We are committed to ensuring your privacy is protected. This Privacy Notice explains how we use the personal data we collect about you, as discussed below.
For the purposes of the General Data Protection Regulation 2016/679, the Data Controller is SSE PLC (SC117119) having its registered address and trading address at Inveralmond House, 200 Dunkeld Road, Perth, Perthshire, PH1 3AQ. Our site may link to other websites and we are not responsible for their data policies, procedures or their content.
It is important that you read this privacy notice together with any other privacy notice we may provide you. This privacy notice supplements the other notices and is not intended to override them.
Who are we?
We are a leading generator of renewable electricity and one of the largest electricity network companies in the UK. We develop, own and operate low carbon infrastructure to support the zero-carbon transition. For more information about what we do, please see Who we are | SSE.
What personal data do we need?
Categories of data
We may collect and process the following categories of personal data about you:
- first name and last name;
- job title, and specialism;
- the company or organisation you are employed by, or in the case that you are a politician, the party and constituency you represent;
- contact details such as your company email address and telephone number;
- views and responses provided in any feedback, surveys, or research questionnaires;
- CCTV footage when you visit our sites or offices;
- personal data which you provide when you sign up to receive our Regulatory News Updates (“RNAs”); and
- your IP address.
What personal data do we need?
Collecting and processing
The personal data we process about you will be collected in a number of ways:
- when you contact us during the course of business by telephone, email, letter, in person;
- by monitoring our websites or any of our social media networks e.g. Twitter, Facebook, LinkedIn, Instagram.
- when you sign up to our newsletters or respond to our surveys and research questionnaires;
- when you attend an event or webinar provided by us;
- what we learn during the course of business by having you as a customer or contact;
- when your employer shares a site with us and we allow you to use our facilities such as EV chargers;
- from third parties companies who share data with us; and
- through the choices you give us about what marketing you want us to send you.
What personal data do we need?
Further information
We may collect your IP address automatically when you visit our website. Some of this may be collected using cookies and similar tracking technology which we may create and access cookies on your PC. Cookies are small text files stored in your web browser, which can identify you when you visit our website and in our cookies policy. For more information see our cookies policy via the link below.
Why do we collect it?
In order for you to use some of the services available on this website or in the course of business described above, (referred to in this notice as the “Services”), we need to know some of your personal data.
We need this personal data so we can:
- provide you with the Services and communicate with you on any matter relating to the conduct and/or provision of the Services in general. If you don’t provide us with that personal data you may not be able to access certain Services;
- sign you up to news alerts and send you information about topics and events that may interest you;
- better understand why you visit our website, where you come from, and what content on the SSE website you are looking for;
- respond to your enquiries;
- engage with key stakeholders to receive and provide views on SSE’s position in the energy market, understand their views on issues relating to SSE and communicate with them in relation to campaigns, including on social media;
- carry out checks on customers, suppliers and other third parties, which relate to activities such as anti-money laundering, countering terrorist financing and other unlawful acts (for example, illegal trafficking and environmental crime) and anti-bribery and corruption requirements;
- ensure the health and safety of our staff, visitors and members of the public and prevent crime; and
- provide you with certain facilities such as EV charging.
Who do we share it with?
We may have to share your personal data with:
- internal third parties such as companies in the SSE Group acting as joint controllers or processors and who are based in the UK and Republic of Ireland;
- external third parties such as:
- survey providers that we use to contact you to gather opinions;
- service providers acting as processors ;
- professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers;
- HM Revenue & Customs, regulators and other authorities who require reporting of processing activities in certain circumstances;
- advisers and any prospective purchasers and their advisers, and any new owners of the business, in the event of selling transferring, or merging whole or part of the business.
- to third parties offering analytics services about aggregate information and statistics about website usage. These statistics will not include information that can be used to identify any individual.
How long will we keep it?
We will keep your data for as long as we need it in order to provide you with the Services or have a continuing legitimate interest or legal obligation that requires us to retain it.
When we no longer have legitimate reason for continuing to process your personal data, this will be deleted, anonymised or put beyond use.
We will keep your name and email address while you are signed up to receive RNAs. If you withdraw your consent for us to send these to you, we will delete your details.
Legal, security and data transfers
Legal bases for processing
In order to process and use your personal data lawfully, we rely on the following legal bases:
- for our legitimate interests, including improving the website and the Services.
- consent (where you sign up to receive RNAs or to email updates and events). You can withdraw this consent at any time; and
- to comply with our legal obligations.
Legal, security and data transfers
Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach.
Legal, security and data transfers
International data transfers
Your personal data may be transferred to or processed in a country which is outside your resident country (this includes outside of the United Kingdom and European Economic Area (“EEA”)). This may include transfers to other companies within the SSE group, and to third parties.
We take organisational, contractual, and legal measures to ensure that adequate levels of protection have been implemented to safeguard your personal data such as:
- Where the country has been granted an adequacy decision by the European Commission and/or the Information Commissioner in the UK. This means that the destination country provides an adequate level of protection which is equivalent to that applied in the UK, and the EEA;
- Put in place a contract with the third party receiving the personal data, which incorporates the Standard Contractual Clauses (“SCCs”) which has been issued by the European Commission (in relation to transfers of European residents’ personal data) and the UK addendum to the SCCs which has been issued by the ICO (in relation to transfers of UK residents’ personal data), that means the third party who receives the personal data must protect it to the same standards set out in the GDPR;
- Where an appropriate derogation as set out in Article 49 of the GDPR applies; or
- Where the EU-US Data Privacy Framework and/or the UK Extension to the EU-US Data Privacy Framework arrangements apply.
Your rights
You have the following rights regarding your personal data:
Rights | What does this mean? |
1. Right to be informed | You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data and your rights. This is why we’re providing you with the information in this Privacy Notice. |
2. Right of access | You have the right to obtain access to your personal data (if we’re processing it) and certain other information (similar to that provided in this Privacy Notice). This is so you’re aware and can check that we’re using your personal data in accordance with data protection law. |
3. Right to rectification | You are entitled to have your personal data corrected if it’s inaccurate or incomplete. |
4. Right to erasure | This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your personal data where there’s no compelling reason for us to keep it. This is not a general right to erasure; there are exceptions. |
5. Right to restrict processing | You have rights to ‘block’ or suppress further use of your personal data in certain circumstances. When processing is restricted, we can still store your personal data, but may not use it further. |
6. Right to data portability | You have the right to obtain and reuse your personal data in a structured, commonly used and machine readable format in certain circumstances. In addition, where certain conditions apply, you have the right to have such personal data transferred directly to a third party. |
7. Right to object to processing | You have the right to object to certain types of processing in certain circumstances. In particular, the right to object to the processing of your personal data based on our legitimate interests or on public interest grounds; the right to object to processing for direct marketing purposes (including profiling); the right to object to the use of your personal data for scientific or historical research purposes or statistical purposes in certain circumstances. |
8. Right to withdraw consent | If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal data for direct marketing. |
For more information on your rights or if you would like to exercise any of your rights, you are welcome to contact us at the contact details set out below.
Contacting us
If you would like to contact our Data Protection Officer, you may do so using the following details:
Email: [email protected]
We sold our retail business to OVO Energy in January 2020. If you are a domestic energy customer and have a data protection enquiry, please contact OVO Energy directly.
If you’re not satisfied with our response to any complaint or believe our processing of your personal data does not comply with data protection law, you can make a complaint to the Information Commissioner’s Office (ICO) using the following details:
Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Telephone number: 0303 123 1113
Website: www.ico.org.uk.