Privacy Policy & Cookies Policy
DISCLAIMER
This policy is valid for all Regent Utilities businesses including Regent Gas Ltd and, Regent Power Ltd. Regent Utilities will use all reasonable, appropriate, practical, and cost-effective measures to protect its information systems and achieve its security objectives.
This policy has been written in line with the Document Control Policy.
INTRODUCTION
We take your personal data privacy very seriously and we're committed to protecting your personal data by complying with the relevant privacy legislation.
The purpose of this Data Privacy Policy is to make it easier for you to understand how we use and protect your personal data. It will help you understand your privacy rights, how, when and why we need to process your personal data, and how you can get in touch with us if you need to.
We ask that you read this Data Privacy Policy before providing us with any personal information.
DEFINITIONS
“Personal data” is information that relates to an identifiable person who can be directly or indirectly identified from that information, for example, a person’s name, identification number, location, online identifier. It can also include pseudonymised data.
“Special categories of personal data” is data which relates to an individual’s health, sex life, sexual orientation, race, ethnic origin, political opinion, religion, and trade union membership. It also includes genetic and biometric data (where used for ID purposes).
“Criminal offence data” is data which relates to an individual’s criminal convictions and offences.
“Data processing” is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
WHAT IS OUR ROLE?
We are Regent Utilities Ltd which is a group of companies which includes Regent Gas Ltd and Regent Power Ltd, electricity and gas retailers operating in Great Britain.
Our registered office is at:
Regent House, Kendal Avenue, London W3 0XA
To help us manage our relationship with our customers and provide a better service, we may need to collect, store and use your personal information. From a legal point of view, this is known as processing personal data.
We’re a "controller" of your personal data. This is a legal term meaning that we make decisions about how and why we process your personal data, and, because of this, we’re responsible for making sure it’s used in accordance with data protection laws.
We may engage a number of external third-party companies that process your personal data on our behalf. These companies are referred to as “processors”. When we use processors, they’ll use your personal data on our behalf and only for the services and limited purpose that we instruct them to use it. When we use processors, we remain responsible, as a controller, for compliance with all data protection legislation.
WHO DOES THIS DATA PRIVACY POLICY APPLY TO?
This policy relates to the collection and use of the personal data of individuals and the key contact within businesses we are in a business partnership with.
It is intended that this Data Privacy Policy covers:
- Existing, potential and previous customers and those acting on their behalf
- Suppliers
- Contractors
- Visitors to our sites (including in vehicles)
- Visitors to our websites
- Individuals who make general enquiries about our services
- Third parties
WHY DO WE PROCESS YOUR PERSONAL DATA?
We’re required by law to always have a permitted reason or justification (called a “lawful basis” or “legal basis”) for processing your personal data. Depending on the processing activity, we may use one or more of the following lawful bases for processing your data:
- Consent: where you’ve given your consent for the processing.
- Contract: where processing is necessary for the performance of a contract.
- Legal obligation: where processing is needed to comply with our legal obligations.
- Vital interests: where processing is needed in order to protect your vital interests or those of another person.
- Public task: where processing is needed for us to perform a task in the public interest of our official functions.
- Legitimate interests: where processing is needed for our legitimate interests or those of a third-party unless, on balance, these are outweighed by the need to protect your individual rights
REGULATED PERSONAL DATA PROCESS
As an energy retail business, our activities are regulated by authorities who require us to keep reliable, accurate and up to date records of customers’ details as well as any interactions with them related to these regulated services.
In order to support the delivery of these services, which are in the public interest, as well as being a legal obligation, we need to process personal data for the following purposes:
- Receiving payment
- Debt recovery
- Metering
- Dealing with billing enquiries
- Dealing with network enquiries
- Communication of services
- Fraud prevention and detection of Criminal Activity
- Training
- Listening and addressing concerns to improve services
- Managing legal claims
- Providing requests for information
- Assessing your ability to pay
- In order to exercise any legal powers as an energy retail company
WHAT TYPES OF DATA CAN WE PROCESS?
We can process the following types of data:
- Personal Data
Information that can be used to identify an individual, either directly on its own or in combination with other information such as a name, an identification number, location data, an online identifier. - Special Categories of Personal Data
Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. Criminal conviction related data (about allegations, offences or sentencing) is also treated in a similar way. - Pseudonymised
Personal data that has been processed in such a way that it can no longer be attributed to a specific person without the use of additional information. Such additional information must be kept carefully separate from personal data. - Anonymised
Data in a form that does not identify individuals. Personal data, once it is anonymised, is no longer personal data. - Aggregated
Statistical data about several individuals that have been combined to show general trends or values without identifying individuals within the data.
WHAT PERSONAL DATA DO WE COLLECT ABOUT YOU?
We may collect, use, store and transfer different kinds of personal data about you as follows:
- Information provided to us by a third-party intermediary (TPI) or energy broker who is authorised to act on your behalf, including contact details of individuals which you provide at the time of entering into a contract with us or for the purpose of a quote
- Identity Data includes first name, surname, username or similar identifier, marital status, title, national insurance number, date of birth and gender.
- Contact Data includes billing address, delivery address, postcode, email address and telephone numbers.
- Energy supply information such as consumption data, MPRNs/MPANs, meter read, information about your meter, and details of your gas and/or electricity consumption. Note that this information can be also provided by other market participants, such as ECOES and Xoserve.
- Financial Data includes data to and from Credit Reference Agencies, bank account and payment card details.
Personal data that has been processed in such a way that it can no longer be attributed to a specific person without the use of additional information. Such additional information must be kept carefully separate from personal data. - Transaction Data includes details about payments to and from you.
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plugin types and versions, operating system and platform and other technology on the devices you use to access this website. This will be done mainly through cookies. You will find the cookies policy on our website.
- Usage Data includes information about how you use the Website and how you consume the services.
- Services Information: Energy usage information, payment details, order history, data to establish your current address.
- Video Images: CCTV footage.
- Direct point of contact: letter, email, fax, forms.
- Calls: Recorded telephone calls.
- Data from and to law enforcement agencies: such as the Police, Department for Work and Pensions, HM Revenues and Customs (HMRC), UK Visas and Immigration.
- We may also be provided with information about you by a previous tenant. We work closely with third parties, sub-contractors and regulatory bodies including the Office of Gas and Electricity Markets (“Ofgem”).
Processing of personal data related to our employees are available within our Employee privacy policy only for internal request.
HOW DO WE USE YOUR INFORMATION?
We use information held about you in the following ways:
- Quoting, entering into a Contract and Performing the Contract.
- To provide the TPI with a quote for the supply of electricity, gas or both.
- To carry out our obligations under any supply contracts entered into between you and us.
- To enable us to produce accurate invoices.
- To process payments from you or to process payments to you.
- To respond to your requests and queries.
- To share with credit reference agencies (CRAs).
Ensuring the Quality of our Services & Effectiveness of our Website
- To help train our staff.
- To provide you with information, products or services that you request from us.
- To ensure that content from our site is presented in the most effective manner for you and for your computer.
- To provide access to restricted parts of the website.
Internal Business Purposes
- For internal purposes, such as internal reviews, website and system administration, internal audits.
To comply with our legal and regulatory obligations
- To help prevent and detect debt, fraud, loss and energy theft.
- Where necessary to comply with applicable laws.
WHO DO WE DISCLOSE YOUR INFORMATION TO?
Within the company
Within the company, who sees or has access to your personal data will depend on why we need to process it. For example:
- Our Compliance Team for any disputes, complaints and requests for information.
- Our Accounts Payable Team for issuing compensation payments.
- Our Account management Team and their contractors in relation to connections to your property and our network.
Third-party
We use third-party organisations to help us provide our services to you and with whom we share data. These third parties can’t do anything with your personal information and won’t share your personal information with any other organisation unless they are instructed by us to do so. They will hold it securely. These third parties with whom we share your data are based in the United Kingdom.
These third parties associated are such as:
- Credit Reference Agencies.
- Police, Department for Work and Pensions, HMRC, UK Visas and Immigration and any other law enforcement agency to the extent necessary for purposes including preventing, investigating, detecting, and prosecuting criminal offences; or validating a claim.
- Business partners, suppliers and subcontractors for the performance of any contract we enter into with them.
- Agents we engage to perform functions on our behalf including repaying compensation claims for delay, processing payments, trade credit insurers, collecting debts owed to us, responding to emergencies.
- Providers of services relating to the installation, maintenance and removal of meters and meter readers and anyone providing business services under a contract.
- Any energy broker to act on your behalf in relation to your energy supply.
Regulatory agencies
We also have to provide data to other participants in the energy market.
- These include central data service providers such as Xoserve and ECOES network operators and other suppliers and shippers.
- Ofgem, BEIS, the Energy Ombudsman and any other regulatory authority we may be subject to for the purposes of demonstrating compliance with applicable law and regulations.
- Our Corporate Auditory Consultant for the purposes of demonstrating compliance with financial and regulatory frameworks.
If we suspect someone has committed fraud or stolen energy by tampering with the meter, or diverting the energy supply, we will record these details on your account and may share this information with Ofgem, SPAA and other people who are interested such as other energy suppliers.
Transferring business
We may also disclose your personal information to third parties:
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- If the company or substantially all of its assets are acquired by a third-party, in which case personal data held by it about its customers will be one of the transferred assets.
HOW DO WE COLLECT YOUR PERSONAL DATA?
In most cases, for our customers we’ll collect this information through a broker or a Third-Party Intermediaries (TPI), for example:
- When you have a meter installed.
- When you make payments to us.
- When you use our services.
- When we receive your personal data from third parties, such as credit reference agencies or fraud prevention organisations and previous suppliers.
- We may collect your personal data from anything you have provided us over the telephone, in a letter, email, fax.
- We also use CCTV cameras on our sites to capture images of people and vehicle identification information such as number plates.
- From recorded telephone calls; all calls are recorded as necessary for our energy suppliers or for our own quality controls and training.
- From industry specialists such as ECOES and Gas “Access data” but not exclusively, half-hourly data readings and consumption’s, full electricity MPAN numbers and Gas MPRN details, Authorise Supply Capacities, and meter information including smart metering.
We may collect your personal data from anything you have provided us on our website through a web form.
These are known as personally identifying information. Here are the main circumstances when you will be asked for personal information on our website.
- Get a quote on your business gas form.
- Request site works form.
- Submit your readings online form.
- Contact us form.
CREDIT CHECKING
We may supply your personal information to credit reference agencies (CRAs) and they will give us information about you, such as about your financial history. We do this to assess creditworthiness and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity. We will also continue to exchange information about you with CRAs on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. CRAs will share your information with other organisations.
The identities of the CRAs, and the ways in which they use and share personal information, are explained in more detail here.
We may take credit scoring information into account when deciding the conditions placed upon your supply, including any premium to be added or security deposit required. In the majority of cases, we will also consider other information that we hold about you.
HOW DO WE KEEP YOUR PERSONAL DATA SAFE?
We take appropriate technical and organisational measures to prevent
- Unauthorised or unlawful processing of personal data; and
- Accidental or unlawful loss, alteration or destruction of, or unauthorised, disclosure of or access or damage to, personal data.
Your personal data is held in secure systems with controlled access and subject to cybersecurity measures, whether we’re processing it in our offices or sites or working from home. We also apply strict physical security at all our sites and offices.
Our complete IT security policy can be accessed on request.
HOW LONG DO WE KEEP YOUR INFORMATION?
In line with our Retention and Schedules Policies, we take all reasonable steps to retain your information for only as long as is necessary for the provision of our services. We will not keep your personal data longer than is necessary. The law and our regulatory requirements determine the length of time information has to be kept We adhere to the appropriate national standards and guidelines regarding data retention. When we delete your personal data, we do so securely.
Our complete Retention and Schedules Policies can be accessed on request.
CONTROLLING YOUR PERSONAL INFORMATION
It is important that the personal information we hold about you is accurate and current. If you believe that any information, we are holding to you is incorrect or incomplete, please write to or email us as soon as possible. We will promptly correct any information found to be incorrect.
If you wish to exercise any of the above rights or to review, verify, correct or question anything detailed in this policy or are unhappy with any aspect of how we use your data please contact us at data@regentgas.co.uk for the gas or electricity.
Where our processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. If you do decide to withdraw your consent, we’ll stop processing your personal data for that purpose, unless there is another lawful basis we can rely on – in which case, we’ll let you know. You may exercise any of these rights free of charge, by contacting us at data@regentgas.co.uk for the gas or electricity.
We may need to check your identity and may need to ask for more information – it’ll help us to help you if you're as specific in your request as possible.
We’ll comply with your request within one calendar month (from the time we receive your request, or any additional information we asked for) unless:
- It's a complex request – in such cases, we’ll respond within the month to inform you of the appropriate response period that will apply to your request (which may be a period of up to two months); or
- in exceptional circumstances, we would not be able to carry out your request. In these cases, we'll inform you of the reason within a one-month period.
HOW TO ACCESS TO YOUR DATA
An individual can raise concerns regarding the processing of their personal data by Regent Gas or Regent Power or request access through a Subject Access Request (SAR). A third-party can also make a SAR on behalf of a person with proof of ID and permission. The request can be made either by
Sending a mail to data@regentgas.co.uk with the object “Subject Access Request”
Or, sending a letter by registered mail to Compliance Officer, Subject Access Request
Regent House, Kendal Ave, London W3 0XA
We will respond to your request within one month of verifying your details. The more specific you are and the more information they provide, the quicker Regent Gas or Regent Power is able to respond.
CONTACT AND ESCALATION DETAILS
You have the right to lodge a complaint regarding our use of your data or regarding our data protection practices.
- Contact by email
For any query related to our use of your personal data, please contact us to have your concerns addressed at: data@regentgas.co.uk for gas and electricity - Contact over the phone
Telephone: 0845 241 2700 and ask to be put through to the Regulation and Compliance manager - Contact by post
Regent House, Kendal Ave, London W3 0XA
If we fail to resolve your issue, you can report any complaint to the Information Commissioner’s Office.
HOW TO CONTACT THE ICO?
If you are unsatisfied with our response to any data protection issues you raise with us, you have the right to make a complaint to the Information Commissioner’s Office (ICO). The ICO is the authority in the UK which is tasked with the protection of personal data and privacy.
Whilst we hope that we can address any questions or concerns you might have, should you need to contact the Information Commissioner’s Office you can do so using one of the following methods:
icocasework@ico.org.uk
Telephone: 0303 123 1113 Textphone: 01625 545860
Monday to Friday, 9am to 4:30pm
Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Website: www.ico.org.
POLICY REVIEW AND OWNERSHIP
This Data Privacy Policy will be reviewed and amended as required, and at least every year by the appointed compliance officer, to reflect changes in our services as well as to comply with changes in Data Protection Laws and Legislation. If we make any significant changes impacting your privacy, we'll make this clear on our website. Please remember to check from time to time. Therefore, we would, encourage you to review this policy on a regular basis.