Energetics Privacy Notice
This notice explains how Energetics Design and Build Limited (“Energetics”) collects, stores, manages and protects your personal data.
To make reading this notice easier, we refer to the collection, storage, management and protection of personal data as “processing”.
Why do we process your personal data?
We process personal data in relation to:
• our current and former employees, contractors and other workers (to make reading this notice easier, we refer to all of these people as “employees”);
• job applicants and people that no longer work for us; and
• the employees, contractors and workers of our external stakeholders, including clients and suppliers.
We process your personal data in order to carry out our business operations and administration, and to provide information and services to clients. Examples of why we might process your personal data include:
• communicating with you as part of our ongoing relationship (for example, providing services to you, or in connection with your engagement with us);
• record-keeping (including after our relationship has ended);
• paying you, or receiving payments from you;
• HR and Finance admin – for example, payroll, pensions and benefits; and
• marketing (where allowed by law).
If you are not one of our employees, we process your personal data as part of our legitimate interest in carrying out our routine business operations and administration, and to provide information and services to clients.
If you are one of our employees, it will be a requirement of your contract that you provide us with certain personal data (which is described below). We need this information in order to administer your employment with us (for example, HR and finance information) and to fulfil our legal obligations.
If you are applying for a job with us, it will be a requirement that you provide us with certain personal data before entering into a contract with us, for the same reasons.
We may need to process special categories of personal data (such as health data) for the purpose of fulfilling our legal duties in connection with the health and safety of people affected by our businesses.
We are also required to process certain personal data in order to meet other legal requirements. For example, Ofgem requires us to participate in industry data-sharing arrangements regarding the premises connected to our energy networks.
What personal data do we process?
Most of the personal data we process is provided by you as part of your interactions with us. It usually includes the following items:
• your name(s), title and employer details; and
• your address, email address and/or telephone number.
We may also process information we obtain or are provided by third parties (such as Glenigans Lead Generation Database) in order to send direct marketing material to our current or prospective clients).
If you are one of our employees, contractors or workers, we will collect some additional personal data in relation to your employment with us, which will include:
• your gender and date of birth;
• your health information;
• you driving licence details;
• your bank account number and sort code;
• your CV; and
• name(s), address(es), email address(es) and telephone number(s) of family contact(s) (for example, for emergency contact details).
We will usually collect some or all of this information in relation to job applicants and new employees, too. We might also retain some of this information in relation to former employees for record-keeping purposes.
Your personal information is likely to be contained in:
• updates to your contact details (such as address, email address and telephone number);
• emails and other correspondence that you sent to us, or that were sent to you by us;
• records of conversations and meetings;
• website contact forms and marketing preferences;
• project-related documents such as tenders and responses, contact lists, approvals and similar paperwork;
• internal business systems such as HR, payroll and finance systems; and
• CCTV that we control on our business premises for the purposes of safety and security.
Who might we share personal data with?
Most personal data is kept within the Last Mile Infrastructure Group of companies, which Energetics is part of, and shared between the data controllers named at the bottom of this notice. Personal data might be shared with third parties where that is necessary to fulfil the purposes described above. For example:
• some of our systems are cloud-based, so some personal data may be transferred to servers controlled by the providers of these cloud-based systems (who have no direct access to the personal data);
• some employees are insured to drive our fleet vehicles, so their personal data will be sent to the providers of those vehicles and any related insurance provider;
• some of our employee benefits are provided by third parties (such as pensions and health insurance), so their personal data will be sent to those providers;
• personal data might be included in records sent to our professional advisers, such as lawyers, accountants and insurance brokers;
• our outsourced IT providers may have access to personal data on our IT systems if such access is required to enable them to resolve problems with our IT systems;
• we might need to provide personal details to subcontractors who perform services on our behalf – for example, details of contacts on site;
• clients will receive employee personal data during routine communications in the form of contact details (and vice versa);
• we will have to provide personal data to some of our regulators – for example, HMRC and Lloyds Register – to fulfil our legal obligations and to assist them in fulfilling their regulatory functions; and
• potential purchasers of our business, subject to those persons entering into strict confidentiality obligations with us and only to the extent permissible under data protection law.
To the best of our knowledge, understanding and belief, any personal data we collect will be kept within the United Kingdom and will not be transferred outside of the European Economic Area (EEA) or to an international organisation (as defined in the GDPR). We keep this under review with our third-party providers and if this changes, then we will let you know.
How long do we keep personal data?
We won’t keep any personal data for longer than it is required. Most personal data will be kept for the duration of our relationship with you plus an additional six (6) years (or any longer period required by law). The reason for this is that if we have to respond to a legal claim, we might need to use records that contain your personal data and most legal claims have to be brought within six (6) years.
What are your rights in connection with your personal data?
You have the following rights in respect of your personal data:
• Access to your personal data – you have the right to a copy of any personal data we hold in relation to you, as well as information about how we process that personal data (which is already set out in this notice). We can charge a reasonable fee based on administrative costs in relation to any extra copies.
• Rectification of your personal data – you have the right to have any inaccurate personal data about you corrected. You also have the right to have any incomplete personal data completed.
• Right to erasure / “right to be forgotten” – in certain circumstances, you have the right for personal data about you to be erased. We are not required to erase your personal data if we need to keep it in order to comply with legal obligations or to establish, exercise or defend legal claims.
• Right to restrict processing – in certain circumstances, you have the right to restrict how we process your personal data. There are some purposes for which we can continue to process your personal data even if you ask for it to be restricted. These include storage; the establishment, exercise or defence of legal claims; or for the protection of the rights of another legal or natural person (which includes companies).
• Right to object – if we process your personal data on the basis of our legitimate interests, you can object to that processing. If you object, we may have to stop processing that personal data (and this may mean we are no longer able to interact with you in ways that rely on that personal data). However, we are not required to stop processing your personal data where our legitimate grounds for processing it override your interests, rights or freedoms, or are necessary to establish, exercise or defend legal claims.
• Right to data portability – if we process your personal data on the basis of a contract you have with us as an individual, and that data is automatically processed, you have the right to receive that personal data from us in a commonly-used and machine-readable format so that you can transmit it to another data controller (or you can ask us to transmit it for you where technically feasible).
Requests to exercise these rights should be sent to firstname.lastname@example.org
If requests are manifestly unfounded, excessive or repetitive we are allowed to charge a reasonable fee for fulfilling the request or refuse to fulfil the request.
We will always store your digital information on secure servers. Unfortunately, however, the transmission of information via the internet is not completely secure. Although we will do our best to protect your information, we cannot guarantee the security of your information transmitted to our site or otherwise to our servers (such as by e-mail). Any such transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Who can you complain to about how we handle your personal data?
The appointed representative for each of the Last Mile Infrastructure Group data controllers is:
Data Protection Officer
Last Mile Infrastructure Group
Hamilton International Technology Park
Queries for the appointed representative should be sent to email@example.com
You may also complain directly to the Information Commissioner’s Office (www.ico.org.uk). The Information Commissioner is the UK regulator for data protection.
Who are the data controllers of personal data you provide to Last Mile?
The following Last Mile Infrastructure Group companies are data controllers processing personal data under this privacy notice:
• Last Mile Infrastructure (Holdings) Limited
• Last Mile Infrastructure Holdco1 Limited
• Last Mile Infrastructure Holdco2 Limited
• Last Mile Infrastructure Group Limited
• Last Mile Infrastructure Holdco Limited
• Last Mile Infrastructure Limited
• Last Mile Infrastructure UK Limited
• Last Mile Meters Limited
• Energetics Design and Build Limited
Changes to our privacy notice
This notice was last updated on 16 December 2019. Any material changes we may make to our privacy notice in the future will be uploaded to our website.