Privacy Policy

Privacy Policy and Data Protection

Last updated: 27th July, 2018

Warmer Communities take our commitment to your privacy seriously, and we treat any information you provide to us with care. This policy describes what we do with your information and what we do to keep it secure. It also explains where and how we collect your personal information, as well as your rights over any personal information we hold about you.

We recommend that you read this Privacy Policy in full to ensure you are fully informed. If you have any questions about this policy or our data collection, use, and disclosure practices, please contact us.

 

THE INFORMATION WE COLLECT

  • We collect your data directly and this data may include: Your name, address, and in some cases your date of birth e.g.
  • So we can check you are eligible for the scheme and contact you regarding your installation
  • Proof of identity e.g.
  • which may be collected to evidence a supporting component or for eligibility evidence
  • Copies of documents showing proof of benefits and income supplied to you by the Department for Work and Pensions and HMRC, this will be limited to information showing you are eligible for the scheme.
  • Your phone number and email address e.g.
  • so you can be contacted as necessary for the Purpose outlined in this notice
  • Optional: the financial amount you have contributed towards the cost of the installation
  • e.g. to help the Department for Business, Energy and Industrial Strategy develop future schemes

Providing your personal data

We will tell you if providing some of your personal data is optional. In all other cases you must provide your personal data or we will be unable to install a measure into your home under the ECO scheme.

WHAT DO WE DO WITH YOUR DATA

We will process your personal data:

  • As necessary to fulfil our contract with you e.g.
  • To manage and undertake the contract (including the installation of a measure into your property).
  • As necessary to pursue our legitimate interests e.g.
  • to check you are eligible for the ECO scheme and other potential funding schemes.
  • To share your data with third parties who administer, support or enforce the ECO scheme (as specified under ‘Sharing your personal data’).
  • To collect the financial amount you have contributed towards the cost of the installation.
  • As necessary to comply with a legal obligation e.g.
  • Where you exercise your rights to make requests under data protection law. In some circumstance we may need to process special categories of data e.g. information related to your health as evidence you are eligible for the scheme).

In these cases, will provide you with separate information showing you how we will process your data and the legal basis under which we are processing it.

Sharing your personal data 

We will share your personal data:

  • If necessary the Department for Work and Pensions will profile your data in order to provide a YES/NO response via the Energy Saving Trust1 to verify whether or not you receive the relevant benefits to be eligible for the scheme;
  • The Office of Gas and Electricity Markets (Ofgem)2 will:
  • use and share your information in order to fulfil its statutory duties;
  • if requested, share your information with the installer of the measure in order to verify whether it has been notified to Ofgem.
  • if necessary, share your information with auditors contracted to ensure the integrity of the scheme.
  • when required, disclose your personal information to the Secretary of State of the Department of Business, Energy and Industrial Strategy.
  • they may use some of the data for research and statistical purposes and may, for these purposes, link the data with other data sources they hold.
  • The obligated energy supplier3 (who will make a contribution towards the cost of the measure; and will process data as necessary to comply with a legal obligation4 and in accordance with their own privacy policies);
  • Relevant companies supporting the installation e.g.
  • the installer (who installs the measure), the installer’s certification body (who monitor a sample of installations to ensure they meet the correct standards).
  • technical monitoring agents (who monitor a sample of installations to ensure they meet the correct standards).
  • managing agents (who facilitate the funding and installation of measures).
  • external auditing agencies (who provide assurance that the data being processed is correct).
  • building control inspectors (who check installations are installed in accordance with building regulations).
  • guarantee companies (who provide warranties for some measures such as wall insulation), the property owner, social housing provider, local authority or managing agent (as and where applicable).
  • software providers (who process your data)
  • Anyone else where it is required by law, or we have your consent.
  • The information you provide may be transferred to 3rd parties outside of the European Union. However, this will only take place where this is necessary for the Purpose outlined above. We will ensure all appropriate safeguards, including those set out by the ICO5, are in place to protect your data before any transfer takes place.
  • Your data will only be processed for purposes relating to ECO, unless you have specifically consented otherwise.

 

Criteria used to determine data retention periods

  • Retention for measures with a twenty-five year guarantee (including wall insulation): we may retain your personal data for up to twenty-five years, or as needed to match the lifetime of the guarantees provided;
  • Retention for all other measures: we may retain your personal data for up to seven years after the scheme ends, in line with HM Revenue & Customs record management6
  • The Department for Business, Energy and Industrial Strategy, will hold some information, including your address, but not your name or other personal information, for up to 25 years for statistical purposes.
  • Your rights, including accessing your data or amending incorrect data.

 

YOUR DATA PROTECTION RIGHTS UNDER THE GENERAL DATA PROTECTION REGULATION (GDPR)

  • If you wish to access, correct, update, or request deletion of your personal information, you can do so at any time by contacting us here.
  • In addition, you can object to the processing of your personal information, ask us to restrict the processing of your personal information or request portability of your personal information. Again, you can exercise these rights by contacting us here.
  • You have the right to require us to erase or anonymise your personal data which we are handling in the following circumstances:
    • We no longer need to use your personal data for the reasons we told you we collected it for.
    • Where we needed your consent to use your personal data and you have withdrawn your consent and there is no other lawful way we can continue to use your personal data.
    • You object to our use of your personal data and we have no compelling reason to carry on handling your personal data.
    • Our handling of your personal data has broken the law.

We must erase your personal data to comply with a law we are subject to.

  • You have the right to receive the personal data we hold about you in a structured, standard machine-readable format and to send this to another organisation controlling your personal data.
    This right only applies to your personal data that we are handling because you consented to us using it or because there is a contract in place between us.
  • You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” link in the marketing emails we send you.

A full list of your rights is available here: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/


THE WEBSITE

Use of Cookies

This website uses cookies to better the users experience while visiting the website. Where applicable this website uses a cookie control system allowing the user on their first visit to the website to allow or disallow the use of cookies on their computer / device. This complies with recent legislation requirements for websites to obtain explicit consent from users before leaving behind or reading files such as cookies on a user’s computer / device. Cookies are small files saved to the user’s computer’s hard drive that track, save and store information about the user’s interactions and usage of the website. This allows the website, through its server to provide the users with a tailored experience within this website. Users are advised that if they wish to deny the use and saving of cookies from this website on to their computers hard drive they should take necessary steps within their web browsers security settings to block all cookies from this website and its external serving vendors.

This website uses tracking software to monitor its visitors to better understand how they use it. This software is provided by Google Analytics which uses cookies to track visitor usage.

The software will save a cookie to your computer’s hard drive in order to track and monitor your engagement and usage of the website, but will not store, save or collect personal information. You can read Google’s privacy policy here for further information www.google.com/privacy.html

Other cookies may be stored to your computer’s hard drive by external vendors when this website uses referral programs, sponsored links or adverts. Such cookies are used for conversion and referral tracking and typically expire after 30 days, though some may take longer. No personal information is stored, saved or collected.

Contact and Communication

Users contacting this website and/or its owners do so at their own discretion and provide any such personal details requested at their own risk. Your personal information is kept private and stored securely until a time it is no longer required or has no use, as detailed in the Data Protection Act 1998. Every effort has been made to ensure a safe and secure form to email submission process but advise users using such form to email processes that they do so at their own risk. This website and its owners use any information submitted to provide you with further information about the products / services they offer or to assist you in answering any questions or queries you may have submitted. This includes using your details to subscribe you to any email newsletter program the website operates but only if this was made clear to you and your express permission was granted when submitting any form to email process. Or whereby you the consumer have previously purchased from or enquired about purchasing from the company a product or service that the email newsletter relates to. This is by no means an entire list of your user rights in regard to receiving email marketing material. Your details are not passed on to any third parties.

External Links

Although this website only looks to include quality, safe and relevant external links, users are advised adopt a policy of caution before clicking any external web links mentioned throughout this website.

The owners of this website cannot guarantee or verify the contents of any externally linked website despite their best efforts. Users should therefore note they click on external links at their own risk and this website and its owners cannot be held liable for any damages or implications caused by visiting any external links mentioned.

Adverts and Sponsored Links

This website may contain sponsored links and adverts. These will typically be served through our advertising partners, to whom may have detailed privacy policies relating directly to the adverts they serve. Clicking on any such adverts will send you to the advertiser’s website through a referral program which may use cookies and will track the number of referrals sent from this website. This may include the use of cookies which may in turn be saved on your computer’s hard drive. Users should therefore note they click on sponsored external links at their own risk and this website and its owners cannot be held liable for any damages or implications caused by visiting any external links mentioned.

Social Media Platforms

Communication, engagement and actions taken through external social media platforms that this website and its owners participate on are custom to the terms and conditions as well as the privacy policies held with each social media platform respectively. Users are advised to use social media platforms wisely and communicate / engage upon them with due care and caution in regard to their own privacy and personal details. This website nor its owners will ever ask for personal or sensitive information through social media platforms and encourage users wishing to discuss sensitive details to contact them through primary communication channels such as by telephone or email.

This website may use social sharing buttons which help share web content directly from web pages to the social media platform in question. Users are advised before using such social sharing buttons that they do so at their own discretion and note that the social media platform may track and save your request to share a web page respectively through your social media platform account.

Shortened Links in Social Media

This website and its owners through their social media platform accounts may share web links to relevant web pages. By default some social media platforms shorten lengthy urls [web addresses] (this is an example: http://bit.ly/zyVUBo). Users are advised to take caution and good judgement before clicking any shortened urls published on social media platforms by this website and its owners.

Despite the best efforts to ensure only genuine urls are published many social media platforms are prone to spam and hacking and therefore this website and its owners cannot be held liable for any damages or implications caused by visiting any shortened links.

Marketing Campaigns

  • We use email marketing to communicate with customers and potential customers from time to time. All email lists and campaigns are “opt-in” meaning we will not send you these sorts of emails unless you indicated that you wish to receive them.
  • We may also contact you via SMS or phone. All communications with you will give you the opportunity to “opt-out”.
  • We may contact you by phone, letter, SMS or email if you have been referred to us by someone who thinks you may be interested or benefit from our services. All communications with you will give you the opportunity to “opt-out”.
  • All marketing emails sent by us will include an unsubscribe link in the footer of the email. Emails sent to you may also include standard tracking, including open and click activities.
  • We use MailChimp for our email marketing. MailChimp’s privacy policy is available herehttps://mailchimp.com/legal/privacy/.
  • Analytics: We use analytics providers such as Google Analytics. Google Analytics uses cookies to collect non-identifying information. Google provides some additional privacy options regarding its Analytics cookies at policies.google.com/technologies/partner-sites.
  • As Required by Law and Similar Disclosures: We may also share information to (i) satisfy any applicable law, regulation, legal process, or governmental request; (ii) enforce this Privacy Policy and our Terms and Conditions, including investigation of potential violations hereof; (iii) detect, prevent, or otherwise address fraud, security, or technical issues; (iv) respond to your requests; or (v) protect our rights, property or safety, our users and the public. This includes exchanging information with other companies and organisations for fraud protection and spam/malware prevention.

DATA SECURITY

  • We employ a variety of security technologies and measures designed to protect information from unauthorised access, use, or disclosure. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information.
  • We only use third-party services, such as MailChimp, that are fully vetted and adhere to the highest levels of privacy and security practices.
  • All staff undergo initial training to ensure proper understanding of all security-related processes.

YOUR CONSENT

If we have collected and processed your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.

  • In using our website, you consent to the collection and use of this information by Thrift Energy in the ways described above. If you have any further questions about our privacy policy or its implementation, please contact us.
  • You have the right to lodge a complaint with the Information Commissioner’s Office, the supervisory authority for data protection issues in England and Wales.

The full reporting procedure is available online: https://ico.org.uk/concerns/, or you can call the ICO helpline on 0303 123 1113

WHAT DATA BREACH PROCEDURES DO WE HAVE IN PLACE

Should any event occur where customer data has been lost, stolen, or potentially compromised, our policy is to alert our customers via email no later than 48 hours of our team becoming aware of the event. We will also report any such incident to any required data protection authority.

CHANGES TO THIS POLICY

We may change this Privacy Policy from time to time. If we make significant changes in the way we treat your personal information, or to the privacy policy, we will make that clear on our websites, or by some other means such as email, so that you are able to review the changes before you continue to use our service.

If we decide to change our privacy policy, we will post those changes on this page so that you are always aware of what information we collect, how we use it and in what circumstances we disclose it.

1 See the EST datamatch service: https://datamatch.est.org.uk/

2 To find out more about how Ofgem processes your information, refer to their privacy policy available online: https://www.ofgem.gov.uk/publications-and-

updates/eco2t-privacy-policy

3 Supplier details are available at: https://www.ofgem.gov.uk/environmental-programmes/eco/contacts-guidance-and-resources/supplier-contact-details

4 The Electricity and Gas (Energy Company Obligation) (Amendment) Order 2017

5 https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/international-transfers/