About this privacy notice
At Green Network Energy we respect your privacy and commit to protecting your personal data. This “privacy notice” explains what we do with your personal data, why we want to use it, how we protect it and what rights you have to control or use of it.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
This privacy notice applies not just to users of our website and our energy supply customers, but also personal data that we process through other interactions with individuals in the course of running our business such as individuals working for commercial customers or suppliers. Our website and services are not intended for children and we do not knowingly collect data relating to children.
Information about us
This privacy notice is for Green Network Energy Ltd (company number 09523066) and Green Network UK PLC (company number 08241751) (collectively referred to as “Green Network Energy”, “we”, “us” or “our” in this privacy notice). We collect, use and are responsible for certain personal data about individuals. When we do so we are regulated under the General Data Protection Regulation (“GDPR”), which applies across the European Union (including the United Kingdom) and we are responsible as “data controller” of that personal information for the purposes of the law.
If you want to contact us about any of the points on this notice, or just generally about how we protect your privacy, please email us at email@example.com.
Information we collect from you
If you visit our website:
If you request a quote we’ll collect:
- Your name
- Contact address
- Supply address (if different)
- Email address
- Telephone number
- Meter readings
- Other details we need to provide the quote
If you become a customer, we’ll also collect:
- Name and contact details of individuals authorised to access your account
- Previous address history
- Your date of birth
- Bank account or payment details
If you contact our customer services operatives by telephone, we will collect:
- Recordings of your calls
To be sure that we’re offering you the best option for your circumstances, we may request additional personal data to check whether you’re eligible for certain tariffs or government discount schemes. This may include:
- Details of your household income
- Information about any health or medical conditions that you may have or your age
If you feel you’re in a vulnerable situation, we may ask you for and/ or process the following information so we can fulfil your request appropriately or place you on our Priority Service Register:
- Details of your health or medical condition(s)
- Any other relevant information that you provide us with as part of your application
Should your circumstances change, we may also ask for the following to allow us to service your account:
- Your new address or a copy of your tenancy agreement, if you move home
- Documentation to support a change of name request, such as a marriage certificate, decree absolute or deed poll
- Documentation to help us close or transfer an account in the case of a bereavement, such as death certificates, solicitors’ correspondence, wills or probate documents.
We may also obtain or request the following information if you contact us with an enquiry or complaint:
- Any information that you disclose to us as part of your enquiry or complaint
- Necessary information to resolve your complaint, which could include:
- Bills from your previous supplier
- Legal documentation
- Tenancy agreements
- Copies of cheques or bank statements
If you work for a commercial customer or supplier or are an industry contact, we may hold your name, company name, job title and contact details. These details may have been provided by you, your employer or in some cases we may have sourced them from publicly available sources, such as LinkedIn and internet searches.
Information we collect from third parties or other sources
If you choose to interact with price comparison websites or third part intermediaries to generate a quote, or open up an account with us, your personal data will be passed onto us from them.
When you apply for an account with us, your credit score will be provided to us by third party credit reference agencies.
If you have a smart meter installed at your property, we’ll automatically receive readings in relation to your energy consumption. This will allow us to provide you with a number of benefits including accurate bills and the ability to keep track of your energy consumption.
The purpose and lawful basis for processing your personal data
We use personal data from different categories of individual for several different purposes and each with its own “lawful basis”. This section describes these in detail and although it’s technical, we’re required by law to explain this to you.
Where we process personal data for the following purposes:
- To provide you with a quotation for any of our products and services;
- To deliver our services to you according to our contractual agreement;
- To manage the forecasting and calculation of consumption data and validate invoices;
- To collect customer payments and manage payment plans;
- To contact you with important information about your account, including bills and statements;
we do so on the “lawful basis” that this processing is necessary to perform our energy supply contract we have with you, or (at your request) to take steps to enter into such a contract with you.
Where we process personal data for the following purposes:
- To comply with our regulatory requirements, for example those under OFGEM rules or the Standard Licence Conditions;
- To meet our legal obligations to verify your identity, before we provide you with information relating to your account;
- To resolve any disputes relating to your service usage with us, or your previous supplier;
- For the detection and prevention of crime, including any investigations into potential fraudulent activity, such as energy theft;
- To ensure that your contact details are correct, so that we are able to comply with our requirements to update the Emergency Services database;
- To respond to requests for information from the police and government bodies, to support in criminal investigations;
- To offer a priority service for vulnerable customers, such as those with specific health or medical conditions;
we do so on the “lawful basis” that this processing is necessary in order for us to comply with a legal or regulatory obligation
Where we process personal data for the following purposes:
- To respond to customer enquiries and complaints;
- To manage payment schedules, credit levels and debt collection;
- To understand customer behaviour, so that we can provide you with products and services that are best suited to your requirements;
- For management information reporting purposes, to help us continually improve our offering to our customers;
- To assess the financial vulnerability of our customers, so that we can ensure you are on the best plan for your individual circumstances;
- To interact with our suppliers to procure and pay for goods and services;
- To interact with relevant organisations and individuals to run and develop our business;
we do so on the “lawful basis” that the processing is necessary for our legitimate interests in operating our business and giving you the best possible service.
Where we process personal data for the following purposes:
- To provide you with information about products and services that we think you’d benefit from in accordance with your marketing preferences;
- To put you on the Priority Services Register
we do so on the “lawful basis” that you have provided your consent.
If you are an existing customer, subject to your marketing preferences, or where you have otherwise expressly consented, we’ll send you relevant information about products and services that we think you’d benefit from. This could include updates about more cost-effective plans that we have identified for you, based on your energy usage.
We’ll never sell your data to third parties for marketing purposes. However, subject to your marketing preferences, we may send you recommendations about third party products and services that could be of interest to you.
This information could be sent to you via text, telephone, email or post. You can opt in or opt out and update your marketing preferences at any time by clicking on “unsubscribe” or “preferences” links in emails, visiting your online account, or contacting us (see “how to contact us” below).
Whether information has to be provided by you and if so why
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with energy). In this case, we may have to cancel the contract you have with us but we will notify you if this is the case at the time.
Who we share your personal data with
We use a number of different service providers (acting as ‘data processors’) who provide services to enable us to operate our business and the services we provide to our customers. Your personal data is transferred to (and stored by) these service providers (as our ‘data processors’), who generally fall under the following categories:
- Website analytics
- Website and data hosting
- IT and system administration
- Document storage
- Email, contacts and calendar
- CRM, customer services and billing
- Accounting software
- Engineering and metering
- Industry data collection and aggregation
These ‘data processors’ only process data on our behalf, they won’t use your personal data for their own purposes and we only permit them to use it in accordance with our instructions and the law.
Other third-party recipients
We may also share your personal data with the following third parties in certain circumstances:
- Credit reference and debt collection agencies
- Other companies within our group
- Law enforcement or regulatory authorities (such as tax authorities) if required by applicable law
- Professional advisors such as lawyers, bankers, accountants or auditors in order to provide legal, finance, accounting or auditing services.
For security reasons we do not name all our service providers or other third-party recipients in this privacy notice. The types of personal data we hold about you (and that may be transferred to our data processors) are set out above. Please contact us (see below) if you want further information on specific data processors, other third-party recipients or the types of personal data they process for us.
Finally, we may also share personal information with third parties to whom we may choose to sell, transfer, or merge parts of our organisation or our assets. Alternatively, we may seek to acquire other organisations or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
International transfers of personal data, and the measures in place to safeguard it
We do not directly transfer any of your personal data outside the European Economic Area (EEA). However, some of our data processors may do so and this section explains the impact of these international transfers and how your information is protected.
Many of our data processors operate “cloud-based systems”, which means the information is held in information data centres in different locations. Most of them reserve the right to hold copies of your personal information outside the EEA. Please note that the reason companies may choose to do this is to hold back-up copies, so they can guarantee recovery.
In each case our processors employ one or more of the following mechanisms that are designed to help safeguard your privacy rights and give you remedies in the unlikely event of abuse:
- Certain processors may only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
- Providers storing data in the US, may be self-certified to the EU-US Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
- With certain service providers, we may use specific contractual clauses approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
Please contact us (see below) if you want further information on the specific mechanisms used by our data processors when transferring your personal data out of the EEA.
How long do we retain your personal data?
We’ll only store your personal data for as long as is necessary to fulfil the purposes outlined in this privacy notice or for as long as reasonably necessary to establish, exercise or defend our legal rights. Some data is retained in line with statutory and regulatory requirements such as:
- To comply with the minimum regulatory retention requirements as set by industry regulators or government departments.
- To comply with the statutory retention periods for accounting records, as set by the legislation and HM Revenue & Customs.
- To comply with the retention periods set by the TRAS Fraud Prevention Agency.
Our retention periods are not governed by statutory or regulatory requirements, they are based on commercial justifications, which have been set in accordance with the principle of retaining personal data for no longer than is necessary for the purposes for which it is processed. These include compliance with our supplier Standard Licence Conditions, enabling us to supply you with energy, allowing us to resolve any disputes or complaints and for detection and prevention of fraud.
Your personal data rights
The personal data we hold about you is your data, so you have certain rights over the data under the GDPR. This section summarises your rights and how you can exercise them (generally free of charge).
You have the right to request a copy of all personal data we hold relating to you. You also have the right to require us to correct any mistakes in the personal data we hold relating to you.
Where we are processing your data based on your consent you can withdraw that consent and we must immediately stop processing your data. Please note that up to that point, we’re acting lawfully with your consent, withdrawal of consent cannot be backdated.
Where we process your data based on a “legitimate interest” (underlined in the section on “purpose and lawful basis”, above) you still have the right to object to our processing of that data if you feel it impacts on your fundamental rights and freedoms. From that point, we must stop processing your data until we have determined whether your rights override our interests.
You also have the right to object where we are processing your personal data for direct marketing purposes. The easiest way to do this is to use the unsubscribe links at the bottom of all marketing emails.
In certain situations, you have the right to require us to erase personal data where there is no good reason for us continuing to process it. However, note that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
You have the right to request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) where you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Finally, you have the right to request the transfer of your personal data to you or a third party in a structured, commonly used, machine-readable format. Note that this right only applies to automated processing of information about you, which we carry out based on your consent or where it is necessary to perform a contract with you.
For further information on each of these rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.
If you would like to exercise any of these rights, the easiest way is is to drop us an email (see “How to contact us” below). Please note:
- We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
- We try to respond to all legitimate requests quickly but in any event within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Credit checks and automated decision-making
We may perform a form of automated decision-making using personal data if we undertake a credit check with a credit reference agency before we open up an account for you. If you fail to pass our credit checks, we will ask you for a security deposit or provide you with a prepayment meter, before we set you up as a customer.
Note that you have a right to object to any decisions being taken through the processing of your personal data by automated means if they produce legal effects concerning you or similarly significant effects on you. Where such decisions are made, you have the right to:
- Obtain human intervention;
- Express your point of view; and
- Obtain an explanation of the decision and challenge it.
Your rights to lodge a complaint with the Regulator
At all times, you have the right to report a concern or lodge a complaint with the Information Commissioner’s Office (ICO). Please refer to the ICO at https://ico.org.uk/concerns/ or by calling them on 0303 123 1113. Of course, we hope that we can resolve your issue quickly and fairly ourselves.
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. In addition, we limit access to your personal data to those employees, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Other purposes for processing personal data
We don’t process your personal data for any other purpose than we’ve described here. We won’t sell your personal data to other companies.
As we develop our activities and services, we might add new data processes that use your personal information. Should we decide that we want to develop a new processing purpose, we will contact you to let you know what we intend to do, the lawful basis we will use, and your rights over our intended new processing. We’ll also publish information about it here.
Changes to this privacy notice
This privacy notice was last updated on 17th May 2018 and historic versions can be obtained by contacting us.
How to contact us
If you have any questions, concerns or just want some more information about our privacy management, drop us a line at firstname.lastname@example.org.