UTTILY

Privacy Notice

UTTILY Plc respects your privacy and is committed to protecting your personal data. This privacy notice will inform you as to how we look after your personal data when you visit our website (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you.

About us

We are UTTILY plc (07471188) of 118 Piccadilly, London W1J 7NW. We use your information as further explained in this Privacy Policy. We’ll be the “controller” of the information you provide to us.

UTTILY plc respects your privacy and is committed to protecting your personal data. This privacy notice will inform you as to how we look after your personal data when you visit our website (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you.

This privacy notice is provided in a layered format so you can click through to the specific areas set out below. [Alternatively, you can download a pdf version of the policy here].

What information do we need?

We collect the following personal data about you:

  • name, address, telephone number and email address;
  • payment details including bank details;
  • When using our website, your IP address, location information and browsing information;
  • Your preferences for communications e.g. by telephone, fax, SMS, email or post;
  • Details of your participation in surveys;
  • Details of your interactions with us on social media;
  • Details of any vulnerabilities so we can adapt our services appropriately; and
  • If you contact us by telephone, we may record the call for training and service improvement purposes, and make notes in relation to your call.

We may enhance personal information we collect from you with information we obtain from third parties that are entitled to share that information, for example, credit agencies, search information providers and / or public sources. We may also be provided with information about you by a previous tenant, or a third-party intermediary (TPI) who is authorised to act on your behalf. UTTILY works closely with third parties, including sub-contractors and the Office of Gas and Electricity Markets (“Ofgem”).

Why do we need it?

We need to know your basic personal data to be able to supply your business with energy, maintain and operate our electricity generation assets and gas storage facilities and manage our energy portfolio. In particular, we need to know your basic personal data to provide our services to you, direct any customer enquiries to the correct UTTILY support team, to allow our engineers to support you on-site and to communicate with you. We may also collect specific information in order to enter into legal contracts with you.

Legal bases for processing

In order to process and use your personal information lawfully, we rely on the following legal bases:

  • for the performance of a contract with you for provision of our products and/or services or to take steps at your request prior to entering into such a contract;
  • to comply with our legal obligations;
  • for our legitimate interests in ensuring effective operational management and internal administration, document retention/storage, compliance with regulatory guidance, exercise or defence of legal claims, service improvement and communicating with you; and
  • consent (where we market to you via email or SMS, or where we store vulnerability information).

What do we do with it?

The personal data is processed by our staff to:

  • Ofgem, the Energy Ombudsman and any other regulatory authority we may be subject to for the purposes of demonstrating compliance with applicable law and regulations;
  • Our corporate auditors for the purposes of demonstrating compliance with financial and regulatory frameworks;
  • our sub-contractors for the purposes of carrying out work on our energy distribution networks;
  • our service providers for the purposes of providing services to us;
  • other UTTILY group companies for the purposes of account administration, payment management and strategy development;
  • third party intermediaries, where you have engaged their services; and
  • debt collection agencies for the purposes of debt management.

We may also use aggregate information and statistics in order to help us develop our services and may provide such aggregate information to third parties. These statistics will not include information that can be used to identify any individual.

Unless you’ve asked us not to, we may contact you in writing, by phone and (where you have opted-in) via email or SMS with information on products, services and rewards that we, other companies within the UTTILY group, and occasionally our carefully selected partners identified at the time we collect your information, offer. We may use third parties to send marketing communications.

Unless you have asked us not to, we may also use your email address to show you digital advertisements via search engine results pages or on other websites.

Unless you have asked us not to, we may profile your data to provide you with marketing and offers that are relevant to you. If you opt out of profiling we will still run analysis that includes your data, but any decisions or marketing output that result from that analysis will not be used to market to you. You will be sent generic marketing that may not be relevant to you.

Where you partially complete and/or abandon any information inputted into our website and/or other online forms we may use this information to contact you to remind you to complete any outstanding information and/or for marketing purposes.

To opt out of receiving marketing messages, please contact us at any time verbally, by email or in writing using the details below;

UTTILY Plc
FAO Data Protection Team
118 Piccadilly, Mayfair, London W1J 7NW
020 7569 6725

How long will we keep it?

We will keep your information only for as long as necessary depending on the purpose for which it was provided.

When determining the relevant retention periods, we will take into account factors including:

  • legal obligation(s) under applicable law to retain data for a certain period of time;
  • (potential) disputes; and
  • guidelines issued by relevant data protection authorities.

Otherwise, we securely erase your information once this is no longer needed.

How we protect your personal information

We use a variety of technical and organisational measures to help protect your personal information from unauthorised access, use, disclosure, alteration or destruction consistent with applicable data protection laws.

Automated Decision-Making

We use automated decision-making to determine the conditions upon which we supply you in the following circumstances:

  • Customers whose businesses are insolvent or no longer trading; and
  • New connections customers with a supply larger than 23kVA.

If your business is insolvent or no longer trading, we will automatically refuse to supply you.

For new connections customers with a supply larger than 23kVA, we will use credit scoring information supplied by a third-party credit agency to determine whether a security deposit is appropriate.

In all other circumstances, we may take credit scoring information into account when deciding on the conditions placed upon your supply, however we will also consider other information that we hold about you, and this decision will not be fully automated.

You can appeal any automated decision, receive an explanation of the decision or require human review of the decision by contacting us.

How is your personal information transferred outside the EEA?

We, or a third party who we share personal information with, may host, store and handle that personal information outside of the European Economic Area (EEA).

We will only permit this to happen if adequate safeguards have been put in place to protect your personal information. This means that we will:

  • ensure that the country in which your personal information will be handled has been deemed “adequate” by the European Commission under Article 45 of the General Data Protection Regulation (GDPR);
  • include standard data protection clauses approved by the European Commission for transferring personal information outside the EEA into our contracts with those third parties (these are the clauses approved under Article 46.2 of the GDPR); or
  • (in the case of transfers from the EEA to the USA), ensure that the recipient of the personal information has certified with the EU-US Privacy Shield Framework, as permitted by Article 46.2 of the GPDR.
Rights What does this mean?
1. Right to be informed You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data and your rights. This is why we’re providing you with the information in this Privacy Policy.
2. Right of access You have the right to obtain access to your personal data (if we’re processing it) and certain other information (similar to that provided in this Privacy Policy). This is so you’re aware and can check that we’re using your personal data in accordance with data protection law.
3. Right to rectification This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your personal data where there’s no compelling reason for us to keep it. This is not a general right to erasure; there are exceptions.
5. Right to restrict processing You have rights to ‘block’ or suppress further use of your personal data in certain circumstances. When processing is restricted, we can still store your personal data, but may not use it further.
6. Right to data portability You have the right to obtain and reuse your personal data in a structured, commonly used and machine readable format in certain circumstances. In addition, where certain conditions apply, you have the right to have such information transferred directly to a third party.
7. Right to object to processing You have the right to object to certain types of processing in certain circumstances. In particular, the right to object to the processing of your personal data based on our legitimate interests or on public interest grounds; the right to object to processing for direct marketing purposes (including profiling); the right to object to the use of your personal data for scientific or historical research purposes or statistical purposes in certain circumstances.
Your objection (or withdrawal of any previously given consent as described in the following paragraph) could mean that we are unable to perform the actions necessary to achieve the purposes set out above (see ‘How we use your personal information’) or that you may not be able to make use of the services and products offered by us. Please note that even after you have chosen to withdraw your consent we may be able to continue to process your personal information to the extent required or otherwise permitted by law, in particular in connection with exercising and defending our legal rights or meeting our legal and regulatory obligations.
8. Right to withdraw consent If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal data for direct marketing.

Contacting us

If you would like to contact us in relation to your rights or if you are unhappy with how we’ve handled your information, you may contact us by sending an email support@uttily.com or contact us on 020 7569 6725 or in writing to;

UTTILY Plc
FAO Data Protection Team
118 Piccadilly, Mayfair, London W1J 7NW

If you’re not satisfied with our response to any complaint or believe our processing of your information does not comply with data protection law, you can make a complaint to the Information Commissioner’s Office (ICO) using the following details:

Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Telephone number: 0303 123 1113

Website: www.ico.org.uk

We review and may amend our privacy notice from time to time. Any changes we make to this privacy notice in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to this privacy notice. The new terms may be displayed on-screen and you may be required to read and accept them to continue your use of the Website.