This privacy notice explains how the Energetics Group of companies collects, stores, manages and protects your personal data. The companies to which this notice applies are set out at the bottom of this notice.
To make reading this notice easier, we refer to the collection, storage, management and protection of personal data as “processing”.
Why do we process your personal data?
We process personal data in relation to:
- Our current and former employees, contractors and other workers (to make reading this notice easier, we refer to all of these people as “employees”)
- Job applicants and people that no longer work for us
- The employees, contractors and workers of our external stakeholders, including clients and suppliers. We process your personal data in order to carry out our business operations and administration and to provide information and services to clients. Examples of why we might process your personal data include:
- Communicating with you as part of our ongoing relationship (for example, providing services to you, or in connection with your engagement with us)
- Record-keeping (including after our relationship has ended)
- Paying you, or receiving payments from you
- HR and Finance admin – for example, payroll, pensions and benefits
- Marketing (where allowed by law)If you are not one of our employees, we process your personal data as part of our legitimate interest in carrying out our routine business operations and administration, and to provide information and services to clients. If you are one of our employees, it will be a requirement of your contract that you provide us with certain personal data (which is described below). We need this information in order to administer your employment with us (for example, HR and Finance information) and to fulfil our legal obligations. If you are applying for a job with us, it will be a requirement that you provide us with certain personal data before entering into a contract with us, for the same reasons. We may need to process special categories of personal data (such as health data) for the purpose of fulfilling our legal duties in connection with the health and safety of people affected by our businesses. We are also required to process certain personal data in order to meet other legal requirements. For example, Ofgem requires us to participate in industry data-sharing arrangements regarding the premises connected to our energy networks.
What personal data do we process?
Most of the personal data we process is provided by you as part of your interactions with us. It usually includes the following items:
- Your name(s) and title
- Your address, email address and/or telephone number. If you are one of our employees, contractors or workers, we will collect some additional personal data in relation to your employment with us, which will include:
- Your gender and date of birth
- Your health information
- Your bank account number and sort code
- Your CV
- Name(s), addresses, email addresses and telephone numbers of family contacts (for example, for emergency contacts)We will usually collect some or all of this information in relation to job applicants and new employees, too. We might also retain some of this information in relation to former employees for record-keeping purposes. Your personal information is likely to be contained in:
- Updates to your contact details (such as address, email address and telephone number)
- Emails and other correspondence that you sent to us, or that were sent to you by us
- Records of conversations and meetings
- Website contact forms and marketing preferences
- Project-related documents such as tenders and responses, contact lists, approvals and similar paperwork
- Internal business systems such as HR and Finance systems
- CCTV that we control on our business premises for the purposes of safety and security. Our regulated businesses are also legally required to access industry-wide databases that contain personal data in the form of names, addresses, and alphanumeric identifiers such as “Meter Point Reference Numbers” (MPRNs) and “Meter Point Address Numbers” (MPANs). Some of these databases might also indicate whether a person is vulnerable for health or other reasons. This information is used to identify the end-users of our energy networks and, in relevant cases, any special or additional support they might need.
Who might we share personal data with?
Most personal data is kept within the Energetics Group of companies but shared between the data controllers named at the bottom of this notice. Personal data might be shared with third parties where that is necessary to fulfil the purposes described above. For example:
- Some of our systems are cloud-based, so some personal data may be transferred to servers controlled by the providers of these cloud-based systems (who have no direct access to the personal data)
- Some employees are insured to drive our fleet vehicles, so their personal data will be sent to the providers of those vehicles and any related insurance provider
- Some of our employee benefits are provided by third parties (such as pensions and health insurance), so their personal data will be sent to those providers
- Personal data might be included in records sent to our professional advisers, such as lawyers and accountants
- We might need to provide personal details to subcontractors who perform services on our behalf – for example, details of contacts on site
- Clients will receive employee personal data during routine communications in the form of contact details (and vice versa)
- We will have to provide personal data to some of our regulators – for example, HMRC, Ofgem and Lloyds Register – to fulfil our legal obligations and to assist them in fulfilling their regulatory functions. Any personal data we collect will generally be kept within the United Kingdom and will not be transferred outside of the European Economic Area (EEA) or to an international organisation (as defined in the GDPR). We keep this under review with our third-party providers.
How long do we keep personal data?
We won’t keep any personal data for longer than it is required. Most personal data will be kept for the duration of our relationship with you plus an additional six (6) years (or any longer period required by law). The reason for this is that if we have to respond to a legal claim, we might need to use records that contain your personal data. And most legal claims have to be brought within six (6) years.
What are your rights in connection with the privacy of your personal data?
You have the following rights in respect of your personal data:
- Access to your personal data – You have the right to a copy of any personal data we hold in relation to you, as well as information about how we process that personal data (which is already set out in this notice). We can charge a reasonable fee based on administrative costs in relation to any extra copies.
- Rectification of your personal data – You have the right to have any inaccurate personal data about you corrected. You also have the right to have any incomplete personal data completed.
- Right to erasure / “right to be forgotten” – In certain circumstances, you have the right for personal data about you to be erased. We are not required to erase your personal data if we need to keep it in order to comply with legal obligations or to establish, exercise or defend legal claims.
- Right to restrict processing – In certain circumstances, you have the right to restrict how we process your personal data. There are some purposes for which we can continue to process your personal data even if you ask for it to be restricted. These include storage; the establishment, exercise or defence of legal claims; or for the protection of the rights of another legal or natural person (which includes companies).
- Right to object – If we process your personal data on the basis of our legitimate interests, you can object to that processing. If you object, we may have to stop processing that personal data (and this may mean we are no longer able to interact with you in ways that rely on that personal data). But we are not required to stop processing your personal data where our legitimate grounds for processing it override your interests, rights or freedoms, or are necessary to establish, exercise or defend legal claims.
- Right to data portability – If we process your personal data on the basis of a contract you have with us as an individual, and that data is automatically processed, you have the right to receive that personal data from us in a commonly-used and machine-readable format so that you can transmit it to another data controller (or you can ask us to transmit it for you where technically feasible).
Requests to exercise these rights should be sent to email@example.com
If requests are manifestly unfounded, excessive or repetitive we are allowed to charge a reasonable fee for fulfilling the request or refuse to fulfil the request.
Who can you complain to about how we handle your personal data?
The appointed representative for each of the Energetics data controllers is:
The Legal and Regulatory Director
Hamilton International Technology Park
Queries for the appointed representative should be sent to firstname.lastname@example.org
You may also complain directly to the Information Commissioner’s Office (www.ico.org.uk). The Information Commissioner is the UK regulator for data protection.
Who are the data controllers of personal data you provide to Energetics?
The following Energetics Group companies are data controllers processing personal data under this privacy notice:
- Energetics TopCo Limited
- Energetics Networked Energy Limited
- Energetics Design & Build Limited
- Energetics Asset Management UK Limited
- Energetics Electricity Limited (a regulated business)
- Energetics Gas Limited (a regulated business)
The registered address for each of the Energetics data controllers is:
Hamilton International Technology Park