Our Power Privacy Notice
Our Power respects your privacy and is committed to protecting your personal data.
This Privacy Notice informs you about how we use and look after your personal data, including any data you may provide through our website, when you request information about our products or services, when you communicate with us, when we provide products and services to you, and when personal data is provided to us in relation to our business.
This Notice also informs you about your rights and how the law protects you.
This Notice applies to customers, prospective customers and previous customers.
Who is Our Power?
‘Our Power’ is a group of companies that is organised under the Holding Company that is called ‘Our Power Community Benefit Society Limited’.
For the purposes of this Notice ‘Our Power’ means the Holding Company and:
• Our Power Energy Supply Limited
We may update this list as our group of companies changes.
You may contact any Our Power company in the following ways:
• By writing to us at 4 Hay Avenue, Edinburgh, EH16 4AQ
• By calling us on 0808 168 4534
• By emailing us at email@example.com
For questions about data protection issues, please address all correspondence to the Data Protection Coordinator.
What is Personal Data?
Personal data is data that relates to an identifiable living individual.
The personal data we collect regarding you can include your name, address, email address and telephone number. It can also include data such as IP addresses of computers you use, and also data about the amount of energy you consume as recorded by your electricity and gas meters.
Your personal data can also be the data that is not immediately obvious as being personal (such as how much energy you use) but may become personal data when processed alongside other data (such as your energy consumption being linked to your meter number which in turn can be linked to your address).
How is my personal data protected in law?
The General Data Protection Regulation (GDPR) is an EU regulation that took effect on 25 May 2018.
The GDPR makes it clear that personal data belongs to the individual and whilst we need to collect personal data about you to provide you with a service and for other reasons, it remains your data and we must handle it with care. We adhere to the principles relating to processing of personal data set out in the GDPR which require personal data to be:
1. Processed lawfully, fairly and in a transparent manner (Lawfulness, Fairness and Transparency).
2. Collected only for specified, explicit and legitimate purposes (The Purpose Limitation).
3. Adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed (Data Minimisation).
4. Accurate and where necessary kept up to date (Accuracy).
5. Not kept in a form which permits identification of Data Subjects (you) for longer than is necessary for the purposes for which the data is processed (Storage Limitation).
6. Processed in a manner that ensures its security using appropriate technical and organisational measures to protect against unauthorised or unlawful processing and against accidental loss, destruction or damage (Security, Integrity and Confidentiality).
7. Not transferred to another country without appropriate safeguards being in place (The Transfer Limitation).
8. Made available to Data Subjects when requested, and in certain circumstances to have that data rectified, blocked, erased or destroyed and data subjects allowed to exercise certain rights in relation to (The Data Subject’s Rights).
We are responsible for and must be able to demonstrate that we comply with the data protection principles listed above.
There are a limited number of specific legal reasons we can process your personal data. They are laid out in The GDPR and each one is called a ‘Lawful Basis’. We must tell you which lawful basis we are using to process your data in each instance.
There are six (6) Lawful Bases defined in The GDPR. They are:
• Consent – this is where you consent to us using your data. You do not have to give it, and if you do give it you can withdraw it at any point in the future.
• Contract – this is where there is a contract between us and we need to have certain personal data from you to carry out that contract, for example the contract between you and us for the supply of energy.
• Legal Obligation – this is where we are required by other laws and regulations to collect and process certain personal data about you.
• Vital Interests – this is where it is necessary to process personal data for the protection of somebody’s life.
• Public Task – this is where processing of personal data is required for the general public interest.
• Legitimate Interests – this is where we have a genuine commercial reason to process your personal data in a certain way that you might reasonably expect us to do because of the business we are in, for example to inform you of new services that we provide that might be of benefit to you.
The Lawful Bases we rely upon to process your personal data depend on what data it is and for what purpose we are processing it for. We describe this in the section ‘How we process your personal data’.
Data we collect about you
Personal data we collect and process about you may include:
• Name • Date of Birth
• Phone Numbers
• Email addresses
• Electricity and Gas meter serial numbers
• Electricity and Gas meter MPAN numbers
• Electricity and Gas consumption and generation data
• Recorded phone calls
• Bank sort code and account numbers
• Details of any special requirements, vulnerabilities, illnesses, infirmities, financial or social difficulties
We may add to this list in the future, and if we do this page will be amended.