Scottish and Southern Electricity Networks Privacy Notice

About us

We are Scottish and Southern Electricity Networks (“SSEN”), which is the trading name of Scottish Hydro Electric Transmission Plc (“SHET”), Scottish Hydro Electric Power Distribution Plc (“SHEPD”) (of Inveralmond House, 200 Dunkeld Road, Perth, Perthshire PH1 3AQ) and Southern Electric Power Distribution Plc (“SEPD”) (of No.1 Forbury Place, 43 Forbury Road, Reading, United Kingdom, RG1 3JH). SHET and SHEPD are subject to the laws of Scotland. SEPD is subject to the laws of England and Wales.

We use your information as further explained in this Privacy Notice. We’ll be the “controller” of the information you provide to us. If you live in Scotland, SHET and SHEPD will be the controller of the information you provide to us.  If you live in England, SEPD will be the controller of the information you provide to us.  “We”, “we’ll”, “our”, “us” etc. when used in this Privacy Notice will be interpreted as relating to the relevant data controller.

This Privacy Notice covers the following processing activities of SSEN:

  • RIIO-ED2 Business Planning customer and stakeholder survey

What information do we need?

We only collect your selected location, customer or stakeholder profile and your business option preferences through our RIIO-ED2 survey.

Why do we need it?

We are collecting this data so that we can plan for the future of our networks using gathered insights as to what our customers and stakeholders want and need.

Legal bases for processing

In order to process and use your personal information lawfully, we rely on the following legal bases:

  • for the performance of a contract with you for provision of our products and/or services or to take steps at your request prior to entering into such a contract;
  • to comply with our legal obligations;
  • for our legitimate interests in ensuring effective operational management and internal administration, document retention/storage, compliance with regulatory guidance, exercise or defence of legal claims, product/service improvement and communicating with you; and
  • with your consent, to maintain and develop our relationship with you, including marketing our products and services and market research. You may withdraw your consent at any time.

What do we do with it?

The survey data we process is processed by our staff to:

  • obtain feedback on how we can improve our services;
  • comply with legal or regulatory requirements.

We may share your information with:

  • your electricity supplier;
  • Ofgem, the Energy Ombudsman and any other regulatory authority we may be subject to for the purposes of demonstrating compliance with applicable law and regulations;
  • our sub-contractors for the purposes of carrying out work on our electricity distribution networks; and
  • our service providers for the purposes of providing services to us (including third party survey providers in order to carry out surveys on our behalf).

We may also use aggregate information and statistics in order to help us develop our services and may provide such aggregate information to third parties. These statistics will not include information that can be used to identify any individual. Marketing: If you have provided consent, or we otherwise have the right to do so, we may send to you direct marketing and promotional materials relating to our services, engagement activities or related products, for example sending you communications (including by email) for these purposes. You can unsubscribe at any time by clicking the “Unsubscribe” link in any of our emails or by emailing unsubscribe@ssen.co.uk

How long will we keep it?

We will keep your information only for as long as necessary depending on the purpose for which it was provided. When determining the relevant retention periods, we will take into account factors including: 

  • our contractual obligations and rights in relation to the information involved;
  • legal obligation(s) under applicable law to retain data for a certain period of time;
  • (potential) disputes; and
  • guidelines issued by relevant data protection authorities.

Otherwise, we securely erase your information once this is no longer needed. Details of retention periods for different aspects of your personal data are available in our retention policy which you can request by contacting us using the details below in the ‘Contacting us’ section.

How is your personal information transferred outside the EEA and the UK?

International Data Transfers – How is your personal data transferred outside of the European Economic Area (EEA)?

We, or a third party who we share personal information with, may transfer, host, store and/or handle your personal information outside of the EEA. For example, where we and/or our service providers (including servers) are based outside of the EEA . The EEA consists of countries in the European Union, Iceland, Liechtenstein and Norway and are all considered to have equivalent laws in data protection and privacy. During the Brexit transition phase (until 31 December 2020), the UK including Northern Ireland, are also considered to have equivalent laws in data protection and privacy. 

We will only permit this to happen if adequate safeguards have been put in place to protect your personal information. For countries outside the UK, this means that we will:

  • ensure that the country in which your personal information will be handled has been deemed “adequate” by the European Commission under Article 45 of the General Data Protection Regulation (GDPR); or
  • include standard data protection clauses approved by the European Commission for transferring personal information outside the EEA and the UK into our contracts with those third parties (these are the clauses approved under Article 46.2 of the GDPR).

Your rights

You have the following rights regarding your information:

Rights

What does this mean?

1. Right to be informed

You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data and your rights. This is why we’re providing you with the information in this Privacy Notice.

2. Right of access

You have the right to obtain access to your personal data (if we’re processing it) and certain other information (similar to that provided in this Privacy Notice). This is so you’re aware and can check that we’re using your personal data in accordance with data protection law.

3. Right to rectification

You are entitled to have your personal data corrected if it’s inaccurate or incomplete.

4. Right to erasure

This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your personal data where there’s no compelling reason for us to keep it. This is not a general right to erasure; there are exceptions.

5. Right to restrict processing

You have rights to ‘block’ or suppress further use of your personal data in certain circumstances. When processing is restricted, we can still store your personal data, but may not use it further.

6. Right to data portability

You have the right to obtain and reuse your personal data in a structured, commonly used and machine readable format in certain circumstances.  In addition, where certain conditions apply, you have the right to have such information transferred directly to a third party. 

7. Right to object to processing

You have the right to object to certain types of processing, in certain circumstances.  In particular, the right to object to the processing of your personal data based on our legitimate interests or on public interest grounds; the right to object to processing for direct marketing purposes (including profiling); the right to object to the use of your personal data for scientific or historical research purposes or statistical purposes in certain circumstances. 

8. Right to withdraw consent

If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal data for direct marketing.

For more information on your rights or if you would like to exercise any of your rights, you are welcome to contact us at the contact details set out below under “Contacting us”.

Contacting us

If you would like to contact us in relation to your rights, or if you are unhappy with how we’ve handled your information, you may contact us as follows: Email: networksdataprotection@sse.com Address: Networks Data Protection Team, 2nd Floor, SSEN, Inveralmond House, 200 Dunkeld Road, Perth PH1 3AQ

If you would like to contact our Data Protection Officer, you may do so using the following details:

Email: dpo@legal.sse.com

Address: Data Protection Officer, No. 1 Forbury Place, 43 Forbury Road, Reading, RG1 3JH

If you’re not satisfied with our response to any complaint or believe our processing of your information does not comply with data protection law, you can make a complaint to the Information Commissioner’s Office (ICO) using the following details:

Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Telephone number: 0303 123 1113

Website: www.ico.org.uk