity of our systems, processes and our business.
Improve our Services and grow Constellation: To understand our consumer base, conduct market research and statistical analysis, develop new products, and improve the Services.	Contact Information; Identification Information; Customer Service Interactions; Physical Location Information; Online Usage Information; Device Information; Online Location Information.	Necessary for our legitimate interests in: developing our business; informing our future business strategy; promoting innovation; and/or meeting customer and user needs and expectations.
Respond to your inquiries: To provide support and respond to your questions, inquiries, and other requests.	Contact Information; Identification Information; Physical Location Information; Online Usage Information; Device Information; Online Location Information.	Necessary for our legitimate interests in: protecting our business and reputation; and/or meeting customer and user needs and expectations.
Send communications and marketing: To provide account updates or other communications regarding your account or to inform you of any changes to our Services.	Contact Information Identification Information; Customer Service Interactions; Physical Location Information; Online Usage Information; Device Information; Online Location Information.	In the case of direct marketing, your consent* (where legally required). Otherwise, this is necessary for our legitimate interests in: promoting our services; building our customer base; developing our business; and/or meeting customer and user needs and expectations. *If you choose to consent, you can withdraw this at any time, using the unsubscribe link in the message or by contacting us. You can also use the same methods to opt-out of receiving marketing communications that are sent on the basis of our legitimate interests.
Offer, maintain, and improve online Services:To monitor the performance of the Services, improve the Services, ensure the security of the Services, and personalize your experience.	Contact Information; Identification Information; Customer Service Interactions; Physical Location Information; Online Usage Information; Device Information; Online Location Information.	Performance of a contract, or if this falls outside of the scope of a contract that we have, or will enter into with you, where this is necessary for our legitimate interests in: entering into and complying with the terms of a contract that we have in place with a customer or user; protecting and developing our business; promoting innovation; meeting customer and user needs and expectations; and/or protecting the security and integrity of our systems, processes and our business. An exception to the above is where we use cookies (and/or similar technologies) to personalize your experience. In that case our lawful basis is consent. Please see our Cookie Policy for more information.
Comply with legal and regulatory obligations:To comply with our legal and regulatory requirements or in connection with inquiries from regulators, law enforcement agencies, or parties involved in litigation.	Contact Information; Identification Information; Customer Service Interactions; Physical Location Information; Online Usage Information; Device Information; Online Location Information.	Necessary for compliance with legal obligations to which we are subject as well as our legitimate interests in: ensuring that we comply with regulatory or industry requirements, expectations, guidance or best practice recommendations, which are not underpinned by law and/or following legal processes and procedures relating to the conduct of litigation.
To establish, protect, or exercise our legal rights.	Contact Information; Identification Information; Customer Service Interactions; Physical Location Information; Online Usage Information; Device Information; Online Location Information.	Necessary for our legitimate interests in protecting our business and reputation.
As required to enforce contracts.	Contact Information; Identification Information; Customer Service Interactions; Physical Location Information; Online Usage Information; Device Information; Online Location Information.	Performance of a contract, or if this falls outside of the scope of a contract that we have, or will enter into with you, where this is necessary for our legitimate interests in: complying with the terms of a contract that we have in place with a customer or user; providing our Services to customers or users; or protecting our business.
To defend against legal claims or demands.	Contact Information; Identification Information; Customer Service Interactions; Physical Location Information; Online Usage Information; Device Information; Online Location Information.	Necessary for our legitimate interests in protecting our business and reputation.
To investigate, prevent, or take action against illegal activities, fraud, or situations involving potential threats to the rights, property, or personal safety of any person.	Contact Information; Identification Information; Customer Service Interactions; Physical Location Information; Online Usage Information; Device Information; Online Location Information.	Necessary for our legitimate interests in: protecting and developing our business and reputation; and/or protecting the security and integrity of our systems, processes and our business; helping to prevent and detect fraud and other criminal activity; and/or protecting our workforce and/or customers.

Sharing Personal Information With Third Parties

We may share your personal data for the purposes set out in the table above, with the recipients described in Section C above.

Our websites and applications may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

How Long Your Personal Information Will Be Kept
We will only keep your personal information for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.

We may keep your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To decide how long we keep your personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or reporting requirements.

For more information about how long we keep specific types of personal information, please Contact Us.

International Transfers:
We may only transfer your personal information to another entity in a country outside the UK or European Economic Area (“EEA”) (as applicable):

where there are appropriate safeguards in place, such as legally-approved standard data protection clauses recognized or issued further to Article 46(2) of the UK GDPR and/or EU GDPR (“SCCs”). We have SCCs in place in respect of transfers of personal information to the United States.
If you would like further information about data transferred outside the UK/EEA, please Contact Us.

Your Rights

Where UK or EU data protection laws apply, you have the following rights (subject to certain conditions and limitations), which apply instead of the rights set out elsewhere in this Notice.

Access - the right to be provided with a copy of your personal information.
Rectification - the right to require us to correct any mistakes in your personal information.
Erasure - (also known as the right to be forgotten) - the right to require us to delete your personal information in certain situations.
Restriction of processing - the right to require us to restrict processing of your personal information in certain circumstances, e.g. if you contest the accuracy of the information.
Data portability - the right to receive the personal information you provided to us in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations.
Objection - the right to object (i) at any time to your personal information being processed for direct marketing (including profiling); and (ii) in certain other situations to our continued processing of your personal information, e.g. processing carried out for the purpose of our legitimate interests unless there are compelling legitimate grounds for the processing to continue or the processing is required for the establishment, exercise or defense of legal claims.
Withdrawing consent - if you have provided us with consent to use your personal information you have a right to withdraw that consent easily at any time. Withdrawing consent will not affect the lawfulness of our use of your personal information in reliance on that consent before it was withdrawn.
Not to be subject to decisions without human involvement - the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you. We do not make any such decisions based on data collected within the scope of this Notice.

For further information on each of those rights, including the circumstances in which they do and do not apply, please Contact Us.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to help speed up our response.

Contact Us:
If you have any questions about this privacy policy or about the use of your personal data or you want to exercise your privacy rights, please contact us at WebAgent@constellation.com.

You have the right to make a complaint at any time to any applicable regulatory body, including the Information Commissioner’s Office (ICO), the UK regulator for data protection issues, and/or to the relevant data protection supervisory authority in your jurisdiction. We would, however, always appreciate the chance to address your concerns before you approach such regulators.

Contact details for the ICO are available here.

For a list of EEA data protection supervisory authorities and their contact details see here.