Your personal information at Vattenfall Networks Ltd
Vattenfall Network Ltd respects your privacy and is committed to protecting your personal data. This privacy notice will inform you as to how we look after your personal data and tell you about your privacy rights and how the law protects you.
In order for you to receive great service from us, we need to manage your personal information. In most cases, we collect your personal information directly from you, but sometimes the information is collected in other ways. Regardless of how it is collected, Vattenfall always handles your personal information with the utmost care and respect for you and your privacy. We take our responsibility for your security very seriously, and you can count on us to meet the requirements of the new data protection legislation, the Data Protection Act 2018 (GDPR).
Personal data, or personal information means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store or transfer personal data. In limited circumstances, health details may be collected. There are special rules in relation to this. We process such information only when it is strictly necessary and always ensure that any processing is in compliance with the GDPR. Personal information is always protected from unauthorised use and is only shared when necessary and when we are permitted to do so. Other than in relation to health details if you are on our Priority Services Register (see Special Categories of personal data below), we no not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union memberships, genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
Purpose and Legal basis for processing
We only handle your personal information for purposes that are clearly defined and related to a specific purpose that is sanctioned by the GDPR.
To comply with our obligations under a contract
Based on consent
In case of legitimate interest
Comply with a legal requirement:
Collection of Personal Information
You can share your personal information with us through the website and we can also receive your personal information when you provide information to us via mail, e-mail, and phone, as well as in connection with the signing of contracts or services.
We will also use your personal information to conduct a credit check when you enter into a new contract with us.
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel the product or service but we will notify you if this is the case at the time.
Information to individuals
When we collect your personal information we will inform you of who is responsible for processing it, the purpose of any processing and any other information that may be required for you to exercise your rights according to the GDPR.
The information generally falls into two categories:
We will inform you if personal information is collected from a source other than you or the sources mentioned in this notice.
Special Categories of personal data
We keep a confidential register of customers who may need additional support and access some services free of charge. This applies to customers who are disabled or who have long-term ill health. This is called the Priority Services Register which we keep and maintain in line with our regulatory requirements. If you do qualify for the Priority Services Register you will have to give us details of your health and we may need to pass that information over to companies who help us ensure that energy continues to be delivered to your home.
Health details are known as “Special Categories” of personal data. This is because it is particularly sensitive personal information which requires higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We have in place an appropriate policy document and safeguards which we are required by law to maintain when processing such data. See more details regarding the Priority Services Register here
If you wish to join the Priority Services Register and your reason is a health related one, you will be asked to complete a form that contains details of your health. By submitting that form, if you qualify for the Priority Services Register, you will be giving us your consent to store, use and share your health details to allow us to provide the services required of us to support you. We will notify you of our requirement for your consent at the time.
We have put in place appropriate security measures to prevent your personal information from being lost, distorted, manipulated, or accessible to unauthorised persons. Only those who need access to your personal information to perform a specific service have permission to access and manage your information. In cases where we cooperate with internal and external partners, we have entered into agreements with them to ensure that the same demands on security apply.
Incidents are always handled in accordance with strict protocol. If an incident involves serious consequences, it is reported to the Information Commissioner’s Office and any affected individual within 72 hours. Data hacking incidents are always reported to the police.
Sharing of personal information
Some of your personal information may be transferred to our partners in order to deliver services you have ordered, or to carry out installation work in your area. When this occurs, you are protected by the same legal standards and data protection rights as when your information is exclusively handled by us.
Examples of partners that can be provided with your personal information:
• Our customer service and C&C, the company that prints our invoices.
• Contractors and installers in our network areas.
• The electricity supplier of your choice.
• Technical consultants working on our behalf.
• Debt collection and service companies, credit information companies.
• IT vendors that develop and maintain our systems.
Your personal information is not normally accessible to companies located in countries outside the EU or EEA. However, when this does occur, we ensure that all legal conditions are met so that your personal information is protected by the same standards as within the EU/EEA.
Please note that we, like all other companies, are required to provide personal information to the police for criminal investigation following a court decision.
Business offers and direct marketing
Personal information is used for sending you necessary information about your contract, power outages, changes in contract terms, or other such important information that is relevant to your business relationship with us. For other communications such as e-mail newsletters, you have the choice to opt out by changing settings in My Pages or contacting our customer services team.
Storage of personal information
We do not store your personal information longer than is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. When personal information is no longer needed, it is permanently deleted. As an example, when a contract has ended and our internal investigations are completed, your personal information is deleted with the exception of some records for accounting purposes. In addition, by law, we have to keep certain personal information for 6 years after the expiry of the contract.
Your legal rights
Under certain circumstances, you have the right to access your personal data.
You have the right to:
Requests for information concerning the processing of personal information can be made by writing a letter to our Data Protection Officer detailed below. When submitting a request for information, please also provide a copy of a form of valid ID (driving licence, passport or ID card). This allows us to verify that we provide information to the correct data subject. We will try to respond to any request within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request if clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
The information in this document applies to Vattenfall Network Ltd and the website http://networks.vattenfall.co.uk, unless otherwise stated. We are not responsible for the content or the links to other websites external to Vattenfall Network Ltd.
Changes of rules and regulations
If there are changes in our regulations for the processing of personal information, we will announce it on this page. If the processing of your personal information is specifically governed by an agreement between us, the contract provisions in compliance with laws and regulations will determine our practice
The legal entity responsible for your personal information is:
Vattenfall Network Ltd
Beaumont Bridge House,
181 Queen Victoria Streeet, London
Vattenfall has appointed a Data Protection Officer who advises the organisation and supervises compliance with privacy legislation and regulations within Vattenfall. If you have questions about this privacy statement or about how Vattenfall handles your personal data, our Data Protection Officer can be reached via email at firstname.lastname@example.org
If you are unsatisfied with a decision following a complaint to Vattenfall, you can also submit a complaint to the Data Protection Officer with regard to how Vattenfall processes your personal data. You also have the right to make a complaint to the Information Commissioner’s Office, the UK supervisory authority for data protection issues, for example if you feel that your complaint has not been handled properly by Vattenfall. We would, however, appreciate the opportunity to deal with your concerns before you approach the ICO so please contact us in the first instance by contacting our Data Protection Officer.
This privacy statement is valid from: 13 August 2018