We are committed to safeguarding the privacy of users to our site and we will only use the information that we collect about you lawfully and in accordance with the Data Protection Act 1998 (the “Act”).
CHANGES TO DATA PROTECTION LEGISLATION
Data Protection legislation and the Act is currently going through a period of change. The introduction of the European Union’s General Data Protection Regulation (GDPR) and the new British Data Protection Bill, which will replace the Act and is currently passing through Parliament is the basis of this change. This Privacy Notice is therefore intended to comply with the Act and GDPR but may change over time.
DATA SUBJECT’S TERMS & CONDITIONS
DATA SUBJECT’S TERMS & CONDITIONS
PURPOSE OF PROCESSING PERSONAL DATA
We collect personal data for two reasons. Firstly, to process your account and secondly, to provide you with the best possible service, including providing tenders on behalf of our third party partners.
LAWFUL BASIS OF PROCESSING PERSONAL DATA
The lawful basis of processing your personal data are as follows:
- Legitimate Interest.As part of general marketing activities.
- Once you have started the process of signing a contract we will process your personal data on the basis of a Contract, even if the process hasn’t been completed.
CATEGORIES OF PERSONAL DATA PROCESSED
The information we hold should be accurate and up to date. The personal information which we hold will be held securely in accordance with our internal security policy and the law. The type or categories of personal data we will collect about you includes your:
- Company name;
- Postal address;
- Business address;
- Contact telephone numbers (land, mobile, fax);
- Email address; and
- Bank details. They are not stored on our website, or elsewhere. They are used only when providing suppliers details for contracts.
CATEGORY OF RECIPIENTS OF PERSONAL DATA
Your name, email and postal address will be passed to suppliers for the purpose of administration, safety and security. This may include supplementary information.
TRANSFER OF PERSONAL DATA OUTSIDE THE EEA (EUROPEAN ECONOMIC AREA)
Personal data will only be transferred outside the EEA or other areas of adequacy determined by the EU, to support the administration in those countries. If this is required, consent will be explicitly requested from you.
SENSITIVE PERSONAL DATA
We will never collect sensitive personal data about you without your explicit consent and a clear explanation why it is required.
SALE OR PASSING OF PERSONAL DATA TO THIRD PARTIES
We will not sell your personal data to any company.
RETENTION OF PERSONAL DATA
We will retain your personal data to support our records for 5 years to support our obligations to HMRC, and for reference for future business transactions. Once this period is reached we will securely dispose of your personal data.
DATA SUBJECT’S RIGHTS
Under the Act and in even more so under the GDPR you have a number of Rights which we have outlined below:
- Right of Access.You are entitled to access your personal data so that you are aware of and can verify the lawfulness of the processing. This is achieved through the mechanism of Subject Access Rights (SAR) and you have the right to obtain:
- Confirmation that your data is being processed;
- Access to your personal data (a copy); and
- Other supplementary information, which corresponds to the information in this privacy notice.
Identify Verification.To protect your personal data, FPU will seek to verify your identity before releasing any information, which will normally be in electronic format.
- Right of Rectification.You are entitled to have personal data rectified if it is inaccurate or incomplete. FPU will respond within one month of your request. In the unlikely event FPU does not take action to the request for rectification, FPU will inform you of your rights to complain or seek judicial remedy.
- Right of Erasure.You may request the deletion or removal of personal data where there is no compelling reason for its continued processing. The Right to Erasure does not provide an absolute ‘right to be forgotten,’ especially once the processing is based upon a contract. However, you do have a right to have personal data erased and to prevent processing in specific circumstances:
- Where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed;
- When you withdraw consent (and this is the basis of processing);
- When you object to the processing and there is no overriding legitimate interest for continuing the processing;
- The personal data was unlawfully processed;
- The personal data has to be erased in order to comply with a legal obligation.
- Right to Restrict ProcessingUnder the Act, you have a right to ‘block’ or suppress processing of personal data. The restriction of processing under the GDPR is similar. When processing is restricted, FPU is permitted to store the personal data, but not further process it. In this event exactly what is held and why will be explained to you.
- Right to Data PortabilityYou may request to obtain and reuse your personal data for your own purposes across different services. This allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability. The Right to Data Portability only applies:
- To personal data you have provided to FPU
- Where the processing is based on your consent or for the performance of a contract; and
- When processing is carried out by automated means.
- In these circumstances FPU will provide a copy of your data in CSV format, free of charge, without undue delay and within one month. If there is a delay to this, you will be informed.
- Right to ObjectYou have the right to object to:
- Processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
- Direct marketing (including profiling); and
- Processing for purposes of scientific/historical research and statistics.
- FPU do not participate in the first and third activities, however do conduct marketing activities as explained above.
- Automated Decision Making and ProfilingFPU does not employ any automated decision-making or conduct profiling of Data Subjects. However, if you have consented to be held on our Customer Relationship Management (CRM) data base we may periodically send you marketing information so that you are informed of upcoming events, business, updates and information about and pertaining to Full Power Utilities. These will be automated but they do not involve automated decision-making or profiling.
INFORMATION WE COLLECT AUTOMATICALLY
The information we collect from you enables us to fulfil your request for our services – namely, to send you information or content in which you may be interested, and keep you abreast of any updates related to our Site. We also use this information to personalise and continually improve our Site.
INFORMATION WE COLLECT AUTOMATICALLY
We may also use automated devices and applications, such as Google Analytics and Facebook Insights, to track usage of our Site. We may use the information gathered through these methods in anonymous or aggregated form to analyse ways to improve our Site. This information may also be associated with your username or email address and may be combined with other information, including personally identifiable information that we collect about you.
As noted, we may use automated devices and applications, such as Google Analytics, to evaluate usage of our Site. We also may use other analytic means to evaluate our Site. We use these tools to help us improve our Site, performance and user experiences.
HOW DO WE USE YOUR INFORMATION?
We use the information that we gather about you for the following purposes:
- To fulfil services related to your Account to you, to communicate with you about your use of our Site or products that we offer or make available through the Site, and for other customer service purposes.
- To respond to any inquiries, you submit to us.
- To operate and improve the Site.
- Where permitted by law, for marketing and promotional purposes; for example, we may use your information, such as your email address, to email you news and our newsletters.
- To better understand how users access and use our Site and Account, both on an aggregated and individualised basis, for the purposes of improving our Site.
We take responsibility for complying with the GDPR, at the highest management level and throughout our organisation.
We keep evidence of the steps we take to comply with the GDPR.
We put in place appropriate technical and organisational measures, such as: adopting and implementing data protection policies (where proportionate);
- – taking a ‘data protection by design and default’ approach – putting appropriate data protection measures in place throughout the entire lifecycle of our processing operations;
- putting written contracts in place with organisations that process personal data on our behalf;
- maintaining documentation of our processing activities;
- implementing appropriate security measures;
- recording and, where necessary, reporting personal data breaches;
- carrying out data protection impact assessments for uses of personal data that are likely to result in high risk to individuals’ interests;
- appointing a data protection officer (where necessary); and
- adhering to relevant codes of conduct and signing up to certification schemes (where possible).
We review and update our accountability measures at appropriate intervals.
0208 9355 512