This notice covers how we will handle and process personal information we obtain about individuals collected by Npower Limited and PS Energy UK Limited (“we”, “us” or “our” for short).
This notice is in addition to your Powershop standard terms and conditions for supply of electricity and gas.
Placeholder accordion paragraph content
This notice sets out how we collect and handle your personal information such as when you purchase products and services from us, when you see our online customer portal and mobile app, and when you contact us, how we store and use it, and how you can access and manage this information.
Our Data Protection Officer (DPO) provides help ad guidance to assist us in meeting our obligations and to ensure we protect the data we hold about you. We take your privacy seriously and take appropriate steps to protect the personal information we collect from you and to make sure that your personal information is kept secure and only used in line with this notice.
Our group and your products and services
We are what is known as a controller of personal information we collect and use about you. When we refer to “we” “us” “our” we mean P S Energy UK Limited trading under the name of Powershop UK (who will provide all the services to you). Products and services may be shared within subsidiary group companies, these include Npower Limited and Npower Gas Limited (as the official gas and electricity licence holders and providers of certain corporate services to P S Energy UK Ltd).
So, what personal information do we collect about you?
We need to ask you to provide certain personal information depending on the products and services we provide to you. It may be obtained directly from you when we speak to you or via our website or mobile App or from another third party or organisation or person.
We will tell you if we may require your consent to use the information for specified purposes.
We collect information directly from you as requested by our signup process online or over the phone and contact forms you may complete. For example, we collect the following to assist us in setting up your account and to verify who we are dealing with:
Full name (including title), age/date of birth
Phone number, mobile number
and email address
Bank account details as well as credit
or debit card details if you pay through those means
Meter details such as the meter serial number, MPAN or MPRN
Gas and electricity usage (via meter reads provided by you)
Medical health conditions or other vulnerabilities
Information about your property’s characteristics (for example its age, number of bedrooms) if you have requested energy efficiency advice or want to compare your energy usage with other properties similar to yours.
Occupier details (for example the number of people living in the property) for assessing vulnerability and providing you appropriate products and services.
From you about other people:
Medical health conditions or other vulnerabilities about others in your household. If you provide such information on behalf of anyone else then in doing so you are confirming
that you have explained how their information may be used by us and
they have given you permission for
us to do so.
If you have provided any sensitive information about yourself or others (such as health related information)
you agree (and are confirming that the person who the information is about agreed) that we can use the information as set out in this notice. This may happen because you are acting as
the representative on the customer’s behalf or because someone who is
living with you requires additional support that we are able to offer.
From third parties
Credit reference or fraud prevention agencies in relation to your repayment history or your credit rating which may include public information about bankruptcies or county court judgments against you.
Publicly available sources like the
Post Office to verify your information.
Industry sources who are involved in your electricity supply (such as your distributor, meter equipment owners and meter readers), or who can
enhance and/ or verify information you have provided (such as direct debit verifications and meter discovery verifications) other energy suppliers
as well as from industry organisations who operate and maintain databases
on behalf of the industry to assist
(for example) in the change of
Landlords or letting agents who own or manage your home and who provide your details so we can set up an account in your name.
Other companies like energy comparison sites or brokers where you sign up to our products and services through their websites or contact centres
From our Public Website
We collect certain data automatically and anonymously from your visit to our website www.powershop.co.uk or our mobile App to help us understand how you are using it, track and administer it and diagnose problems.
Secure Customer Portal
The IP (internal protocol) address
and other data to allow us to help understand how you are using it to
track and administer it and diagnose other problems (unless you turn this
off in the secure portal privacy settings).
From our mobile App:
In addition to routine mobile permissions (for example access to the internet in order to be able to work we will collect information about your mobile device including the model
and brand, the operating system version, the screen resolution, the date and time on it, video graphics card and memory available.
The mobile app will access your device’s memory to cache permitted images to load them faster to you
(for example Powerpack tiles).
The mobile app will access your push notification settings (such as control vibrations, prevent phone from sleeping to send you push notification in accordance with your preferences for things like new powerpack specials, meter reading reminders, Autopayment and Autopurchase reminders. We use a third-party service to do this. We use a unique identifier token for each mobile device which we share with our notification service provider for them
to send the mobile app notifications to. Very limited personal information can be contained in those notifications.
(for example the address supplied by Powershop). You can customise what notifications you are sent by going to the Account Settings within the App.
The mobile app will access your device’s camera to use the flashlight,
if you turn on the flashlight icon at the top right of the meter reading entry screen, to help you read the meter outside. Our mobile app does not access your photos.
If you consent to a crash report being sent, we will receive information when the mobile app crashes. As part of the crash report, we (and our sub-processors as well as Apple and/or Google Play (depending on your phone operating system)) receive basic device information (such as device model and operating system version) and the version of the mobile app you are using. The mobile app also sends crash reports from your installed email client, if you choose to send them. As part of this crash reporting we receive your Powershop account number, Powershop consumer number, App version details, device details, and the email address and name details the email was sent from.
How we use your personal information and who we share it with – the legal basis and the purposes
We can only use your personal information where that is permitted by data protection laws. Those laws require that where we use your personal information we must satisfy one condition (legal basis) for processing. The legal bases are consent, to comply with our legal obligations, to perform a contract, our legitimate interests and for special category data (health) it is in your vital interests.
Set out below are the different legal bases as well as examples of the types of processing we carry out:
Legal Basis for Processing
Processing activity (purposes)
Where you have provided us with consent we will rely on that to process your information for the purposes set out at the time that the request for consent was made.
You can always change that consent at any time (either by withdrawing it or giving your consent where you previously hadn’t). The consequence of that might be that we are no longer able to do certain things for you.
See the section on “What rights do you have over your personal data?” and then “Right to withdraw Consent”
From time to time if you have agreed we may provide you with marketing information relating to loyalty rewards, customer promotions and competitions about our products and services (including by phone, text message, email, via your online account, and via your Smart in home display and via e-marketing i.e. using the internet and digital media technologies (for example social media)), which we think may benefit you in your everyday lives.
We ask for consent when you sign up with us, but you can change your mind at any time. We will never use your consent to direct marketing to forward you offers from third parties.
From time to time we may ask you to participate in market research including customer surveys or customer focus groups – if you agree, your feedback is given with your consent.
You agree to the disclosure
If you request us to disclose your personal data to other people or organisations such as to a relative to deal with your account on your behalf or you otherwise agree to such disclosures.
We also rely on your consent to receive crash reports if you download and use our mobile app and it crashes.
Priority Services Register
If you elect to go on our Priority Services Register or PSR (which is a service open to certain customers who due to their health, age etc may require additional assistance), we need your consent to store and share your sensitive health information. If you consent to us storing and sharing this sensitive health information we will use it and pass it on automatically using standard industry dataflows to relevant industry bodies like electricity distributors, gas transporters, other energy suppliers, any sub-contractors like metering companies that provide field services to enable us and them to consider what additional help and support you may need for example if there is a power loss.
Your details supplied as part of the PSR will never be used for marketing. You need to let us know if anything changes so we can ensure we provide the most appropriate support for you. If you no longer want to be part of the PSR, or you don’t want us sharing that information with third parties, just let us know. More information is available at powershop.co.uk/PSR
We may need to share your vulnerable information with third parties because we believe you or someone else’s life is in imminent danger. This will be assessed on an individual basis and we will not share information unless we really believe there is a serious risk. We anticipate this will occur very rarely.
Whether or not you are registered on Priority Services Register referred to above if you are in danger of being cut off and we believe you or someone else’s life is in imminent danger and you may need extra help, we may record vulnerable information about you and share it with support agencies and the Police. We may also share this information with the relevant gas transporter, metering agents or network operator.
Performance of our Contract with you for supply of your energy and to take steps at your request prior to entering into that Contract
To provide you with a quote
To help us identify you so we know who we are talking to and to authenticate the information you provide for security purposes. We may check against information we already hold about you as an energy supplier and potentially publicly available information such as social media.
To set you up in the appropriate industry systems based on agreed industry processes when you change your supply to or away from us including obtaining meter reads, resolving metering disputes etc. We share this information with metering operators and metering asset managers, local lines companies, and transmission companies, meter equipment owners, meter readers, other energy suppliers as well as industry organisations who operate and maintain databases on behalf of the industry to assist (for example) in the change of supply process or the provision of industry data analytics to improve or enhance the energy efficiency of our operations compared to other energy suppliers.
To set up and manage your account including processing and collecting payments, recovering debts, analysing your account history and improving our service to you which include sending you:
notifications via our mobile app (if you download it) regarding Powerpacks so that you have every opportunity to save money;
service messages such as meter read and payment reminders, changes to our opening hours by mobile app notifications, text and/or email;
account notifications and communications such as price and other terms and conditions changes by mobile app notifications, text and/or email).
We may share this information with other parties connected with your account for example if you have provided a delegation of your authority to a partner, relative or a friend to allow them to assist you in dealing with your account.
To verify information, you have provided us such as direct debit information (to make sure we have the right bank account and it is not stolen), your address (to make sure it is accurate and a real address) or your metering information so we can be sure we can supply you.
To measure your energy use and work out your bills.
To supply you with any products or services you have asked us for such as the supply of gas or electricity (or both).
To ensure we meet our quoted price(s).
To report to and pay our referral partners such as broker websites like uswitch.
To assess health and safety, environmental and financial risks to you.
To arrange for other Npower group companies to provide services to you where we do not offer them, and to meet legal or regulatory obligations - for example, if you need or want a prepayment meter, are on a green deal, need energy efficiency advice, or you are not a domestic customer.
To provide and improve customer support.
To resolve complaints and dispute resolution.
To train our staff and monitor our services. This may involve us recording our conversations with you or keeping copies of our correspondence with you to make sure we are providing you with a good service and are keeping to our legal and regulatory obligations.
To fulfil a Legal Obligation
This is where we are required to do something by law, regulatory requirement or by way of a court order
To comply with legal and regulatory requirements including those set out in the relevant gas and electricity Acts, our licence conditions and industry codes which govern how we operate. We may share this information with Ofgem (or any organisation which takes over Ofgem's role) or directly to an agent acting on their behalf, or as part of a government data-sharing initiative for example ones aimed at helping people who cannot afford to pay for their heating and electricity. They may pass that information to other agencies to be analysed or for other purposes relevant to their request or investigation.
To provide certain information to Ofgem as regulator for the energy industry either as part of an investigation by them or as part of request for information or as part of an audit of our services (usually aggregated to a non-personal level).
For demand forecasting and settlement in so far is required to meet our industry requirements.
To comply with the law. We may share such information with our legal advisors and auditors.
To relevant law enforcement agencies or government agencies where we have been asked to provide the information for legal or regulatory reasons (if we receive a legitimate request for the information).
To assist you if you exercise your legal rights under data protection law.
To verify your identity, make credit fraud prevention and anti-money laundering checks.
To run our business in an efficient and proper way. This includes managing our financial position, business capability, planning, communications, corporate governance, and audit. We may share this information with our legal and professional advisors including our auditors.
To help prevent and detect crime such as fraud and money laundering. We will share this information with
the police, other relevant law enforcement agencies, regulators, public bodies such as local and central authorities (including government agencies/departments) where we have been asked to provide the information for legal or regulatory reasons (such as prosecuting offenders, assessing or collecting tax.
As necessary for our own Legitimate Interests
This is where we use your personal information for our normal business purposes where the benefits of doing so are not outweighed by your fundamental rights or freedoms.
You have a right to object to this type of processing. See the section on “What rights do you have over your personal data” then “Right to object to processing based on our ‘legitimate interests’ as a business”
For conducting business analytics and industry analytics such as carrying out internal reporting, profiling, modelling and analysis, market research, producing statistics. We may share this information with agents acting on our behalf, including creative agencies, professional user experience testing agencies and search engine optimisation agents.
To carry out credit checks and assess your creditworthiness. We will share this information with credit reference agencies such as Experian. Further details of this are set out below under the heading ‘How we may share your personal information with credit-reference agencies’.
We may take measures to ensure we carefully consider switch back when you have failed to pay for your energy supply in contravention of your contractual obligations.
To facilitate and carry out industry theft and fraud (TRAS) investigation and reporting. We may share that information with Ofgem, the industry appointed TRAS Fraud Prevention Agency, our parent company and other interested parties such as other energy suppliers, landlords, housing associations, fraud prevention agencies and other organisations (such as the police) involved in crime and fraud prevention who may also use this information. Further details are available under the heading ‘Theft and Fraud Prevention’ below.
To assist in debt prevention and debt recovery which may include tracing where you have moved to and identifying who is responsible for taking supply where such processes go beyond what is strictly necessary for the performance of our contract with you.
We may share this information with a credit reference agency or fraud prevention agency to trace you if you have not provided your contact details or a forwarding address so that we can recover your debt or we may pass your details on as part of current or future legal action.
To diagnose problems and test systems to ensure security and help improve the way we provide our services and the products. We will share information with our processors and sub-processors for the development and testing of our IT systems, diagnosing and implementing bug fixes, and diagnosing and dealing with incidents.
To carry out web analytics to analyse and better configure our website. This is done on an anonymous basis.
We may use limited personal details (e.g. email, phone number) in a secure manner to serve you with better targeted advertisements online, such as on social media sites like Facebook. We do this to better target any ads we place on those online sites.
We use services such as Google Analytics to collect information about our mobile app and help us analyse it and better configure our service. Google Analytics collects a range of anonymised information, such as the town in which the user is located at the time of login, the number of visitors on our mobile app per day, which pages they visit, and the types of devices using our mobile apps (make and model). Our mobile app also utilises "Events" functionality from Google Analytics. These are pre-programmed "things" which record when a user does them (and the basic device type such as Nexus 5). If you do not want us to use Google Analytics in respect of your use of the mobile app then you can turn this off in the mobile app on each device by going to the main menu: >Settings> Google Analytics.
If you have a display unit with your smart meter, we may send messages (for example, general energy-efficiency messages) direct to it, unless you let us know at any time that you do not want to receive such information.
If an organisation takes over all (or nearly all) of our business or assets, we may pass your personal information to them and we may pass details of any debt you may have with us to your future service provider.
To take part in government or industry initiatives (for example to tackle fuel poverty, improve energy efficiency or other social or consumer interests) or assess how the energy sector is working) for example by a lawyer or Ofgem or to the Information Commissioner (if we receive a legitimate request for the information).
Theft and Fraud Prevention
- If we suspect that someone has committed fraud or stolen energy by tampering with the meter or interfering with the supply we will record your information and share it (for as long as you have an account with us) on a regular basis (including occupier details, property type and consumption data), with the industry appointed TRAS Fraud Prevention Agency (including their sub-contractors (if any)) who will use that information and that of other customers (whether or not supplied by us) to check public and other databases they hold or have access to so that they can profile geographical, behavioural and other similar trends for the purpose of theft and fraud risk assessment and to generate leads based on that analysis which they will pass on to us for the purpose of preventing and detecting the theft of energy and the prosecution of offenders (“theft leads”).
- The TRAS Fraud Prevention Agency will hold this information and may provide it to other energy suppliers (where you have an energy account with them) or to Ofgem and other industry bodies in accordance with agreed industry processes and the information may continue to be used even following termination of this agreement where you are supplied by a different supplier.
- We may use any information we have collected as well as any theft leads received from third parties including the TRAS Fraud Prevention Agency to (where relevant and appropriate) detect, investigate, pursue (including prosecute) and prevent (in so far as possible) theft and fraud.
- If we suspect or confirm that you have committed energy theft a record of this will be kept by us and the TRAS Fraud Prevention Agency. We may use this information to assist us in making decisions about your payment arrangements and the products and services we offer you in the future.
How we may share your personal information with credit-reference agencies
We have set out below how we may share your personal information with credit-reference agencies and how they may record and use your personal information.
- In order to process your application (for example when you apply to take supply from us or you move home), we will perform credit and identity checks on you with one or more credit reference agencies (“CRAs”) as well as using information we already hold about you for internal credit risk and debt management and to help us assess your ability to pay. Where you take products and services from us we may also make periodic searches at CRAs to manage your account with us.
- To do this, we will supply your personal information to CRAs and they will give us information about you. This will include information from your application and about your financial situation and financial history. CRAs will supply to us both public (including the Electoral Register) and shared credit, financial situation and financial history information and fraud prevention information.
- We will continue to exchange information about you with CRAs while you have a relationship with us. We will also inform the CRAs about your closed accounts. We record your current balance and how you manage your account and may share this information with CRAs. If you owe us money and when requested do not repay in full and on time we may share this information with CRAs. This information may be supplied to other organisations (like banks, other utility companies, companies who offer you credit to purchase goods) by CRAs which may affect your ability to obtain credit.
- If we consider that your account is in default (i.e. you have not paid us and are in breach of your agreement with us or you are making ‘token’ payments towards your debt) we will notify you and if you do not pay us we will report the unpaid debt to CRAs who will record that default on your credit file. If you set up an instalment plan or some other form of payment arrangement with us to repay a debt (including paying off a debt through a prepayment meter) then a payment arrangement flag may be recorded on your credit file. We may record such a flag whether you are a current customer with us or one who has left us to go to another supplier and had their account closed with an outstanding debt that remains to be paid. This information may be supplied to other organisations (as described above) by CRAs and may affect your ability to obtain credit.
We will use information we receive from CRAs along with information we already hold about you to:
i. Assess your creditworthiness and whether you can afford to take the product and/or services;
ii. Verify the accuracy of the data you have provided to us;
iii. Prevent criminal activity, fraud and money laundering;
iv. Manage your account(s);
v. Trace and recover debts;
vi. Ensure any offers provided to you are appropriate to your circumstances;
- To assess your ability to pay versus financial risk to decide on the appropriate debt recovery activity and the application of debt recovery fees (in line with guidance on ability to pay from Ofgem) including sending you timely service messages and/or contacting you by telephone if it looks like you are or are about to get into payment difficulties.
- When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other organisations (like banks, other utility companies, companies who offer you credit to purchase goods).
- We may also use information obtained from CRAs where you have failed to tell us that you are the owner and/or occupier of the property we supply. In the event that the CRAs are able to positively match your details from their search of information from other companies, the Electoral Register etc. then we will use that information to follow our internal processes to take steps to set up an account for that property using the details provided by the CRAs. Before we do so we will contact you and provide you with the opportunity to correct any information we have obtained. Where it is clear that you are the owner/occupier of the property and taking energy supply we will set the account up in your name and record the current balance and share that with CRAs. If you owe us money and when requested do not repay in full and on time we may share this information with CRAs which may affect your ability to obtain credit.
The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail in the Credit Reference Agency Information Notice (CRAIN). CRAIN is accessible from each of the three CRAs – clicking on any of these three links will also take you to the same CRAIN document:
If you would like to see what information the CRAs hold about you, you can contact those currently operating in the UK. The information they hold may not be the same, so it is worth contacting them all. They will charge a small statutory fee.
Credit reference agency
Post: Callcredit Information Group, One Park Lane, Leeds, West Yorkshire LS3 1EP.
Phone: 0330 024 7574
Post: Equifax Ltd, PO Box 10036, Leicester LE3 4FS
Phone: 0333 321 4043 or 0800 014 2955
Post: Experian, PO BOX 8000, Nottingham, NG80 7WF
Phone: 0344 481 0800 or 0800 013 8888
Automated decision-making and profiling
The law requires that we tell you if our systems conduct any processing, including profiling, which produces a decision that is completely automated and produces legal effects concerning you or similarly significantly affects you. We do not consider that any of the automated decision-making, including profiling, that our systems conduct fits this criteria.
Like all energy retailers, we do undertake necessary automated decision-making and profiling in our system to make setting up and servicing your energy supply efficient and accurate, such as verifying information you provide us on signup, matching your quote to your customer records, assigning the correct price to your property for your metering configuration, obtaining meter reads, estimating consumption, billing you, and tracking and recovering debt etc. If you wish our staff to review a decision taken by our system we are prepared to do so. See below under the heading ‘Who is your data controller?’ for details of how to contact us to request this.
We also conduct ‘profiling’ manually for our general business purposes like business analytics- see ‘How do we use your personal information?’ and ‘Legitimate interests’ for examples of the sorts of activities that we conduct which rely on the ‘legitimate interests’ legal ground. These types of general business purpose analytics are designed to help us make decisions about our customer base generally, rather than a specific decision about you.
We use automated profiling to create a profile of your credit worthiness based on the information you have provided to us, the information we have received from credit reference agencies and whether you pay your bills to us in full and on time and/or in accordance with agreed payment plans. We analyse this information manually to make an initial and ongoing assessment of your likelihood to pay your debts and to see what products and services we can offer you. We may also take measures to ensure we carefully consider switch back when you have failed to pay for your energy supply in contravention of your contractual obligations.
Profiling carried out by TRAS and Credit Reference Agencies
The industry-appointed TRAS Fraud Prevention Agency conducts profiling across all energy industry customers, including ours, in order to identify customers who have a higher likelihood of having committed energy theft. For more details see the earlier section “Theft and Fraud Prevention.’
Credit Reference Agencies conduct profiling across their databases and public records, including information that energy suppliers like us give them, to produce a credit score according to their proprietary methods. For more information see the earlier section “How we may share your personal information with credit reference agencies.”
When do we pass your personal information outside the EEA?
There are a number of instances where we may pass your personal information outside of the European Economic Area (EEA) to countries that do not have the same data protection standards as we do in the UK. Firstly, we and our processors make sure that it happens with the relevant legal protection in place. Secondly, we always know when this occurs and make sure relevant security and contractual protections are in place. The countries we pass such information to are:
- New Zealand. One of our sub-processors which undertakes development of our IT systems is based in New Zealand, along with some other sub-processors they use. New Zealand holds an adequacy decision from the European Commission. This is authorised under Article 45 of the GDPR;
- United States. We primarily rely on Privacy Shield certification to ensure these data transfers are legal, and also EU model clauses. This is authorised under Article 46 of the GDPR;
- We use a US based sub-processor with infrastructure in Australia who is Privacy Shield certified and has entered into a data processing addendum including model clauses.
We will keep any personal information that we process for the following retention periods:
Personal information processed
Information processed for the purpose of our contract with you
7 years unless you are a still a customer with us and we require the information so that we can continue to supply you.
Information processed for our legitimate interest as a business except theft and fraud reporting
Theft and fraud reporting
Information processed about you when you have failed to pay so we can ensure we carefully consider any switch backs
Information processed as a result of a credit check
Information kept for the purpose of complying with a legal obligation
Powershop complies with the security standards required by law, to protect your personal information. Any personal information you send via the post or email is at your own risk but once we receive it we use strict procedures to safeguard it.
If you are a Powershop customer, you are responsible for your email address and password. Your user name and password can only be used in connection with purchasing products for the supply of energy to your property or properties. You should not tell anyone else your password or user name, and if you do, you are responsible for paying for energy they buy from us.
When you use your debit card or credit card during signup or on our online web portal, the debit card or credit card information is transmitted using Secure Socket Layer (SSL) protocol, this encrypts your information. Powershop keeps only some of your debit card or credit card details. However, your full credit card and debit card details will be encrypted and securely stored by our online payment providers (currently Mastercard and Lloyds). Make sure you always logout when you have finished using the Powershop customer website, especially if you access Powershop from a shared computer.
What rights do you have over your personal data?
• Access: You are entitled to know what personal information we hold about you at any time. (If you write to, email or phone us and ask to see this information, it is known as a ‘Subject Access Request’ or ‘SAR’ for short). When we receive your request, we will send you a form to fill in, along with identity checks. If you do not return the form and/or answer our phone calls to verify you have made this request, we will not be able to deal with your request.
• Data Portability: You can request the personal information you provide to us in a commonly used and machine-readable format. We already allow you to access your information online (including the ability to export your meter reads), but if you need other information or you don’t want to access it online you can contact us.
• Accuracy/ Rectification: You can check that the personal information that we hold is accurate, or to let us know of any changes to your personal information. We always try to ensure that the information that we hold is accurate, up to date and relevant. We’ll be more than happy to make changes or to correct any inaccuracies.
• Deleting/ Erasure: You can ask us to delete some or all of your personal information in certain circumstances (e.g. we no longer need it), and we are obliged to delete it. We can refuse to delete that information if those circumstances don’t apply e.g. we still need it to supply you with energy.
• Restriction on use: You can ask us to temporarily stop using the personal information in the following circumstances:
o where you think your personal information is not accurate, we will temporarily stop using it until we have verified the accuracy of it, if we cannot resolve the accuracy of it straight away;
o where you have objected to our use of the personal information (in circumstances where it was necessary for the performance of a public interest task or for our legitimate interests as a business), and we are considering whether our legitimate interests as a business override your rights to object to our use of it;
o when processing is unlawful, and you don’t want us to erase it, and request restriction instead; or
o if we no longer need the personal information but you want it to establish, exercise or defend a legal claim.
If we have shared the personal information in question to third parties, we must inform them about the restriction on the processing of the personal information, unless it is impossible or involves disproportionate effort to do so. We must also inform them when we decide to lift a restriction on processing.
• Right to withdraw Consent: Most of the personal information we require is necessary to supply you with energy, and we don’t rely on consent to use and retain it. However we do rely on your consent to contact you for direct marketing and to store and/ or share your personal information for our Priority Services Register. You can provide or withdraw your consent for either of these situations by calling or emailing our call centre (see below) or online:
o for direct marketing, you can log on, go to the Settings tab, then the Accounts tab, Privacy & Data, then turn on or off the direct marketing option (as desired); or
o for the Priority Services Register, you can log on, go to the Settings tab, then the Properties tab, then change the Priority Services Register settings for each fuel and each property we supply.
We also rely on your consent to receive crash reports, if you have downloaded and use our mobile app. If you are not comfortable with us or those third parties receiving this information, do not consent to the crash report being sent when prompted. You can control whether Apple receive information about errors or crashes on your device when you first setup your device. You can control whether Android receives information about errors and crashes, by checking your device settings.
• Right to object to processing based on our ‘legitimate interests’ as a business: If we rely on the legal grounds that we have a legitimate right as a business to use your personal information (as opposed to any other legal ground) then you have a right to object to us using your personal information for these purposes. See above under the heading ‘How do we use your personal information? ‘and ‘Legitimate interests’ for examples of the sorts of activities that we conduct which rely on the ‘legitimate interests’ legal ground.
You can exercise your right to object you can call or email our call centre (see below) or log on, go to the Settings tab, then the Accounts tab, Privacy & Data, then turn on or off the
‘legitimate interests’ option, and/ or the ‘web tracking and analytics’ option (as desired). If you do not want us to use Google Analytics in respect of your use of the mobile app then you can turn this off in the mobile app on each device by going to the main menu of the app then: >Settings> Google Analytics.
• Right not to be subjected to automated decision-making: You have the right not to be subject to a decision based solely on automated processing which produces legal effects or similarly significantly affects you, except where we do so for the purposes of your energy supply, it is authorised by law, or you consent to it. In those circumstances you are entitled to at least contest any such decision and obtain a review. Our systems do not have automated processing that fulfil these criteria, but in any event if you wish our staff to review a decision taken by our system we are prepared to do so.
• Complain: If you think we are using or processing your personal information in a way that is not consistent with this privacy notice or with the law, you can lodge a complaint with the Information Commissioner’s Office. Contact details are available at https://ico.org.uk/concerns/. We would always prefer you to contact us first though, to see if we can answer your concerns.
You can exercise any of these rights by contacting us as set out below under ‘Who is your data controller?’ below.
Who is your data controller?
PS Energy UK Limited is the data controller for the personal information. You can contact us to exercise any of your rights or if you feel that we are not complying with the terms of this privacy notice by:
● emailing email@example.com,
● Contacting us using the ‘Contact us’ forms on our website www.powershop.co.uk/contact-us or our mobile app; or
● calling our call centre on 0800 009 3719* (free from most landlines);
● logging on, going to the Settings, then Privacy & Data, then turning off the direct marketing option;
● writing to us at Data Protection Officer, Powershop, 9th floor, Quayside Tower, 252-260 Broad Street, Birmingham B1 2HF.
What if we update our privacy notice or you have any questions?
This Notice was updated in April 2018 and it replaces any previous privacy notice we may have provided to you. We do keep our privacy notice under regular review, but we will email our customers regarding any significant changes. If you have any questions please do contact us through using the ‘Contact Us’ forms on our website or our mobile app, calling our call centre on 0800 009 3719* or emailing firstname.lastname@example.org.
*Phone calls: Calling us on a 0800 number is normally free when you call from a landline, but charges may vary if you use a mobile.