Alt HAN Co is a vehicle established to allow all GB energy suppliers to deliver Alternative Home Area Network (Alt HAN) technological solutions and services. Our work includes assessing for the deployment of smart metering devices and technological solutions to allow smart meters to communicate with each other, otherwise known as Alt HAN equipment. Alt HAN Co is committed to protecting your privacy and compliance with all relevant legislation, including the General Data Protection Regulation (GDPR), where this applies to EU citizens, in addition to the ePrivacy Directive (implemented in the UK as the Privacy and Electronic Communications Regulations) and other applicable legislation.
1. THE DATA WE COLLECT ABOUT YOU
Typically, we will collect the personal data of energy customers, and residents and landlords in premises that may be suitable to benefit from Alt HAN services, in addition to staff at our suppliers, contractors, partners and other third parties. We use different methods to collect data from and about you, including the following:
You may give us your Contact Details by filling in forms on our website, through an existing business relationship with your company, or through the course of research or surveys conducted in the deployment of Alt HAN services. This information could also be collected directly from you through your interaction with Alt HAN Co in the course of business, or from you when you submit a complaint to us or make any other request. It could also be collected directly from extant databases (such as energy databases). This will include information such as:
- Your phone number
- Physical address
- Email address
- Contact preferences (for marketing purposes)
This information could be collected directly from you through your interaction with Alt HAN Co in relation to Alt HAN services and the deployment of Alt HAN Equipment, or as otherwise exchanged in the course of business. You may also enter this information in forms when you interact with on our website, through surveys (including Customer Satisfaction Surveys) conducted for Alt HAN services, including where you are a building resident or landlord. We may also collect the personal details of staff from energy suppliers, our business suppliers, sub-contractors or other third parties (such as the Department for Business, Energy and Industrial Strategy (BEIS)). Generally, this will include:
- Your name
- Company name
- Country or location
Where we need to make a payment to you or your organisation, or issue an invoice, we many collect your financial details in order to facilitate this. Generally, this will include:
- Bank name and sort code
- Bank account number
Where you are a resident at a building that may be suitable for the deployment of Alt HAN equipment, or otherwise fall within the remit of smart metering as an energy customer, we may process personal data specific to your smart meter, including meter serial numbers (MPANs, MPRNs, MPxNs). We may receive such data from extant energy databases such as those provided by Xoserve and Electralink, as well as directly from your energy supplier. Where we process such data, we will ensure it is stored and managed in accordance with the provisions of the Smart Energy Code (SEC).
Where you are a resident, tenant, owner or other occupant at a building that may be suitable for the deployment of Alt HAN equipment, or otherwise fall within the remit of smart metering as an energy customer, we may also collect and store information about your premise. This will generally not be considered personal information, and will largely consist of location (e.g. GPS coordinates), building measurements and specifications.
Similarly to other websites, we may also collect information from your device and store it in log file, as you interact with our website or websites hosted by our third party partners or cookies embedded in our website, in order to support your website experience and interactions with us. This information could include data on your IP Address, Location, device identifiers and information on links that you click on or content that you view.
We may also collect information relating to an activity/complaint or summary of engagement with the member of the public. We may also collect information in relation to Health and Safety incidents that occur with respect to our sub-contractors surveyors when conducting surveys (including Customer Satisfaction Services) on-site. This information will be anonymised where possible.
We may also process photographs/video/audio recordings of energy supplier’s employees and other attendees, as collected at Accelerated Solutions Environment (ASE) events. Our surveyors (sub-contractors) may also take photographs of particular residences in the course of surveying them for market sizing activities, which may incidentally include photographs of residents (although we take steps to check and remove photos that include images of residents).
2. HOW WE USE YOUR PERSONAL DATA
Generally, we use your personal data for the purpose for which we obtained it which include the following:
- To contact you following your interest in Alt HAN Services (e.g. through web inquiries). We may process Contact Details and Personal Details for this purpose.
- To effectively carry out Alt HAN Co business processes in line with the Smart Energy Code. We may process Contact Details, Personal Details, Energy Data and Building Data for this purpose.
- To identify and store the following for Alt HAN Candidate / Relevant Premises in the Alt HAN Inventory, including the following Energy Data, Building Data, Contact Details and Personal Details:
- building & premises data, including addresses;
- energy meter data; and
- installed Alt HAN Equipment & location.
- To identify and store building contacts for Alt HAN Candidates / Relevant Premises. We may process Energy Data and Building Data for this purpose.
- To maintain documentary evidence that consent has been granted for installation of Alt HAN Equipment and where appropriate the installation payments agreement. We may process Personal Details for this purpose.
- To collect information on complaints and feedback from members of the public in relation to Alt HAN surveys around the deployment of Alt HAN equipment, collect through written, electronic or telephone communications and notes. We may process Personal Details, Contact Details and Other Information for this purpose.
- To liase with management agencies / Building Landlords in order to obtain permission to install Alt HAN Equipment in their buildings. We may process Personal Details for this purpose.
- To make payments or issue invoices to organisations. We may process Financial Details for this purpose.
- To support Health and Safety Assessments. We may process Other Information for this purpose.
- To process photographs/video/audio recordings of energy supplier’s employee’s, as collected at Accelerated Solutions Environment (ASE) events. We may process Other Information for this purpose.
- To process photographs of residences as required for market sizing purposes. We may process Other Information for this purpose.
- To ensure the security of our website and analyse visitor statistics. We may collect Technical Data for this purpose.
3. ON WHICH LEGAL BASIS DO WE PROCESS PERSONAL DATA
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
This applies where you have given us consent to the processing. Typically, this will include where you have provided information to us, such as when you have given us consent to send marketing information to you. We will take active steps to collect your consent or to ensure our clients have collected it. Where you have given consent, you have the right to withdraw consent to marketing at any time by contacting us or opting-out. For more information, see the section on your Legal Rights.
We may rely on our legitimate interests (or those of a third party) – including in the context of maintaining information on complaints from residents and members of the public and engaging in certain communications about Alt HAN services, where your interests and fundamental rights do not override those interests.
Performance of a contract
We may also process your data for the performance of a contract we have with you or your organisation. This will include, for example, processing information of subcontractors’ staff, and processing data of suppliers and other parties in relation to the installation of Alt HAN Equipment.
We may also store your personal data where we need to comply with a legal obligation, such as obligations that apply to Alt HAN Co under the Smart Energy Code (SEC). This will include processing data for Health and Safety Assessment, and where we are obliged to retain payments records pursuant to financial obligations.
4. HOW LONG WE KEEP IT FOR
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means.
We will retain the following data for the applicable periods below.
|Type of Data||Retention Period||Justification|
|Personal Details||For the duration of the business relationship, or the duration of the provision of Alt HAN services/ Alt HAN Programme||To keep in contact with you in relation to Alt HAN services.
To manage the provision of Alt HAN services.
|Contact Details||Staff at our partners, suppliers, or third parties: For the duration of the business relationship, or 2 years since the last contact|
Members of the public: A maximum of 2 years.
|To keep in contact with our customers/suppliers.|
|Energy Data||Energy customers: For the duration of the provision of Alt HAN services/ Alt HAN Programme||To ensure the analysis of suitability for, and provision of Alt HAN services to, specific residences|
|Financial Details||6 years from the end of the financial year in which the payment was made||For processing payments and for our legal/financial obligations|
|Other Information||Photos from ASE events: For the duration of the provision of Alt HAN Services|
Health and safety risk information: For the duration of the term of this Agreement and up to 3 years maximum following collection (whichever is the greater)
|For administering, carrying out and reporting progress at ASE events.
For risk assessing and recording information on particular residences.
|Technical Data||Device identifiers/IP address/Cookies: Variable (See Cookies Policy below)||To keep in contact with our customers/suppliers.|
5. WHERE WE STORE YOUR PERSONAL DATA
We store personal data within our UK and EEA-hosted servers and and other third-party databases. These include:
- Microsoft Office 365/Sharepoint (with data is stored in Microsoft Azure data centres in the UK)
- Database providers for HR and CRM details (such as Huddle, where data is stored on Rackspace data centres in the UK)
- Finance system providers (including Agresso, with information stored on data centres in UK)
We ensure that security controls are in place around these systems, including that access controls are limited to the appropriate staff and contractors needed (for operational purposes) to access those systems. In Huddle, we employ a specific tiered system of account permissions and an access control log to control when documents are accessed. Similar access controls are also employed with respect to information shared on Sharepoint. Where we exchange personal data in attachments via email, we also use password-protection and encryption solutions where possible.
We may also transfer your personal data to our clients and third-party database providers in order to store personal data and perform our operations using such systems. Some of these third-party providers may have staff outside the European Economic Area (EEA), and may access personal data, subject to suitable and secure safeguards.
Alt HAN Inventory
The Alt HAN Inventory is a database we have developed with building and premise data, which we use to assess residences for their suitability for the deployment of Alt HAN equipment. This may also include information about residents, including Energy data. We have several security safeguards in place around the Alt HAN Inventory, which involve i) site-specific access, including by a VPN specific to certain buildings or addresses, or; ii) log-on credentials and 2 factor-authentication in a web-based version of the Inventory interface.
We may also transfer your personal data to our clients and third-parties, as detailed below. Where these are used, we typically ensure that such systems employ appropriate access controls to limit usage only to the necessary staff. These are discussed further in the section below.
6. DISCLOSURES OF YOUR PERSONAL DATA
We may share your personal data with the parties set out below. This will typically include in the following circumstances:
- Contractors and partners that we work with to carry out Alt HAN Co business processes (including the identification of residences for Alt HAN equipment), such as Capgemini, who act as an Operational Service Provider, and sub-contractors, such as Daly International
- Our core contractors, including Gemserv, Engage Consulting, Baringa and others, who provide operational and consultancy services to us
- Energy Suppliers, that we may work with to provide your residence with Alt HAN equipment
- Business partners, such as the Technology Services Vendor(s), who work on developing Alt HAN equipment
- Database providers (where we store data on their systems), IT and system administration
- Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services
These parties may have access to the Alt HAN Inventory as necessary for carrying out their functions on behalf of Alt HAN Co.
We may also transfer your personal data to energy supplies, our sub-contractors and third-party database providers in order to store personal data and perform our operations using such systems.
Where Alt HAN Co engages a processor to carry out data processing on our behalf, we will remain liable for the processor’s non-compliance with the GDPR and other data protection legislation, unless such parties are responsible for not complying with provisions of the GDPR and other data protection legislation specifically directed to processors or where it has acted outside or contrary to our lawful instructions. We do not allow our third-party providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and periods, and in accordance with our instructions. Alt HAN Co with enter into agreements with third-parties to ensure that they respect the security of your personal data and to treat it in accordance with the law, and to notify us if any security breaches occur.
We may also be legally required to share information with the following third parties:
- HM Revenue & Customs, regulators and other authorities based in the United Kingdom, who require reporting of processing activities in certain circumstances.
- Public authorities who make lawful requests for the disclosure of information by Alt HAN Co, including to meet national security or law enforcement requirements
7. SAFEGUARDS FOR PERSONAL DATA TRANSFERS
Where we use such third-party providers as listed in Section 6, we take steps to enter into agreements to ensure that such third parties have the adequate safeguards in place, which include:
Generally, where data has been transferred from Alt HAN Co to other third parties outside the EEA, we will ensure that any parties who receive such data have the appropriate measures to ensure secure transfers in place. In particular, this will include our sub-contractors and business partners, whose staff may access personal data on the Alt HAN Inventory from outside the EEA.
Alt HAN Co will not transfer any data or allow any access to such data to such third parties until these arrangements have been verified. These may include ensuring that one of the following mechanisms are in place:
- EU-U.S. Privacy Shield Agreement
- EU-approved Standard Contractual Clauses
- Binding Corporate Rules that the third party has put into place
8. YOUR LEGAL RIGHTS
Under certain circumstances, you have rights under the GDPR in relation to your personal data, upon request:
- Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we or our Third Party Partners hold about you and to check that we are lawfully processing it.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully. However, you may not have the right to exercise this if we are required to process your data for legal or contractual obligations.
- Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Object to processing of your personal data where you feel it impacts on your fundamental rights and freedoms, by contacting us to inform us of this.
- Opt-out from any processing in the following situations:
- The right to opt-out from marketing communications or newsletters we may send to you. You should exercise this by contacting us at email@example.com or replying to the marketing email you received with [OPT OUT].
- The right to opt-out of any cookies we use, even to those you have consented to. For more information on this, please see the Cookies section above.
NO FEE USUALLY REQUIRED
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
WHAT WE MAY NEED FROM YOU
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
TIME LIMIT TO RESPOND
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
A cookie is a small text file that is downloaded onto your computer when you visit our website and allows us to recognise you as a user. Typically, these contain two pieces of information: a site name and unique user ID. All information these cookies collect is aggregated and anonymous. Cookies are essential to the effective operation of our website. Cookies make the interaction between you and the website faster and easier. Cookies may also be set by the website you are visiting (first party cookies) or they may be set by other websites who run content on the page you are viewing (third party cookies).
Cookies are generally collected across the following categories:
- Strictly Necessary: Cookies that are strictly necessary to enable you to move around our websites or to provide certain basic features
- Functional: Cookies that are used to enhance the functionality of the website, including by storing your preferences
- Performance: Cookies that track visitor statistics and user traffic that allow us to monitor the popularity of sections of our website (e.g. Google Analytics)
- Marketing: Cookies that are used to track users across pages or websites to build up a user profile and display advertisements relevant to them
Currently, we have the following cookies in use on the Alt HAN Co website:
|COOKIE NAME/ID||CATEGORY||PURPOSE||RETENTION PERIOD|
|Complianz (cmplz_all, cmplz_choice, cmplz_id, cmplz_stats)||Strictly Necessary||Cookies used to record evidence of a user’s consent to cookies||1 year|
Opting Out of Cookies
You may access our Cookie Consent Notice to decline cookies at any time subsequently.
You can manage the cookies stored on your device as well as stop cookies from being installed on your browser. For more information on how to manage cookies usage on your device, please let us refer you to information found on these topics on allaboutcookies.org, more specifically by clicking on the links below:
Please note that if you prefer to block some or all of the cookies Alt HAN Co uses, you might lose some of our website’s functionality.
10. FURTHER DETAILS
DATA PROTECTION OFFICER
- You can contact us at firstname.lastname@example.org at any time.
- For the purposes of compliance with the law, the entity that is collecting your data is:
AltHAN Company Ltd.,
8 Fenchurch Place,
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
ICO contact details
Email address: email@example.com
Postal address: Information Commissioner’s Office (ICO)
Telephone number: +44 (0) 303 123 1113
We keep our Privacy Notice under regular review. This version was last updated in August 2019.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
12. THIRD-PARTY LINKS