Powertek Utilities is committed to ensuring that all of its activities are conducted in accordance with all applicable legal and regulatory requirements and the highest standards of ethical business conduct.
The purpose of this policy is to set out Powertek Utilities’ position on privacy of personal data and provide guidance to customers, employees, contractors, suppliers and other interested parties on the Company privacy obligations.
The corporate conduct of Powertek Utilities is based on acting responsibly, honestly and with integrity and ensuring that we deal with customers, staff, suppliers, the public and other stakeholders in an honest, reliable, fair and polite manner.
Powertek Utilities understands that individuals’ privacy is important to individuals and that individuals care about how their personal data is used. We respect and value the privacy of all of customers, employees, contractors, suppliers and other stakeholders. As such we will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and individual’s rights under the law.
Information About Us
Company, We, Us: Powertek Utilities Ltd
Registered address: 21 Forbes Place, Paisley, PA1 1UT
Company Registration No: SC431228
VAT number: 209 7280 02
Data Protection Officer: Adrian Skelton
Email address: email@example.com
Telephone number: 0141 849 2067
Postal Address: 21 Forbes Place, Paisley, PA1 1UT
We hold certification: ISO 9001:2015, ISO 14001:2015 OHSAS 18001:2007
What Does This Notice Cover?
This Privacy Information explains how we use individuals’ personal data: how it is collected, how it is held, and how it is processed. It also explains individuals rights and employees responsibilities under the law relating to individuals personal data.
What is Personal Data?
Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “Data Protection Act 2018”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as individuals name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.
The personal data that we use is set out in Part 5, below.
What Are My Rights?
Under the GDPR and the Data Protection Act 2018, you have the following rights, which Powertek Utilities will always work to uphold:
- The right to be informed about our collection and use of individuals personal data. This Privacy Notice should tell you everything you need to know, but you can always contact us to find out more or to ask any questions using the details in Part 11.
- The right to access the personal data we hold about you. Part 10 will tell you how to do this.
- The right to have individuals personal data rectified if any of individuals personal data held by us is inaccurate or incomplete. Please contact us using the details in Part 11 to find out more.
- The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of individuals personal data that we have. Please contact us using the details in Part 11 to find out more.
- The right to restrict (i.e. prevent) the processing of individuals personal data.
- The right to object to us using individuals personal data for a particular purpose or purposes.
- The right to data portability. This means that, if you have provided personal data to us directly, we are using it with individuals consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.
- Rights relating to automated decision-making and profiling. We do not use individuals personal data in this way. For more information about our use of individuals personal data or exercising individuals rights as outlined above, please contact us using the details provided in Part 11.
Further information about individuals rights can also be obtained from the Information Commissioner’s Office or individuals local Citizens Advice Bureau.
If you have any cause for complaint about our use of individuals personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
What Personal Data Does Powertek Utilities Collect and Hold?
Powertek Utilities may collect and hold some or all of the following present and past personal data (this may vary according to individuals relationship with us):
- Date of birth;
- Email address;
- Telephone number;
- Business name;
- Job title;
- Profession details;
- Payment information;
- Payroll information;
- Training and certification details;
- Licence and accreditation details;
- Work references, searches and performance;
- Medical information;
How Does Powertek Utilities Use My Personal Data?
Under the GDPR and the Data Protection Act 2018, we must always have a lawful basis for using personal data. This may be because the data is necessary for our performance as an employer, we have a contract or business relationship with you, because you have consented to our use of individuals personal data, or because it is in our legitimate business interests to use it.
Individuals’ personal data may be used for one of the following purposes:
- Providing and managing individuals’ account;
- Supplying our products or services to you;
- Purchasing products or services from you;
- Individuals’ personal details are required in order for us to enter into or service a commercial contract or contract of employment with you;
- Processing receipts, remittance, payments and payroll;
- Planning and scheduling of works, rotas, training, inspections or other work activities;
- Providing details (where individuals data may be included in such information) when required to do so to Government departments, HM Revenue and Customs, Local Authorities or Industry Regulators as required by Legislation or Regulation;
- Communicating with you. This may include responding to emails or calls from you.
You will not be sent any unlawful marketing or spam. We will always work to fully protect individuals’ rights and comply with our obligations under the GDPR and the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003, and you will always have the opportunity to opt-out.
How Long Will Powertek Utilities Keep My Personal Data?
We will not keep personal data for any longer than is necessary in light of the reason(s) for which it was first collected. Individuals personal data will therefore be kept in a secure location for a minimum of one year thereafter in archived storage.
Any personal data required to be retained under Legislation or Regulations shall be kept securely for the minimum length of time as may be required.
How and Where Does Powertek Utilities Store or Transfer My Personal Data?
We will only store or transfer individuals personal data in the UK. This means that it will be fully protected under the Data Protection Act 2018.
The security of individuals personal data is essential to us, and to protect individuals data, we store it in a secure location only accessible by authorised personnel.
Does Powertek Utilities Share My Personal Data?
Powertek Utilities will not share any of individuals’ personal data with any third parties for any purposes, subject to the following exceptions.
In some circumstances, we may be legally required to share certain personal data, which might include individuals, if we are involved in legal proceedings or complying with legal obligations, industry regulations, a court order, or the instructions of a government authority. This includes but is not limited to sharing with Government bodies such as HMRC (Her Majesty’s Revenue and Customers) and HSE (Health and Safety Executive) to meet legal requirements
If any of individuals’ personal data is required by a third party, as described above, we will take steps to ensure that individuals’ personal data is handled safely, securely, and in accordance with individuals rights, our obligations, and the third party’s obligations under the law, as described above in Part 8.
We may be required to share individuals’ training, licence and work information as follows:
- Certification and Accreditation organisations, including SSIP, ISO 9001, ISO 14001, ISO 18001, Achilles, Lloyds NERS.
- Clients or regulators who may require evidence of individuals qualifications
If any other situations arise where there could be a requirement to share data we will request individuals authorisation.
Employees may not disclose any trade secrets or other information of a confidential nature relating to the Company or information about any person employed by the company in any capacity or using the Company’s service or in respect of which the Company owes an obligation of confidence to any third party (including, without limitation, in written, oral, visual or electronic form or on any magnetic or optical disk or memory and wherever located) relating to the business, products, affairs and finances of the Company or individual for the time being confidential to the Company and trade secrets including, without limitation, technical data and know how relating to the business of the Company or any of its suppliers, clients, customers, agents, distributors, shareholders or management, including (but not limited to) information that you created, developed, received or obtained in connection with your employment, whether or not such information (if in anything other than oral form) is marked confidential (“Confidential Information”) during or after your employment has terminated except as required by law.
- You must not remove any Confidential Information from the Company’s premises at any time without proper advance authorisation.
- You must, if requested by the Company and, in any event on the termination of your employment, return to the Company all property and documents whether paper, electronic or otherwise belonging to the Company which are in your possession or under your control including copies of such property or documents.
- You must, if requested by the Company, delete all Confidential Information from any reusable material and destroy all other documents and tangible items which contain or refer to any Confidential Information which are in your possession or under your control.
- Whilst you are in employment with the Company you may as part of your duties, be expected to expand your network of contacts, including by using Linkedin and other networking sites. The contact details of business contacts of the Company made during the course of your employment are confidential information, and as such belong to the Company. For the avoidance of doubt, this includes any contacts that are added to Linkedin or any other networking site during the course of your employment. In the event that you leave the Company or give or receive notice of termination of your employment, you will be required to give full details of any such contacts in writing. If the Company wishes, and once the Company has confirmed that you do so, you must delete all professional connections which you have made during the course of your employment which have been added to any such networking site. You therefore agree that you will, on or before the termination of your employment, meet with the Company to undertake the exercise of deleting from such accounts any professional contacts and connections which were added to your account during the course of your employment with the Company as a result of your employment or activities undertaken by you.
- Whilst you are in the Company’s employment, and thereafter, you have a duty of care towards the Company to protect its reputation and not to do anything which might damage its reputation or lower its standing in the minds of others. For that reason, you undertake not to do any act or thing in any media whatsoever that might reasonably be expected would damage the business, interests or reputation of the Company or any Group Company. This includes making any direct or indirect references to the Company and/or any Group Company or any of its or their directors and employees in any online blog, or on any social or professional networking site or social media site (including but not limited to Facebook, WhatsApp, myspace, Bebo, Linkedin and Twitter).
How Can I Access My Personal Data?
If you want to know what personal data we hold about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”.
All subject access requests should be made in writing and sent to the email or postal addresses shown in Part 11. There is not normally any charge for a subject access request. If individuals request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
Powertek Utilities will respond to individuals subject access request within 28 days and, in any case, not more than one month of receiving it. Normally, we aim to provide a complete response, including a copy of individuals personal data within that time. In some cases, however, particularly if individuals request is more complex, more time may be required up to a maximum of three months from the date we receive individuals request. You will be kept fully informed of our progress.
How Do I Contact You?
To contact us about anything to do with individuals personal data and data protection, including to make a subject access request, please use the following details:
For the attention of: Adrian Skelton, Data protection officer
Email address: firstname.lastname@example.org
Telephone number: 0141 849 2067
Address: 21 Forbes Place, Paisley, PA1 1UT
Changes to this Privacy Notice
We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection.
Breach of this policy
Any breach of this policy by Powertek Utilities staff will be treated as a potential disciplinary issue and dealt with through our disciplinary procedure.
Employees must report all suspected breaches of this policy to their manager.
The company is committed to continuous improvement, monitoring compliance with this policy and the constant improvement of policies, processes and procedures to improve performance and provide highest levels of customer satisfaction.
Date: 22 March 2019
Next Review Date: April 2020