This Policy applies to Home Efficiency Experts Ltd (HEExperts Ltd).
HEExperts Ltd is committed to a policy of protecting the rights and privacy of individuals in accordance with the Data Protection Act 1998 (‘the Act’.) and GDPR 2018.
The Act lays down regulations and safeguards for the collection, recording and use of personal information whether on paper, in a computer or recorded on other material. HEExperts Ltd needs to collect and use certain types of information about people with whom it deals in order to operate. These include employees, employment applicants, customers, board members, suppliers and others with whom it communicates. Certain information may be required for regulatory or monitoring purposes as laid down by statute. Other information may be required for the purpose of establishing a contract. In any case HEExperts Ltd recognises that the information must be dealt with lawfully and correctly under the principles laid down within the Act.
HEExperts Ltd ensures that
Conditions regarding the fair collection and use of information are fully observed;
- The legal obligations to specify the purposes for which information is used, are met;
- Appropriate information is collected and processed only to the extent to which it is needed;
- Information used is accurate;
- Information is regularly reviewed and updated or destroyed accordingly;
- Data subjects are able to fully exercise their rights under the Act. (Including the right to be informed that processing is being undertaken, the right of access to one’s personal information, the right to prevent processing in certain circumstances and the right to correct, rectify, block or erase information which is regarded as incorrect.)
- Appropriate technical or organisational security measures are taken to safeguard personal information.
- Personal information is not transferred abroad without suitable safeguards.
HEExperts Ltd will have a set of systems and procedures in place to ensure that the requirements of the Data Protection Act 1998 and GDPR 2018 are delivered.
These will involve ensuring that
- An individual is nominated with specific responsibility for Data Protection in the organisation (currently this is the Managing Director;
- Everyone who manages or handles personal information understands that they are contractually responsible for following good data protection practice outlined in this policy;
- Everyone who manages or handles personal information is appropriately trained to do so and is adequately supervised;
- Anyone wanting to make enquiries about handling personal information knows what to do;
- Queries about handling personal information are promptly and courteously dealt with;
- Methods of handling personal information are regularly assessed and evaluated as a performance area.
Energy Companies Obligation
If you are applying for a grant through the Energy Companies Obligation Scheme we will also need to share some of your information with Ofgem and some relevant third parties.
- Some or all of the information that you have provided to us (your ‘personal’ information) may be disclosed to Ofgem as Administrator of the Energy Companies’ Obligation (ECO).
- Ofgem is the Office of the Gas and Electricity Markets. Further information about Ofgem can be found at http://www.ofgem.gov.uk.
- Ofgem may use your personal information to determine whether a supplier is achieving its obligations under ECO and to comply with its own statutory duties. Ofgem is required to disclose your personal information to the Secretary of State.
Ofgem may seek to verify your personal information by contacting you directly or by checking it against Government records.
You can also contact Ofgem directly at firstname.lastname@example.org or 9 Millbank, London, SW1 P 3GE.
How we will use your information and who will we share it with?
ECO funding is provided by Energy Companies
Some or all of your personal information as well as information relating to your energy efficiency measure(s) installed may be sent to one of these Energy Companies.
This information may also be sent to any organisation which is involved in ECO in order to obtain the funding and for quality assurance purposes.
Any of the involved organisations in the works or provision of your ECO funding may contact you to verify the information that you have provided.
The Energy Company, or designated third party registered with the Market Research Society, may also contact you to carry out a customer satisfaction survey.
Some of your information may be shared with the Department for Work and Pensions (DWP), Her Majesty’s Revenue and Customs (HMRC), or other relevant organisations for the purpose of confirming your eligibility for ECO measures The information that you have provided may also be passed to third parties whom we contract to carry our Quality Audits in order for an inspection of the works to be carried out.
Information provided will only be used by the persons and for the purposes set out in the above.
What information we will be collecting.
The information we will need to collect includes
- Your full name, address and contact details.
- Date of birth.
- Proof of identity.
- Where required: proof of benefits supplied to you by the Department of Work and Pensions (DWP) to ensure eligibility for the scheme under ECO guidelines.
- Date of installation and details of the energy efficiency measure(s) installed.
- The nature of your right to occupy the premises.
Security of the information provided
We will secure your personal information in compliance with the Data Protection Act 1998 and GDPR 2018 as set out above.
What Are My Rights?
Under the GDPR, you have the following rights, which HEExperts Ltd will always work to uphold:
- b) The right to access the personal data we hold about you.
- c) The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete. Please contact us.
- d) The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we have. Please contact us.
- e) The right to restrict (i.e. prevent) the processing of your personal data.
- f) The right to object to us using your personal data for a particular purpose or purposes.
- g) The right to data portability. This means that, if you have provided personal data to us directly, we aim using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.
- h) Rights relating to automated decision-making and profiling. [We do not use your personal data in this way.]
For more information about our use of your personal data or exercising your rights as outlined above, please contact us.
Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau.
If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
How Long Will You Keep My Personal Data?
We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. Your personal data will therefore be kept for the following periods (or, where there is no fixed period, the following factors will be used to determine how long it is kept):
- For all ECO work, we are required to keep your data for a period of 6 years from the final date of the scheme.
We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection.