We are SSE plc (SC117119) of Inveralmond House, 200 Dunkeld Road, Perth, Perthshire, PH1 3AQ.
We use your information as further explained in this Privacy Notice. We’ll be the “controller” of the information you provide to us.
In addition to SSE plc, for the specific business areas outlined below, other SSE companies will also be controllers of your personal information:
- Keadby Generation Limited (No. 02729513)of SSE Plc, Keadby Power Station Trentside, Keadby, Scunthorpe, United Kingdom, DN17 3EF
- Keadby Developments Limited (No. 02691516) of SSE Plc, Keadby Power Station Trentside, Keadby, Scunthorpe, United Kingdom, DN17 3EF
- SSE Generation Limited (No. 02310571) of No.1 Forbury Place, 43 Forbury Road, Reading, United Kingdom, RG1 3JH
- SSE Hornsea Limited (No. 04467860) of No.1 Forbury Place, 43 Forbury Road, Reading, United Kingdom, RG1 3JH
- Slough Heat & Power Ltd (No. 00174142) of 1 Forbury Place, 43 Forbury Road, Reading, United Kingdom, RG1 3JH
- Slough Utility Services Ltd (No. 03486590) of 1 Forbury Place, 43 Forbury Road, Reading, United Kingdom, RG1 3JH
- SSE Generation Ireland Ltd (No. 459400) of Red Oak South, South County Business Park, Leopardstown, Dublin 18, Dublin, D18w688, Ireland
- Medway Power Limited (No. 02537903) of No.1 Forbury Place, 43 Forbury Road, Reading, United Kingdom, RG1 3JH
- SSE Medway Operations Limited (No. 02647585) of No.1 Forbury Place, 43 Forbury Road, Reading, United Kingdom, RG1 3JH
- SSEPG (Operations) Limited (No. 02764438) of No.1 Forbury Place, 43 Forbury Road, Reading, United Kingdom, RG1 3JH
- SSE Thermal Generation Scotland Ltd (No. SC664055) of Inveralmond House, 200 Dunkeld Road, Perth, Scotland, PH1 3AQ
Each of which are, together with SSE plc, are referred to as “SSE”, “we” or “us” throughout this Privacy Notice.
What information do we need?
We collect the following personal data about you:
- Name, Address, Gender, Telephone Number and Email Address;
- Billing address, supply address, date of birth, details of secondary contact (e.g. name and phone number);
- Customer ID numbers- when you register an account with us, we create and record a customer ID number for you and record the date you were registered;
- Consumption/ Energy usage (e.g. meter readings, energy consumed) - If you have a smart meter then this information is automatically sent to us;
- Financial information;
- Your preferences (e.g. if you would prefer paperless billing);
- Survey responses;
- Your Meter Point Administration Number (MPAN) to identify your energy supply;
- Your Meter Point Reference Number (MPRN) to identify your gas supply;
- If someone has committed fraud or stolen energy, e.g. by tampering with a meter or diverting the energy supply, we will record that information;
- CCTV footage and other information obtained through electronic means;
- Property data including information about property ownership and occupation;
- Your preferences for communications e.g. by telephone, SMS, email or post;
- Details of your participation in surveys;
- Details from your social media accounts, including your interactions with us;
- Details of any vulnerabilities so we can adapt our services appropriately; and
- If you contact us by telephone, we may record the call for training and service improvement purposes and make notes in relation to your call.
We may enhance personal information we collect from you with information we obtain from third parties that are entitled to share that information, for example, credit agencies, search information providers and / or public sources. As a thermal energy generator and provider, SSE works closely with third parties, sub-contractors and other regulatory bodies including the Office of Gas and Electricity Markets (“Ofgem”).
Why do we need it?
We need to know your basic personal data to be able to supply you/your business with energy and services, maintain and operate our electricity generation assets and gas storage facilities and manage our energy portfolio. In particular, we need to know your basic personal data to provide our services to you, direct any customer enquiries to the correct SSE support team, to allow our engineers to support you on-site and to communicate and conduct business with you. We may collect specific information in order to enter into legal contracts with you. We may also collect your data to allow us to include your feedback in response to any consultations or notification in connection with any development/regulatory consent applications.
Legal bases for processing
In order to process and use your personal information lawfully, we rely on the following legal bases:
- for the performance of a contract with you for provision of our products and/or services or to take steps at your request prior to entering into such a contract;
- to comply with our legal obligations;
- for our legitimate interests in ensuring effective operational management and internal administration, document retention/storage, to run, grow and develop our business, compliance with regulatory guidance, exercise or defence of legal claims, service improvement and communicating with you; and
- consent (where we market to you via email or SMS, or where we store vulnerability information).
What do we do with it?
The personal data is processed by our staff to:
- Provide, maintain, adapt, protect and improve any products, documents and services you have requested from us;
- Perform our obligations under any contract for the supply of services we have with you;
- Manage our relationship with you through customer services and support activities;
- Provide you with any information that we are required to send you in accordance with our regulatory or legal obligations;
- Detect, prevent, investigate or remediate, crime, illegal or prohibited activities or to otherwise protect our legal rights, including liaison with regulators and law enforcement agencies, etc.;
- Communicate with you by telephone, mail, email or other electronic means and obtain feedback on how we can improve our services;
- Monitor, measure, improve and protect the content of our websites and services to provide enhanced personal user experience;
- Deliver targeted advertising, marketing or information to you which may be useful to you, based on your use of our services;
- Compare information for accuracy and to verify it with third parties, for example credit reference agencies;
- Deliver joint content and services with third parties with whom you have a separate relationship;
- For the purposes of carrying out checks on customers, suppliers and other third parties, which relate to activities such as anti-money laundering, countering terrorist financing and other unlawful acts (for example, illegal trafficking and environmental crime) and anti-bribery and corruption requirements;
- Carry out enquiries into land ownership and occupation (including land value/compensation and conducting land surveys);
- Allow our engineers to visit you onsite (where required);
- Communicate with landowners and occupiers in regard to developments; and
- To communicate with you in connection with development consultations (including report generation).
Who do we share it with?
We may share your information with:
- Ofgem, the Energy Ombudsman and any other regulatory authority we may be subject to for the purposes of demonstrating compliance with applicable law and regulations;
- KPMG, our Corporate Auditor for the purposes of demonstrating compliance with financial and regulatory frameworks;
- Our sub-contractors for the purposes of carrying out work on our behalf. Our third-party suppliers include as example: payment processors; suppliers of technical support and installation services; cloud services providers and research agencies;
- Authorised third parties or named account holders on any account you hold with us;
- Metering agents;
- Where appropriate, family members or cohabitants, previous tenants, landlords, letting agents or other third parties who require the information;
- Government or law enforcement officials - If we’re under a duty to disclose your information in order to comply with any legal obligation then we may disclose your personal data to meet national security or law enforcement requirements or to prevent illegal activity;
- Our service providers for the purposes of providing services to us;
- The Planning Inspectorate or any other relevant planning authority in order for us to comply with applicable laws in regard to land developments;
- If we sell, merge, or perform any internal re-organisations in relation to any of our (or any third party’s) business or assets, the personal information will be one of the transferred assets to the relevant buyer and/or new data controller of such business or assets;
- Other SSE group companies for the purposes of account administration, payment management and strategy development; and
- Debt collection agencies for the purposes of debt management.
We may also use aggregate information and statistics in order to help us develop our services and may provide such aggregate information to third parties. These statistics will not include information that can be used to identify any individual.
How do we use your sensitive personal data?
- We treat some of the information that we collect about you as being particularly sensitive, such as requirements for your welfare.
- With your consent, we’ll collect this information about you (or a member of your household). This information may relate to health, disability or financial circumstances and we will use this information to:
- Ensure your welfare and the welfare of other householders e.g. ensuring we do not stop your supply and can respond appropriately during a major incident or emergency;
- Provide products and/or services to you in the most appropriate way e.g. if you require large print or braille communications;
- Manage staff and third-party contractors; and/or
- Provide you with the most appropriate customer experience where you attend an SSE event.
Unless you’ve asked us not to, we may contact you in writing, by phone and (where you have consented) via email or SMS with information on products, services and rewards that we, other companies within the SSE group, and occasionally our carefully selected partners identified at the time we collect your information, offer. We may use third parties to send marketing communications.
Unless you have asked us not to, we may also use your email address to show you digital advertisements via search engine results pages or on other websites.
Unless you have asked us not to, we may profile your data to provide you with marketing and offers that are relevant to you. If you opt out of profiling, we will still run analysis that includes your data, but any decisions or marketing output that result from that analysis will not be used to market to you. You will be sent generic marketing that may not be relevant to you.
Where you partially complete and/or abandon any information input into our website and/or other online forms, we may use this information to contact you to remind you to complete any outstanding information and/or for marketing purposes.
To opt out of receiving marketing messages, or to object to our use of profiling for direct marketing purposes, please contact us at any time verbally, by email or in writing using the details in the “Contacting Us” section below.
How long will we keep it?
We will keep your information only for as long as necessary depending on the purpose for which it was provided.
When determining the relevant retention periods, we will take into account factors including:
- legal obligation(s) under applicable law to retain data for a certain period of time;
- (potential) disputes; and
- guidelines issued by relevant data protection authorities.
Otherwise, we securely erase your information once this is no longer needed.
Credit Checking and Automated Decision-Making
We may supply your personal information to credit reference agencies (CRAs) and they will give us information about you, such as about your financial history. We do this to assess creditworthiness and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity. We will also continue to exchange information about you with CRAs on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. CRAs will share your information with other organisations. The identities of the CRAs, and the ways in which they use and share personal information, are explained in more detail at http://www.experian.co.uk/crain/index.html
We may take credit scoring information into account when deciding the conditions placed upon your supply, including any premium to be added or security deposit required. In the majority of cases, we will also consider other information that we hold about you, and this decision will not be fully automated. Please note that businesses that we consider to be in higher risk industries will have a premium added.
We use automated decision-making to determine the conditions upon which we supply you in the following circumstances:
- Customers whose businesses are insolvent or no longer trading
If your business is insolvent or no longer trading, we will automatically refuse to supply you.
- New connections customers with a supply larger than 23kVA
For new connections customers with a supply larger than 23kVA, we will use credit scoring information supplied by a third-party credit agency to determine whether a security deposit is appropriate.
You can appeal any automated decision, receive an explanation of the decision or require human review of the decision by getting in touch using the details in the “Contacting Us” section below.
How is your personal information transferred outside the EEA and the UK?
We, or a third party who we share personal information with, may transfer, host, store and/or handle your personal information outside of the EEA. For example, where we and/or our service providers (including servers) are based outside of the EEA.
The EEA consists of countries in the European Union, Iceland, Liechtenstein and Norway and are all considered to have equivalent laws in data protection and privacy. As of present, the UK including Northern Ireland, are also considered to have equivalent laws in data protection and privacy.
We will only permit this to happen if adequate safeguards have been put in place to protect your personal information. For countries outside the UK, this means that we will:
(a) ensure that the country in which your personal information will be handled has been deemed “adequate” by the European Commission under Article 45 of the General Data Protection Regulation (GDPR); or
(b) include standard data protection clauses approved by the European Commission for transferring personal information outside the EEA and the UK into our contracts with those third parties (these are the clauses approved under Article 46.2 of the GDPR).
You have the following rights regarding your information:
What does this mean?
1. Right to be informed
You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data and your rights. This is why we’re providing you with the information in this Privacy Notice.
2. Right of access
You have the right to obtain access to your personal data (if we’re processing it) and certain other information (similar to that provided in this Privacy Notice). This is so you’re aware and can check that we’re using your personal data in accordance with data protection law.
3. Right to rectification
You are entitled to have your personal data corrected if it’s inaccurate or incomplete.
4. Right to erasure
This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your personal data where there’s no compelling reason for us to keep it. This is not a general right to erasure; there are exceptions.
5. Right to restrict processing
You have rights to ‘block’ or suppress further use of your personal data in certain circumstances. When processing is restricted, we can still store your personal data, but may not use it further.
6. Right to data portability
You have the right to obtain and reuse your personal data in a structured, commonly used and machine-readable format in certain circumstances. In addition, where certain conditions apply, you have the right to have such information transferred directly to a third party.
7. Right to object to processing
You have the right to object to certain types of processing in certain circumstances. In particular, the right to object to the processing of your personal data based on our legitimate interests or on public interest grounds; the right to object to processing for direct marketing purposes (including profiling); the right to object to the use of your personal data for scientific or historical research purposes or statistical purposes in certain circumstances.
8. Right to withdraw consent
If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal data for direct marketing.
For more information on your rights or if you would like to exercise any of your rights, you are welcome to get in touch using the details in the “Contacting Us” section below.
If you would like to contact us in relation to your rights or if you are unhappy with how we’ve handled your information, you may contact us by sending an email to: Legal.DataProtection@sse.com
If you would like to contact our Data Protection Officer, you may do so using the following details:
Address: Data Protection Officer, No. 1 Forbury Place, 43 Forbury Road, Reading, RG1 3JH
If you’re not satisfied with our response to any complaint or believe our processing of your information does not comply with data protection law, you can make a complaint to the relevant Data Protection Office:
Data Protection Commissioner
21 Fitzwilliam Square
Data Protection Commissioner
R32 AP23 Co. Laois
Information Commissioner’s Office,