Privacy Notice for Domestic Consumers
This privacy notice explains to individuals (including domestic energy customers) (“you/your”) how Smart Metering Systems plc and each of our group companies (“we, us, SMS”) uses your personal information.
This privacy notice covers:-
- Why we use your personal information;
- What personal information we use;
- How we use your personal information;
- Your rights under data protection legislation; and
We may process your personal data in connection with services which we provide on your behalf or in connection with services we provide to a third party (such as energy suppliers or registered social landlords). These services are governed by a contract between us and the third party.
We require to process your personal information when these services are to be carried out at your property or in relation to your energy meters or other assets installed at your property or data relating to them (because you have a contract with, or are entering into a contract with, the energy supplier or other third party).
Where we are providing services on behalf of a third party, we are acting as a data processor.
In some cases, we may own the gas and/or electric meters or other assets (such as solar PV panels or battery storage systems) installed at your property. Where that is the case, we may require to retain personal information to allow us to maintain and manage the assets. In those cases, we may be the data controller. We may also wish to make our services available, to customise them, to understand individuals’ needs, and to provide improved services, newsletters and other communications. With your agreement, we may request to contact you about our or our business partners’ promotions, products and services or other information which we think you may find interesting, or for customer satisfaction purposes (including contact by email), and for market research, analysis, testing, monitoring, risk management and administrative purposes (including diagnosing technology problems which may be reported to us). In those cases, we are the data controller.
In order to carry out these services, we may obtain (either from the energy supplier or from you directly) and process the following information: –
- Name, address and telephone number;
- Meter reference numbers;
- Meter readings and usage information;
- Details relating to the property, such as access information;
- Energy consumption data; and
- Details of any of your needs or the needs of others in your household such as, age, health or vulnerability status to the extent it may be relevant for the carrying out of the services (for example a disability), to ensure that the service we provide and health and safety considerations are tailored to such vulnerability.
- How we process your personal information
We take all necessary steps to ensure that personal information is kept safe and confidential during storage, processing and transit (where applicable).
Personal data may be held at our offices, our information processing centres and those of our third party service providers, representatives and agents.
Some of those third parties may be based outside of the UK and/or European Economic Area (“EEA”). For more information, including on how we safeguard your personal data when this happens, see below “Transferring your personal data outside of the UK and EEA”
Under certain circumstances, we may be required to share your personal information with our third party suppliers, partners and subcontractors who are assisting with the carrying out of the services and in connection with our business operations. These include:
- Subcontracted engineering workforce;
- Outsourced service providers (e.g. call centre services);
- Professional advisors;
- Logistics providers;
- Security providers; and
- Cloud service providers.
We may be obliged to disclose personal information to any competent legal or regulatory authority conducting an investigation in relation to criminal activity.
We keep personal information only for so long as we need it. Once we no longer need it, we arrange for it to be deleted from our systems. Where we are required to retain personal information to allow us to maintain and manage the assets, we will do so only for so long as we have maintenance and/or management obligations. We may retain certain personal information for legal or regulatory purposes only.
In some circumstances, we might anonymise your data (so that it can no longer be associated with you) and use this indefinitely.
We (or a third party who we share personal data with) might process that personal data outside of the UK and EEA. In those cases we will comply with applicable UK and EEA laws designed to ensure the privacy of your personal data.
When we send data outside of the UK/EEA, we will make sure that the correct safeguards have been put in place to protect your personal data, including:
- ensuring that the country where any data will be transferred to is subject to an “adequacy decision” by the UK government and/or European Commission. This is to
- ensure that the particular country ensures an adequate level of protection of personal data under their domestic laws; or
- ensuring that there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for you; or
a specific exception applies under relevant data protection law; or
- ensuring that standard, legally approved, data protection clauses recognised or issues further to Article 46(2) of the UK GDPR or EU GDPR (as applicable) are included in our contracts with those third parties.
In the event we cannot or choose not to continue to rely on either of those mechanisms at any time, we will not transfer your personal data outside the UK unless we can do so on the basis of an alternative mechanism or exception provided by UK data protection law and reflected in an update to this policy.
The legal bases on which we will use your personal data are as follows:
- in connection with our contract with the third party who we provide services to; or
- in connection with our legal obligations, including regulatory or industry regulations; or
- legitimate interests; or
As an individual, you have the following rights :-
- Right to request a copy of your personal information that we process;
- Right to request that your personal information is updated or removed;
- Right to make a complaint to the Information Commissioner’s Office due to concerns about the way we are processing your personal information; and
- Right to withdraw consent to us processing your personal information.
To get in touch with us about any of the above, please email or write to our data protection officer at: firstname.lastname@example.org / Data Protection Officer, SMS plc, 2nd Floor, 48 St Vincent Street, Glasgow, G2 5TS.
If an individual is not happy with our reply to any complaint or thinks our processing of their personal data doesn’t comply with data protection law, a complaint can be made to the Information Commissioner’s Office (ICO). Just use these details: Address: Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF
Telephone number: 0303 123 1113