(each referred to as the "Website" and together the "Websites").
Flexible Power is a service operated by the following Distribution Network Operators:
- Northern Powergrid (Northeast) plc (company number: 02906593);
- Northern Powergrid (Yorkshire) plc (company number: 04112320);
- SP Distribution plc (company number SC189125);
- SP Manweb plc (company number 02366937);
- Scottish Hydro Electric Power Distribution plc (company number SC213460);
- Southern Electric Power Distribution plc (company number 04094290);
- Western Power Distribution (East Midlands) plc (company number 02366923);
- Western Power Distribution (West Midlands) plc (company number 03600574);
- Western Power Distribution (South West) plc (company number 02366894); and
- Western Power Distribution (South Wales) plc (company number 02366985)
- Electricity North West Limited (company number: 02366949);
(together the “Companies”).
In this Policy, references to "we", "us", and "our" (and other similar terms) are to the Companies and "you" and "your" (and other similar terms) are to you acting in your personal capacity as a provider or potential provider of flexibility services to the Companies or as a visitor to the Websites.
This Policy sets out:
a) The way in which we will process the personal information we collect from you when you interact with us through the Websites;
b) The legal basis for the processing of that personal information; and
c) The rights you have in relation to your personal information.
1. What personal information will we collect about you and for which purposes will we use it?
We will collect personal information about you when you fill in a registration form on the Websites and if we are working together. This includes collecting and processing the following information:
- Your contact details including, but not necessarily limited to, your name, address, telephone number(s) and e-mail address(es);
- Your views and opinions (in the form of feedback and comments) regarding our performance;
- Information you provide to us when making a complaint; and
- Information about your visits to and use of the Websites, including the pages you access. Please see the cookies policy at www.flexiblepower.co.uk/cookie-policy for more information.
We will use the personal information we collect in order to:
- Contact and deal with you regarding upcoming flexibility procurement rounds that may of interest to you; and
- Conduct market research and/or satisfaction surveys.
2. What is the legal basis for the use of your personal information?
We consider that the legal bases for our use of your personal information are as follows:
a) In order to perform our obligations under any contract we may enter into with you to provide flexibility services;
b) In order to comply with our legal obligations (for example, providing information to Ofgem or making information available if required by our electricity distribution licence or associated industry codes); and
c) For the legitimate interests of our respective business including the following:
- Inviting you to participate in flexibility procurement rounds; and
- Administering the flexibility procurement rounds and other internal administrative purposes.
3. With whom will we share your personal information?
We may share your personal information with certain third parties, as follows:
a) Consultants, suppliers and contractors we use to help us regarding the procurement and/or provision of flexibility services but we will only give them personal information to the extent they need it to carry out their specific tasks for us. If that is necessary, we will have contracts in place containing obligations regarding the use and security of personal information to ensure that it is protected as much as possible;
b) Any member of our groups of companies, which means our subsidiaries, our ultimate holding company and its subsidiaries; and
c) If we are under a duty to disclose it in order to comply with any legal obligation that may be placed upon us.
4. For how long will we retain your personal information?
We will keep your personal information for no longer than is necessary, which will depend on the purposes for which it is processed and/or it is required to comply with applicable laws and to establish, exercise or defend our legal rights.
5. How will we keep your personal information secure?
We have in place appropriate technical and organisational measures to protect your personal information against unauthorised or unlawful use, and against accidental loss, damage or destruction. We have put in place data processing contracts with our third party service providers and will not pass any personal information to third parties for marketing purposes unless you have specifically agreed to it.
Unfortunately, the transmission of information via the internet is not completely secure. If you provide personal information to us via the Websites, we will do our best to protect it but we cannot guarantee its security and any transmission is at your own risk.
6. Will we transfer personal information outside of the United Kingdom (the “UK”)?
We may transfer personal information outside of the UK, for example to other members of our groups of companies or to our service providers engaged in, among other things, the provision of support services. If we do transfer personal information outside of the UK, we will ensure that such transfers are either to countries in respect of which the UK has made an adequacy decision or we have in place appropriate safeguards to protect that personal information, including at least one of the safeguards required by the Data Protection Act 2018. Otherwise, we will not transfer your personal information to a third party outside of the UK unless you have confirmed to us that you are happy for us to do so.
8. Your rights
Subject to certain conditions, you have the right to:
i) Access your personal information;
ii) Be informed about how we process your personal information;
iii) Have your personal information rectified or erased;
iv) Restrict our processing of your personal information;
v) Object to our processing of your personal information; and
vi) The portability of your personal information, e.g. to receive that information in a “machine-readable format”.
If we are processing any of your personal data based on you having given us consent to do so, you have the right to withdraw that consent at any time. However, this will not affect the lawfulness of any processing we may have undertaken based on you consent before it is withdrawn.
If you wish to exercise any of the rights set out above, you can do so by e-mailing us at: firstname.lastname@example.org.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who does not have the right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
9. Changes to the Policy
Any changes we may make to this Policy in the future will be posted on this page and, where appropriate, notified to you by e-mail or post.
It is important that the personal information we hold about you is accurate and current. Please keep us informed, if your personal information changes during your relationship with us.
10. Contact us
Each of the Companies is a controller of your personal information insofar as the Company concerned processes your personal information for its purposes.
You have the right to complain to the Information Commissioner’s Office about the way in which we process your personal information. You may do so by clicking on “Make a Complaint” button on the Information Commissioner’s website at https://ico.org.uk/ or by writing to:
Information Commissioner's Office
We will investigate and attempt to resolve any complaint or dispute regarding the use or disclosure of your personal information and we would, therefore, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance by e-mailing us at email@example.com
The contact details of the data protection officer for each of the Companies are as follows:
Electricity North West Limited:
Head of Risk Control and Assurance
Electricity North West
Northern Powergrid (Northeast) plc and Northern Powergrid (Yorkshire) plc:
Head of Regulatory Compliance
78 Grey Street
Newcastle upon Tyne
SP Distribution plc and SP Manweb plc (SP Energy Networks):
Data Protection Officer
320 St Vincent Street
SP Energy Networks & Scottish Power are part of the Iberdrola Group, therefore, all data transfers that occur within the group are carried out in accordance with the applicable data protection laws and Binding Corporate Rules (BCRs). The Iberdrola Group’s BCRs reflect European legislation on data protection (General Data Protection Regulation) and means that all companies in the Group have to comply with the same internal rules. You can download a copy of the Iberdrola’s BCR here.
Scottish Hydro Electric Power Distribution plc and Southern Electric Power Distribution plc:
Networks Data Protection Team
2nd Floor, SSEN
200 Dunkeld Road
Western Power Distribution (East Midlands) plc, Western Power Distribution (West Midlands) plc, Western Power Distribution (South West) plc and Western Power Distribution (South Wales) plc:
Legal Services Team
Western Power Distribution
Version date: May 2021