Privacy Policy

Privacy Notice for Industrial & Commercial Energy Consumers

This privacy notice explains to industrial and commercial energy consumers (“you/your/your company”) how Smart Metering Systems Limited and each of our group companies (“we, us, SMS”) uses personal information about your company’s employees.

This privacy notice covers:-

  • Why we use personal information;
  • What personal information we use;
  • How we use personal information;
  • Individuals’ rights under data protection legislation; and
  • Changes to our privacy policy.

We carry out services relating to gas and electric meters on behalf of energy suppliers (these services include meter installations, maintenance, data services, and management and support services). These services are governed by a contract between us and the energy supplier.

We require to process your employee’s personal information when these services are to be carried out for an energy supplier at your premises/site, or in relation to your energy meters or data relating to them (because you have a contract with, or are entering into a contract with, the energy supplier).

Where we are providing services on behalf of a third party, we are acting as a data processor.

In some cases, we may own the gas and/or electricity meters installed at your premises/site. Where that is the case we may require to retain your employees’ personal information to allow us to maintain and manage the assets. In those cases, we may be the data controller.

We may also wish to make our services available, to customise them, to understand individuals’ needs, and to provide improved services, newsletters and other communications. With your agreement, we may request to contact you about our or our business partners’ promotions, products and services or other information which we think you may find interesting, or for customer satisfaction purposes (including contact by email), and for market research, analysis, testing, monitoring, risk management and administrative purposes (including diagnosing technology problems which may be reported to us). In those cases, we are the data controller.

In order to carry out these services, we may obtain (either from the energy supplier or from your employees directly) and process the following information: –

  • Name, address and telephone number of your employees, which will normally be business contacts details, unless the employee chooses to provide us with personal contact details;
  • Meter reference numbers;
  • Meter readings and usage information;
  • Details relating to the premises or site, such as access information; and
  • Details of any vulnerability status of any of your employees or persons on site, to the extent it may be relevant for the carrying out of the services (for example a disability), to ensure that the service we provide and health and safety considerations are tailored to such vulnerability.

We take all necessary steps to ensure that personal information is kept safe and confidential during storage, processing and transit (where applicable).

Personal data may be held at our offices, our information processing centres and those of our third party service providers, representatives and agents.

Some of those third parties may be based outside of the UK and/or European Economic Area (“EEA”). For more information, including on how we safeguard your personal data when this happens, see below “Transferring your personal data outside of the UK and EEA”.

Due to our corporate structure, our group companies will have access to your personal information. This privacy policy applies to all our group companies, including SMS Connections Limited, SMS Meter Assets Limited, SMS Data Management Limited, UKMA (AF) Limited, SMS Energy Services Limited, CH4 Gas Utility and Maintenance Services Limited, Trojan Utilities Limited, SMS Mapco 1 Limited, Qton Solutions Limited, Solo Energy, Metering Limited, and SMS Data Services Limited,

Under certain circumstances, we may be required to share your personal information with our third party suppliers, partners and subcontractors who are assisting with the carrying out of the services and in connection with our business operations. These include:

  • Subcontracted engineering workforce;
  • Outsourced service providers (e.g. call centre services);
  • Insurers;
  • Professional advisors;
  • Logistics providers;
  • Security providers; and
  • Cloud service providers.
  • We may be obliged to disclose personal information to any competent legal or regulatory authority conducting an investigation in relation to criminal activity.

We keep personal information only for so long as we need it. Once we no longer need it, we arrange for it to be deleted from our systems. Where we are required to retain personal information to allow us to maintain and manage the assets, we will do so only for so long as we have maintenance and/or management obligations. We may retain certain personal information for legal or regulatory purposes only.

In some circumstances, we might anonymise personal data (so that it can no longer be associated with an individual) and use this indefinitely.

We (or a third party who we share personal data with) might process that personal data outside of the UK and EEA. In those cases we will comply with applicable UK and EEA laws designed to ensure the privacy of personal data.

When we send data outside of the UK/EEA, we will make sure that the correct safeguards have been put in place to protect personal data, including:

ensuring that the country where any data will be transferred to is subject to an “adequacy decision” by the UK government and/or European Commission. This is to ensure that the particular country ensures an adequate level of protection of personal data under their domestic laws; or
ensuring that there are appropriate safeguards in place, together with enforceable rights and effective legal remedies; or
a specific exception applies under relevant data protection law; or

ensuring that standard, legally approved, data protection clauses recognised or issues further to Article 46(2) of the UK GDPR or EU GDPR (as applicable) are included in our contracts with those third parties.
In the event we cannot or choose not to continue to rely on either of those mechanisms at any time, we will not transfer personal data outside the UK unless we can do so on the basis of an alternative mechanism or exception provided by UK data protection law and reflected in an update to this policy.

  • Right to request a copy of personal information that we process;
  • Right to request that personal information is updated or removed;
  • Right to make a complaint to the Information Commissioner’s Office due to concerns about the way we are processing personal information; and
  • Right to withdraw consent to us processing personal information.

To get in touch with us about any of the above, please email or write to our data protection officer at: dpo@sms-plc.com / Data Protection Officer, SMS Ltd, 2nd Floor, 48 St Vincent Street, Glasgow, G2 5TS.

SMS reviews this policy regularly. If there are any changes to the way we use personal information, we will update this policy on our website. This privacy policy was last updated on 17 February2022.

If an individual is not happy with our reply to any complaint or thinks our processing of their personal data doesn’t comply with data protection law, a complaint can be made to the Information Commissioner’s Office (ICO). Just use these details: Address: Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF

Telephone number: 0303 123 1113

Visit the ICO website