Privacy Statement

Your personal information at Vattenfall Networks Ltd

Vattenfall Network Ltd respects your privacy and is committed to protecting your personal data.  This privacy notice will inform you as to how we look after your personal data and tell you about your privacy rights and how the law protects you.

In order for you to receive great service from us, we need to manage your personal information.  In most cases, we collect your personal information directly from you, but sometimes the information is collected in other ways.  Regardless of how it is collected, Vattenfall always handles your personal information with the utmost care and respect for you and your privacy.  We take our responsibility for your security very seriously, and you can count on us to meet the requirements of the new data protection legislation, the Data Protection Act 2018 (GDPR).

Personal data, or personal information means any information about an individual from which that person can be identified.  It does not include data where the identity has been removed (anonymous data).  We may collect, use, store or transfer personal data.  In limited circumstances, health details may be collected.  There are special rules in relation to this. We process such information only when it is strictly necessary and always ensure that any processing is in compliance with the GDPR.  Personal information is always protected from unauthorised use and is only shared when necessary and when we are permitted to do so.   Other than in relation to health details if you are on our Priority Services Register (see Special Categories of personal data below), we no not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union memberships, genetic and biometric data).  Nor do we collect any information about criminal convictions and offences.

Purpose and Legal basis for processing

We only handle your personal information for purposes that are clearly defined and related to a specific purpose that is sanctioned by the GDPR.

To comply with our obligations under a contract

  • Delivering services that you have requested and other similar obligations that are part of our relationship with you as a customer, stakeholder, agent or supplier; this includes: sending you invoices and providing information about power failures;

Based on consent

  • for our customers on the Priority Services Register (see Special Categories of personal data below);

In case of legitimate interest

  • Maintenance of our network and for IT security; or
  • Fraud monitoring, prevention and detection
  • Inform you about relevant product and services
  • Customer service research
  • Recording of calls for quality and training purposes

Comply with a legal requirement:

  • Compliance with legal requirements related to the Electricity Act, and the Security of Network and Information Systems Regulations; Cooperation with enforcement agencies, e.g. Police or Supervisory Authority
  • Priority Services Register

Collection of Personal Information

You can share your personal information with us through the website and we can also receive your personal information when you provide information to us via mail, e-mail, and phone, as well as in connection with the signing of contracts or services.

When you visit our website (networks.vattenfall.co.uk) we use cookies. You can refuse cookies by setting your browser according to these requirements. 

We will also use your personal information to conduct a credit check when you enter into a new contract with us.

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you.  In this case, we may have to cancel the product or service but we will notify you if this is the case at the time.

Information to individuals

When we collect your personal information we will inform you of who is responsible for processing it, the purpose of any processing and any other information that may be required for you to exercise your rights according to the GDPR.

The information generally falls into two categories:

  1. Personal information -  the information needed for you to become a customer or to establish any type of contract with us, e.g. name, address, phone number, email address, credit score, customer number and password.
  2. Property information - primarily information about your installation e.g. fuse size, electricity consumption, facility address, and choice of electricity supplier.

We will inform you if personal information is collected from a source other than you or the sources mentioned in this notice.

Special Categories of personal data

We keep a confidential register of customers who may need additional support and access some services free of charge.  This applies to customers who are disabled or who have long-term ill health.  This is called the Priority Services Register which we keep and maintain in line with our regulatory requirements.  If you do qualify for the Priority Services Register you will have to give us details of your health and we may need to pass that information over to companies who help us ensure that energy continues to be delivered to your home.

Health details are known as “Special Categories” of personal data.  This is because it is particularly sensitive personal information which requires higher levels of protection.  We need to have further justification for collecting, storing and using this type of personal information.  We have in place an appropriate policy document and safeguards which we are required by law to maintain when processing such data.  See more details regarding the Priority Services Register here

If you wish to join the Priority Services Register and your reason is a health related one, you will be asked to complete a form that contains details of your health.  By submitting that form, if you qualify for the Priority Services Register, you will be giving us your consent to store, use and share your health details to allow us to provide the services required of us to support you.  We will notify you of our requirement for your consent at the time.

Security

We have put in place appropriate security measures to prevent your personal information from being lost, distorted, manipulated, or accessible to unauthorised persons. Only those who need access to your personal information to perform a specific service have permission to access and manage your information. In cases where we cooperate with internal and external partners, we have entered into agreements with them to ensure that the same demands on security apply.

Incidents are always handled in accordance with strict protocol. If an incident involves serious consequences, it is reported to the Information Commissioner’s Office and any affected individual within 72 hours. Data hacking incidents are always reported to the police.

Sharing of personal information

Some of your personal information may be transferred to our partners in order to deliver services you have ordered, or to carry out installation work in your area. When this occurs, you are protected by the same legal standards and data protection rights as when your information is exclusively handled by us.

Examples of partners that can be provided with your personal information:

• Our customer service and C&C, the company that prints our invoices.

• Contractors and installers in our network areas.

• The electricity supplier of your choice.

• Technical consultants working on our behalf.

• Debt collection and service companies, credit information companies.

• IT vendors that develop and maintain our systems.

Your personal information is not normally accessible to companies located in countries outside the EU or EEA. However, when this does occur, we ensure that all legal conditions are met so that your personal information is protected by the same standards as within the EU/EEA.

Please note that we, like all other companies, are required to provide personal information to the police for criminal investigation following a court decision.

Business offers and direct marketing

Personal information is used for sending you necessary information about your contract, power outages, changes in contract terms, or other such important information that is relevant to your business relationship with us. For other communications such as e-mail newsletters, you have the choice to opt out by changing settings in My Pages or contacting our customer services team.

Storage of personal information

We do not store your personal information longer than is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.  When personal information is no longer needed, it is permanently deleted.  As an example, when a contract has ended and our internal investigations are completed, your personal information is deleted with the exception of some records for accounting purposes. In addition, by law, we have to keep certain personal information for 6 years after the expiry of the contract.

Your legal rights

Under certain circumstances, you have the right to access your personal data.  

You have the right to:

  • Request access to your personal data – this enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Request correction of your personal data – this enables you to have any incomplete or inaccurate data we hold about you corrected though we may need to verify the accuracy of the new data you provide to us.
  • Request erasure of your personal data – this enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it.  You also have the right to ask us to delete or remove your personal data where you have successful exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law.  Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons of which we will notify you, if applicable, at the time of your request.
  • Object to the processing of your personal data – if there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms.  You also have the right to object where we are processing your personal data for direct marketing purposes.  In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
  • Request restriction of processing your personal data – this enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify where we have overriding legitimate grounds to use it.
  • Request transfer of your personal data – we will provide to you, or to a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  • Right to withdraw consent at any time where we are relying on consent to process your personal data, however this will not affect the lawfulness of any processing carried out before you withdraw your consent.  If you withdraw your consent, we may not be able to provide certain products or services to you.  We will advise you if this is the case at the time you withdraw your consent.

Requests for information concerning the processing of personal information can be made by writing a letter to our Data Protection Officer detailed below.   When submitting a request for information, please also provide a copy of a form of valid ID (driving licence, passport or ID card).  This allows us to verify that we provide information to the correct data subject.  We will try to respond to any request within one month.  Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests.  In this case, we will notify you and keep you updated.  You will not have to pay a fee to access your personal data (or to exercise any of the other rights).  However, we may charge a reasonable fee if your request if clearly unfounded, repetitive or excessive.  Alternatively, we may refuse to comply with your request in these circumstances.

  Links

The information in this document applies to Vattenfall Network Ltd and the website http://networks.vattenfall.co.uk, unless otherwise stated.  We are not responsible for the content or the links to other websites external to Vattenfall Network Ltd.

Changes of rules and regulations

If there are changes in our regulations for the processing of personal information, we will announce it on this page.  If the processing of your personal information is specifically governed by an agreement between us, the contract provisions in compliance with laws and regulations will determine our practice

Contact Us

The legal entity responsible for your personal information is:

Vattenfall Network  Ltd
Beaumont Bridge House,
181 Queen  Victoria Streeet, London
EC4V 4EG

Vattenfall has appointed a Data Protection Officer who advises the organisation and supervises compliance with privacy legislation and regulations within Vattenfall.   If you have questions about this privacy statement or about how Vattenfall handles your personal data, our Data Protection Officer can be reached via email at dpo.nordics@vattenfall.com

If you are unsatisfied with a decision following a complaint to Vattenfall, you can also submit a complaint to the Data Protection Officer with regard to how Vattenfall processes your personal data.  You also have the right to make a complaint to the Information Commissioner’s Office, the UK supervisory authority for data protection issues, for example if you feel that your complaint has not been handled properly by Vattenfall.  We would, however, appreciate the opportunity to deal with your concerns before you approach the ICO so please contact us in the first instance by contacting our Data Protection Officer.

This privacy statement is valid from: 13 August 2018