Your Energy Sussex (“We”) are committed to protecting and respecting your privacy.
For the purpose of the Data Protection Act 1998 (the Act), the data controller is ROBIN HOOD ENERGY LIMITED registered office Loxley House, Station Street, Nottingham, NG2 3NG.
At all times we will take all reasonable steps to act in accordance with the Data Protection Act.
Your Personal Data Matters!
Your Energy Sussex is committed to protecting and respecting your privacy.
As an energy supply company, we collect, hold and process a considerable amount of information, including personal information about you as our customer, to allow us to provide our services to you effectively. We believe it is important to protect your privacy and your personal details at all times and this Privacy Notice explains how we may collect and use information about you securely to enable us to do this. As such, we take seriously our responsibilities under the Data Protection Act 1998 and, from 25th May 2018, the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 which will make the GDPR part of UK law.
If you require any further advice and guidance about the General Data Protection Regulation and the Data Protection Act 2018, information is available on the Information Commissioners website at: www.ico.org.uk
Robin Hood Energy Limited (wholly owned by Nottingham City Council) is the data controller, and is registered in England and Wales. Company Number: 08053212. Our registered office is Loxley House, Station Street, Nottingham, NG23NG.
Robin Hood Energy are registered for the purposes of the Data Protection act 1998 on the Information Commissioner’s Office Register, registration number: ZA117144.
How can you contact us?
We can be contacted at:
County Hall, West Street, Chichester, PO19 1RG.
As a partnership with Robin Hood Energy (wholly owned by Nottingham City Council), the Robin Hood Energy Information Governance Manager has overall responsibility for the way that we handle personal data. The Information Governance Manager can be contacted at:
Information Governance Manager
Other ways to contact us are on our Contact Us page.
What is personal data?
Personal data is information relating to an identifiable living individual. Whenever personal data is processed, collected, recorded, stored or disposed of it must be done within the terms of the Data Protection Legislation.
What personal data do we collect?
- Such as your payment details and financial circumstances.
- We need your bank details if you want to pay by Direct Debit.
- If you have difficulty paying our bills, providing details of your circumstances helps us work with you to resolve this.
- Your name
- Contact details:
- Home address
- Personal email
- Home telephone number
- Mobile telephone number
We need this information from you in order to enter into a contract with you. If you do not provide it to us, we may not be able to offer you our services.
Vulnerability Data (Priority Service Register):
- Health issues
- Date of Birth
Having this kind of information helps us to ensure we provide you with appropriate services to keep you safe.
Energy you use:
Details of your energy usage, which you may give us, or we can obtain from your smart meter.
You have a contractual obligation to provide us with details of your energy usage. We need this data to send you accurate bills. If we have to estimate your bills, you may not be paying the right amount for your energy.
Energy you generate:
Details of energy you generate under the Feed in Tariff scheme.
You are obliged to give us this information to help us manage your account.
Data we may collect from other people or organisations:
- Data such as your name and contact details may be provided to us by people moving in or out of a property you are occupying, or a landlord;
- Other organisations involved in your energy supply will give us information to help us manage your account.
How we collect Information
You may give us information about you by filling in forms on our website www.yourenergysussex.org.uk or by corresponding with us by phone, e-mail, in person or otherwise. This includes information you provide when you register to use our site, subscribe to our service, search for a product, obtain a quotation, place an order on our site, participate in discussion boards or other social media functions on our site, enter a competition, promotion or survey, and when you report a problem with our site.
We will get information from various sources as well as direct from you, including our partners, other organisations involved in your energy service like network operators, and publicly available information. We will match it with our own data to make sure the information we have about you is accurate and up to date.
We may also receive your information from an energy supplier from which you wish to move in order to help ensure the move happens smoothly.
We will never collect any unnecessary personal data from you and do not process your information in any way, other than as specified in this notice
What do we use your personal data for?
It is important that you understand what we will do with the data that we hold about you.
We will process your data for the following purposes necessary for the performance of our contract with you, or in readiness for such a contract:
- To manage your account with us. This can include providing our terms and conditions, recording your meter readings, sending you invoices, administering your payments and any loyalty incentives and dealing with queries or complaints
- If you move into another property where we supply the energy, we’ll link your personal details to you for the energy use at your new address
We will request your consent to process any special category data you supply to Your Energy sussex
- If you have any vulnerabilities we’ll ask for your consent before we add your details to our Priority Services Register, which enables us to take extra steps to ensure your safety
We will process your data to comply with legal obligations including, but not restricted to:
- OFGEM directions and Codes and our Licence Conditions
- Financial Conduct Authority rules
- Consumer Protection Laws
- Orders made by a Court
We will process your data where we or someone else has a legitimate interest. This includes:
- Keeping records of our dealings with you, so that we have an accurate history of our relationship with you in case of disputes
- We might monitor and record our conversations with you, for example to prove you have agreed a contract with us, to help train our staff, or to help us give better service. We won’t record credit and debit card details
- Making appointments to read, inspect or change your meter to ensure we are billing you correctly and your meter installation is safe and appropriate for your needs
- Taking legal action against you if you do not pay our bills, because we are entitled to try to enforce our rights. This might be to recover money due to us, to disconnect your meter or fit a pre-payment meter
- Analysing your consumption, including by reference to your household, your income and your lifestyle, so that we can offer you tariffs that suit your circumstances and give you tailored energy efficiency advice to help you save money
- For research and insight purposes, to enable us to provide good customer service
- To create statistics to help us better target our marketing activities
- To help prevent and detect debt, fraud and financial loss
- To help keep your family and your household safe and secure
Ensuring that we maintain high standards
In deciding what personal data to collect, hold and use, Your Energy Sussex is committed to ensuring that it will:-
- Recognise that any personal data handled by Your Energy Sussex is held on behalf of the person to which it relates and that we ensure we respect that responsibility
- Adopt and maintain high standards in respect of the handling and use of that personal data
- Only collect, hold and use personal data where it is necessary and proportionate to do so
- Securely delete any personal data when no longer needed
- Keep your personal data secure and safe
- Not unnecessarily and without good and lawful reason, infringe the privacy of any person
- Consider and address the privacy risks first when planning to use or hold personal information in new ways, such as when introducing new systems
- Be open with individuals about how we use their information and who we give it to
- Make it easy for individuals to access and correct their personal information
- Ensure that there are effective safeguards and systems in place to make sure personal information is kept securely and does not fall into the wrong hands
- Provide training to staff who handle personal information and treat it as a disciplinary matter if they misuse or don’t look after personal information properly
- Put appropriate financial and human resources into looking after personal information to make sure we can live up to our promises
- Having a robust data strategy in place to protect against any disasters but also malware such as ransom ware
- Regularly check that we are living up to our promises and report on how we are doing
Whom do we share your personal data with?
We may have to share your personal data with the parties set out below for the purposes set out above under “What do we use your personal data for?”
We might share data with:
- Network operators, so they can keep you informed about reconnecting your energy if there’s a loss of supply or an emergency
- Agents appointed by us to facilitate our contract with you, such as Meter Operators and Data Collectors
- Organisations that supervise or distribute data between smart meters, energy suppliers and other organisations that enable suppliers to bill customers for energy used and customers to switch between suppliers
- Other energy suppliers, landlords or housing associations if we or another organisation suspects the property is connected with fraud
- Another supplier you want to switch to
- Other people, such as members of your household, where you have authorised us to, or where they are named on your account
- Debt collection agencies and other organisations involved with debt collection (for example, bailiffs, law courts, private investigators)
- Social services, distribution services or other agencies if we think you need extra help
- Organisations that compile information to help you compare your energy use with similar households or offer you rewards
- Organisations doing research for us
- Market regulators such as OFGEM and consumer protection organisations such as the Energy Ombudsman
- Organisations for the detection, investigation and prevention of crime, or for current or future legal action
- Commissioning and installation contractors for installations such as Solar Panels and insulation
- Financial organisations for purposes such as payment processing, finance plans and refunds
- Energy market administrators i.e. Xoserve for gas and the Meter Point Administration Service
- If you apply for Affordable Warmth funder measures, the Energy Saving Trust and Department for Work and Pensions to confirm whether you’re entitled to the assistance
- Other FiT licensees if you want to transfer your generation unit(s) under the FiT scheme
- Organisations to which we are by law obliged to provide your information
- Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Notice.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We would like to use your personal data to communicate with you about products or services that we offer.
We will not use your personal data for marketing purposes at all if you have told us not to. We will give you the opportunity to opt-in to receiving marketing information whenever we contact you directly for this purpose. Sometimes we may want to share your information with other organisations, for our marketing purposes. Some examples are:
- Organisations who can enhance or match the data we hold with additional information to enable us to understand our customers better and plan marketing activities
- Organisations we want to work with to promote a joint product or a product or service we endorse
We will get your express opt-in consent before we share your personal data with any company outside Your Energy Sussex for their marketing purposes.
We may use your identity, contact, usage and profile information to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you.
Some activities, such as emailing marketing information to you, require your express consent. Others, such as sending letters or calling you, we may be allowed to do without your prior agreement, on the basis that we have a legitimate interest in doing this. Our legitimate interest might be:
- Understanding our customer and getting to know their preferences
- Telling our customers about products that might meet their needs and desires
- Ensuring our customers are aware when they can save money.
People who contact us via social media
We have accounts on most major social media channels and use their ‘public’ platforms to manage our social media interactions
We do not have any control over how these companies use any data shared with us through their services, and we recommend you review their privacy notices yourself. We would also remind you that any information you post publically is visible to anyone.
If we recognise you are a Your Energy Sussex customer and you send us personal data using a private or direct message via social media that data will be stored along with your other account records in line with our standard data retention period.
If you send us personal data via Facebook Messenger to enable us to give you a quote for a potential energy supply we will delete the relevant messages from Messenger but they will still be available to you and Facebook unless you also delete them.
No data you give us via social media will be used for marketing, or shared with any other organisations for marketing purposes.
Automated decision making and profiling
We use automated processing of personal data to evaluate, analyse and predict common traits, characteristics and behaviours. This enables us to understand our customer groups and manage these groups more effectively.
Segmenting customers lets us more effectively focus tailored marketing communications to specific types of customers in different ways.
What are your rights?
Under the Data Protection Act 1998 (until 25 May 2018):
You are entitled to request a copy of any personal data and information held by us, providing such request is made in writing. Please note that we reserve the right to charge the statutory fee for providing this information.
If you believe that any personal information we are holding about you is either incomplete or incorrect please contact us in order that we may rectify any such data. Any information then found to be incorrect will be promptly corrected.
From 25 May 2018, you have the rights set out below
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
- You can ask for access to the information we hold on you known as a personal information request
You are legally entitled to request access to any records held by Your Energy Sussex about yourself. Your Energy Sussex will seek to comply with your request but there may be some situations where it will not be able to do this in full, for example where information held was given in confidence or when a professional thinks that it could cause serious harm to you or another’s physical or mental wellbeing if the information was given to you, or if we think that giving you the information may stop us from preventing a crime.
If you would like to request a copy of your personal information, please complete this form:
Data Subject Request Form – TBC
If you have any questions regarding your rights, please contact the Information Governance Manager.
- You can ask to change information that you think is inaccurate
If you receive a copy of your information and you find that any information is inaccurate, you have the right to ask us to correct the information. We may not always be able to change or remove the information but we will correct factual inaccuracies and add supplemental comments. In some cases, we may also record your comments to show that you disagree with information held about you. Whilst Your Energy Sussex tries to ensure that any personal data it holds about you is correct, there may be situations where the information it holds is no longer accurate. If this is the case, please contact the department holding the information so that any errors can be investigated and corrected. You can also make an application to the Information Governance Manager to ask for any inaccurate information to be rectified or if you think your information is incomplete, you can ask for a supplementary statement to be added to give an accurate picture.
Your Energy Sussex will try to ensure that all records are accurate and up to date. If you find any inaccuracies, you can let us know by completing this form:
Data Subject Request Form – TBC
- Right to be forgotten- right to ask for your information to be deleted
You have the right to ask for information to be erased although this is not an absolute right. If your data is no longer necessary for the purpose for which it is collected, you can ask for it to be erased. Again, where possible, Your Energy Sussex will seek to comply with your request but there may be some situations where it will not be able to do this, e.g. where Your Energy Sussex is required to hold or process information to comply with a legal requirement.
Where your personal information has been shared with others we will do what we can to make, sure they also comply with your request for erasing the information.
If you would like to make this request please let us know by completing the form:
Data Subject Request Form – TBC
- A right in certain circumstances to request restriction of processing
You also have the right to ask Your Energy Sussex to limit processing in certain circumstances for example where you have contested the accuracy of information held that is about you or if Your Energy Sussex no longer needs the information although again there are some exceptions. For example, we may need to hold or use your information because we are required to do so by law. If this request is approved this may cause delays or prevent us from delivering a service to you. For further information, please contact the Information Governance Manager.
If you would like to ask Your Energy Sussex to exercise this right, please complete the following form:
Data Subject Request Form – TBC
- Right to object to processing of data in certain circumstances
You have the right in some circumstances to object to Your Energy Sussex processing your personal data in relation to any of our services. Where possible, Your Energy Sussex will seek to comply with your request, but, there may be some situations where it will not be able to do this, e.g. where Your Energy Sussex is required to hold or process information to comply with a legal requirement, or where deletion of this information may cause delays or hinder the Company’s ability to provide services to you. The right to object only applies in limited circumstances and for more information please contact the Information Governance Manager.
- Right in certain circumstances to request portability of your data to another provider
You also have the right in certain circumstances to get a copy of your information in an electronic form and re-use it with other service providers. This right only applies to information processed by automated means or information obtained by consent from you. It is likely that data portability will not apply to most of our services. For further information, please contact the Information Governance Manager.
Rights in connection with automated decision making including profiling
Where a computer makes decisions about you, which is known as automated decision-making, you can ask that these decisions be explained to you.
This means that you can question decisions made about you by a computer, unless its required for any contract that you have entered into , required by law, or you have given your agreement to this form of processing.
You also have the right to object if you are being profiled (for example for marketing purposes as described in this Privacy Notice). This means that decisions are made about you based on certain things in your personal information. If you have any questions regarding automated decision making or profiling please contact the Information Governance Manager who will be happy to assist.
Your right to contact the Information Commissioner
If you are unhappy with any aspect of how we handle your personal data you also have the right to contact the Information Commissioner’s Office (ICO), the supervisory authority that regulates handling of personal information in the UK.
For more information regarding data protection issues you may wish to contact the Information Commissioners Office (ICO), you can contact them by going to their website, phoning them on 0303 123 1113, via email firstname.lastname@example.org or by post to:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF.
How long do we store your personal data for?
Where you have an account with us we will retain your personal data for as long as it is necessary to so following the end of our relationship with you (which might be when your account closes or when we have issued your final bill). There may be circumstances when we need to keep it for longer – for instance if we are dealing with a complaint from you when that time comes round – but we will delete it as soon as we’ve no need to keep it further.
If we hold your data for any other reason, we will delete it as soon as we no longer have a valid reason to retain it.
If you would like to see how long your information is kept for you can contact Your Energy Sussex by emailing – Information Governance Manager. Please note this address is correct – Your Energy Sussex is a partnership between Local Authorities in Sussex and Robin Hood Energy.
How do we protect your personal information?
We take your privacy seriously and take every reasonable measure and precaution to protect and secure your personal data. We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place.
We have a data protection policy, which explains how we look after your personal information. We also have many other practical measures to protect your information, such as:
- Limiting access to systems to only those staff who need to access the information
- Providing regular training for staff to make them aware of how to handle your data safely and in accordance with the data protection legislation.
- Having a clear desk policy and guidance about keeping sensitive data in locked places with limited access
- Having clear policies and guidance for staff who take special data out of the building and a clear working at home guidance for all staff to follow
- Encryption of sensitive electronic communications such as e-mails as well as encryption of disks and memory sticks (as well as keeping their use to a minimum). Encryption is a means of ensuring that data can only be accessed by authorised users. This means that the information is hidden, and cannot be read without a password
- Regular testing of our IT equipment and keeping up to date with regular security updates
- When you log in to your online account or ask us for a quote, our pages are secure, which means all the personal details you type in are encrypted before they are sent to us
- When you get in touch with us, we will ask you a number of security questions before we share any personal details, just to check it’s you
You can find more information about our IT security by contacting our Information Governance Manager.
What happens if we send your data out of the EEA?
Data protection laws allow us to transfer personal data to organisations in countries within the European Economic Area (EEA) as all of those countries are signed up to the same laws and have to have the same controls and safeguards in place to protect your data.
Occasionally we, or a company with which we share your data as described in this Privacy Notice, may need to transfer your personal data to a country outside the EEA, in which case we will only do so (or allow such companies to do so) where the European Commission has declared that the receiving country has an adequate level of protection, or there is a contract in place which includes appropriate data protection clauses requiring that your data is handled to the same standards as we have to uphold.
If your data is being transferred outside the EEA then you can obtain details of the relevant safeguards by contacting our Information Governance Manager.
Changes to this privacy notice
Your Energy Sussex encourages you periodically to visit its web site to review this notice and to be informed of how Your Energy Sussex is protecting your information. Your Energy Sussex will continually review and update this privacy notice to reflect changes in our services and feedback from service users, as well as to comply with changes in the law. When such changes occur, we will revise the “last updated” date at the top and foot of this notice. If there are substantial changes to this statement or in how Your Energy Sussex will use your personal information, we will advertise the updated notice both on the front page of the Your Energy Sussex web site and in Council offices.
This privacy notice was last updated in May 2018.*